MANAGING TCP/IP NETWORKS
Managing TCP/IP Networks: Techniques, Tools and
Security Considerations. Gilbert Held
Copyright & 2000 John Wiley & Sons Ltd
Print ISBN 0-471-80003-1 Online ISBN 0-470-84156-7
MANAGING TCP/IP NETWORKS:
TECHNIQUES, TOOLS, AND
SECURITY CONSIDERATIONS
Gilbert Held
4 Degree Consulting
Macon, Georgia, USA
JOHN WILEY & SONS, LTD
Chichester
.
New York
.
Weinheim
.
Brisbane
.
Singapore
.
Toronto
Managing TCP/IP Networks: Techniques, Tools and
Security Considerations. Gilbert Held
Copyright & 2000 John Wiley & Sons Ltd
Print ISBN 0-471-80003-1 Online ISBN 0-470-84156-7
Copyright #2000 by John Wiley & Sons Ltd
Baf®ns Lane, Chichester,
West Sussex, PO19 1UD, England
National 01243 779777

Rexdale, Ontario, M9W 1L1, Canada
Library of Congress cataloging-in-Publication Data
Held, Gilbert, 1943-
Managing TCP/IP networks: techniques, tools and security
considerations/Gilbert Held.
p. cm.
ISBN 0-471-80003-1 (alk. paper)
1. TCP/IP (Computer network protocol) 2. Computer networks±
Management. I. Title.
TK5105.585.H447 2000 99-44748
004.6'2 Ð dc21 CIP
British Library Cataloguing in Publication Data
A catalogue record for this book is available from the British Library
ISBN 0 471 80003 1
Typeset in 10/12pt Bookman-Light by Dobbie Typesetting Limited
Printed and bound in Great Britain by Bookcraft (Bath) Ltd
This book is printed on acid-free paper responsibly manufactured from sustainable forestry, in which
at least two trees are planted for each one used for paper production.
Managing TCP/IP Networks: Techniques,Tools and
Security Considerations. Gilbert Held
Copyright & 2000 John Wiley & Sons Ltd
Print ISBN 0-471-80003-1 Online ISBN 0-470-84156-7
CONTENTS
Preface xv
Acknowledgments xvii
1Introduction 1
1.1 Rationale for network management 1
1.1.1 Cost of service interruptions 2
1.1.2 Size and complexity of networks 2
1.1.3 Performance monitoring 2

2.1 Evolution 15
2.2 Governing bodies 16
2.2.1 The IAB 16
2.2.2 The IANA 16
2.2.3 The IETF 17
2.2.4 RFCs 17
2.3 The ISO Reference Model 18
2.3.1 Layers of the OSI Reference Model 19
Layer 1: The physical layer 19
Layer 2: The data link layer 19
Layer 3: The network layer 20
Layer 4: The transport layer 20
Layer 5: The session layer 21
Layer 6: The presentation layer 21
Layer 7: The application layer 21
2.3.2 Data ¯ow 22
2.3.3 Layer subdivision 22
Addressing 22
Universally vs. locally administered addresses 24
2.4 The TCP/IP protocol suite 24
2.4.1 Comparison withthe ISO Reference Model 25
The network layer 25
ICMP 26
The transport layer 26
TCP 26
UDP 26
Port numbers 26
2.4.2 Application data delivery 27
3TheInternetProtocol 29
3.1 The IPv4 header 29

Con®guration examples 50
Classless networking 52
3.3 The IPv6 header 53
3.3.1 Ver ®eld 55
3.3.2 Priority ®eld 56
3.3.3 Flow Label ®eld 57
3.3.4 Payload Length®eld 57
3.3.5 Next Header ®eld 57
3.3.6 Hop Limit ®eld 57
3.3.7 Source and Destination Address ®elds 58
3.3.8 Address types 58
3.3.9 Address notation 58
3.3.10 Address allocation 59
Provider-Based Unicast addresses 60
Multicast address 61
3.3.11 Transporting IPv4 addresses 61
3.4 ICMP and ARP 62
3.4.1 ICMP 62
ICMPv4 62
Type ®eld 62
Code ®eld 63
ICMPv6 64
Type ®eld 64
Code ®eld 64
3.4.2 ARP 64
Need for address resolution 67
Operation 67
Hardware Type ®eld 68
Protocol Type ®eld 68
Hardware Length®eld 68

Urgent Pointer ®eld 80
Options ®eld 80
Padding ®eld 81
4.1.2 Operation 81
Connection types 82
The three-way handshake 82
Segment size support 83
The Window ®eld and ¯ow control 84
Timers 85
Delayed ACK 85
FIN-WAIT-2 timer 85
Persist 86
Keep Alive 86
Slow start and congestion avoidance 86
4.2 UDP 87
4.2.1 The UDP header 87
Source and Destination Port ®elds 88
Length®eld 88
Checksum ®eld 88
4.2.2 Operation 88
5 The Domain Name System 89
5.1 Evolution 89
viii
CONTENTS
5.1.1 The HOSTS.TXT ®le 89
5.2 DNS overview 90
5.2.1 The domain structure 91
5.2.2 DNS components 92
Resource records 92
Name servers 93

Source Address ®eld 118
Type ®eld 120
Length®eld 121
Data ®eld 122
Frame Check Sequence ®eld 123
6.2 Ethernet media access control 124
6.2.1 Functions 125
6.2.2 Transmit media access management 126
6.2.3 Collision detection 128
Jam pattern 128
Wait time 128
CONTENTS
ix
Late collisions 130
6.3 Ethernet Logical Link Control 130
6.3.1 The LLC protocol data unit 130
6.3.2 Types and classes of service 132
Type 1 132
Type 2 133
Type 3 133
Classes of service 133
6.4 Other Ethernet frame types 133
6.4.1 Ethernet_SNAP frame 133
6.4.2 NetWare Ethernet_802.3 frame 134
6.4.3 Receiver frame determination 135
6.5 Fast Ethernet 135
6.5.1 Start-of-Stream Delimiter 136
6.5.2 End-of-Stream Delimiter 136
6.6 Gigabit Ethernet 136
6.6.1 Carrier extension 137

SSAP 160
x
CONTENTS
6.9.2 Types and classes of service 161
6.10 Summary 161
7 Layer 3 and Layer 4 Management 163
7.1 Using WebXRay 163
7.1.1 Overview 164
7.1.2 Operation 164
Autodiscovery 165
Service selection 167
Topology discovery 167
Hosts information 168
Services information 169
Traf®c measuring 169
Server Host Table 170
Server±Client Matrix Table 171
IP Host Table 171
IP Matrix Table 171
Protocol distribution 173
Filtering and packet decoding 174
7.2 Using EtherPeek 176
7.2.1 Operation 176
Packet capture 176
Filtering 177
Selective packet capture 179
Packet decoding 179
7.2.2 Network statistics 182
8SNMPandRMON 185
8.1 SNMP and RMON overview 185

8.3.3 Network management subtrees 203
The mgmt subtree 203
The experimental subtree 203
The private subtree 204
Program utilization example 204
8.3.4 MIB II objects 207
The System Group 208
The Interfaces Group 210
The Address Translation Group 213
The Internet Protocol Group 214
The Internet Control Message Protocol Group 214
The Transmission Group 216
The Transmission Control Protocol Group 217
The User Datagram Protocol Group 218
The Exterior Gateway Protocol Group 218
The SNMP Group 218
Authentication traps 218
Incoming traf®c counts 219
Outgoing traf®c counts 220
9ManagementbyUtilityProgram 225
9.1 Network utility programs 225
9.1.1 Ping 225
Overview 226
Operation 227
Utilization 228
Operational example 228
9.1.2 Traceroute 229
Overview 229
Operation 230
Utilization 231

Limitations 262
10.3 Using ®rewall proxy services 263
10.3.1 Access-list limitations 263
10.3.2 Proxy services 264
10.3.3 ICMP proxy services 266
10.3.4 Limitations 268
10.3.5 Operational example 268
Using classes 268
Alert generation 269
Packet ®ltering 270
The gap to consider 272
10.4 Network address translation 272
10.4.1 Types of address translations 274
Static NAT 274
Pooled NAT 274
Port Address Translation 274
Appendix A The SNMP Management Information Base (MIB-II) 275
Appendix B Demonstration Software 325
Index 327
CONTENTS
xiii