Thursday, September 27, 2012

Networking - Part 1

Subnet Mask
An IP address has two components, the network address and the host address. A subnet mask separates the IP address into the network and host addresses (<network><host>). Subnetting further divides the host part of an IP address into a subnet and host address (<network><subnet><host>), this is called subnet mask.
Subnetting is used to break the network into smaller more efficient subnets to prevent excessive rates of Ethernet packet collision in a large network. Routers are used to manage traffic and constitute borders between subnets. In IPv4 networks, the routing prefix is often expressed as a "subnet mask", which is a bit mask covering the number of bits used in the prefix
A Subnet mask is a 32-bit number that masks an IP address, and divides the IP address into network address and host address. Subnet Mask is made by setting network bits to all "1"s and setting host bits to all "0"s. Within a given network, two host addresses are reserved for special purpose. The "0" address is assigned a network address and "255" is assigned to a broadcast address, and they cannot be assigned to a host.

Virtual local area network, virtual LAN or VLAN is a group of hosts with a common set of requirements that communicate as if they were attached to the Broadcast domain, regardless of their physical location.
A VLAN has the same attributes as a physical LAN, but it allows for end stations to be grouped together even if they are not located on the same network switch. Network reconfiguration can be done through software instead of physically relocating devices. VLAN are created to provide the segmentation services traditionally provided by routers in LAN configurations. VLAN address issues such as scalability, security, and network management. Routers in VLAN topologies provide broadcast filtering, security, address summarization, and traffic flow management. By definition, switches may not bridge IP traffic between VLAN as it would violate the integrity of the VLAN broadcast domain.

Dynamic Host Configuration Protocol (DHCP) is a client/server protocol that automatically provides an Internet Protocol (IP) host with its IP address and other related configuration information such as the subnet mask and default gateway
DHCP uses the same two ports assigned by IANA for BOOTP: destination UDP port 67 for sending data to the server, and UDP port 68 for data to the client. DHCP communications are connectionless in nature.
DHCP operations fall into four basic phases: IP discovery, IP lease offer, IP request, and IP lease acknowledgement. These points are often abbreviated as DORA (Discovery, Offer, Request, Acknowledgement).
DHCP clients and servers on the same subnet communicate via UDP broadcasts, initially. If the client and server are on different subnets, a DHCP Helper or DHCP Relay Agent may be used. Clients requesting renewal of an existing lease may communicate directly via UDP unicast, since the client already has an established IP address at that point.

When a DHCP-configured client (a computer or any other network-aware device) connects to a network, the DHCP client sends a broadcast query requesting necessary information from a DHCP server. The DHCP server manages a pool of IP addresses and information about client configuration parameters such as default gateway, domain name, the DNS servers, other servers such as time servers, and so forth. On receiving a valid request, the server assigns the computer an IP address, a lease (length of time the allocation is valid), and other IP configuration parameters, such as the subnet mask and the default gateway. The query is typically initiated immediately after booting, and must complete before the client can initiate IP-based communication with other hosts.

In basic terms, the DHCP lease process works as follows:
  1. A network device attempts to connect to the Internet.
  2. The network requests an IP address.
  3. The DHCP server allocates (leases) the network device an IP address, which is forwarded to the network by a router.
  4. DHCP updates the appropriate network servers with the IP address and other configuration information.
  5. The network device accepts the IP address.
  6. The IP address lease expires.
  7. DHCP either reallocates the IP address or leases one that is available.
  8. The network device is no longer connected to the Internet.
  9. The IP address becomes an available address in the network pool of IP addresses.

Depending on implementation, the DHCP server may have three methods of allocating IP-addresses.
Dynamic allocation
When the DHCP server is configured to use dynamic allocation, this means that it uses a lease policy. This way, when an assigned IP address from the available pool is no longer used, it will be transferred back to the pool, making it available for someone else to use. The advantage of this method is that the IP addresses are used to their maximum - as soon as they are no longer used by the client, they are instantly made available to others. The disadvantage of this method is that a client will always have a random IP address.
Automatic allocation
The automatic allocation method resembles very much the dynamic allocation method - as soon as a client connects, the DHCP server provides him with an IP address from the IP address pool. However, when automatic allocation is used, the DHCP server keeps a database of previous IP grants, and tries to give the client the same IP address he used the last time, if available.
Static allocation
The static allocation method is very popular in modern ISP networks, which do not use dial-up methods. With the static allocation, the DHCP sever keeps a database with all clients' LAN MAC addresses and gives them an IP address only if their MAC address is in the database. This way, the clients can be sure that they will be getting the same IP address every time.

The base DHCP protocol does not include any mechanism for authentication. Because of this, it is vulnerable to a variety of attacks. These attacks fall into three main categories:
  • Unauthorized DHCP servers providing false information to clients. 
  • Unauthorized clients gaining access to resources. 
  • Resource exhaustion attacks from malicious DHCP clients.

** Information is gathered from various websites by goggling and some through notes.