You are previewing Head First Networking.

Head First Networking

Cover of Head First Networking by Al Anderson... Published by O'Reilly Media, Inc.
  1. Dedication
  2. Special Upgrade Offer
  3. Advance Praise for Head First Networking
  4. Praise for other Head First books
  5. Authors of Head First Networking
  6. How to Use this Book: Intro
    1. Who is this book for?
      1. Who should probably back away from this book?
    2. We know what you’re thinking
    3. We know what your brain is thinking
    4. Metacognition: thinking about thinking
    5. Here’s what WE did:
    6. Here’s what YOU can do to bend your brain into submission
    7. Read Me
    8. The technical review team
    9. Acknowledgments
    10. Safari® Books Online
  7. 1. Fixing Physical Networks: Walking on Wires
    1. Coconut Airways has a network problem
      1. The booking system network cable is busted
    2. How do we fix the cable?
      1. But how do we do this?
    3. Introducing the CAT-5 cable
    4. The CAT-5 cable dissected
      1. So why are the pairs twisted?
    5. So what’s with all the colors?
    6. Let’s fix the broken CAT-5 cable
    7. A closer look at the RJ-45 connector
      1. So which wire goes where?
    8. So what are the physical steps?
    9. You fixed the CAT-5 cable
    10. Coconut Airways has more than one network
    11. Introducing the coaxial cable
    12. Coaxial networks are bus networks
    13. So can we fix the cable?
    14. The network’s still not working
    15. So what goes on inside a coaxial cable?
      1. But what if there’s a break in the conductor?
    16. What about connectors and terminators?
    17. Use toner-tracer sets to listen to electrons
    18. No sound means no electrons
      1. So how do we find the continuity break?
    19. You’ve fixed the coaxial cable
    20. Introducing fiber-optic cables
      1. Fiber-optics have connectors too
    21. The Coconut Airways cable’s over-bent
      1. So what’s a fusion splicer?
    22. How to fix fiber-optics with a fusion splicer
    23. A fiber-optic connector needs fitting too
    24. We’re nearly ready to fix the connector
    25. There are two types of fiber
      1. Single mode fiber
      2. Multimode fiber
    26. Which mode fiber should you use?
    27. Let’s fit the connector on the fiber-optic
      1. So which technique should we use?
    28. Coconut Airways is sky high
  8. 2. Planning Network Layouts: Networking in the Dark
    1. Ghost Watch needs your help!
    2. Every good network needs a good plan
    3. So how does the device list help us plan a network?
    4. How to plan a network layout
    5. Let’s plan the cabling with a floorplan
    6. Ready to plot some network cables?
    7. So where have we got to?
    8. We need to decide on the cable management hardware
    9. Uh oh! The cabling is a mess
    10. Ghost Watch needs cable management hardware
    11. Things that go bump...
    12. You’ve really cleaned up that noise and straightened out MOST of the cables!
      1. What’s in the closet?
    13. Let’s start by labeling the cables
    14. But there are still lots of cables
      1. But what else can we do?
    15. So what’s a patch panel?
    16. Behind the scenes of a patch panel
    17. The wires go into a punch down block
    18. Roll the cameras!
  9. 3. Tools and Troubleshooting: Into the Wire
    1. Mighty Gumball won the Super Bowl contract
    2. A toner and tracer can check for a signal...
    3. ... but can’t check for signal quality
    4. Introducing the multimeter
      1. Use a multimeter to measure resistance
    5. So what’s resistance?
      1. When resistance is low
      2. When resistance is high
    6. So how well did the multimeter do?
    7. An oscilloscope shows voltage changes
    8. Voltage is really electrical pressure
      1. So how does this help us troubleshoot problems?
    9. Where does noise on network cables come from?
    10. So how well did the oscilloscope perform for Mighty Gumball?
    11. A logical analyzer uses voltage too
    12. When is a logical analyzer useful?
    13. So which tool is best?
    14. The Mighty Gumball bonus went to Jill
    15. A LAN analyzer combines the functions of all the other tools
    16. A LAN analyzer understands the network traffic in the signal
    17. So which tool is best?
    18. The Mighty Gumball problems are fixed!
  10. 4. Packet Analysis: You’ve Been Framed
    1. What’s the secret message?
      1. So how do we extract a message from a signal?
    2. Network cards handle encoding
      1. So how does the NIC encode the data?
    3. To get the message, reverse the encoding
      1. So how do we decode the signal?
    4. The Ethernet standard tells hardware how to encode the data
    5. A quick guide to binary
      1. So how do we convert a binary to decimal?
    6. Computers read numbers, humans read letters
      1. But isn’t there an easier way?
    7. Hexadecimal to the rescue
      1. So how do we convert a hexadecimal to decimal?
    8. We can convert to ASCII using hex
    9. Back at the spy agency...
    10. Protocols define the structure of a message
    11. Network frames have lots of layers
    12. Your friendly packet field guide
      1. UDP Packet - Protocol Type 17
      2. ICMP Packet - Protocol Type 1
      3. TCP Packet - Protocol Type 6
    13. So can we decode the secret message?
    14. We’ve got all the right packets... but not necessarily in the right order
    15. The packet tells you the correct order
  11. 5. Network Devices and Traffic: How Smart is Your Network?
    1. You’ve decoded the secret message...
      1. ...but how do we know who sent it?
    2. The packet information tells us where the packet came from
    3. So who’s the mole?
    4. There’s more to networks than computers
    5. Hubs don’t change the MAC address
      1. So which device sent the packet to the hub?
    6. A hub sends signals, and sends them everywhere
      1. Hubs think in terms of electricity
    7. So what passed the signal to the hub?
    8. A switch sends frames, and only sends them where they need to go
      1. Switches think in terms of frames
    9. Switches store MAC addresses in a lookup table to keep the frames flowing smoothly
    10. The switch has the information...
    11. We can use software to monitor packets
    12. Let’s hook Wireshark up to the switch
    13. Wireshark gives us traffic information
    14. Routers have MAC addresses too
    15. We’re closing in!
    16. You’ve found the mole!
  12. 6. Connecting Networks with Routers: Bringing Things Together
    1. Networking Walking on the moon
    2. We need to connect two networks together
    3. The light’s on, but nobody’s home
      1. What do you think the flashing LEDs have to do with traffic on the network?
    4. Let’s see what traffic is on our network!
    5. MAC address versus IP address
    6. IP addresses give our networks a sense of location, and network nodes a sense of belonging to that location
    7. We retrieve IP addresses using the MAC address and the Address Resolution Protocol (ARP)
    8. So what’s the problem with the Moonbase?
    9. How do we get network traffic to move between networks?
    10. How the router moves data across networks
    11. Back to the Moonbase problem
    12. The secret of IP numbers is...
    13. Routers connect networks by doing the math...
    14. Back at the Moonbase...
    15. Are you ready to program the router?
    16. You just created this router config file!
    17. Let the router tell us what’s wrong...
  13. 7. Routing Protocols: It’s a Matter of Protocol
    1. Houston, we have a problem...
    2. Routing tables tell routers where to send packets
      1. We can see routes in the table using the show command
    3. Each line represents a different route
    4. So how do we enter routes?
    5. Routes help routers figure out where to send network traffic
    6. So are the moonbases now connected?
    7. Back on the moon...
      1. Moonbase 1 still has problems
    8. So how do we troubleshoot bad routes?
      1. We can start with the ping command
      2. So how does the ping command work?
    9. The traceroute command is useful too
    10. So what’s the problem with the network connection?
    11. The network address changes keep on coming...
    12. Use RIP to get routes to update themselves
      1. So what does this mean for Moonbase 1?
    13. So how do we set up RIP?
    14. But there’s still a problem...
    15. There are too many hops
    16. The routing protocol zoo
    17. So how do we setup EIGRP?
    18. We have lift off!
  14. 8. The Domain Name System: Names to Numbers
    1. The Head First Health Club needs a website
    2. Hello, my domain name is...
      1. So how do we get a domain name?
    3. Let’s go buy a domain name
    4. Uh-oh! We’re in trouble
      1. And she’s not the only one
    5. Introducing the DNS
    6. The DNS relies on name servers
    7. How the DNS sees your domain
    8. So how does this affect the Health Club?
    9. First install a DNS name server...
    10. ...then configure the name server
    11. The anatomy of a DNS zone file
    12. Here’s what the DNS zone file tells us about the Health Club servers
    13. The Health Club can’t send emails
    14. So what’s the problem?
    15. Email servers use RDNS to fight SPAM
    16. Check your sources with reverse DNS
    17. The dig command can do a reverse DNS lookup
    18. Your name server has another important zone file...
    19. The emails are working!
  15. 9. Monitoring and Troubleshooting: Listen to Your Network’s Troubles
    1. Pajama Death are back on tour
      1. So here’s your challenge...
    2. So where would you start troubleshooting a misfiring network?
    3. Start troubleshooting your network problems by checking in with your network devices
    4. Troubleshoot network connectivity with the ping command
      1. If you can ping, you get timings
      2. But what if you can’t ping?
    5. If the ping fails, check the cables
    6. Get started with the show interface command
      1. The interface’s network statistics are a gold mine of troubleshooting information
    7. The ticket network’s still not fixed
    8. SNMP to the rescue!
    9. SNMP is a network admininistrator’s communication tool
    10. How to configure SNMP on a Cisco device
    11. One hour to go...
    12. Get devices to send you their problems
    13. How to configure syslogd on a Cisco device
    14. How do you tell what’s in the logs?
      1. syslogd lets you fix problems before they’re problems
    15. Too much information can be just as bad as not enough
      1. What you need is relevant information
    16. How do you know which events are important?
    17. Pajama Death’s a sell-out!
  16. 10. Wireless Networking: Working Without Wires
    1. Your new gig at Starbuzz Coffee
      1. Starbuzz Coffee needs a wireless hotspot
    2. Wireless access points create networks using radio waves
    3. Let’s fit the wireless access point
    4. What about the network configuration?
    5. So what’s DHCP?
      1. DHCP allocates IP addresses
    6. First make sure the client has DHCP turned on...
    7. Second, make the wireless access point a DHCP server...
    8. ...and then specify an acceptable range of IP addresses
    9. So has setting up DHCP solved the problem?
    10. This time it’s personal
    11. We’ve run out of IP addresses
    12. NAT works by reallocating IP addresses
    13. So how do we configure NAT?
    14. So has this fixed the problem?
    15. There’s more than one wireless protocol
      1. Most newer access point support multiple protocols
      2. So is the Starbuzz wireless access point sorted?
    16. The central Starbuzz server needs to access the cash register
    17. Port mapping to the rescue!
      1. So port mapping is a bit like NAT in reverse
    18. Let’s set up port mapping on the Starbuzz access point
    19. The wireless access point is a success!
  17. 11. Network Security: Get Defensive
    1. The bad guys are everywhere
      1. The evil impersonator
      2. The evil attacker
    2. And it’s not just the NETWORK that gets hurt...
      1. The evil eavesdropper
    3. The big four in network security
    4. Defend your network against MAC address spoofing
    5. So how do we defend against MAC address spoofing?
    6. Defend your network against ARP poisoning attacks
    7. So what can we do about ARP poisoning attacks?
    8. It’s all about the access, baby!
      1. If an attacker can get past your router, then he’s on your network!
    9. Set up your router’s Access Control Lists to keep attackers out
    10. So how do we configure the Access Control List?
    11. Firewalls filter packets between networks
    12. Packet-filtering rules!
    13. Master the static packet filter
    14. Get smart with stateful packet-filters
    15. Humans are the weakest link in your security chain
    16. So how do social engineers operate?
    17. Smash social engineering with a clear and concise security policy
    18. You’ve hardened your network
  18. 12. Designing Networks: You Gotta Have a Plan!
    1. Now you have to plan a network from scratch!
    2. You have to know what the needs are before you can plan
    3. So you’ve developed your questions, now what?
    4. Look at your action plan
    5. So you have a physical layout, what’s next?
    6. Blueprints show everything in a building’s design
    7. You may have to modify your network design based on what you see in the blueprints!
    8. So you’ve got your physical network layout, what’s next?
      1. You have got several options to segment this into two networks
    9. Finally, you need an implementation plan
    10. Leaving town...
    11. It’s been great having you here in Networkville!
  19. A. Leftovers: The Top Ten Things (we didn’t cover)
    1. #1 Network topologies
      1. Star topology
      2. Bus topology
      3. Token Ring topology
    2. #2 Installing Wireshark
      1. Windows Install
      2. Mac OS X Install
      3. Linux Install (Ubuntu)
    3. #3 How to get to the console or terminal
      1. Windows
      2. Linux
      3. Mac OS X
    4. #4 The TCP Stack
    5. #5 VLANS
    6. #6 Cisco IOS Simulators
    7. #7 BGP
    8. #8 VPN
    9. #9 Intrusion Detection Systems
    10. #10 Cisco Certification
  20. B. Ascii Tables: Looking Things Up
    1. ASCII tables 0-31
    2. ASCII code tables 32-63
    3. ASCII code tables 64-95
    4. ASCII code tables 96-127
  21. C. Installing Bind: Getting a Server to talk DNS
    1. #1 Installing BIND on Windows (XP, 2000, Vista)
    2. #2 Installing BIND Mac OS X Server
    3. #3 Installing BIND Mac OS X Client & Linux
  22. Index
  23. About the Authors
  24. Special Upgrade Offer
  25. Copyright
O'Reilly logo

Chapter 4. Packet Analysis: You’ve Been Framed

image with no caption

It’s time to go under the hood.

Network devices send data down the cable by converting the data into a signal. But how do they do this? And what else might be hiding in the signal? Just like a doctor needs to look at blood cells to identify blood-borne diseases, a network pro needs to look at what’s in the network signal to detect network intrusions, perform audits, and generally diagnose problems. And the key to all of this is packet analysis. Keep reading while we put your network signal under the microscope.

What’s the secret message?

The Head First Spy Agency specializes in conducting undercover investigations on behalf of their clients. No job is too big or too small, and they’ve just recruited you to their cause.

Here’s your first assignment:

image with no caption
image with no caption

So how do we extract a message from a signal?

We’ve seen before that network signals contain network data. This data is encoded into a format that computers can use, so if we can decode the signal, we should be able to extract the hidden message. But how do we do this?

Brain Power

Could this signal represent something other than 1’s and 0’s?

Network cards handle encoding

Encoding is handled by the Network Interface Card, or NIC, inside the computer. It handles and decodes digital signals, and is in charge of all the messaging ins and outs on the computer.

image with no caption

So how does the NIC encode the data?

The NIC starts by taking the message that needs to be sent across the network. It then turns the message into binary numbers, a series of 0’s and 1’s. After that, it encodes these numbers, and sends corresponding voltage signals through an attached network cable.

image with no caption

So if we know what the signal is, how do we find the original message?

To get the message, reverse the encoding

To find out what the message is, we need to decode the rogue network signal. Here’s what we need to do.

  1. Take the rogue signal.

    The signal is the series of voltage changes that’s been transmitted along the cable. The message is hidden inside it.

    image with no caption
  2. Divide the signal into equal slices using a clocking mechanism.

    By this we mean a device that pulses regularly. The clock provides a regular heartbeat.

    image with no caption
  3. Convert the signal into a series of 0’s and 1’s.

    To do this, look at the voltage level where the clock pulse meets the signal. The voltage level at this point determines whether the value is a 0 or a 1.

So how do we decode the signal?

The way in which we find the stream of 0’s and 1’s depends on the method used to encode the signal in the first place. So how do we know what this is?

The Ethernet standard tells hardware how to encode the data

So what sort of encoding scheme does the rogue signal use?

The signal is transmitted over Ethernet. This is a standard that engineers and manufacturers use when designing computers and network gear, and the protocol includes features such as Manchester phase encoding. So if the signal is sent using the Ethernet protocol, it uses Manchester encoding.

The protocol for 10BaseT Ethernet specifies that the signal will be encoded using Manchester encoding.

Let’s look at how this works:

image with no caption

In NRZ encoding, the binary data is represented by the high and low voltage levels; high is a 1, low is a 0. In Manchester encoding, it is the TRANSITION to a voltage that represents data.


You don’t have to know the exact details of how encoding works.

What is important for you to understand is that data in a computer is represented one way but is encoded into a signal when it is transmitted on a network.

image with no caption

If we know how a signal’s encoded, that means we can decode it.

Knowing that the signal uses Manchester encoding means that we know the series of 1’s and 0’s that the signal represents. What we need to do next is translate this into something more meaningful. To do this, we need to understand how to translate binary numbers.

A quick guide to binary

The first thing you need to know about binary numbers is that they aren’t based on 10 digits (0 to 9); they’re based on 2 digits, 0 and 1. Here’s how binary digits work:

image with no caption

If you see a binary number like 0 or 1, this is the same as a decimal number 0 or 1. But how do we write a number like 2 in binary?

Binary is a base 2 system. This means that each digit in a binary number represents an increasing power of 2. The right-most digit in the binary number represents 20, the next represents 21, the next 22 and so on.

image with no caption

So how do we convert a binary to decimal?

To convert from binary, here’s what you need to do.

  • Multiply each digit in the binary number by the corresponding power of 2.

  • Add the whole lot up together.

image with no caption

And there’s your decimal number equivalent.

image with no caption

We can convert the numbers into letters.

So far we’ve looked at how we convert the signal into binary, and from binary to decimal. What we really want to do though is convert the signal into something more meaningful such as words. So how can we turn numbers into characters? The answer lies with ASCII...

Computers read numbers, humans read letters

We can convert a signal into numbers, but what can we do when we need text? We use something called the American Standard Code for Information Interchange (ASCII). Computers use this format when transferring text messages to one another.

In computer-speak, each binary digit is called a bit, and eight bits together form a byte.

image with no caption

Each byte needs to be translated to an ASCII character. To do this, we convert each byte into its decimal equivalent, and then look up the corresponding ASCII in an ASCII table, just like the one in Appendix B.

image with no caption

So the ASCII character represented by 01100001 is the letter a.

But isn’t there an easier way?

The trouble with translating bytes into ASCII characters in this way is that the 0’s and 1’s quickly become overwhelming. It can be fiddly converting bytes into decimal numbers, and this means it’s easy to make mistakes. So is there an easier way?

Watch it!

There is another character encoding scheme.

Another major character encoding scheme is Unicode. It allows for millions of characters.

image with no caption

Hexadecimal to the rescue

There’s a handier way of converting a byte into ASCII. Instead of looking up a decimal number in an ASCII table, we can look up its hexadecimal equivalent instead.

Hexadecimal numbers are based on 16 digits, 0-15:

image with no caption

So if you see a hexadecimal number like B, you know that it just means 11 in decimal.

Hex is a base 16 system, which means that each digit represents an increasing power of 16. The right-most represents 160, the next represents 161, and so on.

image with no caption

So how do we convert a hexadecimal to decimal?

To convert a hexadecimal number to a decimal, take each digit in the hexadecimal number, multiply it by the power of 16 it represents, and then add the whole lot up together.

image with no caption

We can convert to ASCII using hex

Once you learn to use hexadecimal, you realize just how cool it is. Hex and binary make great partners, which simplifies conversions between binary and ASCII. Hex is like a bridge between the weird world of binary and our world (the human, readable world).

Here’s what we do:

  1. Break the byte in half.

    Each half-byte is called a nibble. [Note from Editor: you’re kidding, right?]

    image with no caption

    Watch it!

    Don’t add the two numbers!

    Just put them side-by-side, and you have the hexadecimal conversion.

  2. Convert each half into its hexadecimal equivalent.

    Because the binary number is broken into halves, the highest number you can get is 15 (which is “F” in hex).

  3. Concatenate the two numbers.

    Concatenate is a programmer’s word that simply means “put them beside each other from left to right.”

  4. Look the number up in an ASCII table.

    The table to the right is just a sample. To find comon ASCII codes, use the handy ASCII conversion table we’ve provided in Appendix B.

    image with no caption

Back at the spy agency...

So far we’ve looked at encoding techniques for finding out what message the mole is sending. So what progress have we made in interpreting the signal?

image with no caption

It’s not just a matter of decoding the binary; we have to consider the appropriate protocol too...

Protocols define the structure of a message

In order to effectively communicate, network devices use protocols, a set of guidelines, or rules, for the network conversation. These procotols cover such things as how fast data can be sent and how data will be structured when it’s sent.

Most protocols define a size limit for messages, which means that the messages need to be broken into separate packages and labeled with information about where the message came from and where it’s headed.

Network messages come in two kinds of packages: frames and packets.

Brain Power

Why would it be important for the destination address to come near the front of a frame?

From Sharpen your pencil.

image with no caption
image with no caption

Network frames have lots of layers

Encoding and decoding signals allows us to ship data efficiently. Frames give that data structure, but does a frame give us enough structure to package our data?

A network frame contains nested structures that allow us to pack and unpack the data efficiently. Like a series of nested dolls, each smaller structure is enclosed by the next largest structure.

The payload of a frame is actually a structure nested within the frame. We call it a packet, and the EtherType field lets us know what type of packet the payload contains.

image with no caption

We have to do a bit more digging into this frame before we can get to the actual message.

Your friendly packet field guide

Packets come in several different types. You can see that there is a lot of information packed inside these packets. All of those “fields” contain information that helps the packet get across the network. You will notice that many of the same fields exist in the three packet types shown here.

UDP Packet - Protocol Type 17

UDP is used for streaming data such as music and videos.

image with no caption

ICMP Packet - Protocol Type 1

ICMP is used for testing network connections using the ping program.

image with no caption

TCP Packet - Protocol Type 6


This is decimal 6, in a packet this would be in hex!

TCP is used for most IP network communications that require a reliable connection. By reliable, we mean that no information is lost.

image with no caption

Geek Bits

There are many different types of IP protocols, around 139 of them. These are just three of the most common ones.

You can find a full list of IP protocols here:

So can we decode the secret message?

So far we’ve looked at how frames are structured, how to tell which part of the frame contains the data, and how to convert the data into ASCII. So is that everything we need to decode the message the mole sent?

Well... nearly.

image with no caption

The entire message may need more than one frame.

Sometimes messages are spread across frames. So why’s that?

An Ethernet frame can hold about 1500 bytes of data. So any data that is larger than that will have to be broken apart.

There’s another reason too. In order to have a reliable transfer of data, the sender and receiver communicate using the TCP protocol on how the transfer is going. If there are errors in the packets, the sender will notify the receiver and it will resend the packets that had errors. Imagine if there was one large packet with all the data. If the connection is poor it might never get sent.

To reassemble the entire message, we need to collect together all the frames, making sure they’re in the right order.

So what do we mean by the right order? Why should they be out of order? Let’s take a look.

We’ve got all the right packets... but not necessarily in the right order

Individual packets on a large network with multiple routers can take different routes to get to the destination. Some paths are longer or have lower bandwidth and take longer for the packet to transit. These means that the packets could arrive at the destination out of order.

  1. A computer sends some data on the network.

    Because of the amount of data, it’s broken into three separate packets.

  2. The packets take different routes.

    The red and green packets take a different route to the blue packet.

    image with no caption
  3. The packets arrive at their destination.

    But they arrive out of order.

Brain Power

Take another look at the packet structure. How do you think we can tell what the packet order should be?

The packet tells you the correct order

Each packet contains a sequence number, and it’s this sequence number that tells you the correct order of the packets. This means that you can use the sequence number inside a packet to put all the packets back together in the right order. So if we can decode the packets in the right order, we’ll have the secret message.

image with no caption

Geek Bits

The server sends packets to a particular application based on the port number. As an example, it knows which messages are emails by looking at the destination port in the packet.

image with no caption

The best content for your career. Discover unlimited learning on demand for around $1/day.