|
|
|
|
|
|
|
Network Administrator Support Group |
|
http://opcenter.cso.uiuc.edu/nas/ |
|
Chris Newman (cjnewman@uiuc.edu) |
|
Operations Center à 4-1000 or
Admin-help@uiuc.edu |
|
|
|
|
NetAdmin responsibilities |
|
Ethernet basics |
|
TCP/IP basics |
|
Network security |
|
|
|
|
|
|
NetAdmin configures PCs for networking, and
administers the physical wiring, repeaters, switches, etc. of a network |
|
SysAdmin administers the computers for a network |
|
Many NetAdmins are also SysAdmins |
|
|
|
|
Connecting devices to the network |
|
Maintaining DNS Records |
|
Maintaining Hardware Records |
|
Making sure the data flows |
|
Contacting CITES about changes |
|
|
|
|
New hardware setup |
|
Assuring connectivity to necessary services |
|
NDO Contact # is 244-1600 |
|
|
|
|
DNS Changes à |
|
https://www-s1.cso.uiuc.edu/hostreg/ |
|
http://www.uiuc.edu/~hostmgr |
|
ARP tables give unused IP addresses |
|
IP address users must be identifiable (Security) |
|
|
|
|
MAC Addresses |
|
Serial numbers of equipment |
|
Repair records |
|
|
|
|
|
E-mail reports from switches, routers (see NASH) |
|
using the Iris software |
|
Internet Security Scans ISS |
|
Responsible use of bandwidth |
|
download programs from local sources (such as UI
Archive and E-Academy) |
|
set up web pages and FTP sites to serve pages
economically |
|
|
|
|
|
Contact CITES about personnel & equipment
changes |
|
Personnel changes |
|
Inform operations center (net-trouble@uiuc.edu)
about administrative changes |
|
Use Contact Manager to modify other personnel
changes http://opcenter.cso.uiuc.edu/ |
|
|
|
|
|
|
ITU http://www.itu.int |
|
ANSI http://web.ansi.org |
|
EIA http://www.eia.org |
|
IEEE http://www.ieee.org |
|
ISO http://www.iso.ch |
|
IETF http://www.ietf.org |
|
|
|
|
Cable Types |
|
Cable Categories & Color Codes |
|
CSMA / CD |
|
Types of Networks |
|
|
|
|
500 meter length limit |
|
Bus configuration |
|
First type of cabling used |
|
Very difficult to work with |
|
Easy to tap into |
|
Expensive |
|
No longer commonly used |
|
|
|
|
185 meter length limit |
|
Maximum of 30 stations |
|
Bus configuration |
|
Needs to be properly terminated and grounded |
|
An improvement in usability |
|
Fairly inexpensive for the time |
|
Easier to work with |
|
Easy to Tap into |
|
|
|
|
100 meter length limit |
|
Inexpensive |
|
10/100mbit speed capable |
|
Very easy to work with |
|
|
|
|
Used for backbone applications |
|
Very Expensive |
|
Difficult to repair |
|
Very difficult to tap |
|
Single vs. Multimode Fiber |
|
|
|
|
Supports up to 2000m for 10/100 networks |
|
Up to 550m for Gigabit |
|
Large core |
|
Main advantage over twisted pair is distance |
|
|
|
|
5000m and beyond both 10/100 and Gigabit |
|
Very expensive |
|
Small core ( less than 10 microns) |
|
Main advantage over twisted pair is distance |
|
|
|
|
ST - round, similar to BNC |
|
SC - square, push-in |
|
MTRJ - very new, similar to RJ-11 |
|
Often different connectors on either end |
|
|
|
|
Cat 3 Cabling – up to 10-16 Mb/sec |
|
Cat 5 Cabling – up to 100 Mb/sec |
|
Cat 5e Cabling – up to 100 Mb/sec |
|
Cat 6 Cabling – up to Gigabit, 250mhz |
|
Cat 7 Cabling – up to Gigabit, still conceptual,
600mhz |
|
|
|
|
|
|
UIUC Data-Jacks – two types |
|
Cat 3 - can be split for 2 data ports |
|
requires special patch cable (even if only used
for one data port) |
|
Cat 5 - only used for one data port |
|
|
|
|
Blue – voice RJ45 to RJ45 (straight through) |
|
Orange – data RJ45 to RJ45 (straight through) |
|
Purple – data RJ45 to RJ45 (crossover)
yellow originally |
|
Green – Cat3 R11 to RJ45 (crossover) |
|
RJ11 to RJ45 UIUC 10Base-T Cable are not color
coded, and are often Gray or Beige |
|
Yellow – Cat 6 cables (straight through) |
|
Red –
Cat 5 cable for T1 circuits |
|
|
|
|
|
|
|
Carrier Sense Multiple Access with Collision
Detection |
|
http://grouper.ieee.org/groups/802/3/ |
|
http://commeng.cso.uiuc.edu/~monnin/ethernet/ethernet.html |
|
http://map-ne.com/Ethernet/ |
|
http://standards.ieee.org/regauth/oui/ |
|
|
|
|
Bandwidth is shared by all users |
|
Susceptible to snooping or sniffing |
|
Entire network is a single Collision Domain |
|
Inefficient |
|
|
|
|
Connect 2 distinct segments of the network |
|
Transmits traffic between the 2 segments |
|
Initially, bridge learns about the network and
the routes |
|
Builds a table identifying segments to which the
device is connected |
|
Recommended maximum of 7 bridges between two
hosts in any single broadcast domain |
|
|
|
|
Internal table determines which segments the
data is forwarded to |
|
Maximum size of the network is extensible |
|
Rules for maximum wire length, attached device
count, or number of hubs get reset when a bridge is installed |
|
Not very common anymore |
|
|
|
|
|
User gets Dedicated Bandwidth |
|
Less likely to be sniffed |
|
More manageable for the NetAdmin (Iris) |
|
Can find and disconnect problem users |
|
Can set amount of bandwidth each user is
entitled to |
|
A switch “resets” the repeater count |
|
Everything downstream of switch is subject to
the 5-4-3 rule |
|
|
|
|
Routers work like a bridge, but pay attention to
the upper network layer protocols |
|
Data packets forwarded based on the layer 3
(e.g. IP or IPX) information, not the MAC address of the network adapter |
|
Can route traffic to different types of media |
|
Used on the UIUC campus to route data traffic
between different LANs |
|
|
|
|
|
Describes how many segments and hubs you can
have on a 10Mbps Ethernet collision domain |
|
Especially important with the advent of cheap
“mini-hubs” |
|
The NetAdmin should contact the NDO Designer for
approval of each hub added to the network |
|
Can cause problems that effect the ENTIRE
collision domain |
|
|
|
|
There can be at most: |
|
5 Segments between any two hosts |
|
4 Repeaters between any two hosts |
|
3 Populated segments |
|
2 Unpopulated segments if 3 are populated |
|
1 Collision domain |
|
|
|
|
|
|
|
|
|
|
ISO Seven Layers of Networking |
|
Domain Name/Hostname |
|
IP Address/Subnetting |
|
|
|
|
International Organization for Standardization
1974 |
|
Manageability and interoperability industry wide |
|
Guide for troubleshooting problems |
|
|
|
|
|
|
|
ISO Seven Layer Model | Mnemonic: |
|
7 -
Application
All |
|
6 -
Presentation
People |
|
5 -
Session
Seem |
|
4 -
Transport
To |
|
3 -
Network
Need |
|
2 -
Data-Link
Data |
|
1 -
Physical
Processing |
|
|
|
|
|
|
Controls transmission of raw bit stream over
transmission medium |
|
Standards define parameters such as amount of
signal voltage swing, voltage duration (bits), etc. |
|
Work is handled by the basic hardware, including
cabling and hubs which generate and propagate the electrical signal |
|
|
|
|
Responsible for reliability of the physical link
established at layer 1 |
|
Standards define how data frames are recognized
and provide necessary flow control and error handling at the frame level |
|
Work at this level is handled by switches, which
forward data packets based on the MAC address |
|
|
|
|
Responsible for establishing, maintaining, and
terminating network connections |
|
Among other functions, standards define how data
routing and relaying are handled |
|
This is the IP portion of TCP/IP |
|
Most of the work at this level is handled by
routers and “layer three” switches. |
|
|
|
|
Insulates upper layers (5-7) from having to deal
with the complexities of layers 1-3 |
|
Provides the functions necessary to guarantee a
reliable network link |
|
TCP and UDP reside on this layer |
|
Provides error checking |
|
Connection based vs. Connectionless |
|
|
|
|
|
|
Establishes and manages end-user connections |
|
Manages interaction between end systems |
|
Services include establishing communications as
full or half duplex, and grouping data |
|
|
|
|
Provides services directly to user applications |
|
|
|
|
Performs data transformations to provide a
common interface for user applications |
|
Transformations include reformatting, data
compression, and encryption |
|
The Application and Presentation layers provide
the means for Telnet, FTP, HTTP, UDP, TCP etc. |
|
|
|
|
Name of the domain to which the host belongs |
|
Usually in the form domain.uiuc.edu, |
|
Typically an abbreviation of Department name,
University Office, or College, listed in the Student Staff Directory in
boldface print |
|
I.e. www.history.uiuc.edu |
|
1 subnet usually will equal 1 domain |
|
|
|
|
Domain Name Server |
|
Is the IP address of a host that provides the
service of converting fully-qualified domain names into IP addresses |
|
You type www.cert.org into your browser, the DNS
server translates that into its IP space, or 192.88.209.14 |
|
|
|
|
Name assigned to the computer on which you are
installing software |
|
You may be asked for the hostname only (e.g.,
muncher), or the fully-qualified domain name (e.g., muncher.cso.uiuc.edu) |
|
DNS Changes à |
|
https://www-s1.cso.uiuc.edu/hostreg |
|
|
|
|
The full IP address of the device which you are
responsible for |
|
A 32 bit number separated into 4, 8-bit parts
(called octets) |
|
Dotted decimal notation |
|
(e.g. 123.123.123.123) |
|
Must be a unique number for each device on the
network |
|
|
|
|
IP address of the router that connects a
building network to the campus network |
|
For most building networks, the router address
ends with the number 1 |
|
(e.g. 128.174.18.1) |
|
|
|
|
Limited number of IP Addresses |
|
32-bit number applied to an IP address |
|
Allows the address to be divided into two parts:
the network, and the host part |
|
Often expressed in dotted decimal notation like
a regular IP address |
|
http://www.learntosubnet.com |
|
|
|
|
CITES site on Subnet Masks http://commeng.cso.uiuc.edu/nas/nash/uiucnet.info/netmask.html |
|
Cisco IP Addressing webpage http://www.ieng.com/cpress/cc/td/cpress/fund/primer/cb0708.htm |
|
Subnet Calculator http://www.agt.net/public/sparkman/netcalc.htm |
|
http://www.subnetonline.com |
|
|
|
|
Short for Address Resolution Protocol, it is
used to convert an IP address into a MAC address. A host wishing to obtain a physical address broadcasts an ARP
request onto the TCP/IP network. The host on the network that has the IP
address in the request then replies with its physical hardware address. |
|
There is
also RARP which can be used by a host to discover its IP address. In this
case, the host broadcasts its physical address and a RARP server replies
with the host's IP address. |
|
|
|
|
|
|
Network Address Translation |
|
Standard (RFC 1631) of the IETF – Internet
Engineering Task Force (http://www.ietf.org/) |
|
Allows hosts with private IP addresses to
communicate, and appear to the Internet as one IP address with many
ports. (Common feature of
Firewalls.) |
|
|
|
|
|
Reserved Private IP Address ranges |
|
Class A:
10.x.x.x |
|
Class B:
172.16.00 through 172.31.0.0 |
|
Class C:
192.168.0.0 through 192.168.255.0 |
|
Good to use for testing internal machines |
|
Not routable, do not use on external hosts |
|
|
|
|
|
|
Copyright |
|
Physical security |
|
Operating systems |
|
ISS |
|
Ethernet |
|
References |
|
Reporting problems |
|
|
|
|
Software Piracy - Using software for which you
don’t have a license |
|
File Sharing - Downloading and sharing files
like .mp3’s |
|
Warez – pirated software, including games and
applications |
|
|
|
|
Ph is the campus phone directory |
|
Ph alias=netid returnall is the best way to get
information about people on campus;
web ph directory is not secure due to malicious scripts |
|
|
|
|
|
|
Serial Number - keep records when sent for
repair |
|
MAC Address - can sometimes be used to trace a
stolen machine |
|
PAS - Property Accounting System |
|
|
|
|
Windows NT/2000 - lots of security holes, vital
to keep up with the most current patches and turn off all services that are
not needed |
|
Novell NetWare - fairly secure, keep up with
patches |
|
UNIX - keep up with your vendor’s patches |
|
Windows 9x - keep up with patches |
|
Linux – more secure but requires higher level of
technical skill to maintain and deploy |
|
|
|
|
http://www.microsoft.com/windows2000/techinfo/howitworks/management/w2kservices.asp |
|
Common services that you may not need –Alerter,
Distributed Link Tracking, Distributed Transaction Coordinator, Fax
Service, Indexing Service, Internet Connection Sharing, Messenger,
NetMeeting Remote Desktop Sharing, QoS RSVP, Remote Access Auto Connection
Manager, Remote Access Connection Manager, Remote Registry Service, Routing
and Remote Access, Smart Card, Smart Card Helper, UPS, Telnet. |
|
|
|
|
Internet Security Scan |
|
A commercial product licensed by UIUC to scan
network-based systems for possible security problems |
|
https://www-s2.cso.uiuc.edu/iss/iss.cgi |
|
|
|
|
Nmap for Linux/Unix |
|
A shareware program for scanning hosts, it has
options to find both open ports and attempts to discovery the OS |
|
http://www.insecure.org |
|
NetBrute for Windows available at
http://www.rawlogic.com/products.html |
|
|
|
|
Hubs (repeaters) – can be sniffed or snooped
fairly easily with shareware or freeware |
|
Switches – a more secure environment |
|
|
|
|
Operating System newsgroups, listserv’s, vendor
web sites |
|
CERT à http://www.cert.org |
|
CIAC à http://ciac.llnl.gov |
|
Bugtraq à http://www.securityfocus.com |
|
BISS à http://www.beckman.uiuc.edu/biss/security |
|
|
|
|
security@uiuc.edu |
|
Call 265-0000 |
|
Imperative that you include complete
information, i.e. log files and all email headers |
|
|
|
|
Netstat – netstat is a program built into both
Windows and Unix distributions. The
most common use of netstat is with the –a switch which shows the entire
port list. |
|
The version of netstat that ships with MS XP
shows which application the specified processes are running on. |
|
Useful for finding rouge applications |
|
|
|
|
Arpwatch maintains a database of Ethernet MAC
addresses seen on the network, with their associated IP pairs. Alerts the
system administrator via e-mail if any change happens, such as new
station/activity, flip-flops, changed and re-used old addresses. |
|
Lets you know when ip addresses on your net are
taken/used |
|
|
|
|
Uses interactive or noninteractive (command
line) modes. If noninteractive mode is used, nslookup is just invoked with
its name on the command line and no computer name to lookup is specified. |
|
nslookup [-options] computername [-DNSserver] |
|
Nslookup www.yahoo.com argus |
|
|
|
|
|
|
Tracert allows path determination from one
computer to another. It will list the IP addresses of the machines the data
must hop through. Example usage: |
|
tracert IPaddress or traceroute IPaddress |
|
Traceroute in Unix/Linux does the same thing |
|
Very useful in troubleshooting problems |
|
|
|
|
IP configuration is determined with the
following programs on the listed operating systems. It reports IP address,
subnet mask, default gateway |
|
Ifconfig for Linux/Unix |
|
Ipconfig for NT/2000/XP |
|
Winipcfg for Windows 95/98 |
|
|
|
|
|
|
Most commonly used options are /all, /renew, and
/release |
|
/all shows config information from local host |
|
/release – releases DHCP IP Bindings |
|
/renew – attempts to get an IP address from the
DHCP server |
|
|
|
|
ping uses timed IP/ICMP ECHO_REQUEST and
ECHO_REPLY packets to probe the "distance" to the target machine. |
|
Most basic way to verify that a particular host
is alive on the network |
|
Notes