SmoothWall Basic TCP/IP Networking

Guide
Edited by: Guy C. Reynolds

SmoothWall Basic TCP/IP Networking Guide 2nd Edition

Rights & Disclaimers

Page 2

Rights & Disclaimers

SmoothWall is a trademark of Richard Morrell and Lawrence Manning
SmoothWall is published under the GNU General Public Licence for more information please visit our
website at http://www.smoothwall.org.
Copyright 2001. This work is copyrighted by SmoothWall. You may copy it in whole or in part as long as
the copies retain this copyright statement.
The information contained within this document may change from one version to the next.
All programs and details contained within this document have been created to the best of our knowledge and
tested carefully. However, errors cannot be completely ruled out. Therefore SmoothWall does not express
any guarantees for errors within this document or consequent damage arising from the availability,
performance or use of this material.
The use of names in general use, names of firms, trade names etc. in this document, even without special
notation, does not imply that such names can be considered as free in terms of trademark legislation and
that they can be used by anyone.
All trade names are used without a guarantee of free usage and might be registered trademarks. As a
general rule, SmoothWall adheres to the notation of the manufacturer. Other products mentioned here could
be trademarks of the respective manufacturer.
2nd Edition September 2001
Editor

Guy C. Reynolds

SmoothWall Basic TCP/IP Networking Guide 2nd Edition

SmoothWall Basic TCP/IP Networking

Guide
Contents
Rights & Disclaimers ...................................................................................................... 2
Contents......................................................................................................................... 3
Introduction ................................................................................................................. 4
Networking principles ..................................................................................................... 5
What is a network?...................................................................................................... 5
Hardware..................................................................................................................... 5
Protocol....................................................................................................................... 5
IP networking.................................................................................................................. 6
What are IP and TCP/IP? ............................................................................................ 6
IP addresses and notation........................................................................................... 6
Connecting IP networks............................................................................................... 7
Network addresses...................................................................................................... 8
Bridges, gateways, routers, and firewalls..................................................................... 8
Example IP networks..................................................................................................10
Translation of real names to IP addresses hosts and DNS ......................................12
Dynamic and static addressing...................................................................................13
Network address translation. ......................................................................................14
Ports...........................................................................................................................14
Basic network troubleshooting .......................................................................................16
Checking a network connection - ping and traceroute ................................................16
Checking a service - telnet .........................................................................................18
Further Reading.............................................................................................................20
The Linux Network Administrators Guide, ..............................................................20
A variety of books published by OReilly,.................................................................20
The Internet FAQ Consortium, ................................................................................20

SmoothWall Basic TCP/IP Networking Guide 2nd Edition

Introduction
Page 4

Introduction
This document is designed to introduce non-expert users (particularly those with little or
no previous networking experience) to some of the terminology and principles that it is
useful to understand when itcomes to dealing with not just a private network of
computers, but also the larger interconnected series of networks that comprise the
Internet.
Topics that will be discussed in some detail are listed below - the information included in
this document should be sufficient to enable secure configuration of a SmoothWall
system, and hence ensure that the private network that is subsequently connected to the
Internet remains just that - private and secure. If you already know the principles of
networking and how to configure an IP-based network you will find much of the following
information redundant.

SmoothWall Basic TCP/IP Networking Guide 2nd Edition

Networking Principles
Page 5

Networking principles
To best discuss networking, and TCP/IP networking in particular, it is perhaps best to
take a step back from the details and to briefly consider what a network is, and how it all
works, which is the intent of this first section.

What is a network?
The answer to that is most easily described (in the context of a network of personal
computers) by stating that a computer network is a number of interconnected computer
systems, each able to communicate with one another, and to move and share data
between individual systems, often known as nodes.
In order to be able to communicate between different, independent computer systems,
there has to be an underlying common mechanism in place so that each system can
both talk and listen to other systems. This mechanism can be viewed as a number of
parts:

Hardware
The system (for the remainder of this document it is assumed, unless stated otherwise,
that the system in question will be a PC) has to be able to communicate with the rest of
network. This can be by means of a piece of cable, infrared or radio waves, or by some
other format that is suited to the rest of the network. So that this becomes possible the
PC has to be able to communicate at a very basic level with the hardware that provides
the interface to the network - this is normally by means of a piece of software called a
driver which provides the necessary code to permit communication.

Protocol
Once a PC has been attached to the network it is necessary to have some form of
common method of communication, or disparate nodes will be unable to understand the
communications passing between them on the network. As an analogy, if you happen to
be fluent in English, French, and German, but end up in the middle of China, your
language skills will not be of much use to you unless you can also find an interpreter who
speaks a common language to yourself.
There are a number of protocols that have been, and still are, used in computer network
systems, but we shall only concentrate on IP in this document. Note that the principles of
networking still apply in most cases - only the specifics actually change with the network.
Once a driver has been installed (so that the PC can communicate with the network
interface) a protocol is loaded to allow pieces of data (known as packets) to be sent and
received across the network to and from other systems. In this case the protocol is IP,
and normally TCP/IP.

SmoothWall Basic TCP/IP Networking Guide 2nd Edition

IP Networking
Page 6

IP networking
What are IP and TCP/IP?
IP (Internet Protocol) is the standard (or protocol) by which independent remote nodes
communicate with each other across the Internet - it is the foundation upon which the
entire Internet is built, and without it there would be no Internet as we know it today. IP is
in effect a common language by which networked computers can communicate with
one another.
There are, of course, other network protocols that have been specifically designed for a
number of other purposes, but these are typically found only in closed private networks
that do not communicate with other external systems, and as such, are not relevant to
this discussion and so will not be covered. Although in general the same basic principles
of networking are adhered to in these types of networks, not everything will be the same
for non-IP based networks.
There are two additional standard protocols that control exactly how the data traversing
networks using the IP protocol is sent and received - these are known as UDP (User
Datagram Protocol) and TCP (Transmission Control Protocol), but there is no
requirement to know the specific details of either. As might be guessed from the name,
TCP offers a more control over the sending and receiving of data than UDP does
because it has some means of error checking built in to the specifications of the protocol
itself. A network that is using the TCP protocol to control the flow of data over an
underlying IP protocol is referred to as a TCP/IP network.

IP addresses and notation

The first thing to be aware of is how IP-enabled machines are labelled. Every individual
system reachable on the Internet has a unique reference by which it can be addressed.
These references are numerical in nature, although there are systems designed to
enable a more human-readable form to be used, which are then subsequently translated
to the computer-friendly numeric format. Systems of this sort will be discussed briefly
later in section Example IP networks. Each Internet-visible system has what is referred
to as an IP address, which is also referred to as a dotted quad. The reason for this
nomenclature becomes obvious when the numerical format of the address is examined each IP address consists of a set of four numbers, each separated by a dot or full-stop for example - 111.22.33.44. Each of the individual numbers ranges from 0 to 255, which
allows potentially 4,294,967,296 unique addresses to exist.
However, some of these addresses are reserved for use in specific ways that relate to
how the networking protocol itself actually works, and consequently are not available for
use. Suffice it to say that there are still a large number of addresses available for use or
IP networking would not be especially useful.
In order that no two systems choose to use the same address a central database is
maintained, and allocation of addresses for use by individual systems is controlled from
this. Your ISP will have been allocated a series of addresses to use, a subset of which
are passed onto you in turn. The ISP handles the secondary allocation to you of some of
its own allocation of addresses (known as address space), and you then choose which
of your systems will be given each of these allocated addresses. Provided that no

SmoothWall Basic TCP/IP Networking Guide 2nd Edition

IP Networking
Page 7

duplication occurs each of your systems will then have a unique address by which it can
be identified.
As mentioned above, there are a number of addresses, or ranges of numbers, that have
been reserved for specific purposes. One of these very purposes is to allow private
networks to use the IP networking system, as it is considered reliable and has a number
of features that make it a useful protocol to implement. The least of these is perhaps the
relative ease that private IP-based networks can be subsequently connected to other IPbased networks such as the Internet. Hence there are certain ranges of addresses that
should only be used as part of a private network. These are listed below, with a brief
description.
10.X.Y.Z

where X, Y and Z is each in the range 0-255. This is the Class A

private network range. Use this sort of address if you have a
private network of upwards of 1.6 million systems to address.

172.16.X.Y to where X and Y is each in the range 0-255. This is the series of
Class B private 172.31.X.Y network ranges, which each allow over
65,000 different addresses to be assigned.
192.168.X.Y where X and Y is each in the range 0-255. These are a range of
256 (0-255, as determined by the value of X) Class C private
network addresses, which each allow over 250 different
addresses.
For smaller private networks it is conventional to use addresses in the 192.168.X.Y
ranges, and unless there is a need to service larger networks this is a sensible
convention to adhere to.
Now that there exists a means of allocating individual IP addresses to systems on your
private network all that remains to do is to begin the process of giving your systems
unique addresses.
There are some features of the standard IP protocol that mean that an IP-based network
cannot use the entire range of the address space. There are a variety of methods that
can be used to either sub-divide IP networks into smaller, more manageable, chunks, or
to combine a number of smaller networks that use different addresses into a larger,
extended network. These methods take up a small number of addresses in their
implementation - the price to be paid for using a very flexible networking protocol.
It is perhaps easiest to understand some of the terms used by means of examples, and
a variety of sample network layouts including these details are discussed in section
Example IP networks below.

Connecting IP networks
In order that a number of networks can be connected together to allow data to pass from
one to another there needs to be a means to allow the connection of networks with
different addresses. The way this is achieved is to use a system known as a gateway,
which is simply the term for the point of connection between different networks.
By means of devices known as routers, data sent from one network for a system within
another network can be seamlessly passed from one network to another. Each router
contains a series of rules that relate to the addresses of known networked systems, and
each piece (or packet) of data that passes through them is checked against this ruleset

SmoothWall Basic TCP/IP Networking Guide 2nd Edition

IP Networking
Page 8

and sent, or routed, appropriately. A gateway and a router perform similar functions, with
a router usually having a more complex set of rules to contend with.
Each router or gateway is configured with a set of rules that determine where network
data, or traffic, is to be sent. Note that it is not necessary for each individual router or
gateway to know about the existence of every other network in the world, but rather just
the local ones that it manages network traffic for. Instead, upstream of the router there
will be a system that has been designated in the routers ruleset as possessing more
information about remote networks. The initial route that is taken for any traffic
designated for an unknown remote network destination is for it to be passed upstream to
the next router. In turn, this upstream router will have information about where to forward
the packet of data, whether that is to a known network local to itself, or to pass it on
again to its upstream router. Since each and every packet of IP traffic contains
information about where it originated from, and where it is being sent to, in addition to
the message data itself, packets can easily be routed across a number of different
networks to reach their final destination. In addition, using the TCP protocol means that
packets need not necessarily be received in the same order that they were sent, so if a
problem in routing the network traffic occurs, an alternative route can be used instead
and the data reassembled at the final destination into the correct order of transmission.
It is evident that such a network system is not only robust and very able to deal with any
failures or other issues on a temporary basis, yet still allows a great degree of flexibility.
These are features that have made IP networks the primary choice for most

Network addresses
In order that a network can be found it is assigned what is called the network address. It
is fairly common practise for the gateway into a network to be the next highest numerical
IP address from the network address, but this is by no means necessary. Beyond that,
the highest numerical IP address is reserved for the broadcast address of the network,
and everything else in between is left up to you to assign to your individual systems.
Most network administrators, particularly those in charge of large networks, have a set of
rules by which they assign IP addresses, and perhaps the most common of these is to
reserve a number of addresses at the lower end of the range for use by servers, and for
workstations to use the higher end of the address range, although this is merely
convention.
There is a process known as subnetting a network that allows you to split a range of
addresses into a series of sub-networks for a variety of reasons. In order to do this, there
is a mechanism that prevents traffic from one sub-network from reaching another, unless
it passes through a specific router or gateway, and this is called the network mask, or
netmask. If you have a reason for subnetting your network then you should already know
about netmasks and how they operate, and since a discussion of such is beyond the
intended scope of this document, readers who are interested in pursuing this further
should consult the list of further reading at the end of this document.

Bridges, gateways, routers, and firewalls.

It is important to note that an IP address does not necessarily refer to a single node, but
rather to a network interface that is present on such a system. In this way it is possible to
have multiple IP addresses that exist on a single computer system in its entirety, but
each individual IP address relates to individual interfaces as parts of that system.

SmoothWall Basic TCP/IP Networking Guide 2nd Edition

IP Networking
Page 9

Therefore, it is possible to allocate a different IP address to each of two network cards

that are part of the same PC, or to have a third IP address allocated to a dial-up modem
or ISDN interface that is also connected to the same system. In such a configuration,
each network interface could have an address that is part of a different network, and as
such, the PC would be connected to three networks.
A system that has multiple different addresses and sits between multiple different
networks can be described in a number of ways, depending on precisely what function it
performs. If the sole purpose is to connect two different networks together, and to allow
systems on one network to communicate with those on the other network, the dualinterfaced system is acting as what is known as a bridge as it spans the gap between
two different networks or network segments. In effect, a bridge is just a dumb router with
a single rule - allow traffic from network A to reach network B, and vice versa - it simply
routes traffic from one area of the network to another without analysing any of the traffic
that passes through it.
A more complicated set of rules will turn this same system from being a simple bridge
between two networks into a router or gateway system instead. A router contains
information about where to redirect network traffic by analysing the structure of the
individual data packets, noting their destination, and forwarding them to the relevant
location according to the configuration of the currently installed ruleset. There is little real
difference between a gateway and a router beyond than the fact that a gateway is
normally used to provide the sole point of egress (or route) from one network to another,
and a router can potentially control more than one route between different networks.
Similarly, by investigating the data packets passing from the network through a gateway
or router, it is possible to restrict and control certain types of network traffic, or to re-route
certain types of traffic to a alternative location on the network. Studying the network data
and applying a set of rules that determine the fate of each packet is the realm of a
firewall.
The most concise definition of a firewall (in a networking sense) is a system that is used
to control network traffic. A firewall will monitor each network packet that passes through
it and, depending on the ruleset that has been configured will apply a series of rules to
that packet. Being able to block, redirect, or otherwise restrict certain types of network
traffic from reaching a network is the first stage in securing and protecting that network. It
is possible to picture a firewall as a security guard that inspects each visitor to a building
to determine if they have authority to be let in or not.
Normally a network firewall is used as a filter - by reading information from the packets of
data it is possible to determine where the data comes from, where it is being sent, and
what service is being requested. Any or all of this information can be used to control the
types of network traffic that you wish to allow into your private network. The firewall can
be configured to accept each individual packet, return it to the originating address, or
simply eradicate it completely, and it can operate as a filter on both sides of the system,
blocking incoming as well as outbound traffic.
There are two schools of thought on firewall implementation - the first is to accept
everything, and then block that which is undesired, and the second to deny everything,
and then accept that which is desired. While the first can afford your network some
protection, there is always the chance that something you were not previously aware of
can inadvertently get into your network. Taking the second stance means that unless
you expressly allow that type of traffic the only traffic coming in to the network will be of a
type that you are already aware of, which greatly reduces the risk of a security incident.

SmoothWall Basic TCP/IP Networking Guide 2nd Edition

IP Networking
Page 10

The vast majority of firewalls, SmoothWall included, are of the second school of design.
These two types of firewall design are like the security guard that either allows you
access to the guarded building unless you are on a list of undesirables, or prevents you
from entering unless you are already on a list of acceptable people. It is obvious to see
that the second school of design is inherently more secure.

Example IP networks
To illustrate and clarify the points discussed above it is perhaps useful to discuss a small
number of example networks. To begin with we shall look at a very simple network, and
then move towards slightly more complex situations.
The first example shows a simple closed network of four PCs using one of the private
ranges of IP address the 192.168.1.X network. Each PC has a unique name and IP
address, and since all addresses are within the same network address range each PC is
visible across the network from each other.
In this environment, with no gateway machine, the network address would be
192.168.1.0, and the broadcast address 192.168.1.255. The basic netmask would be
255.255.255.0.

Figure 1: A simple private TCP/IP network system

The hosts table for each PC on this network would look something like this:
Fred
Barney
Wilma
Betty

192.168.1.10
192.168.1.20
192.168.1.30
192.168.1.40

Extending the complexity of this network environment a little, by adding a bridge with two
IP addresses, it becomes possible to join this network to a second private network that
uses a different range of IP addresses in this case, the 192.168.2.X network range.
Hence the details of the two networks are as follows:
Network Address
Broadcast Address
Gateway Address
Netmask

Network A(192.168.1.X)
192.168.1.0
192.168.1.255
192.168.1.1
255.255.255.0

Network B (192.168.2.X)
192.168.2.0
192.168.2.255
192.168.2.1
255.255.255.0

SmoothWall Basic TCP/IP Networking Guide 2nd Edition

IP Networking
Page 11

The hosts file on each system would look something like this:
Bedrock
Fred
Barney
Wilma
Betty
Looney
Bugs
Daffy
Elmer
Porky

192.168.1.1
192.168.1.10
192.168.1.20
192.168.1.30
192.168.1.40
192.168.2.1
192.168.2.10
192.168.2.20
192.168.2.30
192.168.2.40

Figuur 2: Connecting two private TCP/IP networks through a bridge.

The third example network involves the connection of a private network to the Internet
through a gateway system, using an IP address on the Internet-facing side of the
gateway that has been supplied by an ISP.

SmoothWall Basic TCP/IP Networking Guide 2nd Edition

IP Networking
Page 12

Figuur 3: Connecting a private TCP/IP network to the Internet

In this case the network details will be as follows a network address of 192.168.1.0, a
broadcast address of 192.168.1.255, a netmask of 255.255.255.0, and a gateway
address of 192.168.1.1. The gateway will be configured to pass data packets from the
192.168.1.0 network to the network relating to the address allocated by the ISP.
In this example, the gateway system could be a router, a simple gateway, or a firewall,
but the most likely case is a system that is part of each a firewalled gateway system
that protects the private network behind it from the Internet outside.
The hosts table for this network would be similar to that of the first example, with the
addition of the following two entries:
Bedrock-int
Bedrock-ext

192.168.1.1
ISP assigned address

Translation of real names to IP addresses hosts and DNS

For a computer system the natural language to communicate in is numerical, and this is
why the series of addresses available for IP-based networks are based on the dotted
quad format - each part of the quad is a number that can be expressed as an eight digit
binary number. However, the human brain is far better at recalling names than numbers,
and so a human-friendly means of referring to networked systems exists. As an analogy,
it is possible that you could give out your address as a map grid reference rather than as
a house number and streetname, but it would then be more difficult to find your house.
Since the postal service does not usually operate on grid references, your grid reference
would need to be translated back to a house and streetname before any mail could be
delivered.
A translation of human-friendly (and hopefully more memorable) names to the
appropriate numerical IP addresses can be achieved by means of a file that simply
contains nothing more than a list of names and their IP addresses. This file is known as
the hosts file as each networked system can be referred to as a host, since it hosts a
variety of network services that you may which to use.
The structure of this hosts file is very simple - the IP address of the system, followed by
a space (or series of spaces), and then the name of the system. More space(s) and any
other name (or alias) which refers to the system may also follow this, but this is not

SmoothWall Basic TCP/IP Networking Guide 2nd Edition

IP Networking
Page 13

necessary. The hosts file is stored in a specific location on each PC so that the system
can refer to it when it becomes necessary to translate a name to its numeric address.
On a PC running Microsoft Windows 95/8 the file is simply called hosts and can be found
in the Windows directory, normally found at C:\Windows. On Windows NT or 2000, the
hosts file can instead be found in C:\WinNT\System32\drivers\etc directory (or the
equivalent, if you have Windows installed in a different location). On a Unix-based
system the file can be found at /etc/hosts, and on a Macintosh system the hosts file can
normally be found in System Folder/Preferences.
So that any new systems on the network can be found by each of the existing nodes the
hosts file on each computer has to remain identical and in sync with each other. As the
size and complexity of the network grows, maintaining a hosts file for each and every
system on the network becomes a time-consuming and increasingly error-prone task.
Fortunately, though, there is a way around this. By maintaining a single central file that
all other systems can refer to, any new additions to the network can be accounted for in
a single place and you can be assured that any changes or updates to this file will then
be available across the network so that each node becomes aware of the most current
and up to date network configuration. In order to centralise all the information about your
network you will need to operate a DNS (domain name service) server, which serves the
purpose of an address book for the network. Again, the scope of this document is not
intended to cover the setup and maintenance of a DNS system, but interested readers
should look at the section on Further Reading at the end of this document.
A DNS server is considered to be the definitive (and authoritative) source of knowledge
for the network that it contains information about. When a host system on the network
wishes to find another nodes IP address so that it can send data to it, it will issue a DNS
query to the local DNS server. The DNS server then looks up the information and returns
the IP address in question to the original host, which can then use this information to
connect to the relevant service on the network. When asked by a host system for
information about systems on other networks that the DNS server has no definitive
source for, the DNS server itself will request this information from a more knowledgeable
source that resides upstream from it. This occurs in a similar fashion to routers that
forward network packets for remote systems to other upstream routers that are external
to the local network to handle. As such, a hierarchical tree-like structure is built up, with
individual servers not always having the necessary information immediately to hand, but
knowing where to ask to find out.

Dynamic and static addressing

There is another means of allocating addresses to networked systems, which ties in well
with DNS. This method is called DHCP, and is a protocol that allows a machine that has
currently got no IP address assigned to request to borrow (or lease) an IP address from
a central system (the DHCP server). The DHCP server maintains a set of IP addresses
for this purpose a short-term loan - analogous to a lending library loaning out books.
As with the library, it is necessary to record what has been borrowed, and by which PC,
but also to reclaim unused loans. There is nothing to stop a machine from receiving a
different address each time it requests one - depending on the size of the pool of
available addresses the chances of getting the same address can vary greatly.
So that a machine can be used and referred to by a human-friendly name, a DHCP
server has strong ties to the DNS service. Each system on a network has a unique
name, allocated to it upon setting up the network, and the DHCP server records both the

SmoothWall Basic TCP/IP Networking Guide 2nd Edition

IP Networking
Page 14

unique name and the address that has been leased in a similar manner to that which a
DNS server allocates addresses. Note that the addresses recorded by a DNS system do
not change without manual intervention and are commonly referred to as static IP
addresses, but those allocated by a DHCP server can easily be different from one hour
to the next, depending on the length of time that the lease is valid for, and hence are
referred to as dynamic IP addresses.

Network address translation.

As has been noted above, a system can have more than one IP network address, with
each address being associated (or bound) to a specific network interface. Internal private
networks are normally given addresses in the ranges specially reserved for these
purposes. However, these addresses are not reachable from systems outside the private
network with real IP addresses, since all intervening routers and gateways are preprogrammed to know that addresses in the private network ranges do not really exist
and hence are not valid for use as external systems.
In order that systems on a private network that use addresses in the reserved ranges
can access systems beyond the network gateway some means of passing data back to
the internal address must be implemented. The means by which this is achieved is a
process called network address translation, or NAT. NAT allows packets originally from a
system on the inside of the network that pass through the gateway to the outside world
to be re-written by the gateway such that they appear to originate from the gateway
systems externally-facing (and real) address instead. When the requested data returns
to the gateway machine the packets are re-written once again with the correct
information so that the originating internal machine receives the data as if it had passed
between the two systems directly.
This seamless translation also adds an additional layer of protection to your private
network, as there is no way from the outside to reach any systems behind the NAT
gateway. Anybody who attempts to determine the addresses of systems in your network
will only come up with the address of the gateway system as the originating IP address,
and if that system has a series of firewalling rules in place there is little that can be
actually attacked.

Ports
Data is passed from the originating system to the destination system by the most
appropriate route, depending on the IP address that is contained within the structure of
the packet itself. However, once the packet has arrived at the correct destination, how is
the data contained within that packet transmitted to the correct application running on the
destination system? The answer to this lies in the use of something known as ports.
Each network application or service has its own port that it uses for communication. If
the IP address can be thought of as the postal address of a block of flats, the port is the
correct front door to use for deliveries for a specific flat within that block.
When a network service starts up on a server it attaches (or binds) itself to a specific port
and then listens out on the network for any incoming requests for that particular
service. Ports number from 0 to 65535, with the first 1024 (0-1023) being reserved (or
restricted) for use by particular services. Ports with a number above 1023 are termed
unrestricted (or unprivileged) ports.

SmoothWall Basic TCP/IP Networking Guide 2nd Edition

IP Networking
Page 15

In the same way that IP network packets contain information about the source and
destination IP address, they also contain information about the source and destination
port. The source (or local) port is frequently just an unused unprivileged port on the
system that the packet originated from - an unprivileged port is used to ensure that there
are no conflicts with any services that may be running on this system. The destination
port is the port that the data is aiming for when it connects to the relevant service on the
destination system.
When the remote system receives the data packet it confirms receipt by simply swapping
the source and destination IP address and port numbers, so that the destination port of
this new packet is the same as the local port on the initial originating system.
In the event that several simultaneous connections to the same service are initiated by
the same local system, the differences in the local source port numbers enables the
correct data to be passed back from the destination service. The reversal of port
numbers ensures that the combination of both source and destination ports remains
uniquely identifiable.
Since a specific service runs on a known port it therefore become possible to connect a
dummy port forwarding service to a given port, and then redirect the traffic that is sent
to that address and port combination to an alternative address/port combination. It is
also possible to run an alternative service and then redirect network traffic as appropriate
- such a system is known either as a proxy or port forwarder, depending on exactly what
happens to the traffic. By seamlessly redirecting traffic from one address/port to
another it is possible to not only centralise services, but also to provide additional
security.

SmoothWall Basic TCP/IP Networking Guide 2nd Edition

Basic network troubleshooting

Page 16

Basic network troubleshooting

One of the difficulties with a complex arrangement of many different systems such as a
typical computer network is actually finding the root cause of any problems that may
occur - there are simply so many variables that could potentially go wrong. Experienced
network administrators will recount tales of the strangest of problematic occurrences, but
these are rare enough that they are unlikely to ever be an issue.
The newcomer to networking, though, may well be overwhelmed with the number of
places where things can go wrong, so this is a brief guide to detecting the location of
most common problems, and to hopefully offer advice on how to fix them.
Unless otherwise specified, all the basic network analysis tools that are used for
diagnosis of a problem are run from a command line. Although there are graphical
interfaces to most of these, these graphical tools are not always available whereas the
command line tools will be present in the vast majority of cases.
To reach a command line from a Windows machine, call up an MS-DOS prompt from the
Start menu, by selecting the Run... menu option and entering command into the prompt.
This will start a text-based console that can be used to enter commands into. Simply
type the relevant command and press the Enter key. When you have finished with the
console window just type exit to quit the console application. This procedure will work on
Windows 95, NT4 or later. On a Unix-based system simply use the regular console or
xterm as normal. For other systems access the command prompt in the normal fashion.

Checking a network connection - ping and traceroute

If a machine appears to be unavailable or is not responding to requests that are made
over the network, there are a number of common faults.
The most common problem is a typing error, so check that you are using the correct
name for the remote machine and try again. If this fails, try using the numeric IP address
f the system rather than the human-friendly name, as you may be experiencing a
problem with resolving the name, rather than the remote system actually having a
network problem. If using the IP address rather then the name works, the conclusion that
is drawn is that the error lies within the resolution of the name - this could be a problem
with either a DNS server, or your hosts files.
If the correct IP address fails to respond, then it is possible that the network connection
on the remote machine has failed for some reason. The easiest way to determine if there
is network connectivity is to ping the machine. The ping command sends a series of data
packets to the address that you are trying to reach. If the destination is valid, and the
connection is live and working, you will get a response back that includes the time taken
for the packet to travel the round trip.
The command syntax to use is ping <destination address>, where <destination address>
is the name or IP address of the remote system.
On a Windows system this command generates four sequential packets, but on a Unixbased system the ping command continues generating packets until stopped by pressing
Ctrl-C. In a circumstance where you have a degree of delay across a network, or are
experiencing other network problems, four ping packets may not be sufficient to detect
the true status of the network connection. In this case use the ping command with the -t

SmoothWall Basic TCP/IP Networking Guide 2nd Edition

Basic network troubleshooting

Page 17

command switch - ping -t <destination address> - this will generate ping packets until
stopped by pressing Ctrl-C.

Figure 4: A successful ping command

If the network connection of the destination system is operating successfully you will get
a series of packets sent back, but if you get an error message then you have determined
that there is a genuine fault with the network.

Figure 5: An unsuccessful ping command

If the connection is dead the next thing to do is to find the cause of the problem and fix it.
The next tool to use in this investigation is traceroute - a tool that maps out the path
taken from the local PC to the remote system.
On a Windows 95/98 PC the command to use is tracert <destination address>; on
Windows NT/2000 and on Unix-based systems the command syntax is traceroute
<destination address>.
This command will illustrate the route taken as a series of hops from one network system
to another in an attempt to reach the requested destination. Note that if you have
difficulties with name resolution you may wish to use the numeric IP addresses rather
than resolving the names. In this case use the -n command line switch on a Unix system,

SmoothWall Basic TCP/IP Networking Guide 2nd Edition

Basic network troubleshooting

Page 18

or -d on a Windows system tracert d <destination address> or traceroute n

<destination address>.
The output of the traceroute command will show you where any delays or failures on the
path across the network are occurring, which gives you a better chance to locate the
source of the problem.
If a live network connection is not detectable, and the output of the traceroute command
reveals that the problem lies within your range of network addresses the chances are
that there is something you can do about it. If the problem lies beyond your network
there is not a great deal that you can do beyond trying again at a later stage
fluctuations in network services do occur, but are normally temporary in nature.

Figure 6: the traceroute command

A good next step is to try these same tests from a different network location in case the
problem is localised to a single section of the network.
The most common problem to encounter is a physical one - a cable with a loose end
may have dropped out of a network card or hub, a cable may have been stepped on or
constricted in some way that prevents the flow of data, or a network card or connector
may have pulled loose from a laptop computer. All of these problems, while often time
consuming to track down the precise location, are straightforward to fix.
More esoteric problems occur with decreasing frequency - experience suggests that the
vast majority of networking problems occurring in a small to medium network result from
a cable or network card failure. Keeping a spare network card available that has been
previously tested, and known to be good, to swap for a suspect card is a good practice
to get into the habit of. If you can standardise on the type of network cards used across
your network then you will be able to swap out a suspect card with great ease, as the
necessary network card drivers will already be in place.

Checking a service - telnet

If the network itself appears to be fine because you can ping or traceroute to the suspect
machine, but the service in question is proving problematical, the most likely causes are
a mis-configuration problem on either the server or client systems. You can check if a
service is running on a given port by using telnet.

SmoothWall Basic TCP/IP Networking Guide 2nd Edition

Basic network troubleshooting

Page 19

The command telnet <destination address> <port> will attempt to connect to the service
on the specified port. If you obtain a response of some form the chances are the service
is running successfully, but if not, the problem is likely to lie on the server itself.
These suggestions and guidelines above should assist in troubleshooting the majority of
networking problems. If in doubt, especially on Windows systems where the networking
code is known to be occasionally quite unstable, there are few additional problems to be
caused in rebooting the system. Be sure to try and shut down the system cleanly first,
rather than just pressing the reset switch, but 4 times out of 5 if there is an obscure
networking problem a reboot will miraculously fix it.

Figure 7 Failing to connect to a service with telnet.

SmoothWall Basic TCP/IP Networking Guide 2nd Edition

Further Reading
Page 20

Further Reading
As the scope of this document is to prove both a basic understanding into the area of
TCP/IP networking and some advice on troubleshooting such a network when problems
occur, there is much in the way of advanced topics that have not been covered. For
those readers who wish to discover more about the subjects of networking and network
services, the following list will provide some useful starting points.

The Linux Network Administrators Guide,

available at http://www.linuxdoc.org/guide.html
A good, somewhat in-depth, guide to a variety of networking and network services
running on a Linux system. The information on TCP/IP networking is worthwhile reading,
even if you are not actually using Linux.

A variety of books published by OReilly,

found at http://www.ora.com/
OReilly guides are among the best there are, with detailed and readable explanations of
the subject matter.
TCP/IP Network Administration, 2nd Edition. Craig Hunt, ISBN 1-56592-322-7
Windows NT TCP/IP Network Administration. Craig Hunt, Robert Bruce Thompson,
ISBN 1-56592-377-4
Networking Personal Computers with TCP/IP. Craig Hunt, ISBN 1-56592-123-2

The Internet FAQ Consortium,

at http://www.faqs.org/ contains a variety of FAQs, the RFC documents that detail all the
protocols and services found on the Internet, and a lot more besides.

Finally
Searching the web with a search engine such as Google, found at
http://www.google.com/ will turn up a lot of information one thing the web has plenty of
is information about the way the Internet works.

SmoothWall Basic TCP/IP Networking Guide 2nd Edition