1

2
Because network troubleshooting is an integral part of a ResNet technician’s job, it is
important to have a basic understanding of network concepts. What follows is a condensed
version of a basic networking course. I don’t expect everyone to memorize every fact I
present here, but I do want everyone to have at least seen the material. Full-time staff, as
well as many senior techs, have an advanced network understanding, so always feel free to
ask them questions if you’d like a more in-depth knowledge of networking.

The OSI Model of networking is a 7-layer theoretical model for anyone developing a network
infrastructure from the ground up. Contrasted with the OSI Model is the TCP/IP Model,
which has 4 layers. The TCP/IP model will be the basis for this module. We will discuss the
layers in turn, building each upon the last, to give you a logical base of knowledge.

3
The Network Interface Layer in the TCP/IP Model defines the physical and logical means with
which hosts are directly connected. It deals with hardware addressing (MAC addresses),
electrical/mechanical specifications (Ethernet, 802.11), and other aspects of direct host-to-
host communications.

For example, 100BaseT Ethernet has communication specifications. These include the use of
Cat5 cabling with twisted pair wiring, the transmission medium standard. The 802.11b
wireless standard defines the frequency of broadcast (2.4GHz spectrum), maximum speed of
transmission (11Mbit/sec), and potential range of coverage. These specifications allow
devices made by different manufacturers at different times to be able to communicate with
each other.

Note that the Network Interface Layer is not defining WHAT is being communicated, just
making point-to-point communications possible.

4
MAC addresses, also know as Physical Addresses or Ethernet Addresses, are the addressing
scheme used for point-to-point communications in Ethernet and WiFi. MAC stands for Media
Access Control.

All Ethernet NICs and 802.11 Wireless cards have MAC addresses, even those installed in
non-computer hardware, like game consoles and TiVos. MAC addresses consist of 12
hexadecimal digits grouped into 6 subsets of two, usually separated by colons or dashes.
Addresses are assigned to individual hardware by the manufacturer, and the first 6 digits of a
network address are vendor-specific. However, MAC addresses can be spoofed, to broadcast
a different address than the one that was originally assigned to it.

ResNet uses MAC addresses in order to identify machines on the network. You will see how
this process works later in training.

5
The second layer of the TCP/IP model is the Internet layer. The Internet layer defines
communications between hosts that do not have a direct connection. A computer in Boston
can communicate with a Google server in California because of the Internet layer.

Again, the Internet layer is unconcerned with WHAT is being communicated; it simply
facilitates communication between computers that do not share physical links. From the
original RFC791 which defined IPv4, “There are no mechanisms to augment end-to-end data
reliability, flow control, sequencing, or other services commonly found in host-to-host
protocols.”

The basis of the Internet layer, and IPv4 especially, is the packet. The packet is a self-
contained, relatively small chunk of binary information divided into headers (info about the
data and other bookkeeping) and the actual data being transmitted. It allows the Internet to
work, because no host-to-host communication is constantly streaming info. Even if you are
watching a YouTube video that seems to be uninterrupted, that info is actually coming from
YouTube to your computer in tiny chunks, chunks that share the Internet infrastructure with
millions of other chunks from around the country and the world. Each router your chunk is
sent to passes it along to the next router on the path to your computer. This concept of small
chunks of data sent point-to-point over shared media, packet switching, is the incredibly
powerful force driving the Internet.

6
IP addresses are the unique identifier of a machine connected to the Internet. IPv4, the
current Internet and NEU standard, uses 32-bit IP addresses. These 32 bits are split up into 4
“octets” of 8 bits each. When written down, we write IP addresses in decimal, not binary, for
ease of reading. 8 bits range, in decimal, from 0-255.

Northeastern has two IP ranges, 155.33.0.0/16 and 129.10.0.0/16 (these ranges are written
in CIDR notation, which will be discussed in a moment). Any IP addresses beginning with
155.33 or 129.10 are owned by Northeastern.

IP Addresses can be used to communicate with machines anywhere in the world, but MAC
addresses are required for direct point-to-point communications. ARP (address resolution
protocol) translates IP addresses to MAC addresses. A LAN’s gateway keeps an ARP
translation table that matches IP address assignments with MAC addresses of devices
attached to the LAN. The gateway receives traffic from the outside world destined for IP
addresses on the LAN, then translates the address to MAC Address in order to facilitate
Ethernet-based communication.

IPv6 is also a deployed standard, and you may see it before you graduate, but not for at least
a few years. Momentum is gaining steam, but as long as the University’s current IPv4 address
space remains ample, we will likely remain for a while.

7
IPv4, the first “working” version of the Internet, was finalized and released as a standard in 1981. The IP address
space was divided into five classes, labeled A-E. The classes were determined by the “leading bits”, or left-most
bits of an address. The class also determined which portion of the address was the “network address”, the unique
portion of the address that all addresses in a network share. Network addresses are always the left side of an
address. Below are how the classes divided the space.

Class A – starts with “0” bit, first octet ranges from 0-127, network address is first octet
Class B – starts with “10”, first octet ranges from 128-191, network address is first and second octet
Class C – starts with “110”, first octet ranges from 192-223, network address is first, second, and third octet
Class D and E – unused

Because Class A addresses only use 8 bits for the Network Address, this leaves 24 bits left to represent individual
computers (hosts). This made for a small number (127, to be exact) of Class A networks that could have over 16
MILLION (!) individual hosts each. This scheme, while useful at the time, was very wasteful of addresses, as few
networks would ever have that many hosts. Conversely, Class C networks could only have 256 hosts, so their
usefulness was limited.

Due to these problems, Classless Inter-Domain Routing (CIDR) was introduced in 1993. IP addresses would no
longer be allocated to organizations by class; instead, an organization would be given a block of IP addresses with
a specified number of left-most bits designated as the “network portion”. This allowed IP address allocations to
be more customizable to the needs of each organization.

Because of the class system, before CIDR, just looking at an IP address would give you the class info and the
network address. Once CIDR was introduced, though, the network address of an IP was no longer obvious, so new
network range notation, called CIDR notation, was created. In CIDR notation, the network address is written in
binary with all zeros in the host portion, then converted to decimal. The address is followed by a slash and the
number of bits in the network address. The NEU range 155.33.0.0/16 means that the first sixteen bits of the
range are the network address (this used to be a Class B network).

8
There are two basic types of IP addresses, routable and non-routable. A routable address is an address
that is uniquely owned and is theoretically reachable from anywhere else on the Internet. Internet
routers must respect routable addresses and not internally reroute public IP addresses.

Most IP addresses in the IPv4 space are Public, routable addresses. Networks connected to the
Internet are assigned IP Address ranges by the Internet Assigned Number Authority (IANA) or its
intermediaries, Regional Internet Registries, which assign addresses for their specific region. Network
administrators decide how IP addresses in their range will be allocated to individual computers.

A few IP ranges have been set aside as Private, or non-routable. These ranges never get assigned to
networks, and the same internal IP address is probably on thousands of computers simultaneously.
The main use for Private addresses is for private networking, networks that don’t have a direct
connection to the Internet, but still used the IP infrastructure to communicate. These ranges are
10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 (which you’ve probably seen if you’ve ever worked
with a personal router). Routers will not send communications bound for these addresses to the
Internet at large; however, networks can utilize NAT (Network Address Translation) to allow the use of
Private IP addresses internally, but still facilitating a connection to the internet though a router. A
computer with an address in this range probably has a Static IP address set up.

APIPA, Automated Private IP Addressing, automatically assigns an IP address to a machine if no

network connections, public or private, are discovered. APIPA allows “zero configuration networking”,
meaning that you can connect several machines into an ad-hoc network using only the APIPA
addresses. The APIPA range is 169.254.0.0/16 – if you see an address from this range on a computer,
it means the computer sees no active network connection.

Finally, the local loopback range is 127.0.0.0/8. Local loopback means that traffic destined for these
addresses will return right back to the host. The “localhost” address, 127.0.0.1, is traditionally the
address used for loopback purposes.

9
Besides an IP address, you will need two other pieces of information to get a valid network connection
on an IPv4-based network, a Default Gateway and a Subnet Mask.

Default Gateway – The computer, usually a router, that provides the link from your LAN or subnet to
the Internet. When you send traffic destined for a computer outside of your local network, it goes to
the Default Gateway. The Gateway then routes the traffic where it needs to go, the “next hop”, the
next router in the path to the data’s destination.

Subnets overview – As we already discussed, IP addresses consist of a Network address and a Host
Address. The Network address range is assigned, but network administrators can break up that space
into logical subunits called “subnets”. Generally, each physically distinct network will be given its own
subnet range from the main network address range. By using subnets, network engineers can speed
up packet routing and employ logical grouping based on location. Both ResNet and NUNet use
subnets to break up the networks into building- or area-sized chunks.

Subnet Mask - The subnet mask is used to define which IP addresses are part of the local subnet.
Subnet masking works through a binary logical operation called AND. When you perform an AND on
two bits, the result is 1 if and only if *both* bits were 1. Otherwise, the result is 0. A subnet mask is,
literally, a string of 1 bits in the places that represent the subnet address, and 0 bits in the places that
represent the host address. One property of the AND operation is that, when you AND a bit with a 1
bit, you return the same bit. When you AND a bit with a 0 bit, you get 0. The 0 bits at the end of the
subnet mask literally “mask” the host addresses. In this way, by ANDing your IP address with your
Subnet Mask, your computer knows the subnet address, and thus knows which hosts are on your local
subnet.

10
There are two ways to assign IP addresses to machines. You can take an IP address from your
network’s range and statically assign it to a particular machine, so only that machine can use
it. This assignment is configured in the host software itself, and required an IP address,
default gateway, and subnet mask. This address will never change on its own: changing it
requires human intervention.

Alternatively, you can create a pool of IP addresses from your network’s range, and when a
machine connects to your network, an address is assigned dynamically from that pool. The
current protocol standard for dynamically assigning IP addresses is DHCP, Dynamic Host
Configuration Protocol.

A DHCP-enabled computer, when connected to a network, broadcasts a DHCP Request to all

hosts on the network. A DHCP Server will respond to the request with a DHCP lease. This
lease contains the IP Address, Default Gateway, and Subnet Mask, and also contains a lease
time. DHCP leases expire after a certain time to ensure that IP addresses are not wasted on
disconnected machines. Before the lease expires, the computer will send a request to renew
the lease. The new lease may be the same IP address or a different one from the same pool
(although, typically, a machine will keep the same IP address until their lease fully expires).

One feature of DHCP is that leases can be restricted to a certain set of MAC addresses, and
requests from other computers can be ignored. The ResNet network takes advantage of this
restriction capability to prevent non-students from connecting.

11
The internet layer allows communication, but it is the transport layer that enables connections between two machines. There
are two main protocols of the Transport Layer, UDP and TCP.

TCP, Transmission Control Protocol, is, along with IP, considered the foundation of the Internet (TCP/IP). TCP is a reliable
connection transport protocol. It is the solution to the problem of how to create a state-ful, virtual “connection” between two
hosts on the Internet, when there is no direct, dedicated pipeline between them, and packets between the two may take many
different routes. Packets may arrive in reverse order, badly mangled, with long delays, or may never reach the destination at all
(dropped packets). Hosts negotiate with each other to create a connection using a handshake protocol, and also ensure the
connections are closed gracefully. TCP allows for:

Reliable Transmission – reorders packets correctly that arrive out of order, requesting retransmission of missing packets
Flow Control – Ensures proper speed of packet transmission, in case two hosts have different bandwidth capabilities
Error Checking – Checksums ensure data received is identical to data sent

UDP, User Datagram Protocol, is an unreliable connectionless transport protocol. It only defines a source and destination port,
as well as some optional data integrity information. It is small and agile, useful for simple transmissions like DNS queries, as
well as streaming media, like VOIP and IPTV, where speed and limited packet size are more important than data reliability. UDP
does not provide features like flow control or error checking, it just expects the application layer to handle those aspects of
transmission.

Both TCP and UDP use ports for connections between hosts. A port is not a physical connection, but simply a 16-bit number
that denotes a virtual “connection point” between two hosts. Ports allow hosts to listen for requests to specific services,
allowing the host to keep track of all traffic and route it to the application for which it is intended. Standard port numbers are
agreed-upon conventions that allow clients and servers to communicate with minimal preconfiguration. For example, the SSH
listening port is 22. Any SSH server, by default, listens to traffic on port 22 only, and will only respond to traffic send to that
port. Of course, that port can be changed to any 16-bit number, but the SSH server would then never be able to respond to
“proper” SSH requests.

The application layer handles the actual “stuff” of the Internet, from telnet to HTTP. The “application” does not just refer to the
program on the client or server, but the definition and standardization of the individual services. HTTP, for example, has a
standard inbound port, port 80, regardless of whether you use Apache or IIS as your web server.

12
So far we’ve spoken about IP addresses, MAC addresses, ports… a lot of confusing numbers for the basic user.
What was needed was a way to turn unfriendly, hard to remember IP addresses into human-readable text-based
addresses. The system used for this conversion is DNS, the Domain Name System.

DNS translates the human-readable addresses, known as domain names, into the IP address that domain name is
registered to. This translation allows a human to input an easy-to-remember domain name, but permits the
computer to send traffic to the IP address. DNS made the widespread adoption of the Internet viable.

DNS is three-tiered. At the top of the pyramid are the DNS Root Servers, 13 worldwide “servers” (not single
boxes, but distributed clusters) that are the starting point of DNS. These Root Servers point to the location of
TLDs, Top-Level Domains like .com, .org, and .edu. The Top-Level Domains, in turn, point to the private
nameservers for the individual domain (northeastern.edu, for example). These private nameservers have the IP
address location of all of the subdomains, like www.northeastern.edu or cps.northeastern.edu. (Note about
TLD’s: ICANN hasapproved a plan to allow large organizations to create their own TLD, like .google or .fbi. The
implications of this change have not yet been seen, but you should keep an eye out for the change.)

When you enter a domain name, like rrc.neu.edu, into your web browser, your computer sends a request to its
assigned DNS server for an IP address based on that domain. The DNS server, called a recursor for this purpose,
reads the address right to left, starting at the very end. The site address is, in reality, “rrc.neu.edu.”, but the
trailing dot is omitted by convention. That trailing dot means DNS Root. A request is made to a Root server for
the IP address of rrc.neu.edu., which the Root server does not have. Instead, it has the address for the .edu TLD
server, and tells the recursor to ask .edu. The recursor sends the same request for rrc.neu.edu. to the .edu TLD
server, and, again, is denied. This time, the recursor is directed to ask the nameserver for neu.edu. Finally, the
recursor queries the neu.edu nameserver, which is able to reply that the IP address of rrc.neu.edu. is
155.33.208.197. That information is relayed back to your computer, and you can make the web page request.

Obviously, there are millions of DNS queries every hour worldwide. In order to keep the system from crumbling
under it’s own weight, DNS recursors cache DNS records once they have retrieved them from nameservers.
Nameservers set a TTL, Time To Live, for each DNS record, which indicates for how long an entry should remain in
a DNS cache until the server should be queried again. The TTL allows server administrators to change a server’s IP
address and still make sure that server is reachable via its domain name.

13
Here we see a network traffic diagram from two different perspectives. The top diagram is a
host-only diagram, and you see a linear progression of a packet from the sender, through a
couple of Internet routers, to the receiver. Data transmission appears trivial.

The bottom diagram, however, shows that the transmission is not so simple. Data typically
begins at the Application layer, is combined with TCP or UDP headers, is further encapsulated
with Internet layer IP data, and finally released to the Link Layer to transmit data
electronically. At each level or receipt by a router, the data must pulled from the Link layer
back to the Internet layer to have the IP data amended, and is sent back to the link layer for
transmission. Once the data reaches its destination, each layer’s information, starting with
Link, then Internet, and finally Transport, is sequentially stripped off the data before it is
given to the Application layer service for which it is destined.

This is the magic of the Internet. Use the knowledge wisely.

14
In the hopes of clarifying any questions about the role of each layer in the TCP/IP model, let’s
compare the models to a process you are more familial with: package shipment.

When you order a shipment, the item you desire is the contents of the package. The method
the package takes to get to you is irrelevant for your purposes. This is the same as the
Application layer of TCP/IP, which contains the actual information desired from the remote
host.

Once you’ve selected your package, you also need to choose a shipping company. You could
choose UPS, FedEx, USPS, etc. Each of these companies has their own set of rules about
package shipments, and will have its own shipping label. The shipper is entirely indifferent
about the *contents* of the shipment; it only cares about stats like weight, source,
destination, and priority. This is the same principle behind the Transport layer.

Now that our package has contents and a label, it needs to get to its destination. Shipping,
like TCP/IP, has a “hub-and-spoke” setup. The high-end approach is moving packages from
one major “hub” to another. In order to do this, the shipper needs a high-order address. For
shipping, that high-order address is the zip code. During this phase of shipping, the actual
location of the destination is irrelevant, all that matters is the location of the hub. While
there may be some intermediate stops, the high-order shipping process is complete once the
package arrives at the correct “hub”. The Internet layer of TCP/IP performs the same high-
order function, with the IP address (more accurately, the taking the place of the zip code.

15
Finally, with the package at the correct hub, it is only that hub which knows where the
destination lies, and how to get there. Armed with the destination’s street address, the local
hub can finally deliver the package to its intended recipient. Note that the local hub cares
now how the package got to it, only that it needs to enable the last leg of the delivery, just as
the Network Interface layer gets packets to their final destination by translating the host
portion of the IP address to the MAC address of the target computer.

If you’d like to learn more, you can peruse the Wikipedia articles below, which have lots of
great information:

http://en.wikipedia.org/wiki/Internet_protocol_suite

http://en.wikipedia.org/wiki/Ethernet

http://en.wikipedia.org/wiki/Ieee_802.11

15
16