Still worried when solving network problems ?
Why can't my computer reach the gateway ?
Why can I ping this computer, but can't connect on it ?
What does this ICMP error means ?
Why answers from this firewall seems to be random ?
Why... ?, When... ?, What... ?
All these questions correspond to frequently encountered problems by
people dealing with networks :
- network administrators
- network developers
- network students
- etc.
Answers to these questions are numerous and depends on systems, devices,
network topology and used protocols.
Most of the time people want help, and ask theses questions, they should
have been able to find the solution by themselves. Indeed, their
problems are not caused by a technical malfunction of their network, but
by a misunderstanding of their network.
So, the aim of this article is not to answer to commonly questions, but
to remind us to write "learn more about my network" on our todo list.
On a network LAN, computers can communicate using several protocols.
The most frequently encountered architecture is IP over Ethernet, so in
this case we have to understand :
- Ethernet
- ARP (RARP)
- IP
- ICMP
- UDP
- TCP
For example, if we don't know the answer of these questions, we need to
emphasize on ... :
- What's the difference between Ethernet and Internet ?
--> Ethernet, IP
- ARP obtains the MAC address associated with an IP address; true or
false ?
--> Ethernet, ARP
- Most of the time, why nobody is answering to RARP requests ?
--> RARP
- Is IP encapsulted in Ethernet ?
--> Ethernet
- What's the difference between a switch and a hub ?
--> Ethernet
- Which kind of packets can I sniff when network is switched ?
--> Ethernet
- Can we see the Ethernet address behind a router ?
--> Ethernet, IP
- An IP packet is up to 64kbytes, but Ethernet is often 1500 bytes.
How can it be sent ?
--> IP
- How IP routing is working ?
--> IP
- ICMP is often drawn inside IP, and TCP/UDP drawn on IP. But really
isn't ICMP encapsulated the same way TCP and UDP are ?
--> ICMP
- Can a system send back an ICMP error to an ICMP packet ?
--> ICMP
- What's the difference between TCP and UDP ?
--> UDP, TCP
- How a TCP handshake is working ?
--> TCP
- What's the usage of bits SYN, ACK, FIN, RST, URG, and PSH ?
--> TCP
- Etc. Hundreds of questions could be written.
Informations on these subjects can be found on the web. For example, we
can seek "TCP/IP tutorial" and several documents are displayed.
The protocols are described in RFCs :
- IP over Ethernet : 894 [http://www.ietf.org/rfc/rfc0894.txt]
- ARP : 826 [http://www.ietf.org/rfc/rfc0826.txt]
- RARP : 903 [http://www.ietf.org/rfc/rfc0903.txt]
- IP : 791 [http://www.ietf.org/rfc/rfc0791.txt]
- ICMP : 792 [http://www.ietf.org/rfc/rfc0792.txt]
- UDP : 768 [http://www.ietf.org/rfc/rfc0768.txt]
- TCP : 793 [http://www.ietf.org/rfc/rfc0793.txt]
We might also use the free tool lcrzoex to improve our skills.
Lcrzoex contains over 200 functionnalities to test an Ethernet/IP
network (sniff, spoof, configuration, clients, servers, etc.) :
# lcrzoex
a - easy examples (new users, start here)
b - informations on this computer
c - informations on other computers
d - sniff
e - ethernet spoof
f - ip spoof
g - udp spoof
h - tcp spoof
i - icmp spoof
j - arp/rarp spoof
k - udp real clients
l - udp virtual clients
m - tcp real clients
n - tcp virtual clients
o - udp real servers
p - udp virtual servers
q - tcp real servers
r - tcp virtual servers
s - udp real multiclient servers
t - udp virtual multiclient servers
u - tcp real multiclient servers
v - complex examples
w - miscellaneous utilities
More informations and last version of lcrzoex are available at :
http://www.laurentconstantin.com/us/lcrzo/lcrzoex/ [main server]
http://go.to/laurentconstantin/us/lcrzo/lcrzoex/ [backup server]
http://laurentconstantin.est-la.com/us/lcrzo/lcrzoex/ [backup server]
As a conclusion, if one can afford spending time learning more about its
network, it will help in solving faster common problems. Several
documents, norms and tools can be used to improve our knowledge.
-----------------------------------------------------------------------
<H2>Still worried when solving network problems ?</H2>
Why can't my computer reach the gateway ?<BR>
Why can I ping this computer, but can't connect on it ?<BR>
What does this ICMP error means ?<BR>
Why answers from this firewall seems to be random ?<BR>
Why... ?, When... ?, What... ?<BR>
All these questions correspond to frequently encountered problems by people dealing
with networks :<BR>
<UL>
<LI>network administrators</LI>
<LI>network developers</LI>
<LI>network students</LI>
<LI>etc.</LI>
</UL>
<BR>
Answers to these questions are numerous and depends on systems, devices, network
topology and used protocols.<BR>
<BR>
Most of the time people want help, and ask theses questions, they should have been
able to find the solution by themselves. Indeed, their problems are not caused by a
technical malfunction of their network, but by a misunderstanding of their network.<BR>
<BR>
So, the aim of this article is not to answer to commonly questions, but to remind us
to write "learn more about my network" on our todo list.<BR>
<BR>
<BR>
On a network LAN, computers can communicate using several protocols.<BR>
The most frequently encountered architecture is IP over Ethernet, so in this case we
have to understand :<BR>
<UL>
<LI>Ethernet</LI>
<LI>ARP (RARP)</LI>
<LI>IP</LI>
<LI>ICMP</LI>
<LI>UDP</LI>
<LI>TCP</LI>
</UL>
<BR>
For example, if we don't know the answer of these questions, we need to emphasize on
... :<BR>
<UL>
<LI>What's the difference between Ethernet and Internet ? --+ Ethernet, IP</LI>
<LI>ARP obtains the MAC address associated with an IP address; true or false ? --+
Ethernet, ARP</LI>
<LI>Most of the time, why nobody is answering to RARP requests ? --+ RARP</LI>
<LI>Is IP encapsulted in Ethernet ? --+ Ethernet</LI>
<LI>What's the difference between a switch and a hub ? --+ Ethernet</LI>
<LI>Which kind of packets can I sniff when network is switched ? --+ Ethernet</LI>
<LI>Can we see the Ethernet address behind a router ? --+ Ethernet, IP</LI>
<LI>An IP packet is up to 64kbytes, but Ethernet is often 1500 bytes. How can it be
sent ? --+ IP</LI>
<LI>How IP routing is working ? --+ IP</LI>
<LI>ICMP is often drawn inside IP, and TCP/UDP drawn on IP. But really isn't ICMP
encapsulated the same way TCP and UDP are ? --+ ICMP</LI>
<LI>Can a system send back an ICMP error to an ICMP packet ? --+ ICMP</LI>
<LI>What's the difference between TCP and UDP ? --+ UDP, TCP</LI>
<LI>How a TCP handshake is working ? --+ TCP</LI>
<LI>What's the usage of bits SYN, ACK, FIN, RST, URG, and PSH ? --+ TCP</LI>
<LI>Etc. Hundreds of questions could be written.</LI>
</UL>
<BR>
Informations on these subjects can be found on the web. For example, we can seek
"TCP/IP tutorial" and several documents are displayed.<BR>
<BR>
The protocols are described in RFCs :<BR>
<UL>
<LI>IP over Ethernet : 894 [<A
HREF="http://www.ietf.org/rfc/rfc0894.txt";>http://www.ietf.org/rfc/rfc0894.txt</A>]</LI>
<LI>ARP : 826 [<A
HREF="http://www.ietf.org/rfc/rfc0826.txt";>http://www.ietf.org/rfc/rfc0826.txt</A>]</LI>
<LI>RARP : 903 [<A
HREF="http://www.ietf.org/rfc/rfc0903.txt";>http://www.ietf.org/rfc/rfc0903.txt</A>]</LI>
<LI>IP : 791 [<A
HREF="http://www.ietf.org/rfc/rfc0791.txt";>http://www.ietf.org/rfc/rfc0791.txt</A>]</LI>
<LI>ICMP : 792 [<A
HREF="http://www.ietf.org/rfc/rfc0792.txt";>http://www.ietf.org/rfc/rfc0792.txt</A>]</LI>
<LI>UDP : 768 [<A
HREF="http://www.ietf.org/rfc/rfc0768.txt";>http://www.ietf.org/rfc/rfc0768.txt</A>]</LI>
<LI>TCP : 793 [<A
HREF="http://www.ietf.org/rfc/rfc0793.txt";>http://www.ietf.org/rfc/rfc0793.txt</A>]</LI>
</UL>
<BR>
We might also use the free tool lcrzoex to improve our skills.<BR>
<BR>
Lcrzoex contains over 200 functionnalities to test an Ethernet/IP network (sniff,
spoof, configuration, clients, servers, etc.) :<BR>
# lcrzoex<BR>
a - easy examples (new users, start here)<BR>
b - informations on this computer<BR>
c - informations on other computers<BR>
d - sniff<BR>
e - ethernet spoof<BR>
f - ip spoof<BR>
g - udp spoof<BR>
h - tcp spoof<BR>
i - icmp spoof<BR>
j - arp/rarp spoof<BR>
k - udp real clients<BR>
l - udp virtual clients<BR>
m - tcp real clients<BR>
n - tcp virtual clients<BR>
o - udp real servers<BR>
p - udp virtual servers<BR>
q - tcp real servers<BR>
r - tcp virtual servers<BR>
s - udp real multiclient servers<BR>
t - udp virtual multiclient servers<BR>
u - tcp real multiclient servers<BR>
v - complex examples<BR>
w - miscellaneous utilities<BR>
<BR>
More informations and last version of lcrzoex are available at :<BR>
<A
HREF="http://www.laurentconstantin.com/us/lcrzo/lcrzoex/";>http://www.laurentconstantin.com/us/lcrzo/lcrzoex/</A>
[main server]<BR>
<A
HREF="http://go.to/laurentconstantin/us/lcrzo/lcrzoex/";>http://go.to/laurentconstantin/us/lcrzo/lcrzoex/</A>
[backup server]<BR>
<A
HREF="http://laurentconstantin.est-la.com/us/lcrzo/lcrzoex/";>http://laurentconstantin.est-la.com/us/lcrzo/lcrzoex/</A>
[backup server]<BR>
<BR>
<BR>
As a conclusion, if one can afford spending time learning more about its network, it
will help in solving faster common problems. Several documents, norms and tools can be
used to improve our knowledge.<BR>
<BR>
