Network Security I

INFO8490
Conestoga College
Topic 06 – How Computers
Find Each Other
Identify Nodes on a Network
• Four methods:
• Application layer FQDNs, computer names, and host names
• Transport layer port numbers
• Network layer IP address
• IPv4 addresses have 32 bits and are written as four decimal numbers
called octets
• IPv6 addresses have 128 bits and are written as eight blocks of
hexadecimal numbers
• Data Link layer MAC address
• Also called physical address

INFO8490 - Network Security I 3

MAC Addresses
• Traditional MAC addresses contain two parts
• First 24 bits are known as the OUI (Organizationally Unique Identifier) or block
ID or company-ID
• Assigned by the IEEE
• Last 24 bits make up the extension identifier or device ID
• Manufacturer’s assign each NIC a unique device ID

INFO8490 - Network Security I 4

How Host Names and Domain Names Work
• Character-based names are easier to remember than numeric IP
addresses
• Last part of an FQDN is called the top-level domain (TLD)
• Domain names must be registered with an Internet naming authority
that works on behalf of the Internet Corporation for Assigned Names
and Numbers
• ICANN restricts what type of hosts can be associated with .arpa, .mil, .int,
.edu, and .gov
• Name resolution is the process of discovering the IP address of a host
when you know the FQDN
INFO8490 - Network Security I 5
DNS (Domain Name System)
• DNS is an Application layer client-server system of computers and
databases made up of these elements:
• namespace - the entire collection of computer names and their associated IP
addresses stored in databases on DNS name servers around the globe
• name servers - hold databases, which are organized in a hierarchical structure
• resolvers - a DNS client that requests information from DNS name servers

Material Used/Adapted from Network+ Guide to Networks 7th Edition Teaching Materials
INFO8490 - Network Security I 6
INFO1380 – Technical Infrastructure: Networking
How Name Servers Are Organized
• DNS name servers are organized in a hierarchical structure
• At the root level, 13 clusters of root server hold information used to
locate top-level domain (TLD) servers
• TLD servers hold information about authoritative servers
• The authority on computer names and their IP address for computer in their
domains

INFO8490 - Network Security I 7

Finding a Node by Name or IP
• nslookup (name space lookup) - allows you to query
the DNS database from any computer on a network
• To find the host name of a device by specifying its IP
address, or vice versa
• Useful for verifying a host is configured correctly or for
troubleshooting DNS resolution problems
• Reverse DNS lookup - to find the host name of a
device whose IP address you know
• Two modes:
• Interactive - to test multiple DNS servers at one time
• Noninteractive - test a single DNS server

INFO8490 - Network Security I 8

Ports and Sockets
• Port numbers - ensure data is transmitted to the correct application
• Socket - consists of host’s IP address and the port number of an
application running on the host
• Colon separates the two values
• Example - 10.43.3.87:23
• Port numbers are divided into three types:
• Well-known ports - 0 to 1023
• Registered ports - 1024 to 49151
• Dynamic and private ports - 49152 to 65535

INFO8490 - Network Security I 9

How a DHCP Server Assigns IP Addresses
• Static IP addresses are assigned manually by the network
administrator
• Dynamic IP addresses are automatically assigned by a DHCP server
• If a computer configured to use DHCP is unable to lease an IPv4
address from the DHCP server
• It uses an Automatic Private IP Addressing (APIPA) address in the address
range 169.254.0.1 through 169.254.255.254

INFO8490 - Network Security I 10

PING
• ping (Packet Internet Groper) - used to verify that TCP/IP is installed,
bound to the NIC, configured correctly, and communicating with the
network
• The ping utility sends out a signal called an echo request to another
device (request for a response)
• Other computer responds in the form of an echo reply
• ICMP - protocol used by the echo request/reply to carry error
messages and information about the network

INFO8490 - Network Security I 11

PING

INFO8490 - Network Security I 12

PING
• IPv6 networks use a version of ICMP called ICMPv6
• ping6 - on Linux computers running IPv6, use ping6 to verify whether an IPv6
host is available
• ping -6 - on Windows computers, use ping with the -6 switch to verify
connectivity on IPv6 networks
• For the ping6 and ping -6 commands to work over the Internet, you
must have access to the IPv6 Internet

INFO8490 - Network Security I 13

Summary
• Hosts on a network are assigned host names
• Applications are assigned one or more port numbers to communicate
with other applications
• IPv4 addresses have 32 bits and are written as four decimal numbers
called octets
• IPv6 addresses have 128 bits and are written as eight blocks of
hexadecimal numbers
• Every NIC is assigned a unique 48-bit MAC address
• Use the ipconfig command to view IP configuration information

INFO8490 - Network Security I 14

Summary
• A FQDN includes both a host name portion and a domain name
portion
• Name resolution is the process of matching an FQDN to its IP address
• DNS is an automated name resolution service that operates at the
Application layer
• DNS data is spread throughout the globe in a distributed database
model
• An IP address and a port number written together is called a socket

INFO8490 - Network Security I 15

Summary
• IP Address and well-known ports range from 0 to 1023 and are
assigned by Internet Assigned Numbers Authority (IANA)
• You can define a range of available IP addresses in DHCP, or assign
a static IP address as a DHCP reservation
• The ping utility uses ICMP to verify that TCP/IP is installed, bound
to the NIC, configured correctly, and communicating with the
network
• ipconfig is useful for viewing and adjusting a Windows computer’s
TCP/IP settings
• The nslookup utility allows you to query the DNS database from
any computer on the network

INFO8490 - Network Security I 16