On Sun, Jul 22, 2012 at 06:44:04PM +0800, lina wrote:
Thanks, packet looks for the IP address first or MAC address first? (seems I read something before, it's a book/document written in 2001, kinda of aged? still don't understand.)
IPv4 hasn’t change since then, and IPv6 is working quite similiar.But this is a question about ethernet networks and routing, so let me try to explain it a little.
IPv4:You probably have already seen IPv4 addresses. They are 32bit addresses, normally written with a separating dot after 8bit, e.g. 192.168.1.20 or 193.99.144.85. If you see a .1., it should be .001.
The netmask has the same length. It is used together with the IP address to separate the network part of the address from the host part.
Examples:IP: 192.168.0.1, netmask: 255.255.255.0 means 192.169.0 is the network part, .1 is the host part (short form 192.168.0.1/24). IP: 10.20.4.3, netmask: 255.255.0.0 means 10.20 is the network part, 4.3 is the host part (short form 10.20.4.2/16).
You can reach any host within the network part without needing a router or gateway. 10.20.4.3/16 can reach directly 10.20.120.75, but not 10.10.4.6.
The program subnetcalc will help you to understand network and hosts:
stse@minas-ithil:~$ subnetcalc 192.168.1.1 255.255.255.0
Address = 192.168.1.1
11000000 . 10101000 . 00000001 . 00000001
Network = 192.168.1.0 / 24
Netmask = 255.255.255.0
Broadcast = 192.168.1.255
Wildcard Mask = 0.0.0.255
Hosts Bits = 8
Max. Hosts = 254 (2^8 - 2)
Host Range = { 192.168.1.1 - 192.168.1.254 }
Properties =
- 192.168.1.1 is a HOST address in 192.168.1.0/24
- Class C
- Private
It shows you that 192.168.1.0/24 can have 254 hosts. Two addresses are by
default the network address (192.168.1.0) and the broadcast address
(192.168.1.255) and can’t be used by hosts.
If you wish to leave your network and talk to other systems, you need a router (or gateway). „/sbin/route -n” will show you your routes on your host:
stse@minas-ithil:~$ env LANG=C /sbin/route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0The last line tells me, that I’m directly connected to the 192.168.1.0/24 network via eth0. My default gateway (see the letter G in the Flags section) is 192.168.1.1 for everything else (destination 0.0.0.0).
You can only have one default gateway, but you can have several routes of course (I could have an additional route telling me that to reach the network 192.168.2.0/24 I have to use the gateway 192.168.1.2).
To send a packet over ethernet you need the MAC address of the ethernet device, because ethernet devices don’t know anything about IP addresses. The Address Resolution Protocol (ARP) is used to find a MAC address for a given IP address.
So, we will try an example: - Lina PC has the IP address 10.10.10.20/16 - your gateway is the 10.10.1.1 - your DNS server is the 10.10.30.1 Now you enter the command „ping www.heise.de”. What will happen?First your system needs to resolve the name www.heise.de into an IP address. This is a job for the DNS server. If you followed my explanation about networks (and understand it, I hope ;-), you know that you can reach your DNS server directly without a gateway. And you will need the MAC address of the DNS server.
So your PC sends a broadcast to any host on your network and asks for the MAC address of the system with the IP 10.10.30.1. Wireshark would decode this broadcast with „Who has 10.10.30.1? Tell 10.10.10.20”. A Broadcast is received by any network device on your network. The network device passes the request to the TCP layer of the operating system. In our case the DNS server says „Oh, it’s for me” and sends your PC the reply „10.10.30.1 is at <MAC address>”.
Now Lina PC has the MAC address of the DNS server and can ask it for the IP address of www.heise.de and gets the result 193.99.144.85.
The next step is to send the ping packet to 193.99.144.85. Your PC knows that this IP address is outside of its network. So it looks into the routing table how to reach it. It has only a default gateway, so it has to send the packet to the gateway.
Lina PC sends a broadcast again to ask for the MAC address of the gateway 10.10.1.1. After the answer it sends the ping packet to 193.99.144.85, but the destination MAC address is the gateway MAC address.
The gateway receives the ping packet because it has its MAC address as destination, looks into the IP part of the packet, sees the destination IP and then looks into its routing table to search for the „next hop” of your packet. And so your packet is traveling from router to router until it reaches its destination. ;-)
IPv6:In most cases IPv6 is quite similiar to IPv4. The address length is with 128bit quite longer than the 32bit length of IPv4. There are no broadcasts anymore, so no broadcast address is needed, only a network address. My IPv6 broker Sixxs gave me a network with a 48bit netmask. This means, my host part is 128bit - 48bit = 80bit. This means I can easily have 2^80-1 hosts in my network (-1 for the network address), but I can’t
pronounce the number (1208925819614629174706176) ;-)ARP is not a separated protocol anymore but is now part of ICMPv6. That’s why you should never blindly block ICMPv6 packets, or you break your network.
So, I hope you could understand my explanations a little.
If you have a rainy afternoon to while away, install Wireshark and have a play with it. Try various network connections while a capture is running, and play with the filtering. One day you will need to use it in anger.(Here "in anger", you implied that the wireshark was not so much fun to play with?
No, I think he means that you are angry because your network doesn’t work as you wish, and you need Wireshark to figure out why.
Stephan
--
| Stephan Seitz E-Mail: s...@fsing.rootsland.net |
| Public Keys: http://fsing.rootsland.net/~stse/keys.html |
smime.p7s
Description: S/MIME cryptographic signature
