Doug Vitale Tech Blog

Important tech organizations IT pros should be familiar with

The technical standards that govern how the Internet and modern computer networks operate are debated and approved by a number of organizations. These organizations exist to ensure the proper functionality and long term feasibility of network transmission methods. IT professionals should be familiar with these organizations, how they operate, and what their specific roles and responsibilities are. After all, it is clearly within our professional purviews to intimately know the standards which dictate how the Internet’s core technologies work. For example, detailed knowledge of IPv4 (and very soon, IPv6) is a must for today’s system and network administrators. But who determines how the IP protocol operates? Who sets the standards regarding networking technologies? Read on to find out.

ICANN logo IETF logo
IEEE logo IANA logo

Read the rest of this entry »


Written by Doug Vitale

June 3, 2013 at 2:26 PM

Posted in Commentary

Tagged with , , , , , ,

IPv6: how and why it enables Internet evolution

Internet Protocol version 6 (IPv6) is the next generation networking protocol that is slated to replace Internet Protocol version 4 (IPv4) as the dominant protocol powering modern computer networks and the global Internet.

The problem with IPv4 is that it was developed and initially rolled out in the 1970s and 80s, long before anyone had any idea of what the Internet would become (IPv4 is defined in RFC 791, published in 1981). Simply put, the ability for IPv4 to support modern Internet traffic is decreasing steadily. The Internet Engineering Task Force (IETF) recognized the potential for a crisis and commenced work on IPv4’s replacement in the mid-1990s.

The rest of this article will assume that you know why the Internet needs to evolve from IPv4 to IPv6. If you do not understand this, please stop reading and view this Youtube video of Vinton Cerf explaining the rationale behind the protocol migration (Cerf is considered one of the “fathers of the Internet”).

The death of IPv4 as a relevant networking protocol was delayed considerably by the deployment of two addressing-related solutions: Network Address Translation (NAT) and Classless InterDomain Routing (CIDR). However, given the current and projected growth in human population and the ever expanding quantity of devices connecting to the Internet, IPv6 is required to accommodate and sustain the necessary expansion of Internet availability and services. For example, two well-known technology growth sectors, mobile devices (e.g., smartphones) and cloud-based computing, require public IPv4 connectivity to function and therefore, they are contributing to the exhaustion of the public IPv4 address space (even with NAT relieving some pressure).

IPv6 evolution

Image source: Wikimedia Commons

Despite their differences in age, IPv4 and IPv6 do share some characteristics. Both protocols were designed to allow for host identification, host discovery, and optimal routing. They both work at Layer 3 of the OSI networking model and at the internet layer of the TCP/IP networking model. In order for hosts to properly communicate using IPv4 or IPv6, they must be assigned a unique IP address. IPv6 hosts need the same information as IPv4 hosts to properly network, e.g., they need to know the IP addresses of DNS servers (to translate host names to IP addresses) and default gateways (to transmit to remote destinations). As in IPv4, IPv6 hosts will send packets directly to destinations on the same subnet.

However, as IPv6 was developed from the ground up to be a future-oriented redesign and modernization of the IP structure, IT professionals will notice that it offers many distinct advantages over its aging cousin. Some noteworthy differences are:

  • IP addressing – as described below, IPv6 addresses use a different format and can provide an astonishingly huge address space for network hosts, far larger than what IPv4 can offer.
  • Multicast and broadcast – IPv6 utilizes more multicast traffic while dropping broadcast functionality altogether.
  • Multi-address interfaces – In IPv6, interfaces (such as network interface cards, or NICs) can natively operate using several IP addresses. IPv6 offers improved support for multiple addresses sharing one interface.
  • Automatic IP address assignment – While IPv4 clients can receive address assignments via DHCP, IPv6 hosts are capable of autoconfiguration with stateless address autoconfiguration (SLAAC) via Neighbor Discovery Protocol (NDP). Alternatively, IPv6 hosts can utilize the new DHCPv6 in a manner similar to traditional DHCP.
  • Packet fragmentation – Routers processing IPv6 will not fragment packets. Instead, fragmentation responsibility belongs to the originating hosts.
  • Checksum – the IPv6 header does not include a checksum while IPv4 does. Removing the checksum from OSI Layer 3 should improve IP throughput.
  • Layer 2 (data link) address discovery – while IPv4 uses Address Resolution Protocol (ARP), IPv6 uses ICMPv6-based Neighbor Discovery Protocol (NDP).
  • IPSec – IPSec support is optional in IPv4 but is required in IPv6.
  • IGMP – IPv6 replaces Internet Group Management Protocol (IGMP) with Multicast Listener Discovery (MLD).

Read the rest of this entry »

Written by Doug Vitale

March 28, 2013 at 12:27 AM

Understanding and performing IPv4 subnetting

Subnetting – it’s the subject that IT professionals love to hate. Believe it or not, the frustration that it caused me as a student years ago made me question whether I wanted to go into the information technology (IT) field. Furthermore, with the availability of many subnet calculator programs and subnetting websites, the ability to manually perform subnet calculations may seem superfluous at first. However, a solid understanding of IP subnetting will not only allow IT pros to create appropriately-sized networks in the absence of specialized software and web applications (on paper, for example), but given IP’s foundational role in modern computer networks and the global Internet, it behooves us to keep our comprehension of this protocol sharp. Lastly, if you plan on obtaining a networking certification like the Cisco CCNA, you are just going to have to master the material below.

The purpose of this article will be to thoroughly explain how IP subnetting works and to provide some relevant examples. Therefore a detailed analysis of all the workings of IP, such as packet structures, packet switching, and routing will not be provided. However, we will review what the Internet Protocol (IP) is, how it works, and what purpose it serves on networks. We will focus solely on Internet Protocol version 4 (IPv4) which is the version of IP that has powered the Internet revolution and remains the most widely utilized networking protocol today.

A subnetted network

A subnetted network using variously sized subnet masks

Computers must share a common protocol to communicate, and nowadays IP has become ubiquitous on nearly all operating systems. So what does IP do? Simply put, IP allows computers to locate and facilitate communications with other hosts that are either on the same logical network or on separate, distinct networks (for instance, networks such as those owned by different organizations – businesses, universities, Internet service providers, etc.). IP provides for this communication by enabling the routing of data packets between sources and destinations, often through multiple intermediary hosts.

Read the rest of this entry »

Written by Doug Vitale

March 5, 2013 at 3:50 PM

Linux file permissions and chmod

When you view files and directories on Linux hosts, how can you tell which users have access? And how do you determine the extent of their access? Before approaching the sizable (but very important) subject of Linux (and Unix) file permissions, it is helpful to review the definitions of key terms which IT professionals need to be familiar with. Before proceeding, let’s define these terms clearly.

Common across all operating system (OS) platforms, files are the objects or things that OSes and user applications work with. More specifically, a file is a distinct collection of data that has a name and properties, or characteristics. Files can take the form of text documents, graphics, music, scripts, etc. If you prefer the geeky definition, Wikipedia states that a computer file is “a block of arbitrary information, or resource for storing information, which is available to a computer program and is usually based on some kind of durable storage.”

Computer files can be created, edited, deleted, moved, and stored. The orderly arranging of files is accomplished by means of directories, which are simply containers for files and other directories. On the Windows operating system, directories are often called “folders” because they are visually represented by icons resembling the paper folders which you would find in filing cabinets. This method of depicting directories as paper folders has also been adopted by Linux desktop environments, such as KDE and GNOME.

Directories are arranged in a hierarchical model. Users and software can use these directories to navigate the file system to find certain files. Files are often logically co-located based on type and usage.

File system hierarchy

A simple example of a file system hierarchy

Operating systems support access control restrictions on files and directories because it is not a best practice to permit the same level of system access to all users of a host or network. Users may not want other users to access their files for reasons of privacy and separation of duties, while system administrators often do not want non-administrative personnel to be able to change or possibly delete critical files needed for proper OS function. Therefore, file permissions are designed to prevent the unwanted viewing, editing, or deletion of files and folders. Within the popular discretionary access control (DAC) model, file owners can adjust the access permissions of the files they own. That is, file owners can determine who can read, change, or delete the files belonging to them. On a Unix-like OS like Linux, we will examine how to work with these file permissions.

Read the rest of this entry »

Written by Doug Vitale

February 16, 2013 at 10:49 PM

Network administration commands for Microsoft Windows and Active Directory

Administrators of Windows servers frequently utilize the graphical tools provided within the Windows Server interface to configure network parameters and administer Microsoft’s proprietary network directory service, Active Directory. These tools take the form of snap-ins for the Microsoft Management Console (MMC) and include Active Directory Users and Computers, Active Directory Sites and Services, Active Directory Domains and Trusts, the Group Policy Management Console, and others (see images below). The capabilities offered by these tools allow administrators to create, edit, and delete Active Directory objects and features such as users, computers, organizational units (OUs), domains, permissions, trusts, etc.

Active Directory Administrative Center

Active Directory Administrative Center on Windows Server 2008

Group Policy Management Console

Group Policy Management Console on Windows Server 2008

While there are many networking commands that are shared by diverse operating systems, Microsoft has created some that apply only to Windows. Consequently, there are many options available for Windows administrators (perhaps with Linux/Unix experience) who prefer to work in text-based, command line environments. With a little practice this approach can result in time savings and the ability to include tool functionality in scripts. For example, it can be faster to type a command or two than to click and launch the Server Manager or Administrative Tools or the other aforementioned GUI tools. Additionally, with Windows PowerShell you can script common network administration tasks making use of the graphical tools’ command line equivalents.

What follows is a listing of Windows-only commands focusing on the subject of Windows network administration. In other words, these commands can be used for the purposes of viewing, creating, and modifying network settings and the properties of Active Directory objects. You can launch them in either the Windows command prompt (cmd.exe) or in Windows PowerShell.

This page should prove especially useful for those studying to become Microsoft Certified Solutions Experts (MCSE).

Read the rest of this entry »

Written by Doug Vitale

February 7, 2013 at 3:38 PM

Browser-based penetration testing with Firefox and Chrome

With the proper extensions installed, you can hack from the comfort of your Firefox or Chrome browser. Within Firefox, add-ons are divided into three categories: extensions, appearance themes, and plugins. Extensions extend the functionality of Firefox past simple web browsing. Appearance themes change the way Firefox looks, and plugins are necessary for Firefox to display specialized non-HTML Web content such as Flash, Java script, multimedia, etc.

The Firefox add-ons interface, accessible via Tools-->Add-ons in the menu bar

The Firefox add-ons interface, accessible via Tools–>Add-ons in the menu bar

Google Chrome labels all add-ons as “extensions”. The Chrome website lists them in the same column as “Apps” and “Themes”.

The Chrome extensions interface, accessible via Chrome Menu-->Tools-->Extensions

The Chrome extensions interface, accessible via Chrome Menu–>Tools–>Extensions

Read the rest of this entry »

Written by Doug Vitale

December 28, 2012 at 3:07 PM

Layer 3 switches compared to routers

Any student of computer networking has surely heard it repeated a thousand times: switches work at Layer 2 of the OSI model and interpret MAC addresses, while routers work at Layer 3 and interpret IP addresses. In other words, a switch looks at the MAC address of the destination host and sends the frame only to that recipient (thus conserving bandwidth). A router directs network traffic in a similar manner, but references the target IP address instead of its MAC address (on a side note, those devices marketed as “routers” for home users generally provide more functionality than mere packet routing, such as IP address assignment (DHCP) and firewall filtering). Broadly speaking, switches connect hosts from the same network together while a router can connect whole networks together. To say this in IT Speak: switches connect hosts to form local area networks (LANs) while routers connect multiple LANs into wide area networks (WANs).

In addition to traffic forwarding based on MAC address, switches also detect packet collisions and can simultaneously manage multiple data streams destined to multiple ports. Routers, for their part, can perform network address translation (NAT) and basic packet filtering based on access control lists (ACLs).

With conventional switches and routers performing markedly different functions at layer 2 and layer 3 respectively, just what is meant by the term “layer 3 switch”? Isn’t this contradictory?

Cisco Catalyst 4948

Cisco Catalyst 4948, a Layer 3 switch

Read the rest of this entry »

Written by Doug Vitale

December 1, 2012 at 11:43 PM

%d bloggers like this: