252
תתתתת תתתתתת ההההה ההההה ההההההה ההההה ההההה הההההה ההה ההההההה ההה הההההה הההה. הההה הההה הההה הההההההה הההההה הההה ההההההה ההה ההההה. ההה הה ההההה הההההה הההההה הה ההההה הההההה ההההה, ההה הההההה הההה הההההה ההה ההההה, הההה הההה הההההה ההההה ההההה ההההההה הההההה הה ההההה ההה הההההה ההההה ההההההה הההההה הההה. יי1

LAN Networks

Embed Size (px)

Citation preview

1

. . , , .

2

1 ................................................................................................ 4 1 ...........................................................................................51.1 ..........................................................................................................5

.......................................................................................................................71.2 ..............................................................................9

2 ...................................................................................................92.2 10................................................................................. ISO .................................................................................................................22 3.2 " - 24...........................................................................OSI

3 ...............................................................................331.3 - Media Access ..............................................................................................................................33 3.3 3.208/Ethernet ..............................................................................................................................93 4.3 Token Ring ..............................................................................................................................54 5.3 FDDI ..............................................................................................................................25

4 208 ...............................................................552.4 208.........................................................................................................95

5 71........................................................................Internetwork Devices1.5 ...................................................................17 2.5 HUB ..............................................................................................................................47 3.5 78............................................................................................................ Bridge 4.5 85...................................................................................................Switch HUB 5.5 ) . ) 90............................................................................................ routers

2 98 .......................................................................................................TCP/IP 6 99.................................................................................IP/TCP1.6 99....................................................................... TCP/IP 2.6 . 102.............................................................. TCP/IP ............................................................................................................................201 3.6 :Transport Layer ....................................................................621

7 144.........................................................................................IP 8 164......................................................................................Addressing

3

3 .............................................................................................. 371 7 .....................................................................................4711.7 .........................................................................................471 2.7 175..............................................................................................Authentication 3.7 178....................................................................................................Encryption 4.7 181..............................................................................................FIRE WALLS

..................................................................................................... 091

4

1

5 1

1.1 - 07' , - 08' , . : - LAN - Local Area Network - LAN 10M 10G )- 10m .(10km - WAN - Wide Area Network - WAN ) 100BPS -551.(M , , , - , . .

6

7

) ( topology

), ( . . (Bus (Liner BUS Bus : . : Liner BUS . . -Star Star : ) ( HUB . Ring Ring , . . " Mesh . Mesh : . Mesh WAN- . LAN . Hybrid : Star - bus Ethernet - Star- ring R.T / .

8

) ( ) ( .

: - 10baseT 2 . : . star BUS BUS . STAR

9 2

1.2 " " . " . . " , X . Y , .

. . , . . : - , ISO - , CCITT - IEEE .

01

2.2 ISO - OSI . 7791 -ISO ) , ( International Standard Organization . . . . . ISO : . ( OSI ( Open System Interconnection , 7 . : . - layer

O e Syst m In e pn e s t rcon e ion(O Re re ce n ct SI) fe n M e od l

App tionLaye plicaion yer Ap licat La r Prese taionLaye senat yer Pre nt tionLa r SessionLaye ssion La r yer Se Tran ortLaye nsp yer Tra sportLa r NeworkLaye et ork yer N tw La r DaaLinkLaye at k yer D taLin La r Physica Laye ysical La r l yer Ph

11

21

7 . . " - . 7 , 7 6 . ) ( user ) .( provider

. ) ( , , : 7 6 , 5 '. "" ) , '. ( . " " . , . " " . 7 : ) . ( layers OSI : 7 .

31

41

1. - . physical layer :

9 DB , RS232, DTE, DCE ' . : . " , COAX , 2. - data link layer , . " . Ethernet 2 ) : ( sub layer Logical Link Control- LLC Media Access Control- MAC - MAC CSMA/CD . Token Pass - LLC 2 IP IPX . data link : ) ( raw data : ) . ( frame : , , data link : .

51

data link frame ) ( Acknowledgment . " 52. X - .2L

2 , ACK 4 . 3. network layer : 1. . 2. . 3. . Data Link ) . ( Machine Address : ) ( : IPX . NetWare - . " " : ) ( routing table . - . packets ) Data Link ( Frame ) (Packet TTL CHECKSUM "" . .

61

" , , '. ) IP ( TCP/IP . network Network layer . " IP ) ( . " , , Router . network

4. -transport layer . Data Link Data Link . transport . , . , . , . ) ( , . 2 :

71

. Data Link Data Link

) , ' ( . " " ) . ( Hand Shake " " . - flow control ) " " ( , : " . : TCP , UDP, SPX 1. Connection Less - UDP - Video 2. - Connection Oriented - TCP . Email , Web : )4-1(, )7-5( - .IP/TCP 5. session layer : , ' , . session ) ( NOS : , . ) ( log in . . , : , '.

81

. , .

Session . : , . , Session : . Check sum " , .

6. -presentation layer ) ( . : ( ASCII ( American Standard Code for Information - ( EBCDIC ( Extended Binary Coded Decimal Interchange Code ANSII NetWare ASCII . , . , '. " : - , ,

91

'. . " " .

) ( intermediary . ANSII Presentation : . 7. - . application layer ) . ( Shell . . . " " . : , " , . .

02

. : ) 7 ( . . " . , . ) 6 ( . ASCII , . ) 5 ( .

12

. : , ' . ) 4 ( - . . . ) 3 ( . !! : , . : " . IP 2 MAC . MAC . , . ) ( WAN , . " " , ) 2 ( , ' , " " .

22

: . : . CSMD/CD : Ethernet . Token Ring .

, - . ) 1 ( ) ( : ) ( . ) 1 ( ) " ( . ) 2 ( . Ethernet ) 6 ( : , DOS space name . ) 7 (

32

.

42

3.2 " - OSI .OSI .OSI

, : . 1 - 2 ,OSI . , . : Ethernet, TokenRing- .FDDI " : . 3 ) (. , . , OSI . 1 - 2 3 . 3 . 3 TCP/IP, Novell IPX- DECnet .

52

1( :

. - . : : . . Ethernet COAX Ethernet . : . 006 . : , , ' . : - ) Wire ( . : . " ) ( twisted . . : twisted pair 4-2 . ) 8-4 (. : PVC . Teflon . " .

62

2 : UTP UTP . ) , ( Unshielded UTP . : . .

, . STP Shielded Twisted Pair . - EMI ( ( Electromagnetic Interface RFI (Interface Radio . ( Frequency : 54-. RJ 54- RJ 11- RJ . 54- RJ 11- . RG 54- RJ 8 , 11- RJ 4 .

72

Coaxial cable Coaxial . Coaxial " Coaxial 2 " " ) ( . COAX COAX 4 . 2 : . 2 - . - - . Conductor Core " ) . ( Copper . " : Teflon . PVC : - Outer Conductor : ) . ( Braided metal

: ) ( Ground . : . Crosstalk Crosstalk . " " . AUI AUI : . Attachment Unit Interface AUI : . Transceiver ) AUI (

82

92

. : ) . ( Fiber

: , . 2 . . : . . . : . 01 . GB : . 100MB : . COAX UTP ) ' ( . . 2 " ) ( , . .

03

. , . , " " . 2 : . . . , . "" . "" . . : - baseband - . - broadband .

13

. . : - . - .

23

2( -: - MAC - Media Access Control-

- LLC - Logical Link Control- ) 3 (. . - , MAC, , : ( ) : (Contention , . : - ) !(. . . . ( ) : (Token "" . . : - . . . . 1 - 2 ) - - (MAC - MAC - LLC . . IEEE )208. (X . 3.208 - 5.208 .

33 3

1.3 - Media Access : Media Access : . ) .( Network access method Media Access . . . " : . : : , " " : . Media Access 3 " " ) ( " " . " " : . ( MAC (Media Access Control . 3 : ): ( Media Access . Contention - . Token Passing - . Demand Priority ! ) . ( Switch HUB

43

" " . ) ( Switching . 3.2Ethernet - Ethernet - 07 - .Xerox - 08 - Ethernet - IEEE 3.208. Xerox,Inter- Digital .Ethernet II , 3.208 - Ethernet II . Ethernet , ) OSI - .(MAC Ethernet . Contention : . : , . : . . - : " " . : . Ethernet Ethernet . : Ethernet 2 :

53

1. 2COAX - 10Base5 , 10Base 2. - 10BaseT , 100BaseTx 3. 1000BaseSx , 1000BaseLx Ethernet )( CSMA/CD Ethernet : . Baseband 2.

Ethernet ,BUS , , . 6 :Ethernet

Ethernet - CSMA/CD (Carrier Sense Multiple .(Access/Collision Detection -:Ethernet Carrier Sense - ) - (. Multiple Access - . - Collision Detection - .

63

, ,

, ,9.6 sec - . , . , , , , . Ethernet . -. , . , . - Ethernet , . 4 ) A,B,C-.(D A .D B , . ) (, C, , . )B - (C . A , B-C -, . , , , - ,JAM - , -- . , , . , - , . , , . ) (, .

73

,0-2n n - 1 01, . Ethernet , ) (, . - Ethernet , , , . Ethernet , %03-%04. ) /( , .

83

ethernet

: Contention " Ethernet : 3.208 - IEEE Ethernet . 10MB - IEEE 802.3U Ethernet . 100MB - IEEE 802.3Z Ethernet 1. ( 1000MB ( GB

93

3.3 3.208/Ethernet

- Ethernet - 07 - .Xerox - 08 - Ethernet - IEEE 3.208. Xerox,Inter- Digital .Ethernet II , 3.208 - Ethernet II . Ethernet II 3.208, . Ethernet . ) Ethernet (10MBPS . Ethernet. , . ,Ethernet - 10MBPS , . ) 5 0( 005 . , . 05. 005 , , , , 581 . ) (Thick Ethernet ) Thin Wire .(Thin Ethernet , , Tranceiver . - Tranceiver ) , (. .

04

) (Tranceiver 0004 H 5004H ) ( 51

) .(AUI -5/0004 H , - . , , ! , 5.2 , 5.2 . Ethernet 5.2 - . , - Tranceiver .Desta- Desta ,T - .Desta - Desta AUI -5/0004 .H - Desta BNC -.Desta - Desta -5/0004 H 51 - AUI- Tranceiver . .(TC (Tranceiver Cable . : ,XX BASE Y XX MBPS, Y , BASE ) BaseBand BroadBand '(. , 5 10BASE 10MBPS 005 . -2) 10BASE 581...(. 63 ,10BROAD 10MBPS BroadBand 0081 ) 0063 (. . , 5 1BASE 1MBPS . . .HUB

14

Ethernet

,Ethernet - MAC 2 - .

Ethernet Frame VariationsPreamble Preamble DA DA SA SA Type Type Data Data FCS FCS 8 6 6 2 4

Ethernet Frame

Octet. Octet - ,Byte .Bit : Preamble - Preamble -Tranceiver . - Ethernet , )(, . - Preamble - 8 Octet ) 01(. . - Preamble 11 01 - . - Destination Address . ,OSI 3, . - Ethernet , - Ethernet.

24

) (MAC . - MAC - Tranceiver , . .Tranceiver - MAC , Tranceiver . - Tranceiver. - Tranceiver- - MAC. 842 . MAC , ) Broadcast (. - Broadcast MAC -"1". - Source Address . , - - MAC . - Type 3 . 3 - . , , , . 3 , . 612 . 3.208 , . - Data , . 64 . - FCS .CRC -CRC . - CRC . , .

34

, Ethernet Repeater . . ) , (. , . : : 8 21 2 64 4 27 Preamble DA+SA Type Data FCS ":

27 Octet .Ethernet : 675=8 .72x 675 . 675 :10MBPS

1 : 10M

1.0 .Sec 675 6.75 .Sec . Round Trip .Delay . .5.085 Sec/Km :57 .6Sec 5.085 Sec / Km = 11.3Km

- 2, 6.5 ". Ethernet 6.5 ", , Repeater ) 005 (, ,

44

. 4 Repeater - 5.2 " ) -.Repeater . Repeater, "" - .Preamble - Preamble 46 , Repeater - 02 , -Preamble . - 2 Repeater , 5.1 " ! Ethernet- 3.208 , 3.208 ,Ethernet . 3.208 -) Type 3( )612 (. 3.208 ) Length(. -Length - .Data - Data , , . 2.208 ,LLC . Ethernet 3.208 - - .Type/Length - Length 8151 ) - ,(Data - Type - 8151. -Tranceiver , - Ethernet 3.208.

54

4.3 Token Ring Token Ring - 07 - .IBM 5.208 IEEE .Token Ring Token Ring IBM 5.208.

,Ethernet Token Ring 2 ,OSI -.MAC Token Ring - , Token Ring 4MBPS-.16MBPS ,Token Ring ,Token . . Token Ring , . 01 Token Ring:

"". "" . , . , "", .

64

01, B

,D B . ,B . , ,D , . D , , . ,B , B , . - ,Ethernet Token Ring %001. Active Monitor , , , , , . Active .Monitor - Monitor , . , . , - Monitor . .(M (Monitor , )- (. ) (, - M 1-. , , - Monitor 1= M - Monitor , . - Monitor . Token Ring , - Monitor , . - Monitor ,

74

) (JITTER Token Ring 062-07 ) (.

84

Beacon/Purge

Token Ring .Beaconing , , ,Beacon , ,Standby Monitor "" .Monitor ,Active Monitor .Monitor ,Active Monitor -,Monitor - MAC .Active Monitor , ) , '(, .Purge , .Beaconing ) (. , , , Beaconing . ,Sniffer . Early Token Release ,4MBPS - , . .16MBPS - Token Ring - ,16MBPS , . ) Early Token Release (. , , , , . ) (, , , . , , .

49

Token Ring :Token Ring- MAC-

J P

K P

0

J T

K M

0

0

0

Starting Delimiter Octet 1 Access Delimiter Octet 1 Octet 1 Octets 2-6 Octets 2-6

P

R

R

R

Frame Control Destination Address Source Address

Data

Octets 0-4027

JAR

KFC

1 0

J

K

(FCS (CRC 1 I EFC

Octets 4 Ending Delimiter Octet 1 Frame Status Octet 1

0 AR

0

0

05

: - Starting Delimiter Octet .

- J- K . J - K ' -) Token Ring '(. 1 ) (J 0 ) (K . - Access Delimiter Octet . - M - .Monitor ,(T (Token )0= (T )1= .(T (PPP (Priority- (RRR (Reserve ) (. - Frame Control Beacon/Purge'. - Destination & Source Address - MAC . - MAC- Token Ring - ,Ethernet - , ) SNA .(IBM MAC Tranceiver, - MAC . - Data . - Token Ring - Ethernet . - FCS .CRC .Ethernet Ending Delimiter - Octet -.Starting Delimiter - .Ending D : (I (Intermidiet , , ,(E (Error 1- , , .CRC , . Frame Status - Octet . : (AR (Address Recognised 1- ) (.

15

(FC (Frame Copied 1-

. ) (, AR 1 FC 0. 0, . Token Ring , , . 0 7. PPP- RRR- Access Delimiter -.Token Ring - (PPP (Priority . 4= PPP 4 . (RRR (Reservation . , ) (, - - RRR . - RRR -) PPP RRR(. PPP , , . Token Ring Token Ring , , . , , IBM Token Ring . MAU (Multiple ,(Access Unit , - MAU . 8- MAU. - - MAU Ring In- .Ring Out

25

MAU. 3 42( MAU(:

5.3 FDDI (FDDI (Fiber Distributed Data Interface - ANSI 08- 5.9 .ANSI X3T , Ethernet- .Token Ring . . FDDI . , ) ANSI ( ) ISO( . .FDDI FDDI Ethernet- ,Token Ring . FDDI 100MBPS ) (BackBone . Ethernet- Token Ring FDDI - ,MAC . FDDI 100MBPS ) .(Token Ring FDDI , .

35

FDDI Token Ring , , , - Beacon .

FDDI , ) (, ) ( ) (. FDDI - FDDI , . ) (Primery Ring ) .(Secondary Ring . - FDDI . Class A (SAS (Single Attached Stations Class B DAS .((Dual Attach Station - SAS -FDDI ) Concentrator(, DAS - FDDI .SAS - SAS - .FDDI .PC

45

Ethernet, Token Ring Token Ring 16MBPS 4MBPS %09 Ethernet BUS 10MBPS %03

, . Ethernet %03- . ) Token Ring- (FDDI , ) (. , , . , , , '. , . ,Ethernet , -%05 , . . ) '(, ,FDDI . FDDI - ) .(BackBone

55

, , , ) ( .

4 2081.4

: Ethernet " . , Ethernet . Ethernet Ethernet " : . DIX Ethernet ) DIX 3 : . ( Digital-Intel-Xeroxes : . Ethernet ii 0891 IEEE . Ethernet : Ethernet " " - . IEEE Ethernet . Ethernet " IEEE : . Ethernet I " , IEEE . COAX , Ethernet . , Ethernet " " Ethernet .

65

Data Link , " IEEE . OSI 208 2 : Data Link Physical . OSI , 2 ) Sub . ( Layer : ( MAC ( Media Access Control ( LLC ( Logical Link Control Layer Data link .

LLC : MAC . LLC LLC . MAC LLC . , LLC " " . : TCP/IP NetBEUI , COAX .

75

MAC MAC . LLC : ( MAC ( Media Access Control . : , " . MAC

MAC ) Frame ( , .

85

IEEE OSI " " . " . ( IEEE ( Institute of Electrical and Electronic Engineers IEEE . IEEE LAN . MAN

IEEE , .

95

2.4 208 0891 IEEE .

208 0891 2 . 208 . 208 2 OSI : . Ethernet " : 208. , X " " X . 208 . " 208 . 3.208 ) IEEE ( Ethernet 3.208 Data . Link . 2.208 : . CSMA/CD ) : " " ( 2.208 . , . Ethernet Ethernet . 2.208 ) IEEE ( Ethernet

06

2.208 : 3.208 .

!! " , 3.208 2.208, ! 3.208 Ethernet . 2.208 3.208 .

16

2.208 LLC 3.208 - Ethernet, 3.

3 , Ethernet - . )7-3(. - (LLC (Logical Link Control IEEE -208. ,X 2.208. 3 , . - LLC . LLC 2 - LLC ) - LLC 2 3(. 208. X - ,LLC 3.208 2.208- .LLC 2. - LLC , ,

DSAP SSAP Control

- (LSAP (Link Service Access Port 3. , LSAP DSAP- LSAP. DSAP )(Destination SAP SSAP ) .(Source SAP , .

26

SNAP

6 ) 8 - DSAP- SSAP (. 62 23 . - Ethernet, 612 , - LLC ! - LSAP SNAP AA 61. (SSAP=DSAP=AA (SNAP - LLC

LSAP

PIF

SSAP DSAP Control OUI PID

3 Octets 2 Octets

,(PIF (Protocol Information Field -: (OUI (Organization Unique ID- .(PID (Protocol ID 3. - OUI 3 Octet, . , . 422 . 612 , -.PID , - DSAP- SSAP. , . - DSAP- SSAP - ,(AA (SNAP - OUI- PID . ' 91 3.208 2.208 : 8 6 6

MAC

Preamble DA SA

36

Length 1 LSAP DSAP=SNAP=A LLC A 1 SSAP=SNAP=A A 1 Control 3 OUI 2 PID64 051 0 2

PIF 3

DATA

MAC

FCS

4

- LLC - DATA , , .

46

Ethernet Ethernet :

BUS Star BsaeBand CSMA/CD 3.208 10/100Mbps Thicknet Thinnet UTP

) ( IEEE

510Base 5 10base : COAX : .Thicknet . Baseband . 10MB 005 . : 001 . " : 0052 ) 005 , " 5 , 5 0052 = 005 . ( x ) . ( Connector ) AUI ( Attachment unit interface " " : 001 Speed in Mb per Second + channel type + meters per segment x :

5- 10Base :

56

: . 10Mbits /sec : ) Baseband ( . : 001 - ) 005 005=001. ( 5x 5 10Base : BUS BsaeBand CSMA/CD 3.208 , 2.208 10Mbps Thicknet ) ( IEEE

210Base 2 10base : COAX : .Thinnet . Baseband . 10MB 581 . " : 529 ) 581 , " 5 , 5 529 = 581 . ( x ) . Connector ) BNC : 03 .

66

! , : 002 .

581 , . 2 10Base : BUS BsaeBand CSMA/CD 3.208 , 2.208 10Mbps Thicknet (RG-58 /U , RG-58 A/U ) ( IEEE

10BaseT 10baseT : . . Baseband . 10MB 001 . ) 54-. Connector ) RG

1 10base 001 . IEEE : 10baseT : " " T . Twisted pairs

76

10BaseT : Star BsaeBand CSMA/CD 3.208 , 2.208 10/100Mbps UTP/STP ) ( IEEE 10BaseFL 10baseFL : . . Baseband . 10MB 0002 . 10baseFL " ) ( HUB " : . Backbone

86

10BaseFL : Star BsaeBand CSMA/CD 3.208 , 2.208 01 Fiber Optic ) ( IEEE

) Ethernet Fast .( 100MB IEEE Ethernet : 100MB 100baseTX 100baseTX : 10baseT , . 100MB - UTP 5 . 2 ) " 4 ( . . Baseband . 100MB 001 . ) 54-. Connector ) RG ! X : 100baseX . 100MB

96

4100baseT 100baseTX : 10baseT , . 100MB

- UTP 5 3 . 4 ) " 8 ( . . Baseband . 100MB 001 . ) 54-. Connector ) RG 100baseFX 10baseFX : . . Baseband . 100MB 004 . ) Gigabit Ethernet .( 1000MB IEEE Ethernet : 1000MB 1000baseSX 1000baseSX 1000baseLX " Ethernet ". ) 10baseSX ( 1000baseLX ( 1000MB ( 1GB " : . Gigabit Ethernet

07

1000baseSX ) ( Multimode Transmutation . 1000baseSX : 05 5.26 . . 1000MB 055 05 . 062 5.26 1000baseLX 1000baseSX . 2 : ) ( Multimode Mode Fiber Optic Cable ) ( Single Mode Fiber Optic Cable 1000baseLX : 1Gbps 2 . Shared . 2 - 2 .

17 5 Internetwork Devices

1.5 , 2 : - Segmentation . : 2 . COAX . 2 , 052 . , COAX 581 . , 2 2 COAX . ) ( : 2 . : . - Segmentation : .

27

: . Segmentation Segmentation , . : . Ethernet Ethernet . CSMA/CD

) ( CSMA/CD : , . " , . ) ( . " : Bridge Router : , . , , , internetwork . Bridge, Router -.HUB OSI . OSI 2.5 / ) . ( repeater Repeater . : repeater : . repeater : .

37

repeater . . repeater . repeater . , , . , , , , . repeater 7 : . repeater 2 2 .

47

2.5 HUB . HUB

. - Ethernet MAU, ).(TP - Twisted Pair - HUB , . ,Ethernet , , , ) ( - ,HUB TP - .HUB , - HUB , , . - HUB )(, ,

. - HUB , , , , . TP . , .

57

( BUS , -HUB, BUS

) (. BUS - HUB . -4 HUB , 4 . HUB 2 BUS:

, ) (, - HUB - BUS. . - HUB ,SNMP , , - BUS. - BUS - . , , ) (, . ( HUB , . HUB . - HUB : . , , , .

67

- HUB , . ) TP (, . , , , . ( HUB . HUB - HUB HUB, . , ,HUB . - -HUB. - -HUB . HUB , . ) -HUB ,Repeater Repeater(. HUB:

4 2- HUB. , -HUB . -HUB , -HUB. ( Switching HUB

77

HUB .Ethernet-Switching HUB BUS, Ethernet . HUB

- HUB , - HUB ) - BUS (, -BUS BUS . - BUS , , . . , , .

87

3.5 Bridge ( " . bridge bridge : . bridge :" " . " " ) . ( MAC Address repeater )" ( OSI

, ) ( . TCP/IP . NetBIOS bridge 3 : " " . ) ( : Ethernet . Token Ring : bridge 2 8 , bridge ) " 61 ( . , A " . A" B . ) A ( A , A bridge . B

97

bridge "

, broadcast ) . ( B : 3 . , . . , . . , 3 , . . : , . . . ' , broadcast ' .

08

bridge broadcast . bridge : print server .

18

Bridge )( 08-.

. . . )(Transparent Bridge .Ethernet Source Routing ) ( .Token Ring ) (Translating Bridge )- Ethernet- .(Token Ring , - , Ethernet-.Token Ring - Bridge , -MAC , Ethernet .Token Ring- Bridge , . - Bridge , . Bridge - Repeater OSI - .Bridge - Bridge 2, , - . Bridge . :

-Bridge -Bridge. -Bridge , - Bridge . -Bridge .

28

-Bridge - '. .

38

( ) Transparent Bridging ( ,Transparent Bridging- Bridge

, . ,Bridge , , - Bridge , . - Bridge , . , -MAC - - Source Address. - Bridge , , . - Bridge , - .Bridge , ) ( , . , - Bridge , , - . . - Bridge Transparent Bridging Bridge. Bridge :

48

1 2, - - Bridge, 2 . ,Broadcast - Broadcast - -Bridge ! ).(Routing Loop , -Bridge .Spanning-Tree -Bridge , . - Bridge - -Bridge , -Bridge . ( ) Source-Route Bridging - ( Source-Route Bridging - IBM .Token Ring , - Bridge , . , . - , . - - Bridge . , Bridge . , , . . , . , , . , . , .

58

4.5 Switch HUB

: . , " BRIDGE : . MAC . NetBEUI : , " 2 : Router BRIDGE ) Switch HUB .( BRIGDE . " " . . , , . " " : ) ( LAN interwork . " " : Switch HUB: bridge . " " , Switch HUB . : ) PORT ( . Switch HUB PORT . PORT 3 Switch HUB , - Switch PORT . :

68

3 . . 3 . Switch HUB 1 3 , . Switch HUB 3 , " " 2 . Switch HUB ) ( . Switch HUB PORT . : - bridge collision domains- switch - switch collision .domain . Switch HUB Switch HUB . Switch HUB : bridge " Switch HUB . bridge Switch HUB . , " Switch HUB " . Switch HUB : ) ( , . . ) ( port : port . Switch HUB .

78

. ) . ( ASIC Switch HUB . : . ASIC . up link , " Switch HUB . up link " " " . : ATM . Gbit up link . . Switch HUB Switch HUB 1. CRC HUB , Switch HUB . CRC CRC . Switch HUB "" . , . " . store and foreword

88

CRC :

, . Switch HUB " " . ) ( ports , " . : , CRC . 2. ) Redundancy ( Switch HUB Switch HUB HUB , Switch HUB 2 , . , . " " ) ( swap . 3. Filtering Switch HUB : . Filtering Filtering . " Filtering . : MAC MAC . ! . Telnet

98

4. IP switch . Filtering Filtering ) . ( MAC address . Switch HUB IP switch . IP switch Filtering ) ( physical layer IP switch ) . (IP data link IP . 5. VLAN VLAN ) . ( virtual LAN , broadcast - broadcast domain VLAN broadcast .VLAN

09

5.5 ) . ( routers . " . WAN ) . ( network .

Router network . : , Router . data link , " Router " . " Router Token Ring . Ethernet - ,Router 3 - Router, Router TCP/IP, IPX-.DECnet Router 08- , Bridge . - Router -Bridge . Router , "" . , ) 3( . - ARP , - MAC . , -) ARP -Router ,(Broadcast .

19

- ARP Router , Router - ARP .

- MAC - Router - .Router-Router , , . ARP , - ARP ) ( Router . - -Router , , - Router , . , . , , , . : : 52.. X , " 52. . X , . " . :

29

3 . "" 2 2 .

, . " ) . ( cost ) ( . , . 3 , ISO . " " . : " " . " " . . . . Router BRIDGE " . : . routing table . . ) ( hop .

39

" . , . : " " : " " .

" " , - , , '. Router . , Router ) ( Router ) . ( LAN , Router . Router , Router . , Router " " ) Router ( Router . .Packet Processing , Router Router " " ) ( un packages , ) ( . . WAN ) Fault , ( Tolerance .

49

WAN . : ) ( cost .

.Static Routing, Dynamic Routing , Router , , Router , . Router . , Router : - . Static Routing . : - . Dynamic Routing Router - Dynamic Routing " Router " Router . Router - Dynamic Routing . Router Router " Router .

59

: ) ( hope Router ) ( cost Router . Router Router . " Router : port

69

. WAN . 2 : .Distance -Vector Routing Protocols

Router .Distance -Vector Routing Protocols : " , Router . " Router Router . " . , Router 3 . " " ) ( cost" . . : Router : + Router . 02 = 01 Port 1 cost 10 + neighbor router cost 04 = 02 Port 2 cost 20 + neighbor router cost 06 = 03 Port 3 cost 30 + neighbor router cost

" " .

79

Distance -Vector Routing .

.Link State Routing Protocols : .Link State Routing Protocols Distance -Vector Routing Router : " Router : - Router , . - 1. T . flow control "" multiple paths Router " " .

89

2 TCP/IP

99 6 IP/TCP

1.6 TCP/IP . TCP/IP Open Standard TCP/IP : . Open Standard : IPX/SPX " Novell NetBEUI " Microsoft , IBM TCP/IP . TCP/IP : " " " " TCP/IP : " " ) . ( Internet Society ( IAB ( Internet Architecture Board . TCP/IP

. TCP/IP : . RFC Request for Comments RFC TCP/IP" . " . " 5 ) ( Classification :

001

. TCP/IP Protocol Suite

: ( TCP/IP ( Protocol Suite . TCP/IP : " " TCP/IP . TCP/IP Protocol Suite . : DNS 3 : . ) . ( Client Server . Network Service - TCP/IP Protocol Suite :

1. : TCP - Transmission Control Protocol IP - Internet Protocol UDP - User Datagram Protocol ICMP - Internet Control Message Protocol IGMP - Internet Group Management Protocol

101

:

FTP - File Transfer Protocol IP Telnet DNS resolve IP domain name - WINS resolve IP - netbiosname HTTP/HTML HTML SMTP NNTP DHCP IP . ) ( utilities Diagnostic and information util Ping - Packet Internet Grouper Ipconfig Nslookup - DNS Nbstat netbios Tracert Netstat - TCP/UDP

102

. TCP/IP 2.6

Th M e icrosoftTCP/IP Prot ocol Su e itWindowsSockets Windows Sockets Applications Applications Sockets NetBIOS NetBIOS Applications Applications NetBIOS NetBIOS over TCP/IP UDP UDP

Application

TDI

TCP TCP ICMP IGMP

Transport

IP IP

InternetARP WAN Technologies: WAN Technologies: Serial Lines, Frame Relay, Serial Lines, Frame Relay, ATM ATM

LAN Technologies: LAN Technologies: Ethernet, Token Ring, Ethernet, Token Ring, FDDI FDDI3

Network

2

Internet Layer .1 Internet protocol : internet Datagram .

301

IP

IP - . Connectionless IP : ) ( . ) ( host : Connectionless ) session ( is not Established . IP " " . IP : ?? ' . ) " TCP ( IP IP " " . TCP IP : Connectionless , , " IP " . IP : ) Best Effort ( IP , . , IP :

401

. - - . , . . - IP . - ' 4 . UDP TCP/IP ' 4 . . . Checksum Checksum . . (TTL (Time to Live TTL , . TTL . , " TTL . : . Default Gateway ( ( Router Default Gateway . .

501

: Default Gateway .

" " Router . " , ) Windows NT 821 . ms ) ( Router , IP . , = 0. .

) . ( Buffer : . , . . . !

601

, TTL PING . ( Default Gateway ( Router . ) ( Router TTL . PING + TTL . PING TTL . TTL

IP - . Router , Router IP : 1. TTL . Router , IP , - 0 .

701

2. MTU ((maximum transmit unit IP ) ( fregmentation .

3. : ) ( flag . : - fragment ID . : - fragment offset " . 4. ) ( checksum 5. IP - .next hop ) . ( Router 6. , next hop IP .

. ARP ARP : . Address Resolution Protocol

801

ARP : ) ( MAC Address .

ARP : . ARP Resolve- IP . MAC IP: . Resolve . IP 3 MAC 2 . , " Broadcast . Broadcast " . MAC 3 , IP , MAC .

901

011

ARP . TCP/IP TCP/IP : 2 : ( MAC ( Media Access Control IP MAC " . MAC : : 00--00-AA-2f . 00-XX

111

, . MAC . IP " MAC . , " . " IP " IP . ) ( . MAC : , IP : .

: IP : 3.001.511.902 . 3.001.511.902 . PING PING . : IP : 3.001.511.902 . MAC " . IP

211

, : "

MAC IP : 3.001.511.902 " . Broadcast" . "" " : . IP IP , . , : " MAC : -00-AA-2a 0-00 ". : MAC : 0-00-00-. AA-2a : . : ) ( IP " ) . ( MAC

TCP/IP . ARP ARP . IP MAC : . Resolving ARP : ) ( Resolving IP . MAC

311

TCP/IP 2 : ) ( Local ) . ( Remote ARP 2 . ) ( Local .Resolving a Local IP Address 1. , : . ARP Request IP . 2. IP , ARP MAC IP . ) IP Default Gateway : Default Gateway (. 3. MAC IP MAC ) MAC ( . 4. ARP ) " ( ARP : MAC IP : 1.001.511.291 .

411

5. .

) ( IP IP . IP , . 6. , ARP : . ARP Reply MAC .

511

.Resolving a Remote IP Address :

1. : - Routing Table . 2. , . Default Gateway Default Gateway ARP MAC . Default Gateway IP Default Gateway , ARP ARP )( ARP Request MAC . Default Gateway , ARP MAC Default Gateway MAC . Default Gateway ( Router ( Default Gateway , Router MAC . 3. : . MAC . IP . IP .

611

4. Router , " Router . " " . Router : . Router Router ) , ( Router Router : . Default Gateway

711

IP+ ARP Resolution

ARP 2 : Broadcast 2 Broadcast ) ( MAC ARP MAC IP 2 Broadcast . Broadcast IP , " " . , : FFFFFFFF , FFFFFFF FFFFF ) ( Broadcast .

811

FFFFFFF " , " . ARP : FFFFFF : FFFFFF : MAC IP . MAC ARP : FFFFFF IP MAC . Broadcast ARP MAC - . IP ARP ) . ( local broadcast , Router , ARP MAC . : ARP " ?? ARP Broadcast . MAC , ARP , MAC . ARP ARP Broadcast . MAC ARP , ARP

911

ARP

: , IP ' , ARP ) 2 ( . . ARP MAC IP 2 . : Router . MAC IP : . Static - Static MAC IP ARP 2 . ARP . , . ARP

ICMP ICMP : Internet Control Message . Protocol ICMP " " : " " . IP IP . IP : , connectionless : , ' .

021

. ICMP ICMP . IP ICMP IP " " : . : " " , Router Router : , ICMP source Quench . ! Router 2 , Windows NT 2 , : , Router : ICMP source , Quench ) ( . ICMP : - Type : echo Reply . echo Request - Checksum " " . ICMP - Type Specific Data " . : 0 . - Echo Reply 3 - . Destination unreachable

121

8 - . Echo request PING .

PING , ICMP . : . ICMP PING , Request time out " . ICMP Default Gateway PING , : . destination unreachable - PING PING . TCP/IP PING " IP " . " PING . " PING " . : , FTP PING . : FTP . PING IP . FTP

221

IGMP TCP/IP 3 : Unicast Unicast IP Broadcast

Broadcast " " " . Multicast . IGMP : Internet Group Management .Protocol IGMP : .Multi Cast IGMP .

321

, IGMP . IGMP : . Broadcast Broadcast . IGMP . ! " IGMP . Class D IGMP , Router ) multi cast . ( group Router , Router " . IGMP IP : ) . ( unreliable

: Multicast : Multicast : Real Audio Internet . , IP

421

: . CLASS D IP" . Internet , . , " Broadcast , Broadcast . " " " ) ( IP .

521

621

3.6 :Transport Layer

: - . Network Layer 2 . : TCP UDP UDP TCP : : . Transport Protocol Transport Protocol : 2 . ) UDP .( TCP : , Internet . Transport : ARP IP ) MAC ' ( . - internet Layer : IP ARP : " " TCP UDP . , TCP UDP: " " " .

721

TCP TCP : , ) -reliable ,connection . ( oriented : . TCP : TCP . 2 , TCP 2 . " . , TCP : . Acknowledgment : Acknowledgment : . ! : ACK : . Acknowledgment

821

- - , , Acknowledgment , . ACK , , . : , . ACK , ACK .

TCP/IP : Three - Way . Handshake : Three - Way Handshake " " : . Three - Way Handshake : . : " " ) . ( Window size TCP 3 " " )Three - Way ( Handshake 3 :

921

- . : ) . ( Data 2 : Acknowledgment . ) ( . Data

031

" " ) . ( ACK " " . " " ) Windows Size ( Segment Size .

TCP TCP 2 . ) ( Services , . : 12 32 / FTP Telnet

13135 931

DNS NetBIOS Session service UDP

TCP UDP : 2 ) ( network Layer . 2 UDP . TCP UDP : . UDP : ) best effort ( . : UDP . , UDP UDP . : UDP . : UDP . , UDP , , ) ( ACK . . UDP : . Connectionless Datagram

231

: Connectionless - ACK .

331

: . Datagram : Datagram ) . ( packets Datagram : 1.

, TCP , : , Datagram " TCP/IP . 2. - Broadcast TCP : , ' , , Datagram : ) . ( Broadcast " Broadcast : " " . , . . UDP UDP : . - . TCP ,

431

, UDP . UDP : : . : : Real Audio . , Real Audio UDP . UDP : . TCP , " . , TCP UDP " " , " UDP " , .

UDP UDP 2 . ) ( Services , . : 51 35 96 / NETSTAT DOMAIN TFTP

135137 138 161

NETBIOS-name service NETBIOS-Datagram service SMNP

631

Ports & Sockets - . PORT port - .

port . Main Frame Main Frame - ) . ( Main Frame : , . ) port ( . port : , ) ( - ) ( .

TCP/IP . port port Main Frame " " , port TCP/IP " " .

TCP/IP ) ( : , mail, telnet ,FTP , WEB . TCP/IP : . Port Number TCP/IP: " " Port Number " " : . PORT

731

port , port TCP/IP . Port Number " : ) ( Network Services . FTP . ) ( Services " " . TCP/IP , TCP/IP ). ( Port Number : SMTP ) port ( 52 . FTP ) port ( ,02, 12 . HTTP ) port ( 08 . TCP/IP : . Well Known Port Number : Well Known Port Number Port Number " : . IANA TCP/IP 4201 : . Well Known Port Number

831

Well Known Port Number : , Port Number : ) Random Port Number ( . TCP/IP 635,56 ) (Port Number 4201 . : . WEB " 2 : - IP ) ( Port Number . : , WEB : 08 . ) WEB " 08 , 08 : Well Known Port Number ( WEB : IP IP " " " : 520,1 635,56 .

931

Socket ) ( port : . Socket : Socket : . : - IP - TCP UDP ) ( port .

: . TCP/IP IP : 5.001.511.291 . : WEB . FTP . 2 .

041

, . socket ). ( socket , " : : WEB 5.001.511.291 - , IP , TCP - 08 . : FTP 5.001.511.291 - , IP , TCP - 12 . . , , .

. port : Server port, Client port : ) Server port, Client port ( TCP/IP 635,56-0 ) . ( ports 4201 " 000,46 " . : . : , DNS 08 , ( WEB ( port 12 ( FTP ( port' .

: .

141

: . FTP FTP FTP 12 , FTP "" " . FTP 3 FTP . 12 , FTP , FTP . , " " : . FTP 12 . , . : FTP 12 3 FTP : FTP FTP 000,2 , FTP FTP 000,53 . ! TCP/IP : . : FTP 12 , WEB 08 ' .

241

. :

WEB : . WEB . , WEB ) ( domain name . , WEB : 541 . WEB : 08 , , , WEB " WEB 08 , WEB - 541 . WEB , WEB 541 .

341

Application Layer .

. TCP/IP : FTP SNMP DNS

441

7 IP

NetBIOS

. TCP/IP , TCP/IP . TCP/IP . TCP/IP 2 : . Host : , Host , . TCP/IP : , , , , Router . Host name " ) " ( ) ( Host : . Host Name - Host Name : ") Alias Name "( IP . Host IP

541

TCP/IP , , : . IP IP . IP 2 : ) . ( host ID ) . ( Network ID . Network ID TCP/IP . 2 . 2 , , 2 . , , : ) Default Gateway . ( Router . Host ID

, ) ( host Id : . IP ) ( Host ID : " " . ) ( host ID : " " . : : .

641

: " " , . , , . , IP : ) ( + ) ( .

IP IP " 23 ) 23 . ( bit IP " " ) . ( Decimal " " . " 01 .

741

decimal format IP 4 . : . octets ) ( octets : 552-0 . " : . dotted decimal 4 . IP : 1.001.511.291 .

841

binary format IP - dotted decimal " . 01 . :

4 , 8 1 0 . : 11111100.11000000.11000110.110000001 ) ( IP . TCP/IP " TCP/IP . IP - . TCP/IP - . : 821 . 1 . : Binary code Decim al Value X 821 X 46 X 23 X 61 X 8 X 4 X 2 X 1

941

: . : 0 , " " . : 1 , . 1 .

:

10000001 :

Binary code Decim al Value

1 821

0 46

0 23

0 61

0 8

0 4

0 2

1 1

10000001 = 1+821= 921 . ) ( IP . : : 552 . 552 . ,

051

: : 052 : 1. 552 : 11111111 2. 1 . 3. 052 : 052-552 = 5 . 4. 552 , 2 ) ( " : 5 . 5. : " 052 " 5 : "552 " .

2 : 1 4 5 . : 0 " " 552 .

Binary code Decim al Value

1 821

1 46

1 23

1 61

1 8

0 4

1 2

0 1

: 552 , " : 01011111 .

151

Address class

: . network ID ) network ID IP ( . -0 552 , , . , " . " : . Address class : Address class : . ) ( Address class 2 : 1. ).(host ID 2. . 5 ). ( Address class 5 : CLASS A CLASS B CLASS C CLASS D CLASS E

251

, Microsoft TCP/IP 3 : CLASS A , CLASS B . CLASS C CLASS A CLASS B CLASS C 3 ) ( CLASS : TCP/IP

CLASS A B C

IP Address W.X.Y.Z W.X.Y.Z W.X.Y.Z

Network ID W W.X W.X.Y

Host ID X.Y.Z Y.Z Z

) ( Address class . IP 23 , . , ) , ( host , . CLASS A : CLASS A . CLASS A . CLASS A , . CLASS A 8 . 42 .

351

= 42 (

8

Network ID ) 8 + 8 +

IP CLASS A 652 . " 8 652 )82=652 (. CLASS A , TCP/IP " , . CLASS A : : 0 . - CLASS A 0 , 7 ) " 8 ( .

CLASS A : 01111111 11111110 , : 721 . 0 111110 11 , CLASS A : 0000000 .

451

00000000 , : 0 . CLASS A : 721-0 . ! 1.0.0.721 Loop Back . CLASS A 71 . ) " : 612=000,000,000,71 ( . CLASS B CLASS B - - . CLASS B 61 . 61 .

Network ID + 8 = 61 (

)8

CLASS B : : 01 . - CLASS B : 10 , 6 ) " 8 ( . , CLASS B : 1111111 .

551

11111101 , : 191 . , CLASS B : 000000 . 00000001 , : 821 . 01

CLASS B : 191-821 . . CLASS B 635,56 . ) " : 612=635,56 ( .

CLASS C CLASS C - . CLASS C 42 . 8 .

CLASS C : : 011 .

651

- CLASS B 011 , 5 ) " 8 ( .

= 42( 8

8

Network ID 8 + )8 +

, CLASS C : 11111 . 11111011 , : 322 . , CLASS C : 000000 . 00000011 , : 291 .

CLASS B : 352-291 . . CLASS C 452 . ) " : 82=452 ( .

. CLASS A 721-0 ) -1 621 ( 621 612,777,61 ) 71

751

( . CLASS B 191-821 000,61 635,56 ) 66 CLASS C 352-291 00,000,61 0 CLASS D ( . 652

CLASS D : mult . icast CLASS D : : 0111 . : . CLASS D . , . 721 . ) ( network ID 721 . 721 : . loopback : loopback . 552 .

851

) ( network ID ) ( host ID 552 ) 11111111 ( . 552 ) Broadcast ( . Broadcast : 552 . 0 . ) ( network ID ) ( host ID 0 ) 00000000 ( . 0 . : CLASS C : 452-0.001.511.291 : 0.001.511.291 . .

Subnet Mask . : Subnet Mask . Subnet Mask 2 :

951

1.

, . Subnet Mask Subnet Mask . 2. Subnet Mask " " . TCP/IP : CLASS C : 0.511.291 452 . Subnet Mask . TCP/IP Subnet Mask Subnet Mask , . Subnet Mask . TCP/IP , , TCP/IP Subnet . Mask TCP/IP . TCP/IP , , TCP/IP .

061

, : Subnet . Mask TCP/IP

) ( Address class . 2 : Subnet Mask Default Subnet Mask Custom Subnet mask : , Default Subnet Mask : . Custom Subnet mask Default Subnet Mask

: , Default Subnet Mask . IP Default Subnet Mask : 552 0 . 552 ) 11111111 ( . 0 ) 00000000 ( . 2 ) 552 0 ( " . 3 Subnet Mask - : Default Subnet Mask

CLASS A B C

IP Address W.X.Y.Z W.X.Y.Z W.X.Y.Z

Network ID W W.X W.X.Y

Host ID X.Y.Z Y.Z Z

Subnet Mask 0.0.0.552 0.0.552.552 .552.552.552

161

0

261

Subnet Mask

Subnet . Mask , ) ( AND " . Subnet Mask : , Subnet Mask " " ) ( , " " Default Gateway ( ( Router . ! , Subnet Mask Subnet Mask . IP ) ( . Subnet Mask , Subnet Mask " " : , .

: 511.001.721521 - , .IP Subnet Mask 0.0.0.552 . Subnet Mask IP . CLASS A

361

IP address Subnet mask

721 552

001 0

511 0

521 0

, IP : 511.001.7218. , " , : . AND AND IP . Subnet Mask .

461 8 Addressing

Subnetting : Subnetting : . Subnet : Subnetting - . Custom Subnet : Subnet 2 : " 0 " " 552 " , " : Subnetting . Subnetting " " . Subnet , TCP/IP : Subnetting , " , - . : Subnetting Subnet Mask . : ) ( network ID IP . " : IP ) . ( Network ID Subnetting

561

" Subnetting .

661

Subnetting : .

Subnetting , 2 : Ethernet . Token Ring . Subnetting . : Subnetting . . . Subnetting .

761

Subnetting ' - . Subnetting Subnetting : 1. 2. 2 , . 3. - . 4. . 5. : 1 .

861

: : 0.5.002.921 . CLASS B Subnet Mask : 0.0.552.552 .

: 4 . 4 ) ( Router . 52 .

: 3 ! : 0.5.002.921 : . Subnetting

: Subnetting : Subnetting : 1. 4 " : 2^2- =n n " 3 . 2. subnet : Subnet Mask : 0.0.552.552 .

961

Subnet Mask Subnet Mask : 11111111 00000000 11111111 00000000

Subnet Mask . 4. 3 3 Subnet Mask: 111 . 0 . 00000111 11111111 11111111 00000000

: 00000111 . : 00000111 : 422 . 4 Subnet Mask : 0.422.552.552 .

3. 3 ) Subnetting : 422 " " 3 ( . : 32 : 8 . 4. . , CLASS B 6 , Subnet Mask : 0.422.552.552 . .

071

2 :

171

' " .

: 1 , : Binary code Decim al Value , : 1 . 23 , : 23 ) 23 ( . ' . Subnet Mask . : 652 ) - ( Subnet Mask Subnet Mask . 422-652=23 . 1 821 1 46 1 23 0 61 0 8 0 4 0 2 0 1

271

) 652 82 = 652 ( :

Beginning Range Value

Ending Range Value

Networ k Numbe r 1 2 3 4 5 6 7 8

1.0.X.Y 1.23.X.Y 1.46.X.Y 1.69.X.Y 1.821.X.Y 1.061.X.Y 1.291.X.Y 1.422.X.Y

452.13.X.Y 452.36.X.Y 452.59.X.Y 452.721.X.Y 452.951.X.Y 452.191.X.Y 452.322.X.Y 452.552.X.Y

4. . " IP : 91-23=31 . : 312=2918

371

3

471

7

1.7 . . . , . " , . , .

, . , . - .OSI . : 1. - Authentication .

571

2. - Authorization , , ? ! . 3. - Encryption . DES (Data Encryption (Standard 821.DES 2.7 Authentication . . - Gateway . . " / ISDN , . , "" . : 1. ) ( 2. "" " " ". 3. ' . 4. ,

671

.

771

Authentication Servers RADIUS - Remote Authentication Dial in User Server .

NT/UNIX - RADIUS Server . RADIUS Client ) ( - RADIUS , " " - User- password - Server . . , . Router , User- . Password

TACACS - Terminal Access Controller Access Controller System - RADIUS" .Cisco . - ) (RAS .

871

- RAS . - database .3.7 Encryption

. , , . . . - .OSI )(Tunnel IPsec )(HTTP Secure

, Sherd key

971

. . .DES IBM - 07' - DES 821,65,04 639,729,730,495,750,27 .

, . : ,

081

. . , .

- , . ) 2 4201( . . , . . . . , . .

181

4.7 FIRE WALLS - Fire wall - Fire wall" . . - Firewall , - Fire wall - Fire wall , , . Security policy . - Fire Wall ) (Permit ) (Deny ).Packet) Droping

281

Fire Wall . 1. Packet Filtering - 3 - .OSI - Packet filter - security policy . , .ACCESS LIST . Header - .IP Packet : IP IP dest/src Address Port TCP, UDP, ICP, IP Tunnel .TCP/UDP Dest/Src Port ICMP . ICMP IP'. Interface /. Forwarding" Routing Table Deny Discard Telnet Telnet 32 SMTP SMTP 52 telNet Discard 32. Filtering Telnet .

381

FTP . .Telnet .FTP . Source IP adds Spoofing

. .? IP .IP Spoofing , . . .Discard Source Route Attack ) (Path , ) Tracert . Disable .Source Route

481

1. Software Features . 2. ,WAN Filter . 3. . 1. 3 .

2. Packet Throughput Filter. Forwarding Dest Address . , '. Filter CPU . 3. Control Over Traffic Permit/Deny . ' ) (NewsGruop FTP, Telnet . 4. 3201 Port . 5. " - IP SPOOFING FTP - Source port - .FTP 6. filter : , Packet ,Header Formats ) Access List (, . 7. Data Driven Attack .

581

: - PACKET FILTERING , - 3. OUTBAND FTP SESSION 3201 . 2. Proxy Server Fire walls . - proxy . . - proxy FTP .UDP - proxy . . Proxy . . DPSec TCP .Packet GateWay . Session .FW FW App. Level Gateway Circuit .Level Gateway FW . 3. Stateful Inspection FW . - W.F - .open connections

681

781

VPN Virtual private networks

VPN . . - VPN 1. 2. INTRANET 3. .EXTARNET . . - VPN . , - LAN. , encrypted tunnel . VPN VPN Tunneling ) Tunnel( . - Tunnel : 1. - - Tunnel - ISP . 2. - - TUNNEL GATEWAY- .ISP - - TUNNEL ) , , (

881

PPP(Point to point (protocol TUNNEL . TUNNEL - Encapsulation ) (IP,IPX encapsulation - PPP TUNNEL.

- VPN - TUNNEL , . Virtual Private Network . . , , Frame Relay ". VPN , . VPN LanRover-VPN -Shiva , -Cipro -Remote Access .Shiva 1- Firewall -Check Point -Firewall

981

Border Manager -Novell VPN ,

, , ISDN , FR'. VPN " , IP IPX .

NAT Network Address Translation . IP . - NAT IP IP , . IP,IPX IPX NCP .

091

191

- access-list - Cisco- ) IP (. - address mask , . .subnet .Address Resolution Protocol - ARP IP 2 )) .MAC 628- .RFC .Attachment Unit Interface - AUI ,ETHERNET 51 - .-TRANCEIVER .tranceiver cable - backbone network , , , . .Consultative Committee for International Telegraph and Telephone - CCITT . .-ITU-T - client-server computing : . , , . - compression , , . . - congestion . - conectionless . - connection-oriented . - console )) ,DTE . - cost , , , - . ) -cost( . .Cyclic Redundency Check - CRC . -CRC , .

291

. .

.Carrier Sense Multiple Access Collision Detect - CSMA/CD , . , . . . .ETHERNET .Data Communication Equipment - DCE ))DTE . DCE . - DECnet ) ( - .Digital .-DNA - default route , , , . - delay . . .Data Terminal Equipment - DTE . , . 1 - E 840.2 .MBPS 1.T 3 - E - )).34MBPS .Electronic Industries Association - EIA . - encapsulation . ,ETHERNET .ETHERNET - encryption , . .Enhanced Interior Gateway Routing Protocol - Enhanced IGRP IGRP - .Cisco .

391

- Flash memory - .Intel Flash , . . - flow control . . , . - frame . . -frame , , . datagram, message, packet, , . - Frame Relay . Frame Relay 52. -X . - gateway IP, )).Router - gateway , ) SNA) IBM .TCP/IP - hardware address 2 . - -.MAC address .High-Level Data Link Control - HDLC , HDLC .SDLC )) encapsulation . - holddown , - . . - hop. . - hop count .RIP . - host . . . ,node ) (. .Institute of Electrical and Electronic Engineers - IEEE . -LAN IEEE ) 208. x ).IEEE

491

2.208 - IEEE IEEE -LLC . -LLC ) 3(, . 3.208- 5.208-. 3.208 - IEEE IEEE .ETHERNET 5.208 - IEEE IEEE .Token Ring .Interior Gateway Routing Protocol - IGRP - ,Cisco RIP . - interface. . - internetworking . .Internet Protocol - IP ) 3( . 197- .RFC - IP address 23- , . 4 . . .Internetwork Packet Exchange - IPX NetWare .Novell -XNS .-IP .Integrated Services Digital Network - ISDN , DATA ,VOICE . ITU-T - International Telecommunication Union Telecommunication .Standardization Sector .CCITT - keepalive message - - , . .Local-Area Network - LAN ) (. LAN - . .Link Access Procedure, Balanced - LAP-B ,HDLC ) 2( 52. X .CCITT .Local-Area Transport - LAT DIGITAL

591

- latency , . - link. . .Logical Link Control - LLC ,IEEE 2, 3 . - LLC 3 TCP/IP -IPX - .LLC -LLC 2.208 .IEEE - load balancing , . , , . -load balancing . .Media Access Control - MAC -MAC ) 2(. -MAC ) -Media (. -MAC CSMA/CD .-Token - MAC address .MAC .hardware address .Metropolitan-Area Network - MAN )(, LAN WAN .MAU - Media Attachment Unit- ETHERNET ' )" (tranceiver RING TOKEN , , -.MAU Managment Information Base - MIB .SNMP ,MIB . - name server . 3. - NetWare , , . - .Novell - network , , .

691

- network address ) 3(, . .

.NonVolatile Random-Access Memory - NVRAM , . . .Open Shortest Path First - OSPF , , RIP. , - . - packet. , . .frame - peer-to-peer computing , , )) client )) .server - polling , - , - . ).SNA) IBM .Point to Point Protocol - PPP ,SLIP . - queue . . - redundancy . - . - repeater - . .Request For Comment - RFC ) -Internet ) .TCP/IP , . RFC Internet ).(http://www.cis.ohio-state.edu:80/hypertext/information/rfc.html .Routing Information Protocol - RIP , . .

791

54- - RJ 8 )) ,8W . - routing/ . - routing metric , . , , . .cost - routing table , , . - sliding window flow control , . , , . TCP - . .Simple Network Managmnet Protocol - SNMP , ) ,TCP/IP) UDP ) (. - static route , - , , . - subnet-, IP , - . .Switched Vurtual Circuit - SVC 52. .X 52. ,X . , . 1 - T 445.1 .MBPS 3 - T .45MBPS .Transsmition Control Protocol/Internet Protocol - TCP/IP , 07-, . TCP/IP . TCP 4 ) (, , . IP 3 ) ( .

891

- Telnet -TCP/IP )) virtual terminal . - terminal emulation , . .Trivial File Transfer Protocol - TFTP -TCP/IP ) ) ,FTP . Cisco . - time-out , . ,time-out- . - token. )) ,frame ,Token Ring . .Time to Live - TTL TCP/IP . -IP ,-TTL , 0-, . .User Datagram Protocol - UDP ,TCP/IP ,-TCP . UDP . ,, .SNMP - UNIX 9691, . UNIX ,TCP/IP -. 42. - V ))232.RS 53. - V )).48KBPS - virtual circuit . . . , )( . .Wide Area Network - WAN , .

991

52. - X ) ,ITU-T) CCITT ,

)) virtual circuit - . 121. - X- 52. ,X . 004. - X ) ITU-T) CCITT . - x-terminal - , .