Upload
vadimroizman
View
360
Download
6
Embed Size (px)
Citation preview
1
. . , , .
2
1 ................................................................................................ 4 1 ...........................................................................................51.1 ..........................................................................................................5
.......................................................................................................................71.2 ..............................................................................9
2 ...................................................................................................92.2 10................................................................................. ISO .................................................................................................................22 3.2 " - 24...........................................................................OSI
3 ...............................................................................331.3 - Media Access ..............................................................................................................................33 3.3 3.208/Ethernet ..............................................................................................................................93 4.3 Token Ring ..............................................................................................................................54 5.3 FDDI ..............................................................................................................................25
4 208 ...............................................................552.4 208.........................................................................................................95
5 71........................................................................Internetwork Devices1.5 ...................................................................17 2.5 HUB ..............................................................................................................................47 3.5 78............................................................................................................ Bridge 4.5 85...................................................................................................Switch HUB 5.5 ) . ) 90............................................................................................ routers
2 98 .......................................................................................................TCP/IP 6 99.................................................................................IP/TCP1.6 99....................................................................... TCP/IP 2.6 . 102.............................................................. TCP/IP ............................................................................................................................201 3.6 :Transport Layer ....................................................................621
7 144.........................................................................................IP 8 164......................................................................................Addressing
3
3 .............................................................................................. 371 7 .....................................................................................4711.7 .........................................................................................471 2.7 175..............................................................................................Authentication 3.7 178....................................................................................................Encryption 4.7 181..............................................................................................FIRE WALLS
..................................................................................................... 091
4
1
5 1
1.1 - 07' , - 08' , . : - LAN - Local Area Network - LAN 10M 10G )- 10m .(10km - WAN - Wide Area Network - WAN ) 100BPS -551.(M , , , - , . .
6
7
) ( topology
), ( . . (Bus (Liner BUS Bus : . : Liner BUS . . -Star Star : ) ( HUB . Ring Ring , . . " Mesh . Mesh : . Mesh WAN- . LAN . Hybrid : Star - bus Ethernet - Star- ring R.T / .
8
) ( ) ( .
: - 10baseT 2 . : . star BUS BUS . STAR
9 2
1.2 " " . " . . " , X . Y , .
. . , . . : - , ISO - , CCITT - IEEE .
01
2.2 ISO - OSI . 7791 -ISO ) , ( International Standard Organization . . . . . ISO : . ( OSI ( Open System Interconnection , 7 . : . - layer
O e Syst m In e pn e s t rcon e ion(O Re re ce n ct SI) fe n M e od l
App tionLaye plicaion yer Ap licat La r Prese taionLaye senat yer Pre nt tionLa r SessionLaye ssion La r yer Se Tran ortLaye nsp yer Tra sportLa r NeworkLaye et ork yer N tw La r DaaLinkLaye at k yer D taLin La r Physica Laye ysical La r l yer Ph
11
21
7 . . " - . 7 , 7 6 . ) ( user ) .( provider
. ) ( , , : 7 6 , 5 '. "" ) , '. ( . " " . , . " " . 7 : ) . ( layers OSI : 7 .
31
41
1. - . physical layer :
9 DB , RS232, DTE, DCE ' . : . " , COAX , 2. - data link layer , . " . Ethernet 2 ) : ( sub layer Logical Link Control- LLC Media Access Control- MAC - MAC CSMA/CD . Token Pass - LLC 2 IP IPX . data link : ) ( raw data : ) . ( frame : , , data link : .
51
data link frame ) ( Acknowledgment . " 52. X - .2L
2 , ACK 4 . 3. network layer : 1. . 2. . 3. . Data Link ) . ( Machine Address : ) ( : IPX . NetWare - . " " : ) ( routing table . - . packets ) Data Link ( Frame ) (Packet TTL CHECKSUM "" . .
61
" , , '. ) IP ( TCP/IP . network Network layer . " IP ) ( . " , , Router . network
4. -transport layer . Data Link Data Link . transport . , . , . , . ) ( , . 2 :
71
. Data Link Data Link
) , ' ( . " " ) . ( Hand Shake " " . - flow control ) " " ( , : " . : TCP , UDP, SPX 1. Connection Less - UDP - Video 2. - Connection Oriented - TCP . Email , Web : )4-1(, )7-5( - .IP/TCP 5. session layer : , ' , . session ) ( NOS : , . ) ( log in . . , : , '.
81
. , .
Session . : , . , Session : . Check sum " , .
6. -presentation layer ) ( . : ( ASCII ( American Standard Code for Information - ( EBCDIC ( Extended Binary Coded Decimal Interchange Code ANSII NetWare ASCII . , . , '. " : - , ,
91
'. . " " .
) ( intermediary . ANSII Presentation : . 7. - . application layer ) . ( Shell . . . " " . : , " , . .
02
. : ) 7 ( . . " . , . ) 6 ( . ASCII , . ) 5 ( .
12
. : , ' . ) 4 ( - . . . ) 3 ( . !! : , . : " . IP 2 MAC . MAC . , . ) ( WAN , . " " , ) 2 ( , ' , " " .
22
: . : . CSMD/CD : Ethernet . Token Ring .
, - . ) 1 ( ) ( : ) ( . ) 1 ( ) " ( . ) 2 ( . Ethernet ) 6 ( : , DOS space name . ) 7 (
32
.
42
3.2 " - OSI .OSI .OSI
, : . 1 - 2 ,OSI . , . : Ethernet, TokenRing- .FDDI " : . 3 ) (. , . , OSI . 1 - 2 3 . 3 . 3 TCP/IP, Novell IPX- DECnet .
52
1( :
. - . : : . . Ethernet COAX Ethernet . : . 006 . : , , ' . : - ) Wire ( . : . " ) ( twisted . . : twisted pair 4-2 . ) 8-4 (. : PVC . Teflon . " .
62
2 : UTP UTP . ) , ( Unshielded UTP . : . .
, . STP Shielded Twisted Pair . - EMI ( ( Electromagnetic Interface RFI (Interface Radio . ( Frequency : 54-. RJ 54- RJ 11- RJ . 54- RJ 11- . RG 54- RJ 8 , 11- RJ 4 .
72
Coaxial cable Coaxial . Coaxial " Coaxial 2 " " ) ( . COAX COAX 4 . 2 : . 2 - . - - . Conductor Core " ) . ( Copper . " : Teflon . PVC : - Outer Conductor : ) . ( Braided metal
: ) ( Ground . : . Crosstalk Crosstalk . " " . AUI AUI : . Attachment Unit Interface AUI : . Transceiver ) AUI (
82
92
. : ) . ( Fiber
: , . 2 . . : . . . : . 01 . GB : . 100MB : . COAX UTP ) ' ( . . 2 " ) ( , . .
03
. , . , " " . 2 : . . . , . "" . "" . . : - baseband - . - broadband .
13
. . : - . - .
23
2( -: - MAC - Media Access Control-
- LLC - Logical Link Control- ) 3 (. . - , MAC, , : ( ) : (Contention , . : - ) !(. . . . ( ) : (Token "" . . : - . . . . 1 - 2 ) - - (MAC - MAC - LLC . . IEEE )208. (X . 3.208 - 5.208 .
33 3
1.3 - Media Access : Media Access : . ) .( Network access method Media Access . . . " : . : : , " " : . Media Access 3 " " ) ( " " . " " : . ( MAC (Media Access Control . 3 : ): ( Media Access . Contention - . Token Passing - . Demand Priority ! ) . ( Switch HUB
43
" " . ) ( Switching . 3.2Ethernet - Ethernet - 07 - .Xerox - 08 - Ethernet - IEEE 3.208. Xerox,Inter- Digital .Ethernet II , 3.208 - Ethernet II . Ethernet , ) OSI - .(MAC Ethernet . Contention : . : , . : . . - : " " . : . Ethernet Ethernet . : Ethernet 2 :
53
1. 2COAX - 10Base5 , 10Base 2. - 10BaseT , 100BaseTx 3. 1000BaseSx , 1000BaseLx Ethernet )( CSMA/CD Ethernet : . Baseband 2.
Ethernet ,BUS , , . 6 :Ethernet
Ethernet - CSMA/CD (Carrier Sense Multiple .(Access/Collision Detection -:Ethernet Carrier Sense - ) - (. Multiple Access - . - Collision Detection - .
63
, ,
, ,9.6 sec - . , . , , , , . Ethernet . -. , . , . - Ethernet , . 4 ) A,B,C-.(D A .D B , . ) (, C, , . )B - (C . A , B-C -, . , , , - ,JAM - , -- . , , . , - , . , , . ) (, .
73
,0-2n n - 1 01, . Ethernet , ) (, . - Ethernet , , , . Ethernet , %03-%04. ) /( , .
83
ethernet
: Contention " Ethernet : 3.208 - IEEE Ethernet . 10MB - IEEE 802.3U Ethernet . 100MB - IEEE 802.3Z Ethernet 1. ( 1000MB ( GB
93
3.3 3.208/Ethernet
- Ethernet - 07 - .Xerox - 08 - Ethernet - IEEE 3.208. Xerox,Inter- Digital .Ethernet II , 3.208 - Ethernet II . Ethernet II 3.208, . Ethernet . ) Ethernet (10MBPS . Ethernet. , . ,Ethernet - 10MBPS , . ) 5 0( 005 . , . 05. 005 , , , , 581 . ) (Thick Ethernet ) Thin Wire .(Thin Ethernet , , Tranceiver . - Tranceiver ) , (. .
04
) (Tranceiver 0004 H 5004H ) ( 51
) .(AUI -5/0004 H , - . , , ! , 5.2 , 5.2 . Ethernet 5.2 - . , - Tranceiver .Desta- Desta ,T - .Desta - Desta AUI -5/0004 .H - Desta BNC -.Desta - Desta -5/0004 H 51 - AUI- Tranceiver . .(TC (Tranceiver Cable . : ,XX BASE Y XX MBPS, Y , BASE ) BaseBand BroadBand '(. , 5 10BASE 10MBPS 005 . -2) 10BASE 581...(. 63 ,10BROAD 10MBPS BroadBand 0081 ) 0063 (. . , 5 1BASE 1MBPS . . .HUB
14
Ethernet
,Ethernet - MAC 2 - .
Ethernet Frame VariationsPreamble Preamble DA DA SA SA Type Type Data Data FCS FCS 8 6 6 2 4
Ethernet Frame
Octet. Octet - ,Byte .Bit : Preamble - Preamble -Tranceiver . - Ethernet , )(, . - Preamble - 8 Octet ) 01(. . - Preamble 11 01 - . - Destination Address . ,OSI 3, . - Ethernet , - Ethernet.
24
) (MAC . - MAC - Tranceiver , . .Tranceiver - MAC , Tranceiver . - Tranceiver. - Tranceiver- - MAC. 842 . MAC , ) Broadcast (. - Broadcast MAC -"1". - Source Address . , - - MAC . - Type 3 . 3 - . , , , . 3 , . 612 . 3.208 , . - Data , . 64 . - FCS .CRC -CRC . - CRC . , .
34
, Ethernet Repeater . . ) , (. , . : : 8 21 2 64 4 27 Preamble DA+SA Type Data FCS ":
27 Octet .Ethernet : 675=8 .72x 675 . 675 :10MBPS
1 : 10M
1.0 .Sec 675 6.75 .Sec . Round Trip .Delay . .5.085 Sec/Km :57 .6Sec 5.085 Sec / Km = 11.3Km
- 2, 6.5 ". Ethernet 6.5 ", , Repeater ) 005 (, ,
44
. 4 Repeater - 5.2 " ) -.Repeater . Repeater, "" - .Preamble - Preamble 46 , Repeater - 02 , -Preamble . - 2 Repeater , 5.1 " ! Ethernet- 3.208 , 3.208 ,Ethernet . 3.208 -) Type 3( )612 (. 3.208 ) Length(. -Length - .Data - Data , , . 2.208 ,LLC . Ethernet 3.208 - - .Type/Length - Length 8151 ) - ,(Data - Type - 8151. -Tranceiver , - Ethernet 3.208.
54
4.3 Token Ring Token Ring - 07 - .IBM 5.208 IEEE .Token Ring Token Ring IBM 5.208.
,Ethernet Token Ring 2 ,OSI -.MAC Token Ring - , Token Ring 4MBPS-.16MBPS ,Token Ring ,Token . . Token Ring , . 01 Token Ring:
"". "" . , . , "", .
64
01, B
,D B . ,B . , ,D , . D , , . ,B , B , . - ,Ethernet Token Ring %001. Active Monitor , , , , , . Active .Monitor - Monitor , . , . , - Monitor . .(M (Monitor , )- (. ) (, - M 1-. , , - Monitor 1= M - Monitor , . - Monitor . Token Ring , - Monitor , . - Monitor ,
74
) (JITTER Token Ring 062-07 ) (.
84
Beacon/Purge
Token Ring .Beaconing , , ,Beacon , ,Standby Monitor "" .Monitor ,Active Monitor .Monitor ,Active Monitor -,Monitor - MAC .Active Monitor , ) , '(, .Purge , .Beaconing ) (. , , , Beaconing . ,Sniffer . Early Token Release ,4MBPS - , . .16MBPS - Token Ring - ,16MBPS , . ) Early Token Release (. , , , , . ) (, , , . , , .
49
Token Ring :Token Ring- MAC-
J P
K P
0
J T
K M
0
0
0
Starting Delimiter Octet 1 Access Delimiter Octet 1 Octet 1 Octets 2-6 Octets 2-6
P
R
R
R
Frame Control Destination Address Source Address
Data
Octets 0-4027
JAR
KFC
1 0
J
K
(FCS (CRC 1 I EFC
Octets 4 Ending Delimiter Octet 1 Frame Status Octet 1
0 AR
0
0
05
: - Starting Delimiter Octet .
- J- K . J - K ' -) Token Ring '(. 1 ) (J 0 ) (K . - Access Delimiter Octet . - M - .Monitor ,(T (Token )0= (T )1= .(T (PPP (Priority- (RRR (Reserve ) (. - Frame Control Beacon/Purge'. - Destination & Source Address - MAC . - MAC- Token Ring - ,Ethernet - , ) SNA .(IBM MAC Tranceiver, - MAC . - Data . - Token Ring - Ethernet . - FCS .CRC .Ethernet Ending Delimiter - Octet -.Starting Delimiter - .Ending D : (I (Intermidiet , , ,(E (Error 1- , , .CRC , . Frame Status - Octet . : (AR (Address Recognised 1- ) (.
15
(FC (Frame Copied 1-
. ) (, AR 1 FC 0. 0, . Token Ring , , . 0 7. PPP- RRR- Access Delimiter -.Token Ring - (PPP (Priority . 4= PPP 4 . (RRR (Reservation . , ) (, - - RRR . - RRR -) PPP RRR(. PPP , , . Token Ring Token Ring , , . , , IBM Token Ring . MAU (Multiple ,(Access Unit , - MAU . 8- MAU. - - MAU Ring In- .Ring Out
25
MAU. 3 42( MAU(:
5.3 FDDI (FDDI (Fiber Distributed Data Interface - ANSI 08- 5.9 .ANSI X3T , Ethernet- .Token Ring . . FDDI . , ) ANSI ( ) ISO( . .FDDI FDDI Ethernet- ,Token Ring . FDDI 100MBPS ) (BackBone . Ethernet- Token Ring FDDI - ,MAC . FDDI 100MBPS ) .(Token Ring FDDI , .
35
FDDI Token Ring , , , - Beacon .
FDDI , ) (, ) ( ) (. FDDI - FDDI , . ) (Primery Ring ) .(Secondary Ring . - FDDI . Class A (SAS (Single Attached Stations Class B DAS .((Dual Attach Station - SAS -FDDI ) Concentrator(, DAS - FDDI .SAS - SAS - .FDDI .PC
45
Ethernet, Token Ring Token Ring 16MBPS 4MBPS %09 Ethernet BUS 10MBPS %03
, . Ethernet %03- . ) Token Ring- (FDDI , ) (. , , . , , , '. , . ,Ethernet , -%05 , . . ) '(, ,FDDI . FDDI - ) .(BackBone
55
, , , ) ( .
4 2081.4
: Ethernet " . , Ethernet . Ethernet Ethernet " : . DIX Ethernet ) DIX 3 : . ( Digital-Intel-Xeroxes : . Ethernet ii 0891 IEEE . Ethernet : Ethernet " " - . IEEE Ethernet . Ethernet " IEEE : . Ethernet I " , IEEE . COAX , Ethernet . , Ethernet " " Ethernet .
65
Data Link , " IEEE . OSI 208 2 : Data Link Physical . OSI , 2 ) Sub . ( Layer : ( MAC ( Media Access Control ( LLC ( Logical Link Control Layer Data link .
LLC : MAC . LLC LLC . MAC LLC . , LLC " " . : TCP/IP NetBEUI , COAX .
75
MAC MAC . LLC : ( MAC ( Media Access Control . : , " . MAC
MAC ) Frame ( , .
85
IEEE OSI " " . " . ( IEEE ( Institute of Electrical and Electronic Engineers IEEE . IEEE LAN . MAN
IEEE , .
95
2.4 208 0891 IEEE .
208 0891 2 . 208 . 208 2 OSI : . Ethernet " : 208. , X " " X . 208 . " 208 . 3.208 ) IEEE ( Ethernet 3.208 Data . Link . 2.208 : . CSMA/CD ) : " " ( 2.208 . , . Ethernet Ethernet . 2.208 ) IEEE ( Ethernet
06
2.208 : 3.208 .
!! " , 3.208 2.208, ! 3.208 Ethernet . 2.208 3.208 .
16
2.208 LLC 3.208 - Ethernet, 3.
3 , Ethernet - . )7-3(. - (LLC (Logical Link Control IEEE -208. ,X 2.208. 3 , . - LLC . LLC 2 - LLC ) - LLC 2 3(. 208. X - ,LLC 3.208 2.208- .LLC 2. - LLC , ,
DSAP SSAP Control
- (LSAP (Link Service Access Port 3. , LSAP DSAP- LSAP. DSAP )(Destination SAP SSAP ) .(Source SAP , .
26
SNAP
6 ) 8 - DSAP- SSAP (. 62 23 . - Ethernet, 612 , - LLC ! - LSAP SNAP AA 61. (SSAP=DSAP=AA (SNAP - LLC
LSAP
PIF
SSAP DSAP Control OUI PID
3 Octets 2 Octets
,(PIF (Protocol Information Field -: (OUI (Organization Unique ID- .(PID (Protocol ID 3. - OUI 3 Octet, . , . 422 . 612 , -.PID , - DSAP- SSAP. , . - DSAP- SSAP - ,(AA (SNAP - OUI- PID . ' 91 3.208 2.208 : 8 6 6
MAC
Preamble DA SA
36
Length 1 LSAP DSAP=SNAP=A LLC A 1 SSAP=SNAP=A A 1 Control 3 OUI 2 PID64 051 0 2
PIF 3
DATA
MAC
FCS
4
- LLC - DATA , , .
46
Ethernet Ethernet :
BUS Star BsaeBand CSMA/CD 3.208 10/100Mbps Thicknet Thinnet UTP
) ( IEEE
510Base 5 10base : COAX : .Thicknet . Baseband . 10MB 005 . : 001 . " : 0052 ) 005 , " 5 , 5 0052 = 005 . ( x ) . ( Connector ) AUI ( Attachment unit interface " " : 001 Speed in Mb per Second + channel type + meters per segment x :
5- 10Base :
56
: . 10Mbits /sec : ) Baseband ( . : 001 - ) 005 005=001. ( 5x 5 10Base : BUS BsaeBand CSMA/CD 3.208 , 2.208 10Mbps Thicknet ) ( IEEE
210Base 2 10base : COAX : .Thinnet . Baseband . 10MB 581 . " : 529 ) 581 , " 5 , 5 529 = 581 . ( x ) . Connector ) BNC : 03 .
66
! , : 002 .
581 , . 2 10Base : BUS BsaeBand CSMA/CD 3.208 , 2.208 10Mbps Thicknet (RG-58 /U , RG-58 A/U ) ( IEEE
10BaseT 10baseT : . . Baseband . 10MB 001 . ) 54-. Connector ) RG
1 10base 001 . IEEE : 10baseT : " " T . Twisted pairs
76
10BaseT : Star BsaeBand CSMA/CD 3.208 , 2.208 10/100Mbps UTP/STP ) ( IEEE 10BaseFL 10baseFL : . . Baseband . 10MB 0002 . 10baseFL " ) ( HUB " : . Backbone
86
10BaseFL : Star BsaeBand CSMA/CD 3.208 , 2.208 01 Fiber Optic ) ( IEEE
) Ethernet Fast .( 100MB IEEE Ethernet : 100MB 100baseTX 100baseTX : 10baseT , . 100MB - UTP 5 . 2 ) " 4 ( . . Baseband . 100MB 001 . ) 54-. Connector ) RG ! X : 100baseX . 100MB
96
4100baseT 100baseTX : 10baseT , . 100MB
- UTP 5 3 . 4 ) " 8 ( . . Baseband . 100MB 001 . ) 54-. Connector ) RG 100baseFX 10baseFX : . . Baseband . 100MB 004 . ) Gigabit Ethernet .( 1000MB IEEE Ethernet : 1000MB 1000baseSX 1000baseSX 1000baseLX " Ethernet ". ) 10baseSX ( 1000baseLX ( 1000MB ( 1GB " : . Gigabit Ethernet
07
1000baseSX ) ( Multimode Transmutation . 1000baseSX : 05 5.26 . . 1000MB 055 05 . 062 5.26 1000baseLX 1000baseSX . 2 : ) ( Multimode Mode Fiber Optic Cable ) ( Single Mode Fiber Optic Cable 1000baseLX : 1Gbps 2 . Shared . 2 - 2 .
17 5 Internetwork Devices
1.5 , 2 : - Segmentation . : 2 . COAX . 2 , 052 . , COAX 581 . , 2 2 COAX . ) ( : 2 . : . - Segmentation : .
27
: . Segmentation Segmentation , . : . Ethernet Ethernet . CSMA/CD
) ( CSMA/CD : , . " , . ) ( . " : Bridge Router : , . , , , internetwork . Bridge, Router -.HUB OSI . OSI 2.5 / ) . ( repeater Repeater . : repeater : . repeater : .
37
repeater . . repeater . repeater . , , . , , , , . repeater 7 : . repeater 2 2 .
47
2.5 HUB . HUB
. - Ethernet MAU, ).(TP - Twisted Pair - HUB , . ,Ethernet , , , ) ( - ,HUB TP - .HUB , - HUB , , . - HUB )(, ,
. - HUB , , , , . TP . , .
57
( BUS , -HUB, BUS
) (. BUS - HUB . -4 HUB , 4 . HUB 2 BUS:
, ) (, - HUB - BUS. . - HUB ,SNMP , , - BUS. - BUS - . , , ) (, . ( HUB , . HUB . - HUB : . , , , .
67
- HUB , . ) TP (, . , , , . ( HUB . HUB - HUB HUB, . , ,HUB . - -HUB. - -HUB . HUB , . ) -HUB ,Repeater Repeater(. HUB:
4 2- HUB. , -HUB . -HUB , -HUB. ( Switching HUB
77
HUB .Ethernet-Switching HUB BUS, Ethernet . HUB
- HUB , - HUB ) - BUS (, -BUS BUS . - BUS , , . . , , .
87
3.5 Bridge ( " . bridge bridge : . bridge :" " . " " ) . ( MAC Address repeater )" ( OSI
, ) ( . TCP/IP . NetBIOS bridge 3 : " " . ) ( : Ethernet . Token Ring : bridge 2 8 , bridge ) " 61 ( . , A " . A" B . ) A ( A , A bridge . B
97
bridge "
, broadcast ) . ( B : 3 . , . . , . . , 3 , . . : , . . . ' , broadcast ' .
08
bridge broadcast . bridge : print server .
18
Bridge )( 08-.
. . . )(Transparent Bridge .Ethernet Source Routing ) ( .Token Ring ) (Translating Bridge )- Ethernet- .(Token Ring , - , Ethernet-.Token Ring - Bridge , -MAC , Ethernet .Token Ring- Bridge , . - Bridge , . Bridge - Repeater OSI - .Bridge - Bridge 2, , - . Bridge . :
-Bridge -Bridge. -Bridge , - Bridge . -Bridge .
28
-Bridge - '. .
38
( ) Transparent Bridging ( ,Transparent Bridging- Bridge
, . ,Bridge , , - Bridge , . - Bridge , . , -MAC - - Source Address. - Bridge , , . - Bridge , - .Bridge , ) ( , . , - Bridge , , - . . - Bridge Transparent Bridging Bridge. Bridge :
48
1 2, - - Bridge, 2 . ,Broadcast - Broadcast - -Bridge ! ).(Routing Loop , -Bridge .Spanning-Tree -Bridge , . - Bridge - -Bridge , -Bridge . ( ) Source-Route Bridging - ( Source-Route Bridging - IBM .Token Ring , - Bridge , . , . - , . - - Bridge . , Bridge . , , . . , . , , . , . , .
58
4.5 Switch HUB
: . , " BRIDGE : . MAC . NetBEUI : , " 2 : Router BRIDGE ) Switch HUB .( BRIGDE . " " . . , , . " " : ) ( LAN interwork . " " : Switch HUB: bridge . " " , Switch HUB . : ) PORT ( . Switch HUB PORT . PORT 3 Switch HUB , - Switch PORT . :
68
3 . . 3 . Switch HUB 1 3 , . Switch HUB 3 , " " 2 . Switch HUB ) ( . Switch HUB PORT . : - bridge collision domains- switch - switch collision .domain . Switch HUB Switch HUB . Switch HUB : bridge " Switch HUB . bridge Switch HUB . , " Switch HUB " . Switch HUB : ) ( , . . ) ( port : port . Switch HUB .
78
. ) . ( ASIC Switch HUB . : . ASIC . up link , " Switch HUB . up link " " " . : ATM . Gbit up link . . Switch HUB Switch HUB 1. CRC HUB , Switch HUB . CRC CRC . Switch HUB "" . , . " . store and foreword
88
CRC :
, . Switch HUB " " . ) ( ports , " . : , CRC . 2. ) Redundancy ( Switch HUB Switch HUB HUB , Switch HUB 2 , . , . " " ) ( swap . 3. Filtering Switch HUB : . Filtering Filtering . " Filtering . : MAC MAC . ! . Telnet
98
4. IP switch . Filtering Filtering ) . ( MAC address . Switch HUB IP switch . IP switch Filtering ) ( physical layer IP switch ) . (IP data link IP . 5. VLAN VLAN ) . ( virtual LAN , broadcast - broadcast domain VLAN broadcast .VLAN
09
5.5 ) . ( routers . " . WAN ) . ( network .
Router network . : , Router . data link , " Router " . " Router Token Ring . Ethernet - ,Router 3 - Router, Router TCP/IP, IPX-.DECnet Router 08- , Bridge . - Router -Bridge . Router , "" . , ) 3( . - ARP , - MAC . , -) ARP -Router ,(Broadcast .
19
- ARP Router , Router - ARP .
- MAC - Router - .Router-Router , , . ARP , - ARP ) ( Router . - -Router , , - Router , . , . , , , . : : 52.. X , " 52. . X , . " . :
29
3 . "" 2 2 .
, . " ) . ( cost ) ( . , . 3 , ISO . " " . : " " . " " . . . . Router BRIDGE " . : . routing table . . ) ( hop .
39
" . , . : " " : " " .
" " , - , , '. Router . , Router ) ( Router ) . ( LAN , Router . Router , Router . , Router " " ) Router ( Router . .Packet Processing , Router Router " " ) ( un packages , ) ( . . WAN ) Fault , ( Tolerance .
49
WAN . : ) ( cost .
.Static Routing, Dynamic Routing , Router , , Router , . Router . , Router : - . Static Routing . : - . Dynamic Routing Router - Dynamic Routing " Router " Router . Router - Dynamic Routing . Router Router " Router .
59
: ) ( hope Router ) ( cost Router . Router Router . " Router : port
69
. WAN . 2 : .Distance -Vector Routing Protocols
Router .Distance -Vector Routing Protocols : " , Router . " Router Router . " . , Router 3 . " " ) ( cost" . . : Router : + Router . 02 = 01 Port 1 cost 10 + neighbor router cost 04 = 02 Port 2 cost 20 + neighbor router cost 06 = 03 Port 3 cost 30 + neighbor router cost
" " .
79
Distance -Vector Routing .
.Link State Routing Protocols : .Link State Routing Protocols Distance -Vector Routing Router : " Router : - Router , . - 1. T . flow control "" multiple paths Router " " .
89
2 TCP/IP
99 6 IP/TCP
1.6 TCP/IP . TCP/IP Open Standard TCP/IP : . Open Standard : IPX/SPX " Novell NetBEUI " Microsoft , IBM TCP/IP . TCP/IP : " " " " TCP/IP : " " ) . ( Internet Society ( IAB ( Internet Architecture Board . TCP/IP
. TCP/IP : . RFC Request for Comments RFC TCP/IP" . " . " 5 ) ( Classification :
001
. TCP/IP Protocol Suite
: ( TCP/IP ( Protocol Suite . TCP/IP : " " TCP/IP . TCP/IP Protocol Suite . : DNS 3 : . ) . ( Client Server . Network Service - TCP/IP Protocol Suite :
1. : TCP - Transmission Control Protocol IP - Internet Protocol UDP - User Datagram Protocol ICMP - Internet Control Message Protocol IGMP - Internet Group Management Protocol
101
:
FTP - File Transfer Protocol IP Telnet DNS resolve IP domain name - WINS resolve IP - netbiosname HTTP/HTML HTML SMTP NNTP DHCP IP . ) ( utilities Diagnostic and information util Ping - Packet Internet Grouper Ipconfig Nslookup - DNS Nbstat netbios Tracert Netstat - TCP/UDP
102
. TCP/IP 2.6
Th M e icrosoftTCP/IP Prot ocol Su e itWindowsSockets Windows Sockets Applications Applications Sockets NetBIOS NetBIOS Applications Applications NetBIOS NetBIOS over TCP/IP UDP UDP
Application
TDI
TCP TCP ICMP IGMP
Transport
IP IP
InternetARP WAN Technologies: WAN Technologies: Serial Lines, Frame Relay, Serial Lines, Frame Relay, ATM ATM
LAN Technologies: LAN Technologies: Ethernet, Token Ring, Ethernet, Token Ring, FDDI FDDI3
Network
2
Internet Layer .1 Internet protocol : internet Datagram .
301
IP
IP - . Connectionless IP : ) ( . ) ( host : Connectionless ) session ( is not Established . IP " " . IP : ?? ' . ) " TCP ( IP IP " " . TCP IP : Connectionless , , " IP " . IP : ) Best Effort ( IP , . , IP :
401
. - - . , . . - IP . - ' 4 . UDP TCP/IP ' 4 . . . Checksum Checksum . . (TTL (Time to Live TTL , . TTL . , " TTL . : . Default Gateway ( ( Router Default Gateway . .
501
: Default Gateway .
" " Router . " , ) Windows NT 821 . ms ) ( Router , IP . , = 0. .
) . ( Buffer : . , . . . !
601
, TTL PING . ( Default Gateway ( Router . ) ( Router TTL . PING + TTL . PING TTL . TTL
IP - . Router , Router IP : 1. TTL . Router , IP , - 0 .
701
2. MTU ((maximum transmit unit IP ) ( fregmentation .
3. : ) ( flag . : - fragment ID . : - fragment offset " . 4. ) ( checksum 5. IP - .next hop ) . ( Router 6. , next hop IP .
. ARP ARP : . Address Resolution Protocol
801
ARP : ) ( MAC Address .
ARP : . ARP Resolve- IP . MAC IP: . Resolve . IP 3 MAC 2 . , " Broadcast . Broadcast " . MAC 3 , IP , MAC .
901
011
ARP . TCP/IP TCP/IP : 2 : ( MAC ( Media Access Control IP MAC " . MAC : : 00--00-AA-2f . 00-XX
111
, . MAC . IP " MAC . , " . " IP " IP . ) ( . MAC : , IP : .
: IP : 3.001.511.902 . 3.001.511.902 . PING PING . : IP : 3.001.511.902 . MAC " . IP
211
, : "
MAC IP : 3.001.511.902 " . Broadcast" . "" " : . IP IP , . , : " MAC : -00-AA-2a 0-00 ". : MAC : 0-00-00-. AA-2a : . : ) ( IP " ) . ( MAC
TCP/IP . ARP ARP . IP MAC : . Resolving ARP : ) ( Resolving IP . MAC
311
TCP/IP 2 : ) ( Local ) . ( Remote ARP 2 . ) ( Local .Resolving a Local IP Address 1. , : . ARP Request IP . 2. IP , ARP MAC IP . ) IP Default Gateway : Default Gateway (. 3. MAC IP MAC ) MAC ( . 4. ARP ) " ( ARP : MAC IP : 1.001.511.291 .
411
5. .
) ( IP IP . IP , . 6. , ARP : . ARP Reply MAC .
511
.Resolving a Remote IP Address :
1. : - Routing Table . 2. , . Default Gateway Default Gateway ARP MAC . Default Gateway IP Default Gateway , ARP ARP )( ARP Request MAC . Default Gateway , ARP MAC Default Gateway MAC . Default Gateway ( Router ( Default Gateway , Router MAC . 3. : . MAC . IP . IP .
611
4. Router , " Router . " " . Router : . Router Router ) , ( Router Router : . Default Gateway
711
IP+ ARP Resolution
ARP 2 : Broadcast 2 Broadcast ) ( MAC ARP MAC IP 2 Broadcast . Broadcast IP , " " . , : FFFFFFFF , FFFFFFF FFFFF ) ( Broadcast .
811
FFFFFFF " , " . ARP : FFFFFF : FFFFFF : MAC IP . MAC ARP : FFFFFF IP MAC . Broadcast ARP MAC - . IP ARP ) . ( local broadcast , Router , ARP MAC . : ARP " ?? ARP Broadcast . MAC , ARP , MAC . ARP ARP Broadcast . MAC ARP , ARP
911
ARP
: , IP ' , ARP ) 2 ( . . ARP MAC IP 2 . : Router . MAC IP : . Static - Static MAC IP ARP 2 . ARP . , . ARP
ICMP ICMP : Internet Control Message . Protocol ICMP " " : " " . IP IP . IP : , connectionless : , ' .
021
. ICMP ICMP . IP ICMP IP " " : . : " " , Router Router : , ICMP source Quench . ! Router 2 , Windows NT 2 , : , Router : ICMP source , Quench ) ( . ICMP : - Type : echo Reply . echo Request - Checksum " " . ICMP - Type Specific Data " . : 0 . - Echo Reply 3 - . Destination unreachable
121
8 - . Echo request PING .
PING , ICMP . : . ICMP PING , Request time out " . ICMP Default Gateway PING , : . destination unreachable - PING PING . TCP/IP PING " IP " . " PING . " PING " . : , FTP PING . : FTP . PING IP . FTP
221
IGMP TCP/IP 3 : Unicast Unicast IP Broadcast
Broadcast " " " . Multicast . IGMP : Internet Group Management .Protocol IGMP : .Multi Cast IGMP .
321
, IGMP . IGMP : . Broadcast Broadcast . IGMP . ! " IGMP . Class D IGMP , Router ) multi cast . ( group Router , Router " . IGMP IP : ) . ( unreliable
: Multicast : Multicast : Real Audio Internet . , IP
421
: . CLASS D IP" . Internet , . , " Broadcast , Broadcast . " " " ) ( IP .
521
621
3.6 :Transport Layer
: - . Network Layer 2 . : TCP UDP UDP TCP : : . Transport Protocol Transport Protocol : 2 . ) UDP .( TCP : , Internet . Transport : ARP IP ) MAC ' ( . - internet Layer : IP ARP : " " TCP UDP . , TCP UDP: " " " .
721
TCP TCP : , ) -reliable ,connection . ( oriented : . TCP : TCP . 2 , TCP 2 . " . , TCP : . Acknowledgment : Acknowledgment : . ! : ACK : . Acknowledgment
821
- - , , Acknowledgment , . ACK , , . : , . ACK , ACK .
TCP/IP : Three - Way . Handshake : Three - Way Handshake " " : . Three - Way Handshake : . : " " ) . ( Window size TCP 3 " " )Three - Way ( Handshake 3 :
921
- . : ) . ( Data 2 : Acknowledgment . ) ( . Data
031
" " ) . ( ACK " " . " " ) Windows Size ( Segment Size .
TCP TCP 2 . ) ( Services , . : 12 32 / FTP Telnet
13135 931
DNS NetBIOS Session service UDP
TCP UDP : 2 ) ( network Layer . 2 UDP . TCP UDP : . UDP : ) best effort ( . : UDP . , UDP UDP . : UDP . : UDP . , UDP , , ) ( ACK . . UDP : . Connectionless Datagram
231
: Connectionless - ACK .
331
: . Datagram : Datagram ) . ( packets Datagram : 1.
, TCP , : , Datagram " TCP/IP . 2. - Broadcast TCP : , ' , , Datagram : ) . ( Broadcast " Broadcast : " " . , . . UDP UDP : . - . TCP ,
431
, UDP . UDP : : . : : Real Audio . , Real Audio UDP . UDP : . TCP , " . , TCP UDP " " , " UDP " , .
UDP UDP 2 . ) ( Services , . : 51 35 96 / NETSTAT DOMAIN TFTP
135137 138 161
NETBIOS-name service NETBIOS-Datagram service SMNP
631
Ports & Sockets - . PORT port - .
port . Main Frame Main Frame - ) . ( Main Frame : , . ) port ( . port : , ) ( - ) ( .
TCP/IP . port port Main Frame " " , port TCP/IP " " .
TCP/IP ) ( : , mail, telnet ,FTP , WEB . TCP/IP : . Port Number TCP/IP: " " Port Number " " : . PORT
731
port , port TCP/IP . Port Number " : ) ( Network Services . FTP . ) ( Services " " . TCP/IP , TCP/IP ). ( Port Number : SMTP ) port ( 52 . FTP ) port ( ,02, 12 . HTTP ) port ( 08 . TCP/IP : . Well Known Port Number : Well Known Port Number Port Number " : . IANA TCP/IP 4201 : . Well Known Port Number
831
Well Known Port Number : , Port Number : ) Random Port Number ( . TCP/IP 635,56 ) (Port Number 4201 . : . WEB " 2 : - IP ) ( Port Number . : , WEB : 08 . ) WEB " 08 , 08 : Well Known Port Number ( WEB : IP IP " " " : 520,1 635,56 .
931
Socket ) ( port : . Socket : Socket : . : - IP - TCP UDP ) ( port .
: . TCP/IP IP : 5.001.511.291 . : WEB . FTP . 2 .
041
, . socket ). ( socket , " : : WEB 5.001.511.291 - , IP , TCP - 08 . : FTP 5.001.511.291 - , IP , TCP - 12 . . , , .
. port : Server port, Client port : ) Server port, Client port ( TCP/IP 635,56-0 ) . ( ports 4201 " 000,46 " . : . : , DNS 08 , ( WEB ( port 12 ( FTP ( port' .
: .
141
: . FTP FTP FTP 12 , FTP "" " . FTP 3 FTP . 12 , FTP , FTP . , " " : . FTP 12 . , . : FTP 12 3 FTP : FTP FTP 000,2 , FTP FTP 000,53 . ! TCP/IP : . : FTP 12 , WEB 08 ' .
241
. :
WEB : . WEB . , WEB ) ( domain name . , WEB : 541 . WEB : 08 , , , WEB " WEB 08 , WEB - 541 . WEB , WEB 541 .
341
Application Layer .
. TCP/IP : FTP SNMP DNS
441
7 IP
NetBIOS
. TCP/IP , TCP/IP . TCP/IP . TCP/IP 2 : . Host : , Host , . TCP/IP : , , , , Router . Host name " ) " ( ) ( Host : . Host Name - Host Name : ") Alias Name "( IP . Host IP
541
TCP/IP , , : . IP IP . IP 2 : ) . ( host ID ) . ( Network ID . Network ID TCP/IP . 2 . 2 , , 2 . , , : ) Default Gateway . ( Router . Host ID
, ) ( host Id : . IP ) ( Host ID : " " . ) ( host ID : " " . : : .
641
: " " , . , , . , IP : ) ( + ) ( .
IP IP " 23 ) 23 . ( bit IP " " ) . ( Decimal " " . " 01 .
741
decimal format IP 4 . : . octets ) ( octets : 552-0 . " : . dotted decimal 4 . IP : 1.001.511.291 .
841
binary format IP - dotted decimal " . 01 . :
4 , 8 1 0 . : 11111100.11000000.11000110.110000001 ) ( IP . TCP/IP " TCP/IP . IP - . TCP/IP - . : 821 . 1 . : Binary code Decim al Value X 821 X 46 X 23 X 61 X 8 X 4 X 2 X 1
941
: . : 0 , " " . : 1 , . 1 .
:
10000001 :
Binary code Decim al Value
1 821
0 46
0 23
0 61
0 8
0 4
0 2
1 1
10000001 = 1+821= 921 . ) ( IP . : : 552 . 552 . ,
051
: : 052 : 1. 552 : 11111111 2. 1 . 3. 052 : 052-552 = 5 . 4. 552 , 2 ) ( " : 5 . 5. : " 052 " 5 : "552 " .
2 : 1 4 5 . : 0 " " 552 .
Binary code Decim al Value
1 821
1 46
1 23
1 61
1 8
0 4
1 2
0 1
: 552 , " : 01011111 .
151
Address class
: . network ID ) network ID IP ( . -0 552 , , . , " . " : . Address class : Address class : . ) ( Address class 2 : 1. ).(host ID 2. . 5 ). ( Address class 5 : CLASS A CLASS B CLASS C CLASS D CLASS E
251
, Microsoft TCP/IP 3 : CLASS A , CLASS B . CLASS C CLASS A CLASS B CLASS C 3 ) ( CLASS : TCP/IP
CLASS A B C
IP Address W.X.Y.Z W.X.Y.Z W.X.Y.Z
Network ID W W.X W.X.Y
Host ID X.Y.Z Y.Z Z
) ( Address class . IP 23 , . , ) , ( host , . CLASS A : CLASS A . CLASS A . CLASS A , . CLASS A 8 . 42 .
351
= 42 (
8
Network ID ) 8 + 8 +
IP CLASS A 652 . " 8 652 )82=652 (. CLASS A , TCP/IP " , . CLASS A : : 0 . - CLASS A 0 , 7 ) " 8 ( .
CLASS A : 01111111 11111110 , : 721 . 0 111110 11 , CLASS A : 0000000 .
451
00000000 , : 0 . CLASS A : 721-0 . ! 1.0.0.721 Loop Back . CLASS A 71 . ) " : 612=000,000,000,71 ( . CLASS B CLASS B - - . CLASS B 61 . 61 .
Network ID + 8 = 61 (
)8
CLASS B : : 01 . - CLASS B : 10 , 6 ) " 8 ( . , CLASS B : 1111111 .
551
11111101 , : 191 . , CLASS B : 000000 . 00000001 , : 821 . 01
CLASS B : 191-821 . . CLASS B 635,56 . ) " : 612=635,56 ( .
CLASS C CLASS C - . CLASS C 42 . 8 .
CLASS C : : 011 .
651
- CLASS B 011 , 5 ) " 8 ( .
= 42( 8
8
Network ID 8 + )8 +
, CLASS C : 11111 . 11111011 , : 322 . , CLASS C : 000000 . 00000011 , : 291 .
CLASS B : 352-291 . . CLASS C 452 . ) " : 82=452 ( .
. CLASS A 721-0 ) -1 621 ( 621 612,777,61 ) 71
751
( . CLASS B 191-821 000,61 635,56 ) 66 CLASS C 352-291 00,000,61 0 CLASS D ( . 652
CLASS D : mult . icast CLASS D : : 0111 . : . CLASS D . , . 721 . ) ( network ID 721 . 721 : . loopback : loopback . 552 .
851
) ( network ID ) ( host ID 552 ) 11111111 ( . 552 ) Broadcast ( . Broadcast : 552 . 0 . ) ( network ID ) ( host ID 0 ) 00000000 ( . 0 . : CLASS C : 452-0.001.511.291 : 0.001.511.291 . .
Subnet Mask . : Subnet Mask . Subnet Mask 2 :
951
1.
, . Subnet Mask Subnet Mask . 2. Subnet Mask " " . TCP/IP : CLASS C : 0.511.291 452 . Subnet Mask . TCP/IP Subnet Mask Subnet Mask , . Subnet Mask . TCP/IP , , TCP/IP Subnet . Mask TCP/IP . TCP/IP , , TCP/IP .
061
, : Subnet . Mask TCP/IP
) ( Address class . 2 : Subnet Mask Default Subnet Mask Custom Subnet mask : , Default Subnet Mask : . Custom Subnet mask Default Subnet Mask
: , Default Subnet Mask . IP Default Subnet Mask : 552 0 . 552 ) 11111111 ( . 0 ) 00000000 ( . 2 ) 552 0 ( " . 3 Subnet Mask - : Default Subnet Mask
CLASS A B C
IP Address W.X.Y.Z W.X.Y.Z W.X.Y.Z
Network ID W W.X W.X.Y
Host ID X.Y.Z Y.Z Z
Subnet Mask 0.0.0.552 0.0.552.552 .552.552.552
161
0
261
Subnet Mask
Subnet . Mask , ) ( AND " . Subnet Mask : , Subnet Mask " " ) ( , " " Default Gateway ( ( Router . ! , Subnet Mask Subnet Mask . IP ) ( . Subnet Mask , Subnet Mask " " : , .
: 511.001.721521 - , .IP Subnet Mask 0.0.0.552 . Subnet Mask IP . CLASS A
361
IP address Subnet mask
721 552
001 0
511 0
521 0
, IP : 511.001.7218. , " , : . AND AND IP . Subnet Mask .
461 8 Addressing
Subnetting : Subnetting : . Subnet : Subnetting - . Custom Subnet : Subnet 2 : " 0 " " 552 " , " : Subnetting . Subnetting " " . Subnet , TCP/IP : Subnetting , " , - . : Subnetting Subnet Mask . : ) ( network ID IP . " : IP ) . ( Network ID Subnetting
561
" Subnetting .
661
Subnetting : .
Subnetting , 2 : Ethernet . Token Ring . Subnetting . : Subnetting . . . Subnetting .
761
Subnetting ' - . Subnetting Subnetting : 1. 2. 2 , . 3. - . 4. . 5. : 1 .
861
: : 0.5.002.921 . CLASS B Subnet Mask : 0.0.552.552 .
: 4 . 4 ) ( Router . 52 .
: 3 ! : 0.5.002.921 : . Subnetting
: Subnetting : Subnetting : 1. 4 " : 2^2- =n n " 3 . 2. subnet : Subnet Mask : 0.0.552.552 .
961
Subnet Mask Subnet Mask : 11111111 00000000 11111111 00000000
Subnet Mask . 4. 3 3 Subnet Mask: 111 . 0 . 00000111 11111111 11111111 00000000
: 00000111 . : 00000111 : 422 . 4 Subnet Mask : 0.422.552.552 .
3. 3 ) Subnetting : 422 " " 3 ( . : 32 : 8 . 4. . , CLASS B 6 , Subnet Mask : 0.422.552.552 . .
071
2 :
171
' " .
: 1 , : Binary code Decim al Value , : 1 . 23 , : 23 ) 23 ( . ' . Subnet Mask . : 652 ) - ( Subnet Mask Subnet Mask . 422-652=23 . 1 821 1 46 1 23 0 61 0 8 0 4 0 2 0 1
271
) 652 82 = 652 ( :
Beginning Range Value
Ending Range Value
Networ k Numbe r 1 2 3 4 5 6 7 8
1.0.X.Y 1.23.X.Y 1.46.X.Y 1.69.X.Y 1.821.X.Y 1.061.X.Y 1.291.X.Y 1.422.X.Y
452.13.X.Y 452.36.X.Y 452.59.X.Y 452.721.X.Y 452.951.X.Y 452.191.X.Y 452.322.X.Y 452.552.X.Y
4. . " IP : 91-23=31 . : 312=2918
371
3
471
7
1.7 . . . , . " , . , .
, . , . - .OSI . : 1. - Authentication .
571
2. - Authorization , , ? ! . 3. - Encryption . DES (Data Encryption (Standard 821.DES 2.7 Authentication . . - Gateway . . " / ISDN , . , "" . : 1. ) ( 2. "" " " ". 3. ' . 4. ,
671
.
771
Authentication Servers RADIUS - Remote Authentication Dial in User Server .
NT/UNIX - RADIUS Server . RADIUS Client ) ( - RADIUS , " " - User- password - Server . . , . Router , User- . Password
TACACS - Terminal Access Controller Access Controller System - RADIUS" .Cisco . - ) (RAS .
871
- RAS . - database .3.7 Encryption
. , , . . . - .OSI )(Tunnel IPsec )(HTTP Secure
, Sherd key
971
. . .DES IBM - 07' - DES 821,65,04 639,729,730,495,750,27 .
, . : ,
081
. . , .
- , . ) 2 4201( . . , . . . . , . .
181
4.7 FIRE WALLS - Fire wall - Fire wall" . . - Firewall , - Fire wall - Fire wall , , . Security policy . - Fire Wall ) (Permit ) (Deny ).Packet) Droping
281
Fire Wall . 1. Packet Filtering - 3 - .OSI - Packet filter - security policy . , .ACCESS LIST . Header - .IP Packet : IP IP dest/src Address Port TCP, UDP, ICP, IP Tunnel .TCP/UDP Dest/Src Port ICMP . ICMP IP'. Interface /. Forwarding" Routing Table Deny Discard Telnet Telnet 32 SMTP SMTP 52 telNet Discard 32. Filtering Telnet .
381
FTP . .Telnet .FTP . Source IP adds Spoofing
. .? IP .IP Spoofing , . . .Discard Source Route Attack ) (Path , ) Tracert . Disable .Source Route
481
1. Software Features . 2. ,WAN Filter . 3. . 1. 3 .
2. Packet Throughput Filter. Forwarding Dest Address . , '. Filter CPU . 3. Control Over Traffic Permit/Deny . ' ) (NewsGruop FTP, Telnet . 4. 3201 Port . 5. " - IP SPOOFING FTP - Source port - .FTP 6. filter : , Packet ,Header Formats ) Access List (, . 7. Data Driven Attack .
581
: - PACKET FILTERING , - 3. OUTBAND FTP SESSION 3201 . 2. Proxy Server Fire walls . - proxy . . - proxy FTP .UDP - proxy . . Proxy . . DPSec TCP .Packet GateWay . Session .FW FW App. Level Gateway Circuit .Level Gateway FW . 3. Stateful Inspection FW . - W.F - .open connections
681
781
VPN Virtual private networks
VPN . . - VPN 1. 2. INTRANET 3. .EXTARNET . . - VPN . , - LAN. , encrypted tunnel . VPN VPN Tunneling ) Tunnel( . - Tunnel : 1. - - Tunnel - ISP . 2. - - TUNNEL GATEWAY- .ISP - - TUNNEL ) , , (
881
PPP(Point to point (protocol TUNNEL . TUNNEL - Encapsulation ) (IP,IPX encapsulation - PPP TUNNEL.
- VPN - TUNNEL , . Virtual Private Network . . , , Frame Relay ". VPN , . VPN LanRover-VPN -Shiva , -Cipro -Remote Access .Shiva 1- Firewall -Check Point -Firewall
981
Border Manager -Novell VPN ,
, , ISDN , FR'. VPN " , IP IPX .
NAT Network Address Translation . IP . - NAT IP IP , . IP,IPX IPX NCP .
091
191
- access-list - Cisco- ) IP (. - address mask , . .subnet .Address Resolution Protocol - ARP IP 2 )) .MAC 628- .RFC .Attachment Unit Interface - AUI ,ETHERNET 51 - .-TRANCEIVER .tranceiver cable - backbone network , , , . .Consultative Committee for International Telegraph and Telephone - CCITT . .-ITU-T - client-server computing : . , , . - compression , , . . - congestion . - conectionless . - connection-oriented . - console )) ,DTE . - cost , , , - . ) -cost( . .Cyclic Redundency Check - CRC . -CRC , .
291
. .
.Carrier Sense Multiple Access Collision Detect - CSMA/CD , . , . . . .ETHERNET .Data Communication Equipment - DCE ))DTE . DCE . - DECnet ) ( - .Digital .-DNA - default route , , , . - delay . . .Data Terminal Equipment - DTE . , . 1 - E 840.2 .MBPS 1.T 3 - E - )).34MBPS .Electronic Industries Association - EIA . - encapsulation . ,ETHERNET .ETHERNET - encryption , . .Enhanced Interior Gateway Routing Protocol - Enhanced IGRP IGRP - .Cisco .
391
- Flash memory - .Intel Flash , . . - flow control . . , . - frame . . -frame , , . datagram, message, packet, , . - Frame Relay . Frame Relay 52. -X . - gateway IP, )).Router - gateway , ) SNA) IBM .TCP/IP - hardware address 2 . - -.MAC address .High-Level Data Link Control - HDLC , HDLC .SDLC )) encapsulation . - holddown , - . . - hop. . - hop count .RIP . - host . . . ,node ) (. .Institute of Electrical and Electronic Engineers - IEEE . -LAN IEEE ) 208. x ).IEEE
491
2.208 - IEEE IEEE -LLC . -LLC ) 3(, . 3.208- 5.208-. 3.208 - IEEE IEEE .ETHERNET 5.208 - IEEE IEEE .Token Ring .Interior Gateway Routing Protocol - IGRP - ,Cisco RIP . - interface. . - internetworking . .Internet Protocol - IP ) 3( . 197- .RFC - IP address 23- , . 4 . . .Internetwork Packet Exchange - IPX NetWare .Novell -XNS .-IP .Integrated Services Digital Network - ISDN , DATA ,VOICE . ITU-T - International Telecommunication Union Telecommunication .Standardization Sector .CCITT - keepalive message - - , . .Local-Area Network - LAN ) (. LAN - . .Link Access Procedure, Balanced - LAP-B ,HDLC ) 2( 52. X .CCITT .Local-Area Transport - LAT DIGITAL
591
- latency , . - link. . .Logical Link Control - LLC ,IEEE 2, 3 . - LLC 3 TCP/IP -IPX - .LLC -LLC 2.208 .IEEE - load balancing , . , , . -load balancing . .Media Access Control - MAC -MAC ) 2(. -MAC ) -Media (. -MAC CSMA/CD .-Token - MAC address .MAC .hardware address .Metropolitan-Area Network - MAN )(, LAN WAN .MAU - Media Attachment Unit- ETHERNET ' )" (tranceiver RING TOKEN , , -.MAU Managment Information Base - MIB .SNMP ,MIB . - name server . 3. - NetWare , , . - .Novell - network , , .
691
- network address ) 3(, . .
.NonVolatile Random-Access Memory - NVRAM , . . .Open Shortest Path First - OSPF , , RIP. , - . - packet. , . .frame - peer-to-peer computing , , )) client )) .server - polling , - , - . ).SNA) IBM .Point to Point Protocol - PPP ,SLIP . - queue . . - redundancy . - . - repeater - . .Request For Comment - RFC ) -Internet ) .TCP/IP , . RFC Internet ).(http://www.cis.ohio-state.edu:80/hypertext/information/rfc.html .Routing Information Protocol - RIP , . .
791
54- - RJ 8 )) ,8W . - routing/ . - routing metric , . , , . .cost - routing table , , . - sliding window flow control , . , , . TCP - . .Simple Network Managmnet Protocol - SNMP , ) ,TCP/IP) UDP ) (. - static route , - , , . - subnet-, IP , - . .Switched Vurtual Circuit - SVC 52. .X 52. ,X . , . 1 - T 445.1 .MBPS 3 - T .45MBPS .Transsmition Control Protocol/Internet Protocol - TCP/IP , 07-, . TCP/IP . TCP 4 ) (, , . IP 3 ) ( .
891
- Telnet -TCP/IP )) virtual terminal . - terminal emulation , . .Trivial File Transfer Protocol - TFTP -TCP/IP ) ) ,FTP . Cisco . - time-out , . ,time-out- . - token. )) ,frame ,Token Ring . .Time to Live - TTL TCP/IP . -IP ,-TTL , 0-, . .User Datagram Protocol - UDP ,TCP/IP ,-TCP . UDP . ,, .SNMP - UNIX 9691, . UNIX ,TCP/IP -. 42. - V ))232.RS 53. - V )).48KBPS - virtual circuit . . . , )( . .Wide Area Network - WAN , .
991
52. - X ) ,ITU-T) CCITT ,
)) virtual circuit - . 121. - X- 52. ,X . 004. - X ) ITU-T) CCITT . - x-terminal - , .