I just started learning about networking and IP/MAC addresses. I understand if you want to send data to another device within the same network, you would sent out an ARP broadcast to the local network and the target device will respond with its mac address so they can start a connection.
My question is that does public IP also work the same way? Like if my home router wants to connect to the google.com IP, does it send out a ARP broadcast to the entire internet and wait for google to respond with its mac address?
Usually your gateway router will arp for the next hop router along the path to the destination, this path is often the default route (cisco calls this "the gateway of last resort"; the "default route" in cisco-ese is the default route only if routing is disable in the router which typically only happens if an image is not loaded so it is boot strapping). But sometimes your gateway will only have an out going interface, not a next hop ip address. This is fine for serial links since there can only be one next hop. But for ethernet, this causes your gateway and the next hop router to use proxy arp. There are other way to do this as well.
Related
I read a post on superuser.com (https://superuser.com/questions/284051/what-is-port-forwarding-and-what-is-it-used-for) that answered everything except for the port that is used. When sending out data from behind a NAT router, what port does the sending device use to send to the router and what port is used by the router once it's sent out, over the internet? I know that when a server receives this packet, it uses the port it was sent by the sending device (client) to know where to send the packet back to. But, this still doesn't answer where the NAT router came up with these two (private and public) ports originally. Do NAT routers just pick random ports and play a game of peek-a-boo with it's sending ports to make it nearly impossible for hackers to use port scanners to find an opening on random nodes on the internet? Please someone put me out of my misery.
The port stays constant across the entire spectrum unless otherwise specified. For example,
Client sends HTTP on 80, router forwards HTTP on 80 private to 80 public. Internet router recieve on public 80 and forwards to private 80.
The only thing that changes at the router (behind NAT) is the requesting IP Address. If I send a packet from my computer on port 80 to am internet site, the router changes the packet Source IP to its IP and then sends it across the globe.
Now, let's say we're on a home network. Here's how things work.
192.168.0.2 send request to router headed to 8.8.8.8 (google) on port 80. Packet gets to router. Router changes the SourceIP from 192.168.0.2 to its Public IP (64.5.5.5). It stores a record of this using various information such as the requesting MAC Address. Packet arrives at 8.8.8.8, which then changes the Destination IP from 8.8.8.8 to 172.0.0.5 (some internal web server at Google) and send the request to the server. When the server send a response, the same process happens in reverse.
I'm trying to learn the basics of ARP/TCP/HTTP (in sort of a scatter-shot way).
As an example, what happens when I go to google.com and do a search?
My understanding so far:
For my machine to communicate with others (the gateway in this case),
it may need to do an ARP Broadcast (if it doesn't already have the
MAC address in the ARP cache)
It then needs to resolve google.com's IP address. It does this by
contacting the DNS server. (I'm not completely sure how it knows
where the DNS server is? Or is it the gateway that knows?)
This involves communication through the TCP protocol since HTTP is
built on it (TCP handshake: SYN, SYN/ACK, ACK, then requests for
content, then RST, RST/ACK, ACK)
To actually load a webpage, the browser gets the index.html, parses
it, then sends more requests based on what it needs? (images,etc)
And finally, to do the actual google search, I don't understand how
the browser knows to communicate "I typed something in the search box
and hit Enter".
Does this seem about right? / Did I get anything wrong or leave out anything crucial?
Firstly try to understand that your home router is two devices: a switch and a router.
Focus on these facts:
The switch connects all the devices in your LAN together(including the router).
The router merely connects your switch(LAN) with the ISP(WAN).
Your LAN is essentially an Ethernet network which works with MAC addresses.
For my machine to communicate with others (the gateway in this case),
it may need to do an ARP Broadcast (if it doesn't already have the MAC
address in the ARP cache)
Correct.
When you want to send a file from your dekstop to your laptop, you do not want to go through the router. You want to go through the switch, as that is faster(lower layer). However you only know the IP of the laptop in your network. For that reason you need to get its MAC address. That's where ARP kicks in.
In this case you would broadcast the ARP request in the LAN until someone responds to you. This could be the router or any other device connected to the switch.
It then needs to resolve google.com's IP address. It does this by
contacting the DNS server. (I'm not completely sure how it knows where
the DNS server is? Or is it the gateway that knows?)
If you use DHCP, then that has already provided you with the IP of the DNS server. If not, then it means that you manually provided the IP of the DNS. So the IP of the DNS server is stored locally on your computer.
Making a DNS request is just about putting its IP in the packet with the request and forwarding the packet to the network.
Sidenote: DHCP also provides the IP address of the router.
This involves communication through the TCP protocol since HTTP is
built on it (TCP handshake: SYN, SYN/ACK, ACK, then requests for
content, then RST, RST/ACK, ACK)
Yes. To clarify things: When your computer sends the request
FRAME[IP[TCP[GET www.google.com]]]
The frame is being sent to your LAN's switch which forwards it to the MAC of the router. Your router will open the frame to check the destination IP and route it accordingly(in this case to the WAN). Finally when the frame arrives at the server, the server will open the TCP segment and read the payload, which is the HTTP message. The ACK/SYN etc. messages are being processed just by your computer and the server and not any router or switch.
To actually load a webpage, the browser gets the index.html, parses
it, then sends more requests based on what it needs? (images,etc)
Yes. An HTML file is essentially a tree structure which can have embedded resources like images, javafiles, CSS etc. For each such resource a new request has to be sent.
Once your browser gets all these recourses, it will render the webpage.
And finally, to do the actual google search, I don't understand how
the browser knows to communicate "I typed something in the search box
and hit Enter".
When you type a single character, it is being sent to the server. The server then responds with its suggestions. Easy as that.
References(good reads):
http://www.tcpipguide.com/free/t_TheNeedForAddressResolution.htm
http://www.howtogeek.com/99001/htg-explains-routers-and-switches/
http://www.eventhelix.com/realtimemantra/networking/ip_routing.htm#.UsrYAvim3yO
http://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol
I have read in a book that as soon as a host enters a network, it sends out the Router Solicitation so that it can build up its router list. Does all the hosts behave like that in a network? Are there any cases where a host enters a network and waits for unsolicited Router Advertisement instead of sending out a router Solicitation to learn about router and configure itself?(in ipv6)
'Depends on the host'... They probably will send out Router Solicitations, but they could just wait for a Router Advertisement to come by. The most common operating systems like Windows, Mac OS and Linux will send them.
Let's assume I open my PC browser in a LAN at my home and type http://foo.com, the browser or another running service find the foo's IP address and send it through ISP to the foo's server.
Now the server knows I sent a request and generate a HTML page or something to respond my request. How its respond arrives to browser in a LAN?
IP packets contain the IP address of the source (i.e. the sender). So the server knows who initiated the request, and can then send its response to that IP address (no DNS lookup involved).
One common complexity is in a LAN behind a router using NAT (network address translation); this is the case in most residential settings. Although all the clients in the LAN have different local IP addresses, the router modifies all the IP packets so that they all have the same IP address (the router's external address). Therefore all the response traffic all gets sent back to that single IP address. The router is able to distinguish and send the packets back to the correct local client based on TCP/UDP port number.
Browser opens connection to the server and sends the request; server responds through the same connection.
Its nicely explained at:
http://technet.microsoft.com/en-us/library/cc780783(WS.10).aspx
If I have two internal computers connecting to the same external IP address through a NAT router, how is the router able to get the traffic to the correct internal computer? It is my understanding that NAT forwards incoming packets to the computer that recently sent outgoing packets to the [incoming packet's] sender's IP address. Since both computers are sending to the same address, does the router forward the packet to both? If that is the case, is it the responsibility of the client software to determine which packets are relevant?
Is it possible if both computers are attempting to connect to the same port?
When you open a socket, you need to address a port of the destination system and open a conjugate listening port on your own system to receive any response. You have to send the destination system your listening port.
Having more than one system using the same modem
When you start a web browser, and go to www.google.com:80, your browser obtains/searches for a free non-system conjugate port from the system for listening. Let us say, the conjugate port is 10000. The listener port is for receiving the http stream back from google.
Then your kid sitting next to you incidentally also browses www.google.com:80 and his/her google session of the play station or xbox-whatever also incidentally is assigned conjugate port 10000.
Both of you are sitting behind a cable modem, and behind the cable modem is your wireless router. And both of your systems are behind the wireless router - All sitting in that sequence, network topology-wise.
To prevent port address collision on the router/modem
Let us say that your cable company DHCP assigns your modem ip4 adress 72.72.72.72. But your wireless router DHCP assigns 192.168.0.10 to your system and to 192.168.0.11 to your kid's system.
When the frame carrying the information of your listener ports passes thro your NAT router, it would translate either one or both listening- ports. Let's say port 15000 for your page and port 16000 for your kid's page.
Your wireless router then sends your requests to google server as coming from 72.72.72.72:15000 and 72.72.72.72:16000.
The google server then responds individually to 72.72.72.72:15000 and 72.72.72.72:16000 and when you wireless router encounters the response, it reaches into the mapping that it has stored and translates 72.72.72.72:15000 to 192.168.0.10:10000 to reach your system but translates 72.72.72.72:16000 to 192.168.0.11:10000 to reach your kid's system.
Running web/game/ftp/etc servers
But what if you have a web server or an ftp server running on your system. What if you have two systems and both have a web server and both web servers are listening on port 80?
Let us say the local ip addresses registered/assigned with your wireless router of your first web server system is 192.168.0.30 and your second web server system is 192.168.0.40.
The wireless router would have a configuration web page usually by default 192.168.0.1:80, unless you changed it. There would be a tab to on the page where you could define/reserve application port mappings.
You could register with your wireless router to reserve the mapping
192.168.0.30:80 => outgoing port 8080
192.168.0.40:80 => outgoing port 8088
So that you have to phone your friends your web/game servers are addressable through
72.72.72.72:8080 and 72.72.72.72:8088 respectively,
where the wireless router would preclude its port 8080 and 8088 from its own dynamic NAT usage.
Of course, 72.72.72.72 is as good as only before your ISP DHCP decide to renew the ip4 address of your modem to say, 72.72.90.200. After which you would have to phone/email your friends and say
Hey, the servers' addresses have changed to 72.72.90.200:8080 and 72.72.90.200:8088 respectively. Or you could subscribe to dynamic dns (ddns) service to use a named domain where the ddns service will need you to install a simple heartbeat utility on your system to help them monitor the address variation. DDNS translation is a separate issue/strategy.
NAT modems
Newer ISP contracts supply you with a modem that has NAT. If so, you have to switch off either the one on your modem or the one on your wireless router. You should not use both - what's the point in translating twice because NAT is simply to prevent address collision. When you switch off NAT from your wireless router, it can operate as a hub switch and not a router anymore so that you could connect it to the modem using one of its LAN socket instead of thro its WAN socket.
The router manages "source" ports that are separate for each computer. While you may be connecting to port 80 on the "destination" the router may assign the source port to some high number port.
Wikipedia sums it up as
Network address translation involves
re-writing the source and/or
destination IP addresses and usually
also the TCP/UDP port numbers of IP
packets as they pass through the NAT.
Checksums (both IP and TCP/UDP) must
also be rewritten to take account of
the changes.
Already good answers are provided, but here is another example:
HOST A addr HOST B addr
10.1.0.2:4040 10.1.0.3:4040
-----------------------------------------
NAT 200.50.50.28:4040 200.50.50.28:4041 (what external host sees)
200.50.50.28 is router's global (internet) IP.
Every port number is unique in the NAT table. And of course the router does all the dirty job of modifying the source and destination addresses transparently.
It uses different ports for incoming external traffic, and the NAT then routes the packets on one port to one internal IP address, and the packets from the other port to the other internal IP address... The iniital request from each internal computer, when it goes through the NAT on the way out, establishes which port will be used for the incoming traffic from the external ip address, and it tells the external server what port to send it's traffic back on for that connection.
RFC3022 provides a lot of information on how this works
Since public facing or external IP Address that was given by Internet Service Provider (ISP) has been discussed, I would like to add on this.
You can ask your ISP to have your public IP Address not change. It will become static, so that you do not have to inform your friends to change the IP Address if they want to access your server inside your Network Address Translator (NAT).
As of this writing, static IP Address cost around 100 bucks. Most of the ISP they call it business account.
You can determine your public facing IP Address by googling "what is my ip address".