Available from CrossTec, Activeworx Security Center includes new features for meeting SOX and HIPAA compliance requirements, improved tools for forensic investigation, and much more.

Recent Articles

Multiply Equals Discretion-Based Networking
Multiply CEO Peter Pezaris has moved beyond his past of contributing to Xemacs and selling companies to CBS Sportsline to help build a social networking site; we managed to avoid discussion of a certain other social media site in a recent conversation.

Hackers Told To Hack Off Ponytails
Open source developers are the grunge rockers of the new millennium, the originals long dissolved in corporate formulaic art. Unlike their barefoot hippie predecessors (who woke up one day in Birkenstocks as Volvo-driving yuppies), they kept their ponytails as an affront to The Man, sharing their warez with the Kool-Aid drinking masses.

Making VoIP Perform as Advertised
The promise of lower cost has motivated many enterprises to move their voice traffic to the enterprise IP wide area network (WAN). Many have discovered, however, that Voice over IP (VoIP) quality does not always meet business use standards.

Microsoft Open Port 25 To Hackers
For once, the correct definition of hackers applies here; the new Port 25 website from Microsoft offers communications from the company's Open Source Software Lab.

BGP Adjacency States
To pass the BSCI exam, earn your CCNP certification, and become an outstanding networker, you´ve got to master the many details of BGP - and trust me, there are a lot of details to master!

Dynamic Trunking Protocol (DTP)
When you´re studying to pass the BCMSN exam on the way to earning your CCNP certification, you´re going to add to your CCNA knowledgebase every step of the way.

Static VLANs
BCMSN exam success and earning your CCNP certification requires you to add to your knowledge of VLAN configuration. When you studied for your CCNA exam, you learned how to place ports into a VLAN and what the purpose of VLANs was, but you may not be aware that there are two types of VLAN membership.

Recent WebProWorld Posts

US Backs Microsoft In Antitrust Fight
Microsoft has long complained that antitrust regulators with the European Union have been holding back information related to the investigation, and US diplomats have raised the issue as well. Plenty of sniping between the EU and Microsoft (NASD:MSFT) has been exchanged over the long-running antitrust fight.

What New DSL Router?
I'm going to try to get someone's opinion on this for the last time before I try getting some replies in a different forum. This is the 3rd time I've asked this question. I am looking to buy a new Wireless Cable/DSL Router for a hotel which has 10 workstations and 1 server. It needs to have the following facilities:


Who Said That?

By A.P. Lawrence

My wife and I had run out for errands and had stopped at a D'Angelo sub shop. We were just about to get out of the car when the phone rang. My wife rolled her eyes but I took the call because, well, because that's what I do. Somebody has a problem, I try to answer the phone.

This was a long time customer. He explained that he had someone that needed remote access to an application running on port 7000 on a SCO machine. He said it was working fine within his office, but that he couldn't get remote access working. We did the usual things: telnet localhost 7000 (yup, that connected), ssh out to another box and try telnet back on 7000 (which just hung). I asked him to double check his router, and he did, but still no luck.

"Oh wait a minute,", I said, "you said this was a SCO box? You mean that old test box you've had for years?"

This guy sells accounting software and some of his customers still run on SCO. Most of them use Linux now, but he keeps the SCO up and running for testing and support. But I was pretty sure that box had never been connected to the internet.

"You need a default route. Packets can get to it, but it doesn't know how to send them back."

This comes up fairly frequently. It also happens sometimes with remote TCP printers: if you haven't given them a gateway address, they can't communicate back to you. Packets need routes.

But why? That's what my caller wondered. Why doesn't it just figure out where to send the packets?

Well, for starters, the only machines any box can talk to are machines on its local physical lan. So obviously it needs to send any other packets through a router. Is it supposed to guess where the router is?

No, of course not. Either somebody tells it (route add) or it finds out through some protocol like router broadcasts. But if it doesn't have either of those advantages, it's blind and dumb.

But is it really? Let's look at some tcpdump output.

Available from CrossTec, Activeworx Security Center includes new features for meeting SOX and HIPAA compliance requirements, improved tools for forensic investigation, and much more.

On my Mac, I first ssh'ed to a local (on my network) Linux box. In another Window on the Mac, I typed "sudo tcpdump -e host redhat1". Over on the Linux box, I simply tapped the space bar (to avoid a lot of packets). Here's the result:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en0, link-type EN10MB (Ethernet), capture size 96 bytes

07:55:59.946527 00:16:cb:8d:48:f7 (oui Unknown) > 00:c0:f0:6b:b4:18
(oui Unknown), ethertype IPv4 (0x0800), length 114:
> redhat1.ssh: P 1320087778:1320087826(48) ack 1103513747 win 65535

07:55:59.947496 00:c0:f0:6b:b4:18 (oui Unknown) > 00:16:cb:8d:48:f7
(oui Unknown), ethertype IPv4 (0x0800), length 114: redhat1.ssh > P 1:49(48) ack 48 win 10336
07:55:59.947565 00:16:cb:8d:48:f7 (oui Unknown) > 00:c0:f0:6b:b4:18
(oui Unknown), ethertype IPv4 (0x0800), length 66:
> redhat1.ssh: . ack 49 win 65535

Those hex digits following the date on each line should look familiar to you: those are MAC addresses. One of them is the address of the MacBook itself (00:16:cb:8d:48:f7) and the other is the RedHat box. Specifically, if I run "arp -a", I can see that, yes, that Mac address matches redhat1:

$ arp -a
redhat1 ( at 0:c0:f0:6b:b4:18 on en0 [ethernet]
router ( at 0:8:0:c0:fa:4 on en0 [ethernet]

Now what about if I go somewhere off-lan?

$ sudo tcpdump -e host website
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en0, link-type EN10MB (Ethernet), capture size 96 bytes

07:57:51.020660 00:16:cb:8d:48:f7 (oui Unknown) > 00:08:00:c0:fa:04
(oui Unknown), ethertype IPv4 (0x0800), length 106:
> website.ssh: P 3652278386:3652278426(40) ack 193102205 win 65535

07:57:51.057326 00:08:00:c0:fa:04 (oui Unknown) > 00:16:cb:8d:48:f7
(oui Unknown), ethertype IPv4 (0x0800), length 106: website.ssh > P 1:41(40) ack 40 win 16752
07:57:51.057409 00:16:cb:8d:48:f7 (oui Unknown) > 00:08:00:c0:fa:04
(oui Unknown), ethertype IPv4 (0x0800), length 66:
> website.ssh: . ack 41 win 65535

If you look carefully at those, you see that the packets are identified as coming from my router ( 0:8:0:c0:fa:4). We'd expect that - that is the only place they could come from.

So, back to our port 7000 problem. If the SCO box knows where the packets come from, why doesn't it just use that knowledge to route them back?

Well, I suppose it could. Someone could write an IP stack that configured routes from level 2 header information when there was nothing better to go by. That's pretty much what a switch does for its ports. I wouldn't want that feature on a computer, though: I like to be able to tear down routing entirely when I want to.

So I guess the answer to "Why?" is just "Because that's the way it is. Add the route, and my wife and I will go split a sub."

*Originally published at APLawrence.com

About the Author:
Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage (www.thebryantadvantage.com), home of FREE CCNA and CCNP tutorials and daily exam questions, as well as The Ultimate CCNA and CCNP Study Packages.

About NetworkNewz
NetworkNewz editors, writers and contributors focus on both the big picture and the details of networking. At NetworkNewz our goal is to deliver to you The Key To Network Management.

NetworkNewz is brought to you by:

SecurityConfig.com NetworkingFiles.com
ITmanagementNews.com WebProASP.com
DatabaseProNews.com SQLProNews.com
ITcertificationNews.com SysAdminNews.com
LinuxProNews.com WirelessProNews.com
CProgrammingTrends.com ITmanagementNews.com

-- NetworkNewzis an iEntry, Inc. publication --
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509
2006 iEntry, Inc.  All Rights Reserved  Privacy Policy  Legal

archives | advertising info | news headlines | free newsletters | comments/feedback | submit article
The Keys To Network Management Ask Questions in the Networking Forum NetworkNewz News Archives About Us Feedback NetworkNewz Home Page About Article Archive News Downloads WebProWorld Forums Jayde iEntry Advertise Contact