1
Chapter 3
Addressing on Networks
Applying Concepts: Configure Address Translation Using NAT
For simple default gateways such as a home router, configuring address translation means
making sure NAT is turned on. That’s about all you can do. However, for more advanced
gateways, such as an industrial-grade Cisco router or Linux server, you configure the
NAT software by editing NAT translation tables stored on the device.
For example, suppose your network supports a web server available to the Internet, as
shown in Figure 3-11. On the web, the website is known by the public IP address
69.32.208.74. Figure 3-12 shows the sample text file required to set up the translation
tables for DNAT to direct traffic to the web server at private IP address 192.168.10.7.
Note that any line that begins with an exclamation mark (!) is a comment.
The first group of lines defines the router’s outside interface, which connects with the
outside network, and is called the serial interface. The second group defines the router’s
inside Ethernet interface. The last line that is not a comment line says that when clients
from the Internet send a request to IP address 69.32.208.74, the request is translated to
the IP address 192.168.10.7.
2
At the end of this chapter, you’ll create your own NAT translation table entry using this
example as a template. To help you better understand where the IP addresses in a
translation table entry comes from, answer the following questions about the information
in Figures 3-11 and 3-12:
1. What is the router’s outside interface IP address?
2. What is the router’s inside interface IP address?
3. What is the website’s public IP address?
Review Questions
1. Which part of a MAC address is unique to each manufacturer?
a. The network identifier
b. The OUI
c. The device identifier
d. The physical address
2. What type of device does a computer turn to first when attempting to make
contact with a host with a known IP address on another network?
3
a. Default gateway
b. DNS server
c. Root server
d. DHCP server
3. What decimal number corresponds to the binary number 11111111?
a. 255
b. 256
c. 127
d. 11,111,111
4. Suppose you send data to the 11111111 11111111 11111111 11111111 IP
address on an IPv4 network. To which device(s) are you transmitting?
a. All devices on the Internet
b. All devices on your local network
c. The one device that is configured with this IP address
d. No devices
5. When your computer first joins an IPv6 network, what is the prefix of the IPv6
address the computer first configures for itself?
4
a. FF00::/8
b. 2001::/64
c. 2001::/3
d. FE80::/10
6. If you are connected to a network that uses DHCP, and you need to terminate
your Windows workstation’s DHCP lease, which command would you use?
a. ipconfig /release
b. ipconfig /renew
c. ifconfig /release
d. ifconfig /renew
7. Which of these commands is available only in Linux?
a. ping
b. ipconfig
c. dig
d. nslookup
8. Which computers are the highest authorities in the Domain Name System
hierarchy?
a. Authoritative name servers
b. Root servers
c. Top-level domain servers
d. Primary DNS servers
9. You have just brought online a new secondary DNS server and notice your
network-monitoring software reports a significant increase in network traffic.
Which two hosts on your network are likely to be causing the increased traffic and
why?
a. The caching and primary DNS servers, because the caching server is
requesting zone transfers from the primary server
b. The secondary and primary DNS servers, because the secondary server is
requesting zone transfers from the primary server
c. The root and primary DNS servers, because the primary server is
requesting zone transfers from the root server
d. The web server and primary DNS server, because the web server is
requesting zone transfers from the primary DNS server
10. Which type of DNS record identifies an email server?
a. AAAA record
b. CNAME record
c. MX record
d. PTR record
11. What is the range of addresses that might be assigned by APIPA?
12. You are the network manager for a computer training center that allows students
to bring their own laptops to class for learning and taking notes. Students need
access to the Internet, so you have configured your network’s DHCP server to
issue IP addresses automatically. Which DHCP option should you modify to
make sure you are not wasting addresses used by students who have left for the
day?
13. You have decided to use SNAT and PAT on your small office network. At
minimum, how many IP addresses must you obtain from your ISP for all five
clients in your office to be able to access servers on the Internet?
14. How many bits does an IPv6 address contain?
7
15. FTP sometimes uses a random port for data transfer, but an FTP server always,
unless programmed otherwise, listens to the same port for session requests from
clients. What port does an FTP server listen on?
16. You issue a transmission from your workstation to the following socket on your
LAN: 10.1.1.145:110. Assuming your network uses standard port designations,
what Application layer protocol handles your transmission?
17. Suppose you want to change the default port for RDP as a security precaution.
What port does RDP use by default, and from what range of numbers should you
select a private port number?
18. You have just set up a new wireless network at your house, and you want to
determine whether your Linux laptop has connected to it and obtained a valid IP
address. What command will give you the information you need?
19. While troubleshooting a network connection problem for a coworker, you
discover the computer is querying a nonexistent DNS server. What command-line
utility can you use to assign the correct DNS server IP address?
8
20. When running a scan on your computer, you find that a session has been
established with a host at the address 208.85.40.44:80. Which Application layer
protocol is in use for this session? What command-line utility might you use to
determine which computer is the host?
Hands-On Projects
Project 3-1: Identify a NIC Manufacturer
Wireshark is a free, open-source network protocol analyzer that can help demystify
network messages and help make the OSI model a little more tangible for you. In Chapter
4, you’ll install Wireshark and practice capturing some of the hundreds of packets that
cross a network connection every minute.
Most of these packets include the MAC addresses of the sender, the receiver, or both.
When collecting network data on Wireshark using the default settings, some of the OUIs
are automatically resolved, telling you the manufacturer of each device. In Figure 3-31,
you can see where Wireshark has identified the manufacturer—Intel—of a laptop NIC on
this network.
9
Wireshark’s OUI Lookup Tool.
1. In your browser, go to wireshark.org/tools/oui-lookup.
Notice earlier in Figure 3-31 that the MAC address of the Source device is located
inside the red box. The first three bytes of this address, c8:f7:33, make up the OUI of
the device’s manufacturer. Type those numbers into Wireshark’s OUI Lookup Tool
and click Find. What results did you get?
You can perform the same lookup using output from a Command Prompt window:
2. Open a Command Prompt window and enter ipconfig /all to identify the NIC’s
physical address.
3. To select and copy this information into your Clipboard, first press Ctrl+M to enable
marking, and then select the first three bytes of the physical address for the active
network connection. Press Ctrl+C.
4. Click in the search box on Wireshark’s website, press Ctrl+V to paste the
information into the Wireshark Lookup Tool, and click Find. Who is the
manufacturer of your NIC?
Project 3-2: Change IPv6 Autoconfiguration Settings
By default, when configuring an IPv6 address, Windows 10 generates a random number
to fill out the bits needed for the NIC portion of the IPv6 address. This security measure
helps conceal your device’s MAC address, and further protects your privacy by
10
generating a new number every so often. There may be times, however, when you need
your system to maintain a static IPv6 address. To do this, you can disable IPv6
autoconfiguration using the netsh utility in an elevated Command Prompt window. Do
the following:
1. Open an elevated Command Prompt window.
2. Enter ipconfig /all. What is your computer’s current IPv6 address and
MAC address? Carefully compare the two addresses. Are they in any way
numerically related?
3. To disable the random IP address generation feature, enter the command:
4. To instruct Windows to use the EUI-64 standard instead of the default settings,
use this command:
netsh interface ipv6 set privacy state=disabled
5. Enter ipconfig /all again. What is your computer’s new IPv6 address? How
closely does this number resemble the MAC address?
Notice in the second half of the IPv6 address, after FE80::, that the fixed value FF
FE has been inserted halfway through the MAC address values. The host portion
11
of the IPv6 address might use a slightly different value than the OUI in the MAC
address because the seventh bit of the MAC address is inverted.
6. Reenable random IPv6 address generation with these two commands:
netsh interface ipv6 set global
randomizeidentifiers=enabled
netsh interface ipv6 set privacy state=enabled
Project 3-3: Manage a DNS Cache
You have learned that clients as well as name servers store DNS information to associate
names with IP addresses. In this project, you view the contents of a local DNS cache,
clear it, and view it again after performing some DNS lookups. Then you change DNS
servers and view the DNS cache once again.
2. If this computer has been used to resolve host names with IP addresses—for
example, if it has been used to retrieve email or browse the web—a list of locally
cached resource records appears. Read the file to see what kinds of records have
been saved, using the scroll bar if necessary. How many are A (Host) records and
how many are a different type, such as CNAME?
3. Clear the DNS cache with this command: ipconfig /flushdns