My Home Network Step by Step

Basic Concepts of Computer Networks

First thing to know: when you use the network, as when surfing the web, you use a program on your PC (the browser) speaking with an other program on a remote computer (the web server). There is nothing magic, but it's something mechanical: two programs sending messages one each other following some strict rules ( what is named a "communication protocol").

Your browser doesn't do all the job by himself, but utilizes special computer programs (the network software) which send data between computers.

How this works? Let's begin with a simple example: you surfing the net:

  1. using your browser, such as Mozilla or Internet Explorer, you ask for a web page ;

  2. the web browser code your request following a protocol named HTTP, and give the coded request to the network software running on your PC;

  3. the network software put the request on the network;

  4. your request go to your network provider, then makes it's journey thought many remote cables and connections until arrives at the remote computer on which the web server program runs;

  5. the network software on the remote computer get your request and give it to the web server, which understand HTTP;

  6. the web server decode the HTTP request and replays: it gives it's web page to the network software on the server machine;

  7. the network software on the server send the web page trough the network;

  8. the page travel to your server provider and then to your computer;

  9. the network software on your computer get the web page and give it to the browser program;

  10. finally the browser program display the page on the screen.

It seems complicated, but it is not, is the same as writing a letter to a friend, putting in an envelope, writing the address on the envelope and giving the letter to the post office for delivery.

The post office works as the network software, and the envelope is similar to a communication protocol with the address on it. The content of the letter may be coded in English words, as the request to a web server is coded into HTTP; communication protocols are nothing else that specialized languages.


Well, to have a working network you have to define something in the way network software runs, and to know some basics things about internet protocols, don't worry, only few basic things:


Numbers:

Each computer on the internet is identified by a number (unique in the world). This number is usually written as four groups of digits separated by a dot, as: 192.168.2.32. This number is named IP number, or internet number. It is the address of the computer, as the address of your friend on the envelope.

The internet is divided into many networks, each with its computers, In the IP number are coded both a "network number" and a computer number; it is similar to addresses in the town: you have a street in which each house has its number (thing as streets where networks and computers houses).

To separate the computer number and the network number a special coded key is used, named "network mask". The network mask, too, is expressed in the dotted form, i.e. the mask 255.255.255.0 says that in the number 192.168.2.32 the last group of digits: 32, is the computer number and 192.168.2 (or 192.168.2.0) is the network number.



Ports:

each network application program uses a communication channel named "port" to speak to the network software. Ports are numbered, many numbers are conventionally assigned to well known applications, i.e. the web use port number 80, to send mail port 25 is used etc.

A server program uses a port to accept requests from remote computers and it is sed that the program "listen" to the port; Web servers listen to port 80, mail servers to port 25 etc.

A client program talking to the network software uses a port too, usually an high port number.
If we thing as computers as houses in the town ports are similar to doors. Server programs, as clerks , wait for clients at the doors of their shops, to go shopping to have to get out home, exiting from a door, look for the street of the shop(the network), then for the house number of the shop, then enter the shop door, where the clerk waits for you. It's the path of your request, when you look for a web page.



Computer names:

humans use names to identify computers: names that are expressed in the dotted form, as: www.helldragon.eu, but the network software uses IP numbers, the number of each name is stored on the net in a distributed database named "domain name system" or DNS.

To find the numbers your network software must know where is computer to which ask for the numbers (i.e. a DNS server) . It's the same as consulting the white pages to find the address of your friend. You have to know where the white pages are, and if they are in a shop in the town you have to go there.

Packets:

the data you send to (or receive from) the network are divided into small chunk, named packets, these packets travel each on his h own path, ignoring the destiny of the other packets. Packets are reassembled together only at the arrival.

Each packet contains 4 numbers, identifying the communication between two computers:

As in an envelope, where you put the address of your friend and your address as the return address.



Routing:

the equipments connecting together different networks are named routers, the routers have many connections, each with a cable going to a different network. The connections are named "network interfaces". A router can have many IP numbers, one for each interface; it belongs to many networks.

The router has a table, saying which network is reachable from each interface, this is named "routing table". When a packet arrives the router extract the network number form the IP address and look into the routing table to find the correct destination for the packet. If a suited route is not found, the router, depending on its configuration, can send the packet to a default connection (default route) or throw away the packet, which is lost.

The router can be seen as a crossroad, with many road signs, to say where to go for each street. The road signs are the routing table of the crossroad. As a crossroad belongs to many streets, so the router belongs to many networks.

Each computer can be seen as a router, too. It has an unique connection, an unique IP and a very simple routing table, which says that the network to which the computer belongs is reachable by your network interface and the remaining destinations are seen throught the computer of your net which is connected to the internet (the default route).




Well, this is the basic, but there are other simple things than can be useful to know;

Firewall:

it is a software which filter packets, stopping some packets and letting other pass, the decision in based on the IP and port numbers of the source and destination of the packets. To configure a firewall you have to define some filtering rule; you can say, for example: packets directed to port 80 can't pass; in this way you can't surf the web, because web servers listen from port 80.

Some modern firewalls looks into the packets too, looking for some words or other features.



Static and dynamic IP numbers:

Each computer on the thet must have an unique IP number, but IP numbers are less than needed for all the computers of the world, so, when you connect to internet, your network provider lend you a number, to be used by you as long as you are connected. When you log off, the the provider assign the number to another customer. In this way you can have a different IP number each time you connect to the internet: this is a dynamic IP address. That's not a guarantee for anonymity: your provider records your connections.

You can also obtain from your provider a static IP number: a number that is always reserved to you. You pay more, but it's easier run server programs on your computers, which are always visible on the net; you are more visible to hackers too.

Most people use the computer only for mail, surfing the web and some peer to peer applications, they doesn't need a static address. There are also tricks to have a visible server on a computer without a static address.



Private and public network numbers:

Some network numbers are not used on the global network, packet directed to these networks are brown away by well configured internet routers.
These network numbers can be freely used by anyone, for his private network and will never be seen on the internet. All the networks beginning with 10. and with 192.168. are private, and also some networks beginning with 172.16.

Typically one uses private numbers for computer of his internal network , and public numbers only for some computers with servers program, which need to be visible from the outside.



DHCP :

a program running on a computer on the local network assigning to others computers IP numbers on request. In this way you haven't to configure each computer of the net; a computer which is configured to search for an IP number from a DHCP, when is switched on, obtains its network configuration in an automated manner, without user intervention. Also DNS server, default route and other data are given by the DHCP.



Network address Translation (NAT, NATP):

You can wonder how can you have more computers sharing the same internet connection if your provider lends you a single number.

There is a trick, named NAT (or NATP, depending on some technical details): your router (or the PC with the internet connection) holds the address given by the provider, and is seen on the network; all others computers send data to internet thought to the router; the router maintain some tables (named NAT tables, based on IP numbers and PORT numbers) to track requests, and send the requests to the net as coming from hitself. When the answers arrives it use the NAT table to know who sent the request and is waiting for the answer.

From the network only the router is seen, all the other computers are hidden, they can initiate a connection to communicate with an outside computer, but otherwise are not reachable from the outside.



Port forwarding (or virtual server):

you can say to your router that all the packets arriving to some ports must be redirected to a given computer. In this way you can put a server program on an hidden computer, the server is reachable, but otherwise the computer is not seen from the outside.



Demilitarized zone (DMZ):

this term means computers not protected by a firewall or a router, but directly connected to the internet.

You can configure your router to forward all packets to a given computer, in this way the computer is seen on the internet, as if it where the router.

This is risky, and is useful only if you have many services on your DMZ computer, for security tests or network monitoring; it is not the right thing to do when your applications can't connect and you don't understand why. Look for the port numbers you need and use a correct setting of your firewall or port forwarding, instead.



Proxy servers:

you use a proxy server when you don't ask directly to a server, but to an intermediate machine (the proxy server) making the requests for you.

This can speed things, if the proxy server records the answers and most of its users ask for the same things. This can also be used to control and filter traffic, for example all web traffic cab be redirected to a proxy server for censorship.

Some provider use private numbers for all their customers and proxy servers to let them access to internet (as Fastweb in Italy). In this way their users can't put on their computers servers programs visible to the internet. To have a public IP number from these providers you have to pay an add-on, but most users needn't a public IP.



Loopback interface:

each computer has a special IP address, pointing to itself; this number is: 127.0.0.1, this number correspond to the computer name: localhost.

In this way each computer can see hitself as a network computer on a special connection, named: loopback interface. It may seems strange, but some software needs this arrangement to work properly.

Each computer on the net has also a routing table, this "minimum" table says that the local network is seen directely, on the network interface, and that all other destination are to be set to a "default route".


And this is more than we need to manage our home network.