IP Addresses and the Domain Name System Demystified

Posted by on Sunday, February 27, 2011 · Leave a Comment 

IP Addresses and the Domain Name System Demystified

Part 1: Understanding IP Addresses and Domain Name System

Two basic concepts that you need to understand are and .

In Part 2 of this article, I will show you how to use your understanding of these two concepts to host a web site on your home computer for free. To read Part 2, please click Host Website on your Home Computer for Free.

IP Addresses

IP (Internet Protocol) addresses are the ‘phone numbers’ that allow computers to talk with each other. The IP address is the address of a computer on the Internet or within a local network, and allows it to be referenced by other computers.

IPv4 and IPv6 Addresses

There are two versions of IP addresses that can be used on a network. IPv4 addresses are the most common on the internet now. The IPv4 address consists of 4 decimal numbers, each between 0 and 255, that are separated by periods. Since it takes 8-bits to represent a number that goes up to 255, these 4 numbers create a 32-bit addressing scheme, which limits the total number of unique addresses to 4,294,967,296. About 290 million of those addresses are reserved for special purposes. Due to the rapid growth of the Internet, there has been concern that the number of addresses would be exhausted in the near future. As a result of this concern, a new version of IP addresses was created called IPv6, or Internet Protocol version 6. IPv6t would change the address size from 32-bit address to 128-bit addresses. This change would allow for generous growth of IP addresses without any foreseeable problem for a long time to come. However, in order to use IPv6 addresses, existing routers and hardware would need to be upgraded or configured to use this new version of IP addresses.

Since IPv4 is still the most common on the internet, this article will focus on that version of IP addresses.

There are some rules regarding the format of an IPv4 address. The four numbers must be between 0 and 255, and the IP address of 0.0.0.0 and 255.255.255.255 are reserved, and are not considered usable IP addresses.

There are three IP addresses that are used for special purposes:

1. 0.0.0.0 is the default network address

2. 127.0.0.1 is a called a “loopback address.” Another way to specify the loopback address is by using the address http://localhost. The loopback address allows your computer to try to talk to itself. That means if you clicked on this link, http://127.0.0.1, you are actually trying to connect to your own computer. If your computer is not running a web server, you will get a connection error.

3. 255.255.255.255 is a broadcast IP address that allows you to broadcast to everyone on the network.

One other very important IP address is the IP address of your computer. You can find the IP address of your computer by using Start/cmd/ipconfig.

IP addresses must be unique for each computer connected to a network. That means that if you have two computers on your network, each must have a different IP address to be able to communicate with each other. If the same IP address is assigned to two computers, those computers would have what is called an “IP Conflict,” and they would not be able to talk with each other.

The best way to avoid an IP Conflict is to use a service called DHCP that almost all home routers provide. DHCP, or Dynamic Host Configuration Protocol, is a service that assigns addresses to devices and computers. You tell the DHCP Server what range of IP addresses you would like it to assign, and then the DHCP server takes the responsibility of assigning those IP addresses to the various devices and keeping track so those IP addresses are assigned only once.

IP address classes

IP addresses can be broken down into five classes (A, B, C, D, E) as illustrated in the following table.

Class Start address Finish address

A

0.0.0.0

126.255.255.255

B

128.0.0.0

191.255.255.255

C

192.0.0.0

223.255.255.255

D

224.0.0.0

239.255.255.255

E

240.0.0.0

255.255.255.255

IP address Classes

Notice that the range of IP address from Class A to Class B skips the 127.0.0.0-127.255.255.255 range. That is because this range is reserved for the special addresses called Loopback addresses that we mentioned earlier.

The rest of classes are allocated to companies and organizations based upon the amount of IP addresses that they may need. Here is a list of the organizations that will typically be assigned to each class.

Default Network: The special network 0.0.0.0 is generally used for routing.

Class A: There are 126 class A networks. These networks consist of 16 million IP addresses that can be assigned to devices and computers. This type of allocation is generally given to very large networks such as multi-national companies.

Loopback: This is the special 127.0.0.0 network that is reserved as a loopback to your own computer for testing and debugging of your programs or hardware.

Class B: This class consists of 16,384 individual networks, each allocation consisting of 65,534 possible IP addresses. These blocks are generally allocated to Internet Service Providers and large networks, like colleges, hospitals, and so on.

Class C: There are 2,097,152 Class C networks, with each network consisting of 255 individual IP addresses. This type of class is typically given to small to mid-sized companies.

Class D: These IP addresses are used for a service called Multicast.

Class E: These IP addresses are reserved for experimental use.

Broadcast: 255.255.255.255 is a special IP address that is used for broadcasting messages to the entire network that your computer resides on.

Private Addresses

There are also blocks of private IP addresses that are to be used for computers not directly connected to the Internet. These IP addresses are not supposed to be routed through the Internet, and most service providers will block the attempt to do so. These IP addresses are used for internal use by home or company networks that need to use TCP/IP but do not want to be directly visible on the Internet. These IP ranges are:

Class Private Start Address Private End Address

A

10.0.0.0

10.255.255.255

B

172.16.0.0

172.31.255.255

C

192.168.0.0

192.168.255.255

If you are on a office/home private network and want to use TCP/IP, you should assign your computers/devices IP addresses from one of these three ranges. That way your router/firewall would be the only device with a true IP address which makes your network more secure.

Your Internet Service Provider gives your home computer a valid Internet IP address when it connects to the Internet. This IP address may stay the same for long periods (static IP) or may change frequently (dynamic IP).

To view your IP address, go to ‘start\run’ and type ‘cmd’ to bring up the command prompt, then type ‘ipconfig’. This will list all the IP addresses your computer is currently using. If you use a home router or other Internet sharing device, check its status page to find out your Internet IP address. To find the IP address for the status page, use the ‘ipconfig’ command described above, and look at the address for the Default gateway. Then, enter that IP address directly into an internet browser.

Static IP versus dynamic IP

If you want to host a website, you need to know whether your ISP assigns your PC a static (rarely changing) or dynamic IP address. The most reliable way to find out is to contact your provider and ask. On the other hand, the easiest way to do this is to monitor your IP address for a couple of days of normal use (including connecting and disconnecting from the Internet if you are using DSL) to see if it changes.

The devices and computers connected to the Internet use a protocol called TCP/IP to talk with each other. When a computer in Atlanta wants to send information to a computer in China, it must know the destination IP address that it would like to send the information to. That information is usually sent using one of two methods, UDP and TCP.

UDP and TCP – Two Principal Methods of transmitting data on the Internet

Transmission Control Protocol (TCP) requires that the computer sending data to another computer must connect to the other computer and stay connected to it for the entire duration of the transmission. This method of transferring data tends to be quicker and more reliable, but puts a higher load on the computer as it has to monitor the connection and the data going across it. This method of sending data is analogous to using the phone to call someone. You have a conversation and when it is over, you both hang up, releasing the connection.

User Datagram Protocol (UDP) requires that the computer sending the data put the information in discrete packages and release those packages into the network. Each package contains the address of the destination computer, but there is no assurance that it get there safely. This method of transmission has a very low overhead and is very popular to use for services that are not that important to work on the first try. UDP is analogous to placing a letter in the mail and hoping that the postal service will deliver the letter correctly.

TCP and UDP Ports

An IP address can be likened to a cable box that connects your television set to your cable provider. Ports are like all the individual channels in the cable box. Just as the TV shows come to your cable box and are separated out into different channels, information on the internet comes to your IP address and is separated out into different ports. Ports are specified by adding a colon after the IP address and then specifying the port number like this: 127.0.0.1:80. Port 80 is the default port that your computer is listening on for information coming from the network.

For each IP address, you can have a total of 65,535 TCP Ports and another 65,535 UDP ports. When a program on your computer sends or receives data over the Internet, it sends that data to an ip address and a specific port on the remote computer, and receives the data on a usually random port on its own computer. If it uses the TCP protocol to send and receive the data then it will connect and bind itself to a TCP port. If it uses the UDP protocol to send and receive data, it will use a UDP port. The picture below is a representation of an IP address split into its many TCP and UDP ports. Once an application binds itself to a particular port, that port cannot be used by any other application. It is first come, first served.

< -------------------- 192.168.1.94 -------------------->

0

1

2

3

4

5

..

..

..

..

..

..

..

..

65531

65532

65533

65534

65535

IP address with Ports

Here is an example of how this works with a web server. In order for a webserver to accept connections from remote computers, it must bind the web server application to a local port. It will then use this port to listen for and accept connections from remote computers. Web servers usually bind to the TCP port 80, which is what the http protocol uses by default, and then will wait and listen for connections from remote devices. Once a device is connected, it will send the requested web pages to the remote device, and when done disconnect the connection.

On the other hand, if you are the remote user connecting to a web server it would work in reverse. Your web browser would pick a random TCP port from a certain range of port numbers, and attempt to connect to port 80 on the IP address of the web server. When the connection is established, the web browser will send the request for a particular web page and receive it from the web server. Then both computers will disconnect the connection.

Now, what if you wanted to run an FTP server, which is a server that allows you to transfer and receive files from remote computers, on the same web server. FTP servers use TCP ports 20 and 21 to send and receive information, so you won’t have any conflicts with the web server running on TCP port 80. Therefore, the FTP server application when it starts will bind itself to TCP ports 20 and 21, and wait for connections in order to send and receive data.

Most major applications have a specific port that they listen on and they register this information with in the IANA Registry.

You can view all the ports that are listening on your computer by using start/cmd/netstat –ano (How to interpret netstat output)

You can connect these process ids in the netstat output to descriptions by using Windows Task Manager Service tab and sorting by Process ID (PID).

An easier way to see the descriptions of all ports that are listening on your computer is by downloading TcpView from http://www.systeminternals.com

Internet Sockets

An Internet socket or network socket is an endpoint. It is the endpoint of a bidirectional communication across a computer network like the internet.

Internet sockets provide a way to deliver incoming data packets to the appropriate application thread or process within a computer. A socket address is the combination of an IP address and a port. The IP address specifies the location of the computer and the port is mapped to the application program process.

An Internet socket is characterized by a unique combination of the following:

* Local socket address: Local IP address and port number
* Remote socket address: Only for established TCP sockets. As discussed in the Client-Server section below, this is necessary since a TCP server may serve several clients concurrently. The server creates one socket for each client, and these sockets share the same local socket address.
* Protocol: A transport protocol (e.g., TCP, UDP), Raw IP, or others. TCP port 35 and UDP port 35 are consequently different, distinct sockets.

Socket Types

There are several Internet socket types available:

* Datagram sockets, also known as connectionless sockets, which use User Datagram Protocol (UDP)
* Stream sockets, also known as connection-oriented sockets, which use TCP or SCTP.
* Raw Sockets (or Raw IP sockets), usually used in routers and other network equipment. Here the transport layer is bypassed, and the packet headers are not stripped off, but are accessible to the application.

Socket States and the Client-Server Model

Computer processes that provide application services are called servers. Servers create sockets on startup that are in listening state. These sockets are waiting for initiatives from client programs. For a listening TCP socket, the remote address presented by netstat may be shown as 0.0.0.0 and the remote port number 0.

A TCP server may serve several clients concurrently. It does this by creating a child process for each client and establishing a TCP connection between the child process and the client. Unique dedicated sockets are created for each connection. Netstat shows these connections as being in the established state and these connections provide a duplex byte stream.

Netstat shows several other possible TCP socket states such as Syn-sent, Syn-Recv, Fin-wait1, Fin-wait2, Time-wait, Close-wait and Closed. These states relate to various start up and shutdown steps.

A server may create several concurrently established TCP sockets with the same local port number and local IP address. Each of these sockets is mapped to its own server-child process, and in this way a server may function as its own client process. The sockets are treated as being unique by the operating system, since the remote socket address (the client IP address and/or port number) are different; i.e. since they have different socket pair tuples.

A UDP socket cannot be in an established state because UDP is connectionless. Consequently, netstat does not show the state of a UDP socket. A UDP server does not create new child processes for every concurrently served client, but the same process handles incoming data packets from all remote clients sequentially through the same socket. This means that UDP sockets are not identified by the remote address, but only by the local address, although each message has an associated remote address.

Socket Pairs

Communicating local and remote sockets are called socket pairs. Each socket pair is described by a unique 4-tuple struct consisting of source and destination IP addresses and port numbers, i.e. of local and remote socket addresses. When we are looking at TCP sockets, each unique socket pair 4-tuple is assigned a socket number. However, when we are looking at UDP sockets, each unique local socket address is assigned a socket number since the remote address is not important in identifying uniqueness.

DNS (Domain Name System)

The Domain Name System maps domain names like Google.com to an IP address like ‘209.85.148.105’. When you type www.google.com into your browser’s address bar, the computer sends that address to a DNS server on your network or the Internet, looking to have it translated into an IP address that it can contact directly. That DNS server will send back the IP address if it knows it, and if it doesn’t, it will contact other DNS servers all the way up to the root of the Internet until it finds the address it’s looking for.

Actually, you don’t have to have a domain name to host a website. If your home computer is connected to the Internet with IIS running, and you have created a web page (in a special folder), anyone on the internet can access that information by typing the IP address of your home computer into their web browser.

Registering a Domain Name

To get a domain name, you’ll need to register it with one of the many domain name registration services. Network Solutions is the primary one, but there are many others out there that are cheaper if you do a little research. Once you have registered your domain name, you can use the domain name registration service’s tools to map it with your computer’s IP address. From this point on, anyone who enters your domain name into a web browser will be directed to your IP address.

In Part 2 of this article, I will show you how to use your understanding of these two concepts to host a web site on your home computer for free. To read Part 2, please click Host Website on your Home Computer for Free.

Filed under Internet · Tagged with , , ,