`
`
`
`
`
`
`
`
`
`
`
`Hegvfor Unix System Aolmz'm'sz‘mt01"s
`
`TCP/IP
`
`J1
`
`-2
`-5
`
`.
`1»
`
`I
`
`5‘
`
`Network Aoimiv/zz'stmz‘z'01/z
`
`
`
`Hr
`
`
`
`O’RE|LLY
`
`®
`
`Craig Hum‘
`
`Palo Alto Networks, Inc. Exhibit 1012 Page 1
`
`

`

`Networkr'Syste1n Administration
`
`
`
`O’RE|LLY®
`
`TCP/IP Network Administration
`
`
`
`TCP/‘JP i-N-'em=m'k Aa’rrrint'$!m!ftm, Third Edition, is a complete guide lo setting up and
`
`ninning a TCP/IP network, and is geared toward system administrators as well as users
`
`of home systems that access the Internet. It starts with the fundamentals: what protocols
`
`do and how they work, how addresses and routing are used to move data through the
`
`network. and how to set up your network connection.
`
`Beyond basic setup, this hook discusses advanced routing protocois (RIl‘v2, OSPI’, and BGP) and
`
`the gated soi'twa1'e package that implements them. It provides a tutorial on configuring important
`
`network services, including DNS, Apache, sendmail, Samha, PPP, and DHCP. There are chapters on
`
`troubleshooting and security. In addition, this hook contains a command and syntax 1'ele1‘ence for
`
`important packages such as gated. pppd, named, dhcpd, and sendinail.
`
`This new edition includes a section on configuring Samba to provide file and print sharing on
`
`networks that integrate Unix and Windows, and a new chapter dedicated to the important task of
`
`configuring the Apache weh server. l\Eelwork security‘ Coverage is expanded to include details on
`
`OpenSSH, stunnel, gpg, iptahles, and the access control mechanism in xinetd. This hook also con
`
`tains updated information ahout DNS, including details on BIND 8 and BINI) 9. the role of classless
`
`ll‘ addressing and network prefixes. and the changing role of registtars.
`
`This hook covers Linux, Solaris, BS1), and System V TC1‘/II’ implementations.
`
`Praise for previous editions:
`
`“The h0o}e_]-'ou 1'eachfl)rfirs!'..."
`
`—Marsl*1all Rose. C'rmm'X£on.\'
`
`“...!be :lefirn‘£:'ue uomme on the smIgfect.”
`
`-—Tom Yztger, BYTE
`
`“...probab!y the best single Umlx TCP/{P system r:clmt'n1'strc:r0r's handbrmie in jJrmt... "
`
`—Anthony M. Rtttkowski. SprintLink
`
`n
`
`The secrmd edftirnr of Hunt's superb hook is even more useful’ and f:gf?>rmatf1*e than the
`
`0rt'gh1aI ed:’t:'rm...an e.\'rra<>rd:‘:-tcnjv and mctstrtndtiizg rew’sr'0rr of a classic mm‘ fndfsj)ei"r.rable
`
`refereme. "
`
`—Elizabeth Zinkann. 5)-'s Admit?
`
`www.urei|ly.t:nm
`
`us $44.95
`
`GANSBE-1.!-J5
`
`tssm 9?8—0—596—lJ029?—8
`
`
`
`'~t%
`
`Di
`
`~01 Oi oi oi
`
`~01 -oi ogi
`
`9
`
`~_
`
`W
`
`r\.|%
`
`5 4 4 9 5
`
`Palo Alto Networks, Inc. Exhibit 1012 Page 2
`
`

`

`
`
`TCP/IP Network
`
`Administration
`
`Palo Alto Networks, Inc. Exhibit 1012 Page 3
`
`

`

`Palo Alto Networks, Inc.
`
`Digitized by C:-OOg1€
`Exhibit 1012
`Page 4
`
`Palo Alto Networks, Inc. Exhibit 1012 Page 4
`
`

`

`
`
`THIRD EDITION
`
`TCP/IP Network
`
`Administration
`
`Craig Hunt
`
`Beijing • Cambridge • Farnham • Köln • Sebastopol • Taipei • Tokyo
`
`Palo Alto Networks, Inc. Exhibit 1012 Page 5
`
`

`

`TCP/IP Network Administration, Third Edition
`
`by Craig Hunt
`
`Copyright © 2002, 1998, 1992 Craig Hunt. All rights reserved.
`
`Printed in the United States of America.
`
`Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472.
`
`O’Reilly Media, Inc. books may be purchased for educational, business, or sales promotional use. On
`
`line editions are also available for most titles (safari.oreilly.com). For more information contact our cor
`
`porate/institutional sales department: (800) 998-9938 or corporate@oreilly.com.
`
`Editors:
`
`Mike Loukides and Debra Cameron
`
`Production Editor:
`
`Emily Quill
`
`Cover Designer:
`
`Edie Freedman
`
`Interior Designer:
`
`Melanie Wang
`
`Printing History:
`
`August 1992:
`
`First Edition.
`
`January 1998:
`
`Second Edition.
`
`April 2002:
`
`Third Edition.
`
`Nutshell Handbook, the Nutshell Handbook logo, and the O’Reilly logo are registered trademarks of
`O’Reilly Media, Inc. TCP/IP Network Administration, Third Edition, the image of a land crab, and
`related trade dress are trademarks of O’Reilly Media, Inc. Many of the designations used by
`manufacturers and sellers to distinguish their products are claimed as trademarks. Where those
`
`designations appear in this book, and O’Reilly Media, Inc. was aware of a trademark claim, the
`designations have been printed in caps or initial caps.
`
`While every precaution has been taken in the preparation of this book, the publisher and author assume
`
`no responsibility for errors or omissions, or for damages resulting from the use of the information
`
`contained herein.
`
`This book uses RepKover™, a durable and flexible lay-flat binding.
`
`ISBN: 978-0-596-00297-8
`
`[C]
`
`[10/08]
`
`Palo Alto Networks, Inc. Exhibit 1012 Page 6
`
`

`

`—To Alana, the beginning ofa new life.
`
`Palo Alto Networks, Inc. Exhibit 1012 Page 7
`
`

`

`Palo Alto Networks, Inc.
`
`Digitized by C:-OOg1€
`Exhibit 1012
`Page 8
`
`Palo Alto Networks, Inc. Exhibit 1012 Page 8
`
`

`

`
`
`Table of Contents
`
`Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
`
`1. Overview of TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
`
`TCP/IP and the Internet
`
`A Data Communications Model
`
`TCP/IP Protocol Architecture
`
`Network Access Layer
`
`Internet Layer
`
`Transport Layer
`
`Application Layer
`
`Summary
`
`2
`
`6
`
`9
`
`11
`
`12
`
`18
`
`22
`
`23
`
`2.
`
`Delivering the Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
`
`Addressing, Routing, and Multiplexing
`
`The IP Address
`
`Internet Routing Architecture
`
`The Routing Table
`
`Address Resolution
`
`Protocols, Ports, and Sockets
`
`Summary
`
`24
`
`25
`
`35
`
`37
`
`43
`
`44
`
`50
`
`3. Network Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
`
`Names and Addresses
`
`The Host Table
`
`DNS
`
`Mail Services
`
`File and Print Servers
`
`Configuration Servers
`
`Summary
`
`
`
`51
`
`52
`
`54
`
`62
`
`75
`
`76
`
`82
`
`vii
`
`Palo Alto Networks, Inc. Exhibit 1012 Page 9
`
`

`

`4.
`
`Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
`
`84
`
`Connected and Non-Connected Networks
`
`Basic Information
`
`Planning Routing
`
`Planning Naming Service
`
`Other Services
`
`Informing the Users
`
`Summary
`
`85
`
`86
`
`97
`
`101
`
`104
`
`106
`
`107
`
`5.
`
`Basic Configuration . . . . . . . . . . .
`Kernel Configuration
`
`. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
`
`108
`
`Startup Files
`
`The Internet Daemon
`
`The Extended Internet Daemon
`
`Summary
`
`6.
`
`Configuring the Interface . . . . . .
`The ifconfig Command
`
`. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
`
`TCP/IP Over a Serial Line
`
`Installing PPP
`
`Summary
`
`7.
`
`Configuring Routing . . . . . . . . . .
`Common Routing Configurations
`
`. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
`
`The Minimal Routing Table
`
`Building a Static Routing Table
`
`Interior Routing Protocols
`
`Exterior Routing Protocols
`
`Gateway Routing Daemon
`
`Configuring gated
`
`Summary
`
`108
`
`124
`
`129
`
`132
`
`133
`
`134
`
`134
`
`150
`
`153
`
`169
`
`170
`
`170
`
`171
`
`173
`
`178
`
`188
`
`191
`
`193
`
`204
`
`8.
`
`Configuring DNS . . . . . . . . . . . . . .
`BIND: Unix Name Service
`
`. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
`
`205
`
`Configuring the Resolver
`
`Configuring named
`
`Using nslookup
`
`Summary
`
`
`
`viii
`
`|
`
`Table ofContents
`
`205
`
`207
`
`211
`
`228
`
`232
`
`Palo Alto Networks, Inc. Exhibit 1012 Page 10
`
`

`

`9.
`
`The Network File System
`Local Network Services . . . . . . . . . .
`
`. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
`
`Sharing Unix Printers
`
`Using Samba to Share Resources with Windows
`
`Network Information Service
`
`DHCP
`
`Managing Distributed Servers
`
`Post Office Servers
`
`Summary
`
`233
`
`233
`
`252
`
`259
`
`268
`
`272
`
`277
`
`280
`
`283
`
`10.
`
`sendmail . . . . . . . . . . . . . . . . . . . . . .
`sendmail’s Function
`
`. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
`
`285
`
`Running sendmail as a Daemon
`
`sendmail Aliases
`
`The sendmail.cf File
`
`sendmail.cf Configuration Language
`
`Rewriting the Mail Address
`
`Modifying a sendmail.cf File
`
`Testing sendmail.cf
`
`Summary
`
`285
`
`286
`
`288
`
`290
`
`297
`
`309
`
`319
`
`323
`
`332
`
`11.
`
`Configuring Apache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
`
`333
`
`Installing Apache Software
`
`Configuring the Apache Server
`
`Understanding an httpd.conf File
`
`Web Server Security
`
`Managing Your Web Server
`
`Summary
`
`334
`
`338
`
`341
`
`361
`
`378
`
`380
`
`12. Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
`
`Security Planning
`
`User Authentication
`
`Application Security
`
`Security Monitoring
`
`Access Control
`
`Encryption
`
`Firewalls
`
`Words to the Wise
`
`Summary
`
`382
`
`387
`
`402
`
`404
`
`409
`
`418
`
`425
`
`433
`
`434
`
`Table of Contents
`
`|
`
`ix
`
`Palo Alto Networks, Inc. Exhibit 1012 Page 11
`
`

`

`13. Troubleshooting TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435
`
`Approaching a Problem
`
`Diagnostic Tools
`
`Testing Basic Connectivity
`
`Troubleshooting Network Access
`
`Checking Routing
`
`Checking Name Service
`
`Analyzing Protocol Problems
`
`Protocol Case Study
`
`Summary
`
`435
`
`438
`
`440
`
`443
`
`450
`
`456
`
`471
`
`474
`
`478
`
`A. PPP Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479
`
`B. A gated Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503
`
`C. A named Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 548
`
`D. Adhcpd Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 586
`
`E. A sendmail Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 599
`
`F.
`
`Solaris httpd.conf File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 661
`
`G. RFC Excerpts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 679
`
`Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 687
`
`|
`
`TableofContents
`
` x
`
`Palo Alto Networks, Inc. Exhibit 1012 Page 12
`
`

`

`
`
`Preface
`
`The first edition of TCP/IP Network Administration was written in 1992. In the
`
`decade since, many things have changed, yet some things remain the same. TCP/IP is
`
`still the preeminent communications protocol for linking together diverse computer
`
`systems. It remains the basis of interoperable data communications and global com
`
`puter networking. The underlying Internet Protocol (IP), Transmission Control Pro
`
`tocol, and User Datagram Protocol (UDP) are remarkably unchanged. But change
`
`has come in the way TCP/IP is used and how it is managed.
`
`A clear symbol of this change is the fact that my mother-in-law has a TCP/IP net
`
`work connection in her home that she uses to exchange electronic mail, compressed
`
`graphics, and hypertext documents with other senior citizens. She thinks of this as
`
`“just being on the Internet,” but the truth is that her small system contains a func
`
`tioning TCP/IP protocol stack, manages a dynamically assigned IP address, and han
`
`dles data types that did not even exist a decade ago.
`
`In 1991, TCP/IP was a tool of sophisticated users. Network administrators managed
`
`a limited number of systems and could count on the users for a certain level of tech
`
`nical knowledge. No more. In 2002, the need for highly trained network administra
`
`tors is greater than ever because the user base is larger, more diverse, and less
`
`capable of handling technical problems on its own. This book provides the informa
`
`tion needed to become an effective TCP/IP network administrator.
`
`TCP/IP Network Administration was the first book of practical information for the
`
`professional TCP/IP network administrator, and it is still the best. Since the first edi
`
`tion was published there has been an explosion of books about TCP/IP and the Inter
`
`net. Still, too few books concentrate on what a system administrator really needs to
`
`know about TCP/IP administration. Most books are either scholarly texts written
`
`from the point of view of the protocol designer, or instructions on how to use TCP/IP
`
`applications. All of those books lack the practical, detailed network information
`
`needed by the Unix system administrator. This book strives to focus on TCP/IP and
`
`Unix and to find the right balance of theory and practice.
`
`
`
`xi
`
`This is the Title of the Book, eMatter Edition
`
`Copyright © 2010 O’Reilly & Associates, Inc. All rights reserved.
`
`Palo Alto Networks, Inc. Exhibit 1012 Page 13
`
`

`

`I am proud of the earlier editions of TCP/IP Network Administration. In this edition,
`
`I have done everything I can to maintain the essential character of the book while
`
`making it better. Dynamic address assignment based on Dynamic Host Configura
`
`tion Protocol (DHCP) is covered. The Domain Name System material has been
`
`updated to cover BIND 8 and, to a lesser extent, BIND 9. The email configuration is
`
`based on current version of sendmail 8, and the operating system examples are from
`
`the current versions of Solaris and Linux. The routing protocol coverage includes
`
`Routing Information Protocol version 2 (RIPv2), Open Shortest Path First (OSPF),
`
`and Border Gateway Protocol (BGP). I have also added a chapter on Apache web
`
`server configuration, new material on xinetd, and information about building a fire
`
`wall with iptables. Despite the additional topics, the book has been kept to a rea
`
`sonable length.
`
`TCP/IP is a set of communications protocols that define how different types of com
`
`puters talk to each other. TCP/IP Network Administration is a book about building
`
`your own network based on TCP/IP. It is both a tutorial covering the “why” and
`
`“how” of TCP/IP networking, and a reference manual for the details about specific
`
`network programs.
`
`Audience
`
`This book is intended for everyone who has a Unix computer connected to a TCP/IP
`
`network.* This obviously includes the network managers and the system administra
`
`tors who are responsible for setting up and running computers and networks, but it
`
`also includes any user who wants to understand how his or her computer communi
`
`cates with other systems. The distinction between a “system administrator” and an
`
`“end user” is a fuzzy one. You may think of yourself as an end user, but if you have a
`
`Unix workstation on your desk, you’re probably also involved in system administra
`
`tion tasks.
`
`Over the last several years there has been a rash of books for “dummies” and “idiots.”
`
`If you really think of yourself as an “idiot” when it comes to Unix, this book is not for
`
`you. Likewise, if you are a network administration “genius,” this book is probably
`
`not suitable either. If you fall anywhere between these two extremes, however, you’ll
`
`find this book has a lot to offer.
`
`This book assumes that you have a good understanding of computers and their oper
`
`ation and that you’re generally familiar with Unix system administration. If you’re
`
`not, the Nutshell Handbook Essential System Administration by Æleen Frisch (pub
`
`lished by O’Reilly & Associates) will fill you in on the basics.
`
`* Much of this text also applies to non-Unix systems. Many of the file formats and commands and all of the
`apply
`
`equally well to Windows 9x, Windows NT/2000, and other operating systems.
`
`protocol descriptions
`
`If you’re an NT administrator, you should read Windows NT TCP/IP Network Administration (O’Reilly).
`
`
`
`xii
`
`|
`
`Preface
`
`This is the Title of the Book, eMatter Edition
`
`Copyright © 2010 O’Reilly & Associates, Inc. All rights reserved.
`
`Palo Alto Networks, Inc. Exhibit 1012 Page 14
`
`

`

`Organization
`
`Conceptually, this book is divided into three parts: fundamental concepts, tutorial,
`
`and reference. The first three chapters are a basic discussion of the TCP/IP protocols
`
`and services. This discussion provides the fundamental concepts necessary to under
`
`stand the rest of the book. The remaining chapters provide a “how-to” tutorial.
`
`Chapters 4–7 discuss how to plan a network installation and configure the basic soft
`
`ware necessary to get a network running. Chapters 8–11 discuss how to set up vari
`
`ous important network services. Chapters 12 and 13 cover how to perform the
`
`ongoing tasks that are essential for a reliable network: security and troubleshooting.
`
`The book concludes with a series of appendixes that are technical references for
`
`important commands and programs.
`
`This book contains the following chapters:
`
`Chapter 1, Overview of TCP/IP, gives the history of TCP/IP, a description of the pro
`
`tocol architecture, and a basic explanation of how the protocols function.
`
`Chapter 2, Delivering the Data, describes addressing and how data passes through a
`
`network to reach the proper destination.
`
`Chapter 3, Network Services, discusses the relationship between clients and server
`
`systems and the various services that are central to the function of a modern internet.
`
`Chapter 4, Getting Started, begins the discussion of network setup and configura
`
`tion. This chapter discusses the preliminary configuration planning needed before
`
`you configure the systems on your network.
`
`Chapter 5, Basic Configuration, describes how to configure TCP/IP in the Unix ker
`
`nel, and how to configure the system to start the network services.
`
`Chapter 6, Configuring the Interface, tells you how to identify a network interface to
`
`the network software. This chapter provides examples of Ethernet and PPP interface
`
`configurations.
`
`Chapter 7, Configuring Routing, describes how to set up routing so that systems on
`
`your network can communicate properly with other networks. It covers the static
`
`routing table, commonly used routing protocols, and gated, a package that provides
`
`the latest implementations of several routing protocols.
`
`Chapter 8, Configuring DNS, describes how to administer the name server program
`
`that converts system names to Internet addresses.
`
`Chapter 9, Local Network Services, describes how to configure many common net
`
`work servers. The chapter discusses the DHCP configuration server, the LPD print
`
`server, the POP and IMAP mail servers, the Network File System (NFS), the Samba
`
`file and print server, and the Network Information System (NIS).
`
`
`
`Preface
`
`|
`
`xiii
`
`This is the Title of the Book, eMatter Edition
`
`Copyright © 2010 O’Reilly & Associates, Inc. All rights reserved.
`
`Palo Alto Networks, Inc. Exhibit 1012 Page 15
`
`

`

`Chapter 10, sendmail, discusses how to configure sendmail, which is the daemon
`
`responsible for delivering electronic mail.
`
`Chapter 11, Configuring Apache, describes how the Apache web server software is
`
`configured.
`
`Chapter 12, Network Security, discusses how to live on the Internet without exces
`
`sive risk. This chapter covers the security threats introduced by the network, and
`
`describes the plans and preparations you can make to meet those threats.
`
`Chapter 13, Troubleshooting TCP/IP, tells you what to do when something goes
`
`wrong. It describes the techniques and tools used to troubleshoot TCP/IP problems
`
`and gives examples of actual problems and their solutions.
`
`Appendix A, PPP Tools, is a reference guide to the various programs used to config
`
`ure a serial port for TCP/IP. The reference covers dip, pppd, and chat.
`
`Appendix B, A gated Reference, is a reference guide to the configuration language of
`
`the gated routing package.
`
`Appendix C, A named Reference, is a reference guide to the Berkeley Internet Name
`
`Domain (BIND) name server software.
`
`Appendix D, A dhcpd Reference, is a reference guide to the Dynamic Host Configura
`
`tion Protocol Daemon (dhcpd).
`
`Appendix E, A sendmail Reference, is a reference guide to sendmail syntax, options,
`
`and flags.
`
`Appendix F, Solaris httpd.conf File, lists the contents of the Apache configuration file
`
`discussed in Chapter 11.
`
`Appendix G, RFC Excerpts, contains detailed protocol references taken directly from
`
`the RFCs that support the protocol troubleshooting examples in Chapter 13. This
`
`appendix explains how to obtain your own copies of the RFCs.
`
`Unix Versions
`
`Most of the examples in this book are taken from Red Hat Linux, currently the most
`
`popular Linux distribution, and from Solaris 8, the Sun operating system based on
`
`System V Unix. Fortunately, TCP/IP software is remarkably standard from system to
`
`system, and because of this uniformity, the examples should be applicable to any
`
`Linux, System V, or BSD-based Unix system. There are small variations in command
`
`output or command-line options, but these should not present a problem.
`
`Some of the ancillary networking software is identified separately from the Unix
`
`operating system by its own release number. Many such packages are discussed, and
`
`when appropriate are identified by their release numbers. The most important of
`
`these packages are:
`
`
`
`xiv
`
`|
`
`Preface
`
`This is the Title of the Book, eMatter Edition
`
`Copyright © 2010 O’Reilly & Associates, Inc. All rights reserved.
`
`Palo Alto Networks, Inc. Exhibit 1012 Page 16
`
`

`

`BIND
`
`Our discussion of the BIND software is based on version 8 running on a Solaris 8
`
`system. BIND 8 is the version of the BIND software delivered with Solaris, and
`
`supports all of the standard resource records. There are relatively few adminis
`
`trative differences between BIND 8 and the newer BIND 9 release for basic con
`
`figurations.
`
`sendmail
`
`Our discussion of sendmail is based on release 8.11.3. This version should be
`
`compatible with other releases of sendmail v8.
`
`Conventions
`
`This book uses the following typographical conventions:
`
`Italic
`
`is used for the names of files, directories, hostnames, domain names, and to
`
`emphasize new terms when they are introduced.
`
`Constant width
`
`is used to show the contents of files or the output from commands. It is also
`
`used to represent commands, options, and keywords in text.
`
`Constant width bold
`
`is used in examples to show commands typed on the command line.
`
`Constant width italic
`
`is used in examples and text to show variables for which a context-specific sub
`
`stitution should be made. (The variable filename, for example, would be
`
`replaced by some actual filename.)
`
`%,#
`
`Commands that you would give interactively are shown using the default C shell
`
`prompt (%). If the command must be executed as root, it is shown using the
`
`default superuser prompt (#). Because the examples may include multiple sys
`
`tems on a network, the prompt may be preceded by the name of the system on
`
`which the command was given.
`
`option
`
`[
`
`]
`
`When showing command syntax, optional parts of the command are placed
`
`within brackets. For example, ls [ -l ] means that the -l option is not required.
`
`We’d Like to Hear from You
`
`We have tested and verified all of the information in this book to the best of our
`
`ability, but you may find that features have changed (or even that we have made
`
`
`
`Preface
`
`|
`
`xv
`
`This is the Title of the Book, eMatter Edition
`
`Copyright © 2010 O’Reilly & Associates, Inc. All rights reserved.
`
`Palo Alto Networks, Inc. Exhibit 1012 Page 17
`
`

`

`mistakes!). Please let us know about any errors you find, as well as your suggestions
`
`for future editions, by writing:
`
`O’Reilly & Associates, Inc.
`
`1005 Gravenstein Highway North
`
`Sebastopol, CA 95472
`
`(800) 998-9938 (in the United States or Canada)
`
`(707) 829-0515 (international or local)
`
`(707) 829-0104 (fax)
`
`There is a web page for this book, where we list errata, examples, or any additional
`
`information. You can access this page at:
`
`http://www.oreilly.com/catalog/tcp3
`
`To comment or ask technical questions about this book, send email to:
`
`bookquestions@oreilly.com
`
`For more information about books, conferences, Resource Centers, and the O’Reilly
`
`Network, see our web site at:
`
`http://www.oreilly.com
`
`To find out what else Craig is doing, visit his web site, http://www.wrotethebook.com.
`
`Acknowledgments
`
`I would like to thank the many people who helped in the preparation of this book.
`
`All of the people who contributed to the first and second editions deserve thanks
`
`because so much of their input lives on in this edition. For the first edition that’s
`
`John Wack, Matt Bishop, Wietse Venema, Eric Allman, Jeff Honig, Scott Brim, and
`
`John Dorgan. For the second edition that’s Eric Allman again, Bryan Costales,
`
`Cricket Liu, Paul Albitz, Ted Lemon, Elizabeth Zwicky, Brent Chapman, Simson
`
`Garfinkel, Jeff Sedayao, and Æleen Frisch.
`
`The third edition has also benefited from many contributors—a surprising number
`
`of whom are authors in their own right. They set me straight about the technical
`
`details and improved my prose. Three authors are due special thanks. Cricket Liu,
`
`one of the authors of the best book ever written about DNS, provided many com
`
`ments that improved the sections on Domain Name System. David Collier-Brown,
`
`one of the authors of Using Samba, did a complete technical review of the Samba
`
`material. Charles Aulds, author of a best-selling book on Apache administration,
`
`provided insights into Apache configuration. All of these people helped me make this
`
`book better than earlier editions. Thanks!
`
`All the people at O’Reilly & Associates have been very helpful. Deb Cameron, my
`
`editor, deserves a special thanks. Deb kept everything moving forward while balanc
`
`ing the demands of a beautiful newborn daughter, Bethany Rose. Emily Quill was
`
`
`
`xvi
`
`|
`
`Preface
`
`This is the Title of the Book, eMatter Edition
`
`Copyright © 2010 O’Reilly & Associates, Inc. All rights reserved.
`
`Palo Alto Networks, Inc. Exhibit 1012 Page 18
`
`

`

`the production editor and project manager. Jeff Holcomb and Jane Ellin performed
`
`quality control checks. Leanne Soylemez provided production assistance. Tom Dinse
`
`wrote the index. Edie Freedman designed the cover, and Melanie Wang designed the
`
`interior format of the book. Neil Walls converted the book from Microsoft Word to
`
`Framemaker. Chris Reilley and Robert Romano’s illustrations from the earlier edi
`
`tions have been updated by Robert Romano and Jessamyn Read.
`
`Finally, I want to thank my family—Kathy, Sara, David, and Rebecca. They keep my
`
`feet on the ground when the pressure to meet deadlines is driving me into orbit.
`
`They are the best.
`
`
`
`Preface
`
`|
`
`xvii
`
`This is the Title of the Book, eMatter Edition
`
`Copyright © 2010 O’Reilly & Associates, Inc. All rights reserved.
`
`Palo Alto Networks, Inc. Exhibit 1012 Page 19
`
`

`

`Palo Alto Networks, Inc.
`
`Digitized by C:-OOg1€
`Exhibit 1012
`Page 20
`
`Palo Alto Networks, Inc. Exhibit 1012 Page 20
`
`

`

`
`Chapter 1
`
`Inthischapter:• TCP/IP and theInternet
`
`
`
`• A Data Communications Model
`
`• TCP/IP Protocol Architecture
`
`• NetworkAccess Layer
`
`• InternetLayer
`
`• TransportLayer
`
`• Application Layer
`
`
`
`CHAPTER 1
`
`Overview of TCP/IP
`
`All of us who use a Unix desktop system—engineers, educators, scientists, and busi
`
`ness people—have second careers as Unix system administrators. Networking these
`
`computers gives us new tasks as network administrators.
`
`Network administration and system administration are two different jobs. System
`
`administration tasks such as adding users and doing backups are isolated to one
`
`independent computer system. Not so with network administration. Once you place
`
`your computer on a network, it interacts with many other systems. The way you do
`
`network administration tasks has effects, good and bad, not only on your system but
`
`on other systems on the network. A sound understanding of basic network adminis
`
`tration benefits everyone.
`
`Networking your computers dramatically enhances their ability to communicate—
`
`and most computers are used more for communication than computation. Many
`
`mainframes and supercomputers are busy crunching the numbers for business and
`
`science, but the number of these systems in use pales in comparison to the millions
`
`of systems busy moving mail to a remote colleague or retrieving information from a
`
`remote repository. Further, when you think of the hundreds of millions of desktop
`
`systems that are used primarily for preparing documents to communicate ideas from
`
`one person to another, it is easy to see why most computers can be viewed as com
`
`munications devices.
`
`The positive impact of computer communications increases with the number and type
`
`of computers that participate in the network. One of the great benefits of TCP/IP is
`
`that it provides interoperable communications between all types of hardware and all
`
`kinds of operating systems.
`
`The name “TCP/IP” refers to an entire suite of data communications protocols. The
`
`suite gets its name from two of the protocols that belong to it: the Transmission
`
`Control Protocol (TCP) and the Internet Protocol (IP). TCP/IP is the traditional
`
`name for this protocol suite and it is the name used in this book. The TCP/IP proto
`
`col suite is also called the Internet Protocol Suite (IPS). Both names are acceptable.
`
`
`
`1
`
`This is the Title of the Book, eMatter Edition
`
`Copyright © 2010 O’Reilly & Associates, Inc. All rights reserved.
`
`Palo Alto Networks, Inc. Exhibit 1012 Page 21
`
`

`

`This book is a practical, step-by-step guide to configuring and managing TCP/IP net
`
`working software on Unix computer systems. TCP/IP is the leading communica
`
`tions software for local area networks and enterprise intranets, and it is the
`
`foundation of the worldwide Internet. TCP/IP is the most important networking
`
`software available to a Unix network administrator.
`
`The first part of this book discusses the basics of TCP/IP and how it moves data
`
`across a network. The second part explains how to configure and run TCP/IP on a
`
`Unix system. Let’s start with a little history.
`
`TCP/IP and the Internet
`
`In 1969 the Advanced Research Projects Agency (ARPA) funded a research and
`
`development project to create an experimental packet-switching network. This net
`
`work, called the ARPAnet, was built to study techniques for providing robust, reli
`
`able, vendor-independent data communications. Many techniques of modern data
`
`communications were developed in the ARPAnet.
`
`The experimental network was so successful that many of the organizations attached
`
`to it began to use it for daily data communications. In 1975 the ARPAnet was con
`
`verted from an experimental network to an operational network, and the responsibil
`
`ity for administering the network was given to the Defense Communications Agency
`
`(DCA).* However, development of the ARPAnet did not stop just because it was
`
`being used as an operational network; the basic TCP/IP protocols were developed
`
`after the network was operational.
`
`The TCP/IP protocols were adopted as Military Standards (MIL STD) in 1983, and
`
`all hosts connected to the network were required to convert to the new protocols. To
`
`ease this conversion, DARPA† funded Bolt, Beranek, and Newman (BBN) to imple
`
`ment TCP/IP in Berkeley (BSD) Unix. Thus began the marriage of Unix and TCP/IP.
`
`About the time that TCP/IP was adopted as a standard, the term Internet came into
`
`common usage. In 1983 the old ARPAnet was divided into MILNET, the unclassi
`
`fied part of the Defense Data Network (DDN), and a new, smaller ARPAnet. “Inter
`
`net” was used to refer to the entire network: MILNET plus ARPAnet.
`
`In 1985 the National Science Foundation (NSF) created NSFNet and connected it to
`
`the then-existing Internet. The original NSFNet linked together the five NSF super
`
`computer centers. It was smaller than the ARPAnet and no faster: 56Kbps. Still, the
`
`* DCA has since changed its name to Defense Information Systems
`
`Agency
`
`(DISA).
`
`† During the 1980s, ARPA, which is part of the U.S. Department of Defense, became Defense Advanced
`agency
`Agency (DARPA). Whether it is known as ARPA or DARPA, the
`
`Research Projects
`
`and its mission of
`
`funding advanced research have remained the same.
`
`
`
`2
`
`|
`
`Chapter1:OverviewofTCP/IP
`
`This is the Title of the Book, eMatter Edition
`
`Copyright © 2010 O’Reilly & Associates, Inc. All rights reserved.
`
`Palo Alto Networks, Inc. Exhibit 1012 Page 22
`
`

`

`creation of the NSFNet was a significant event in the history of the Internet because
`
`NSF brought with it a new vision of the use of the Internet. NSF wanted to extend
`
`the network to every scientist and engineer in the United States. To accomplish this,
`
`in 1987 NSF created a new, faster backbone and a three-tiered network topology that
`
`included the backbone, regional networks, and local networks. In 1990 the ARPA
`
`net formally passed out of existence, and in 1995