COMPUTER NETWORKING

the purpose of Computer Networking

is to share services or information:
Examples of
Server Services:

• Print Service
• Database Service
• Webserver Service
• Email Service
• File Transfer Service
• Content Management Service
• Communications Service (VOIP)
• Streaming Media Servers
• E-Commerce Server

• …. Image Storage Service

(PACS/DICOM!)
2
A computer (client) can retrieve or send information from or to a server.
The connection between the client and the server can be done in several ways.
Below are the two main essential differences:

- direct (peer to peer, can be multiple clients connected)

- server based

3
A computer (client) can retrieve or send information from or to a server.
The connection between the client and the server can be done in several ways.
Below are the two main essential differences:

- direct (peer to peer, can be multiple clients connected)

- server based

0101010101 101010101 101010101 0101010111

Client Computer Server

Information is exchanged between both computers

4
In order to exchange the information the correct way, we have to make sure that:

- we are talking to the right computer … (IP Address)

- we speak the same language …

My “language protocol” is TCP/IP My “language protocol” is SPX (Novell)

Xxxx xxxx xxxx xxxxcxxx xxxxxx xxxxx xxxxx xxx

Client Computer Server

In this example, information cannot be exchanged between both

computers unless a “translator” is used.

Probably thanks to the Internet, a common language or protocol

is nowadays used, the TCP/IP Protocol.
5
The TCP/IP Protocol stands for Transmission Control Protocol / Internet Protocol

As the name “Transmission Control” already indicates; it controls the data transfer
between the computers.

The Open Systems Interconnection Model (or OSI Model) is a “prescription” for
the way of standardizing the functions of a communications system in terms of
abstraction layers.

TCP/IP can be found in the transport layer of the OSI Model (layer 4).

6
 The OSI Model

OSI MODEL LAYERS DATA UNIT PROTOCOLS

Application Layer
7 applications such as email, webbrowser,
file transfer, Skype, etc.
data
FTP, HTTP, POP3, SMTP,
SNMP, TELNET, etc.
HOST LAYERS
upper layers

Presentation Layer
6 data conversion by Operating System
such as Windows, Linux, Apple OS etc.
data
ASCII to EBCDIC, BCD to
binary (& Telnet, X.25, etc.)

Session Layer
5 controls communication sessions
(e.g. secure banking) “interhost comm.”
data
L2TP, PPTP (& NetBIOS, RPC,
SCP, PAP, ASP, ADSP, etc.)

Transport Layer
4 connection reliability thru checksum,
packet size, windowing, etc.
segments
TCP, UDP (& DCCP, NBF,
NBT, SCTP, SST, SPX, etc.)

Network Layer
3 packets ARP, RIP, ICMP, IPX, IPsec,
MEDIA LAYERS

packet routing to different LANs or IPV4/6 e.g. 192.168.2.1, etc.

lower layers

WANs, based on IP Addressing

Data Link Layer

2 transmit & receive of packets node to
node based on MAC Address
frames Media Access Control
e.g. 00:23:EE:4D:C5:E6

Physical Layer
1 electrical signals and cabling
bits
7
 Troubleshooting by the OSI Model

OSI MODEL LAYERS POSSIBLE ISSUES

Application Layer
7 applications such as email, webbrowser,
file transfer, Skype, etc.
problems in applications such as configuration issues
HOST LAYERS
upper layers

Presentation Layer
6 data conversion by Operating System
such as Windows, Linux, Apple OS etc.
operating system crashes, System32 device drivers (DLL)
problems, operating system updates etc.

Session Layer
5 controls communication sessions
(e.g. secure banking) “interhost comm.”
bad SSL certificates, session control (client to server) is
handled by application, not much to “config” here

Transport Layer
4 connection reliability thru checksum,
packet size, windowing, etc.
windowing issues, packet size (MTU/PDU), timeout values,
in particular for modems

Network Layer
3 misconfiguration of routers, wrong ip configuration, wrong
MEDIA LAYERS

packet routing to different LANs or gateway configuration, subnet configuration

lower layers

WANs, based on IP Addressing

Data Link Layer

2
switch port issues, wrong network adapter configuration,
slow network, network adapter disabled,
transmit & receive of packets node to
bad network adapter (link LED off)
node based on MAC Address

Physical Layer
1
network cable unplugged, broken network cable, bad wall
drop, switch port issues, network adapter light off (no
electrical signals and cabling connection), wrong patch cable (crossover/straight)
8
LAN Properties

9
TCP/IPv4 Properties

10
Computer Network configuration: IPCONFIG

11
Computer Network configuration: IPCONFIG /ALL

12
Computer Network: computer connectivity test: Ping (ICMP Ping)

(ICMP = Internet Control Messaging Protocol)

Ping an I.P. Address

13
Computer Network: computer connectivity test: Ping (ICMP Ping)

Ping a website name and watch the response..

14
Computer Network: computer connectivity test: Ping (ICMP Ping)

Ping a host name and watch the response…

15
Computer Network: computer connectivity test: Ping –t x.x.x.x

This is the continuous ping until the CTRL-C command is given to stop.

16
 Ping Loopback Addresses
Ping 127.0.0.1

Ping Localhost IPv6

17
 Ping Loopback Addresses
Ping ::1 (IPv6)

18
 DHCP
The Network Information can be entered in a Networking Device manually, but can also be
automatically retrieved from a Server.

A Server that provides the Network Configuration is called a DHCP Server or

Dynamic Host Configuration Protocol Server.

Below are screenshots of a Windows 7 Network Configuration Window for the Internet Protocol
TCP/IP v4
manually configured Configured by DHCP Server

19
 DHCP
The Dynamic Host Configuration Protocol is a Network Protocol

Below are screenshots of a Windows 7 Network Configuration Window for the Internet Protocol
TCP/IP v4

A DHCP Client obtains an IP Address the following way:

1. DHCP Discover (MAC Address > destination = FF:FF:FF:FF)

2. DHCP Offer
3. DHCP Request ● I.P. Address
● Subnet
4. DHCP Acknowledgement ● Gateway
● DNS Servers info
● Lease term
● Domain information
more …

1
2
3
4

20
 DNS
Computers use I.P. Addresses to communicate with other computers.
Memorizing large numbers is hard and we rather want to use names instead.
DNS is a “translation protocol” that converts a name into an I.P. Address (and vice versa).

Domain Name System Servers (or DNS Servers) are all over the world and every computer
has a name conversion mechanism already built in, in the form of a HOST file.

Sequence for the name resolution process:

1. Computer cache memory (does the name belong to its own?)

2. Computer host file
3. Local DNS Servers
4. Alternate DNS Servers
ask!
Google.com
CNN.com
Hitachi.com
DNS servers

I.P. Addresses = ???

21
 DNS
DNS Query

ISP’s
? DNS2.hitachi-medical.co.jp
Local DNS Server DNS Server
DNS Server

other internet
DNS Server ?
?
DNS Resolution/Answer

!
!
22
 DNS

DNS Query (google.com) followed by a normal page display in web browser -- monitored by Wireshark

23
 Proxy Servers

A Proxy Server is a computer that offers a Computer Network Service to allow Clients to make indirect Network
Connections to other Network Services.

The Proxy provides controlled Network Access to the WAN by using caching and authentication.
The Proxy may alter the client’s request or the server’s response for various purposes.

Client sends
request to Proxy WAN

The Proxy responds to request and

provides information from either its
cache or from the specified Server

24
 Proxy Servers

An example of a free proxy service is Hidemyass.com.

This is an Internet Proxy Server with a Web GUI where you can enter any URL to visit with a generated I.P. Address.
You will see the webpage thru Hidemyass.com’s webpage/GUI.
This system allows you to surf the web from an I.P. Address which is not your original’s.

(Visit http://www.whatismyip.com to see what your real current I.P. Address is)

Client sends request to

Hidemyass.com

WAN

Hidemyass.com responds to requests from your laptop and

provides information from the specified Servers.

25
 Routers

When two computers are NOT in the same subnet, they need a router to “route”
them to the other subnet.
This router is also called the “Gateway” or “Default Gateway”

IP: 192.168.10.40
Subnet: 255.255.255.0
Subnet ID: 192.168.10.0

IP: 10.2.4.139
Subnet: 255.0.0.0
Subnet ID: 10.0.0.0

The workstation has a Subnet which is called a “Trusted Zone” or “LAN”.

For this computer, everything outside its LAN is called an “Untrusted Zone” or “WAN”.

26
 Routers

When two computers are NOT in the same subnet, they need a router to “route”
them to the other subnet.
This router is also called the “Gateway” or “Default Gateway”

IP: 192.168.10.40
Subnet: 255.255.255.0
Subnet ID: 192.168.10.0

IP: 10.2.4.139
Subnet: 255.0.0.0
Subnet ID: 10.0.0.0
Trusted Untrusted

The router will interface between the “Trusted Zone” or “LAN”

and the “Untrusted Zone” or “WAN”.

27
 Routers

When two computers are NOT in the same subnet, they need a router to “route”
them to the other subnet.
This router is also called the “Gateway” or “Default Gateway”

IP: 192.168.10.40
Subnet: 255.255.255.0
Subnet ID: 192.168.10.0

IP: 10.2.4.139
Subnet: 255.0.0.0
Subnet ID: 10.0.0.0
192.168.10.41 10.2.4.140

The router participates in both Subnets and has an IP Address of its own for each Subnet.
These IP Addresses are the Gateway IP Address for both Subnets.

In order for the router to participate in the two Subnets, it must have two Network Cards.
28
29
 LAN (Trusted) –X0 WAN (Untrusted – X1)
192.16.10.41 10.2.4.140

Above are the SonicWALL Firewall/Router Interface Settings for the LAN and WAN Interfaces

30
 LAN (Trusted) –X0 WAN (Untrusted – X1)
192.16.10.41 10.2.4.140

Network Configuration Workstation Network Configuration Server

Communication Ports

When a Computer is connected to a Network, it uses an IP Address to communicate.

It communicates thru so called “communication ports” or “communication channels”.

The number of communication ports available is 65,535.

As an example, Web Servers “listen” on TCP port 80.

A secure bank connection goes thru TCP Port 443.
FTP Servers listen on TCP Port 21.
Mail Servers listen on TCP port 110 and you can send mail thru TCP port 25
Microsoft Media Streaming thru UDP & TCP Port 1755

Listens
on
Port 80

TCP = Transmission Control Protocol

UDP = User Datagram Protocol
32
Communication Ports

Web Browsers communicate with Web Servers thru default port 80.

http://www.google.com is always via Port 80

http://www.google.com: 8080 communicates with web server thru port 8080
ftp://ftp.fileserver.com is always via port 21
ftp://ftp.fileserver.com:4000 communicates with FTP server thru port 4000

Listens
on
Port 80

33
Communication Ports

Web Browsers communicate with Web Servers thru default port 80.

http://www.google.com is always via Port 80

http://www.google.com: 8080 communicates with web server thru port 8080
ftp://ftp.fileserver.com is always via port 21
ftp://ftp.fileserver.com:4000 communicates with FTP server thru port 4000

Listens
on
Port 80

34
Communication Ports Port #1

Data: 0101010101 101010101 101010101 0101010111

Port 80
= active/open

Port# 65535
The Server listens on Port 80.
All communications will only go thru this port.
When a request is sent to the server with a wrong port, the server will simply not respond.

The client computer expects an answer from the server.

The server must know what the client’s listening port number is for that particular session to send the data in
return.
This client listening port number will be an unpredictable random number between 1~65,535 and will change
for every session.
This is how the two computers can communicate with each other thru communication ports
(or channels).

35
 The screenshot below is a Wireshark Screen Capture which shows a communication session between a client
computer (172.22.16.2) and the Google Search Engine Web Server (74.125.225.79).
The response from the Google server is always from/to port 80 and the client computer port is random.
In this session: 49976, 49975, 49978 . . .
Wireshark is a Network Protocol Analyzer.
It shows all the data packets over the Network

Note: 74.125.225.79 is not the actual Google Search Server, it is Google’s WHOIS lookup server for their domain. It is a symbolic of a googol (10x10^100) where google got its name from.
A googol is –n which represents the number as one followed by 100 zeros (10 100 ) or, 1e100 is scientific notation for 1 googol.
Communication Ports & Firewalls

Trusted/LAN Untrusted/WAN

37
Communication Ports & Firewalls

80 80
3389
443
21
21

Server listens on Ports

21, 80 and 443

Trusted/LAN Untrusted/WAN

The Firewall regulates traffic for certain ports.

Advanced Firewalls do more than this, but basically this is what the firewall does.
In our example, the firewall only allows data thru ports 21, 80 and 3389.
The client communicates successfully with the server but communications thru port 443 fail (port not open
on the firewall).

Data traffic from the Trusted Area (or LAN) to the Untrusted Area is called Outbound traffic.
Data traffic from the Untrusted Area (or WAN) to the Trusted Area is called Inbound traffic.
38
Communication Ports & Firewalls

80 80
3389
443
21
21

Server listens on Ports

LAN WAN 21, 80 and 443
 Image Transfer from Modality to PACS Server

+ Hos
pital
HITACHI

FW1:
Outbound Port 104 open

3Rd party PACS vendor

(Extramural Data Storage)
Internet Listening on Port 104

FW2:
Inbound Port 104 open

40
 Image Transfer from Modality to PACS Server

+ Hos
pital

???
HITACHI

FW1:
Outbound Port 104 open

3Rd party PACS vendor

(Extramural Data Storage)
Internet Listening on Port 104

HIPAA!
Health Insurance Portability and Accountability Act
FW2:
Inbound Port 104 open

41
 Image Transfer from Modality to PACS Server
thru a Virtual Private Network ( VPN )
+ Hos
pital
HITACHI

VP
N
Tun
nel 3Rd party PACS vendor
(Extramural Data Storage)
Internet Listening on Port 104

42
 Image Transfer from Modality to PACS Server
thru a Virtual Private Network ( VPN )
+ Hos
pital
HITACHI

VP
N
Tun
nel 3Rd party PACS vendor
(Extramural Data Storage)
Internet Listening on Port 104

Firewall/Routers !
(a VPN can also be created
by software) 43
 Virtual Private Network ( VPN )

VP
N
Tun
nel

44
 Virtual Private Network ( VPN )

Both Tunnel endpoints must authenticate before the secure VPN Tunnel can be established.
The Routers often use passwords or digital certificates and stores these keys permanently to
automatically establish the tunnel without intervention from the user for future connections.

2 types of VPN:
“Endpoint” A
- Client computer to a Network
- Network to Network

Tunneling Protocols:
- L2TP (Layer Two Tunneling Protocol)
- PPTP ( Point To Point Tunneling Protocol)

VP
N
Tun
nel

Transport Layer Security (TLS) and its predecessor Secure Socket Layer (SSL)
are cryptographic protocols providing communication security over the
Internet.

Encryption of network connections use asymmetric cryptography for key “Endpoint” B

exchange, symmetric cryptography for confidentiality and message
authentication codes for message integrity.
45
 Switches & Hubs

Switches & Hubs are devices that connect multiple Network Hardware Devices with each other.

Hub
Switch

Very similar; only difference indication is the text label

46
 Switches & Hubs

Switches & Hubs are devices that connect multiple Network Hardware Devices with each other.

Hub Switch

what’s the difference?

47
Hub

Computer sends data to printer

48
 Hub

every device receives the data !

= busy local network traffic

49
Switch

Computer sends data to printer

50
 Switch

only the printer receives the data !

= quiet/better local network (less collisions)

51
 disadvantage of switches
in case the laptop is a “network sniffer”,
the data can not be monitored since there is
no data traffic distributed to the port where it
is attached to.

Fortunately, some Switches have dedicated

functionality that support this function.

- Cisco switches: SPAN (Switch Port ANalyzer)

- 3Com switches: RAP (Roving Analysis Port)
- Or Port mirroring

52
Movie Time
54
 Practice
1.
I have two computers each using a different Communication Protocols; IPX/SPX and
TCP/IP.
Will they be able to communicate ?

A. Only if they are connected to each other with a network cable

B. Yes
 C. No
D. With a translator that bridges the IPX/SPX protocol with the Appletalk protocol

2.
I have a PC that is connected to a network and is configured the following way:

I.P. Address 10.20.100.5

Subnet Mask: 255.255.255.0
No Gateway configured
No DNS configured

I cannot access the internet and don’t receive ping responses from 4.2.2.2. Why not?

E. The DNS is not configured

F. The Subnet Mask is a Class C. It will not work with a Class A I.P. Address
 G. There is no Gateway configured
H. No DNS and no Gateway are configured

55
 Practice
3.
The hospital uses a policy to block Network traffic to and from Asian websites. We convinced management that we need
internet access for our Sentinel Services and now have full internet access. We use the hospital’s local DNS Server
information (still subjected to the original hospital policies), but we still can’t see the system on the Sentinel Host list.

A. Port 443 is blocked on the hospital’s firewall

B. The hospital’s DNS Server is resolving the wrong I.P. Address
 C. The hospital’s DNS Server is not resolving the I.P. Address at all
D. The MR Console has problems with the Sentinel software (file corrupt, service cannot start)

4.
The hospital uses a Proxy Server for internet access. Our MR Console is connected to the hospital Network but we cannot
access the internet. The system also does not show up in the Sentinel host list. Why not ?

E. The hospital’s firewall is blocking the Internet access

 F. The MR Console needs to be configured for Proxy Server use.
G. There is no SonicWALL firewall installed on the MR Console
H. The I.P. Address, Netmask and Gateway Network settings of the MR Console need to be verified

56
 Practice
5.
I want to access the server at the office but I can’t .
What am I doing wrong?

Open question
Server:
I.P. Address = 10.2.4.150
Subnet = 255.0.0.0
Router:
I.P. Address = 192.168.100.1 
Subnet = 255.255.255.0

Home Network
PC:
I.P. Address = 192.168.100.2
Subnet = 255.255.255.0
Gateway = 192.168.100.10  Office Network

57
 Practice Web Server:
I.P. Address = 212.18.140.5
6.
I want to access the Facebook website but I cannot access it.
However, I can ping its I.P. Address.
What is going on ?

Open question

Internet

Router:
I.P. Address = 192.168.100.1
PC: Subnet = 255.255.255.0
I.P. Address = 192.168.100.2 DNS1 = 10.20.4.10  is a local I.P. Address
Subnet = 255.255.255.0
Gateway = 192.168.100.1
DNS1 = 192.168.100.1

58
 Practice Web Server:
I.P. Address = 212.18.140.5
Subnet = 255.255.255.0
7.
I want to access a website but it times out.
I can also not ping any computer on the internet but I can ping my Modem.
What is wrong here ?

Internet

Modem (directly to ISP):

LAN I.P. Address = 10.2.4.1
LAN Subnet = 255.0.0.0

PC: Router:
I.P. Address = 192.168.100.2 I.P. Address = 192.168.100.1
Subnet = 255.255.255.0 Subnet = 255.255.255.0
Gateway = 192.168.100.1 Gateway = 192.168.100.1  should be 10.2.4.1
DNS1 = 4.2.2.2
59
 Practice McKesson PACS Server:
I.P. Address = 212.18.140.5
Subnet = 255.255.255.0
Listen on TCP Port 11112 
8.
The Dr. Ultra MRI Clinic wants to send studies to the PACS Server but they won’t go.
What is the cause of this problem ?

Note.: I left the router out for your convenience.

Dr. Ultra MRI Clinic, Inc.

“For all your clinical needs”

Internet

Firewall:
Allowed TCP Outbound Ports:
104, 1112, 5000, 5040, 5050

Allowed TCP Inbound Ports :
104, 11112, 5000
PC:
I.P. Address = 192.168.100.2
Subnet = 255.255.255.0
Gateway = 192.168.100.1
DNS1 = 4.2.2.2
60
 McKesson PACS Server:
Practice I.P. Address = 212.18.140.5
Subnet = 255.255.255.0
Listen on TCP Port 11112
9. Send on TCP Port 104
The Dr. Ultra MRI Clinic wants to receive studies from the PACS Server but they won’t go.
What is the cause of this problem ?

Note.: I left the router out for your convenience.

Dr. Ultra MRI Clinic, Inc.

“For all your clinical needs”

Internet

Firewall:
Allowed TCP Outbound Ports:
104, 11112, 5000, 5040, 5050

Allowed UDP Inbound Ports :
104, 11112, 5000
PC:
I.P. Address = 192.168.100.2
Subnet = 255.255.255.0
Gateway = 192.168.100.1
DNS1 = 4.2.2.2
DICOM Listening Port 104
61
10.
Practice
You are the Network/PACS Administrator at Dr. Ultra MRI Clinic, Inc.
The Doctor is asking you to make sure the MRI System can send images to the PACS which is based in Hong Kong and you
are located in San Francisco. The Server in Hong Kong is a No Wuk Attal Server and it listens on DICOM Port 1112.
Being a great Administrator, it didn’t take you much time for you to figure out why it is not working… 

62
11.
Practice
You are the Network/PACS Administrator at Dr. Ultra MRI Clinic, Inc.
The Doctor is asking you to make sure his Network is safe and only modalities from other sites can send studies to Dr. Ultra’s
PACS Server listening on Port 104.
It looks like the firewall is properly configured, right ?

63
12.
Practice
You are the Network/PACS Administrator at Dr. Ultra MRI Clinic, Inc.
The Doctor is a nice guy but he shouldn’t have brought his son in and allow him to play with the firewall.
You have to fix the problems now. Besides buying a rope for the kid, what would you do if TCP Port 5047 service is not
working anymore ?

64
13.
Practice
You are connected to a firewall that has two interfaces, one for the LAN, the other one for the WAN zone.
The WAN zone is connected to the Hospital’s Network where a Router with I.P. Address 192.168.10.1 brings you to the
Internet. You can ping the router successfully but can’t access the Internet… Why?

65
 Practice
14.
You want to use your computer in a Network environment and share files on your Harddrive.
You have enabled the sharing services but it still doesn’t work.
Here’s a hint …. Check your Local Area Connection Properties…. (although you would not directly look at that place)

66
 Practice

15.
You want to use your computer in a Network environment and share files on your Hard drive.
You have enabled the sharing services but it still doesn’t work and you already checked your Local Area Connection Properties….
it is still not working.
What is the cause of this problem ?

67