Glossary of Networking Terms: Appendix B - Linux Networking Cookbook

by Carla Schroder
Linux Networking Cookbook book cover

This excerpt is from Linux Networking Cookbook.

If you want a book that lays out the steps for specific Linux networking tasks, one that clearly explains the commands and configurations, this is the book for you. Linux Networking Cookbook is a soup-to-nuts collection of recipes that covers everything you need to know to perform your job as a Linux network administrator. You'll dive straight into the gnarly hands-on work of building and maintaining a computer network.

buy button


Active Directory

Microsoft's implementation of LDAP used in Windows environments. Active Directory is a directory service primarily used to provide authentication services for Windows computers, but can also be used to store any information about a network or organization in a central database designed to be quickly accessible. The data in Active Directory's database is held in one or more equal peer Domain Controllers, each of which holds a copy of all information within the Active Directory, and synchronizes changes made on one DC to all others. Compare this to pre-Windows 2000 Server systems, which used a Primary Domain Controller and multiple Backup Domain Controllers.

AGP—Accelerated Graphics Port

Originally, graphics cards didn't need any more bandwidth than a PCI slot could provide, but the more they developed, the more bandwidth they took from the PCI bus—eventually requiring a dedicated connection. The AGP slot was created specifically to cater to the bandwidth requirements of high performance graphics cards. Based on the architecture of a PCI slot, an AGP port is a dedicated single port, not just one slot of many on a shared bus. This means the AGP card gets all the bandwidth on that connection to itself, without having to share with anything else. Since the rise in popularity of PCIe slots (which can provide much higher bandwidth), fewer new motherboards are being released with AGP ports.

ATM—Asynchronous Transfer Mode

High-speed networking standard that supports both voice and data communications. ATM is normally used by ISPs on their private long-distance networks. ATM does not use routing like Ethernet. Instead, ATM switches establish point-to-point connections between endpoints, and data flows directly from source to destination. ATM uses fixed-sized cells of 53 bytes in length, rather than variable-length packets like Ethernet. ATM performance is usually expressed as OC (Optical Carrier) levels, written as "OC-xxx." Performance levels as high as 10 Gbps (OC-192) are theoretically possible, but it's more common to see 155 Mbps (OC-3) and 622 Mbps (OC-12).



The number of discrete signaling events that occur each second in a digitally modulated transmission. The term is named after Jean-Maurice-Emile Baudot, the inventor of the Baudot telegraph code. At slow rates, only one bit of information is encoded in each signalling event—in these cases, the baud is equivalent to the number of bits per second that are transmitted; for example, 300 baud means that 300 bits are transmitted each second (300 bps). It is possible to encode more than one bit in each signalling event, so that a 2400 baud connection may transfer 4 bits with each event, resulting in 9600 bps. At these higher speeds, data transmission rates are usually expressed in bits per second (bps) rather than baud.

BDC—Backup Domain Controller

See Primary Domain Controller.

BIOS—Basic Input/Output System

The BIOS in a PC is the code that runs when the computer is first turned on. It is stored in a form of memory on the motherboard, and when run will initialize and configure the hardware, load boot code for the operating system (usually from a hard disk), then transfer control to the operating system. Older operating systems would make use of the BIOS for I/O tasks, but current systems take full control of the machine, only using the BIOS for initialization and booting.


Combining two network segments (for example, one segment connected to a wired Ethernet port and another connected wirelessly) as if they were one network. An Ethernet bridge does not use routing, but rather, relies on broadcasting to communicate between the two segments. So, this is a good way to share broadcast services, such as a Samba server, between two LAN segments, or to combine two LAN segments into one for easier administration and routing.

Bridging doesn't scale up well for larger LANs where the amount of broadcast traffic can become unwieldy. (Compare to Routing.)


In the context of a computer network, broadcasting means sending packets that are designed to be received by all devices on a subnet. Broadcasting is limited to the broadcast domain, which includes only those computers able to talk to one another on a network directly, without going through a router.


Certificate or Public Key Certificate

A method used when implementing public-key cryptography across a large number of users or devices, where securely handling keys is impractical due to the large number of members. In normal public-key cryptography, you may want to allow others to send you encrypted secret messages, so you provide people with your public key. Anyone who wishes to contact you securely encrypts messages to you with your public key, which you decrypt with your private key.

This leaves open the possibility that an attacker may publish a public key of their own, claim it is yours, then intercept and read communication meant for you. In small webs of trust this may not be a problem, but across many thousands of users, it becomes more of an issue to keep track of who genuinely owns which public key.

To avoid this issue, each member in a large group may use a certificate instead of a plain public key. The certificate consists of their public key combined with their identity, signed by a third party who is trusted by all. In a Public Key Infrastructure, this third party will be a Certificate Authority. Now, anyone who wishes to send you an encrypted message can obtain your certificate, check to see that the trusted third party believes the key and the identity within it match, and with that verification complete, trust encrypted communication to you.

Self-signed certificates are used inside the LAN to authenticate local users and services; in that case, you do not need a third-party Certificate Authority because you can easily verify your own certificates.

CIDR—Classless Inter-Domain Routing

Introduced in 1993, CIDR removes the idea of classful networks by going to a resolution of bits for defining networks, indicated by a numerical suffix. The old Class A, B, and C networks corresponded to CIDR suffixes of /8, /16, or /24. Dividing IP addresses into CIDR blocks allows a resolution much finer than previous classful networks, which were wasteful of IP addresses. corresponds to an old class B network, where 192.168 (the first 16 bits) define the network, and .0.0 up to .255.255 refer to hosts. Finer grained division of networks are possible, down to individual IP addresses, such as


In the context of a VoIP network, a codec is an algorithm that encodes audio into digital form for transmission over the network, and can decode it back into audio for listening. Different codecs make different tradeoffs between high quality audio, bandwidth usage, and CPU cycles. If issues out of your control severely limit the bandwidth available, for example, you may be willing to use a more CPU-intensive codec that can compress audio into a smaller stream. In the wider sense of the term, other forms of data (such as video or pictures) can be encoded and decoded using other relevant codecs.

Community string

When devices communicate using SNMP, a piece of text known as a community string is included in every packet sent between a management station (an SNMP manager) and a device (an SNMP agent). It can be seen as a password defining the access an agent will allow a manager. A community string can be a read string or a read/write string—if a manager presents a read string, the agent will only allow the manager to read information, but if a read/write string is presented, an agent will allow that manager to read information and change the agent's settings.


Console has many meanings. A Linux command-line session that is not running in X Windows is called a console session, or virtual console. Some Linux documentation refers to an attached keyboard and monitor as the console or the physical console. Console can refer to the logical device /dev/ttyS0. Another way to think of the Linux console is as the location where kernel messages appear.

Circuit switching

In a circuit switching network, a dedicated circuit must be opened between users before they can communicate and, while the circuit is open, no other users may use that circuit or parts of it. A circuit may remain open without any information transmission, and still be unusable by others; it must be closed before its components are available to different users. (Compare this to Packet switching.)

CPE—Customer Premises Equipment

Any device at a subscriber's premises and connected to a telecommunications network on the customer side of a demarcation point (demarc). Equipment included may be for telephone communication, a cable Internet connection, DSL, or cable TV.

CSU/DSU—Channel Service Unit/Data Service Unit

Equipment used to connect a router to a T1 connection. The CSU provides the connection to the digital line, receiving and transmitting the signal required for communication, and the DSU converts the line frames as used on a T1 connection into frames useful for a LAN. In practice, the CSU and DSU are usually combined into the one box for connecting a LAN to a T1.

Collision domain

A segment of a network where packets can potentially collide if two or more computers send at the same time. Using a hub with multiple machines attached creates a collision domain, as the hub simply repeats the packet sent to the hub out to all other machines connected to it without regard for other network activity. Computers must sense the network to check it isn't busy before sending packets—even then packets might collide, which requires the packet be resent. Collisions waste time, and the more machines in a collision domain that are transmitting often, the more collisions occur. Using switches instead of hubs splits collision domains into smaller segments, and a 100 percent switched network has no collision domains.


Demarc—demarcation point

The point at which the wiring on a customer's premises meets that of telecommunications providers. A demarc can be as simple as a connection between internal and external telephone wires, or a box allowing connection of all forms of telecommunications, from telephone and cable, to fiber optic connections.

DHCP—Dynamic Host Configuration Protocol

DHCP is a protocol used between clients (network devices such as computers) and a DHCP server, so that the client can obtain a valid IP address and other information such as default gateway, subnet mask, and DNS servers, for the client to connect to the network.

DNS—Domain Name System

The system that provides information about domain names to users of the Internet. Essentially, a widespread distributed directory of information about the Internet. Publically available domain names must be globally unique and are managed via central registries. Domain names are matched to the IP addresses of specific hosts; these addresses must also be globally unique. The domain name system can take a domain name and return information about how to reach it (IP address); how to send mail to a user on it (mail exchange servers); and digging further, even information about the owner of the domain, when it was registered, and when it might expire.

Private domain names and addresses that are not accessible outside the LAN do not need to be unique, and do not have to be registered.

Domain (Windows)

A group of computers that share a central directory database that contains information about about users, their privileges, resources, and the privileges required to access those resources. A user who needs to use a computer within a domain has a single account that is unique across the domain. Implementing a domain provides several benefits, including centralized administration and a single login that authenticates access to potentially thousands of resources. For Windows NT domains, the directory was provided by a Primary Domain Controller, whereas Windows 2000 Server and later uses Active Directory.

DSL—Digital Subscriber Loop or Digital Subscriber Line

DSL is a family of technologies designed to provide high speed digital data transmission over the local loop of a telephone network (from exchange to customer premises). ADSL (Asynchronous DSL, where some bandwidth is sacrificed for voice compatibility, and download speed is many times higher than upload speed) is the most widely used DSL, and is designed to work with an existing voice service. SDSL (Synchronous DSL) and other faster forms of DSL require the line's entire bandwidth.

Dynamic address

A dynamic address refers to an IP address given out to a device on a network with no regard to matching a specific address to that device. When a client device (say a laptop plugged into a network) is given a dynamic address, it simply receives one from a pool of available addresses. It may or may not be allocated the same IP address as on previous connections; no attempt is made to do so, nor is an attempt made to give a specifically different one.



A process by which information is changed from a meaningful usable form (called plaintext) into an encrypted form (called ciphertext), which is undecipherable except to those with the key to decrypt it. Encryption may apply to a single file on disk, to all data in packets over a network connection, or to an entire stream of data.

Ethernet, Fast Ethernet, Gigabit Ethernet

Ethernet refers to a family of related link-level protocols for sending data. Ethernet generally refers to the entire family, or sometimes just 10 megabit per second connections. Fast Ethernet is 100 megabits per second, and Gigabit Ethernet is 1,000 megabits (or one gigabit) per second Ethernet.


FQDN—Fully Qualified Domain Name

A complete domain name that unambiguously refers to an address in DNS. As an example, a host named alrac at will have the FQDN of

Frame Relay

A point-to-point protocol that transmits traffic in variable-sized frames rather than TCP/IP packets, and that is used to connect branch offices or a customer to their ISP. Frame relay doesn't do any error correction; this is left up to the end-points.

This used to be a lower-cost alternative to T-services, but these days is not as cost-competitive as it used to be, and is used mainly when high-speed DSL or T services are not available.


"Foreign Exchange Station" and "Foreign Exchange Office." These are analog telephony terms. FXS is the interface the telco provides to its customers, such as the wall jack that the telephone plugs into. An analog telephone is an FXO device.


GRE—Generic Routing Encapsulation

A tunneling protocol that provides encapsulation of OSI layer 3 packets inside IP packets. GRE provides a virtual point-to-point link between machines at remote points on an IP network like the Internet. GRE is completely insecure, but it provides a fast and simple way to access a remote network.

GRUB—GNU GRUB or GRand Unified Bootloader

A multiboot bootloader for Linux and other operating systems. GNU GRUB is based on the GRand Unified Bootloader. When a computer is booted, GRUB executes and allows a user to make boot-time choices such as selecting different kernels or kernel options, then transfers control and options to a kernel to boot an operating system. Just one kernel may be installed, or multiple operating systems with multiple kernels. Most current, general-purpose Linux distributions use GRUB. GRUB features a rather powerful interactive interface, and unlike LILO, the master boot record on diskdoes not have to be overwritten for every configuration change. (See also LILO.)



An Ethernet hub is a networking device with multiple ports that connects many networking devices in a star topology. When a packet arrives in one of the hub's ports, the hub simply repeats that packet to all of its other ports so it is received by all computers connected to the hub, in the hope that the correct destination machine will receive the packet. Because every packet on every port in the hub is repeated backout its other ports, collisions occur frequently and slow down the network. (Contrast this with a Switch.)



The Inter-Asterisk eXchange protocol that is native to the Asterisk iPBX (Internet protocol-base Private Branch Exchange) and VoIP (Voice over IP) server. IAX can carry multiple audio and video data streams, which reduces IP overhead, and because it uses a single port, it is easy to get through firewalls.


In the context of networking, a name used in Linux operating systems to describe a network connection. The connection may directly correlate to a physical device, such as eth0 (describing a specific ethernet port), or a virtual connection through another connection, such as tun0 tunneled over another connection.

IOS—Internet Operating System

Used in most Cisco routers, IOS is a specific-purpose operating system designed for handling network tasks on Cisco networking hardware.


Along with TCP, one of the most widely used and important protocols on the Internet. IP is the protocol involved in shipping a packet of information from one computer on a network to a remote machine potentially on the other side of the world. Routers pay attention to the IP address carried in an IP packet, and perform the magic required to shift the packet hop-by-hop to its final destination. IP provides no guarantees of reliability, so if packets are lost in transit, accidentally duplicated, arrive in the wrong order, or arrive corrupted, no effort is made to address the problem on the IP level—that is left to protocols a layer above, such as TCP. (If TCP detects a missing, corrupted, or out of order packet, it must request it be resent from the source.)

IP has two main flavors. First, is the widely popular and default IPv4 with its familiar 32-bit addressing (represented in dotted quad notation like, which gives a maximum of 4.3 billion addresses, not quite enough to give every human alive one IP address. Second, is IPv6, the successor to IPv4. With 128-bit addressing, IPv6 can provide enough addresses to give every human alive billions of IP addresses for every cell in their body. While a much larger address pool is one of the great features of IPv6, a few other extras are worth mentioning, such as multicast support by default, jumbograms (packets up to 4 GB in size), IPsec support by default, and stateless host auto-configuration.

IPsec—IP security

A set of protocols for encrypting, authenticating, and integrity checking packets at the level of IP streams. IPsec also includes protocols for cryptographic key establishment, and is widely used in some implementations of Virtual Private Networking (VPN). IPsec operates at the network layer below that of other Internet security systems (such as SSL), which can give extra flexibility with the tradeoff of more complexity. IPsec has two modes of operation: transport mode and tunnel mode. Transport mode is performed by each machine at the end of a connection, and only encrypts the payload of the IP packet, leaving the IP header as plaintext so it can be routed (although not by using NAT, which rewrites part of the packet, causing it to fail integrity checking). In tunnel mode, the entire packet is encrypted, and then encapsulated into a new IP packet to allow routing to function—using this method, secure traffic flow between two LANs can be provided by two nodes, one in each LAN.

ISDN—Integrated Services Digital Network

A digital network technology using ordinary telephone wires, ISDN is capable of delivering multiple channels of data, voice, video or fax over a single physical line. Channels on ISDN are either B (for Bearer, usually 64 Kbps channels that most data is transmitted on) or D (for the channel used to transmit control signals). Different ISDN services can provide varying numbers of channels, from a basic two B and one D, up to services with 30 B channels. In much of the world, ISDN has been supplanted by DSL.



An authentication protocol that allows users communicating over a network to prove their identity to one another securely. It not only allows a user to prove her identification to a server, for example, but allows the server to prove its identification to the user. Kerberos authentication uses symmetric key cryptography and a trusted third party, the Key Distribution Center (KDC). Each entity on the network has a secret key that is known only to itself and the KDC.

Authentication between two entities on the network is a complex process with many steps, but it can be summarized like this: a client wishes to access a server on the network, and communicates this wish to the KDC. The KDC and client communicate using the client's key (known only to the client and the KDC), and after some negotiation, the KDC returns multiple messages to the client, including one encrypted with the server's key that the client must send to the server to prove that the KDC has authenticated the client, and a session key specifically to be used for communication between the client and server. When the client presents the message encrypted with the server's key to the server, the server decrypts it and extracts the session key and other information identifying the client. This establishes a mutual trust, and the client and server can then communicate with each other using the session key to encrypt their messages.

KDC—Key Distribution Center.

See Kerberos.


LAN—Local Area Network

LANs are networks based on a small physical area such as a residence, building, or college campus. They tend to consist of fast connections between systems (Gigabit Ethernet and Wi-Fi are common), and don't involve a paid network connection to the Internet as part of their structure, although one may be used to connect the LAN to the rest of the world.

LDAP—Lightweight Directory Access Protocol

A protocol for accessing information in and writing information to an LDAP directory. The directory itself is a database designed for very fast consistent reads, used for relatively static information like user data, passwords, security keys, customer data, etc. LDAP clients connect to an LDAP server and send requests—generally, a client can send multiple requests to the server and does not need to wait for responses in between, and the LDAP server can return responses in any order. Microsoft's Active Directory and Fedora Directory Server are two examples of heavyweight LDAP implementations.

LILO—LInux LOader

When a computer that has LILO installed is booted, the BIOS passes control to LILO from disk, and allows a user to make boot-time choices such as selecting different kernels or kernel options. Once an option is selected, LILO loads the relevant kernel and transfers control and options to it in order to boot an operating system. LILO has fallen out of favor among general Linux distributions, in favor of GRUB. (See also GRUB.)



IP Masquerading is a synonym for Network Address Translation (NAT).

MIB—Management Information Base

In the context of SNMP, it is a hierarchical structure that describes all the objects that an agent can be queried about or in some cases written to. The MIB for each agent contains the name, Object Identifier (OID), data type, and read or read/ write status of each object. Network equipment (agents) designed to be managed by SNMP must contain a MIB with objects relevant to the device's operation, and the manager for that agent must also know what can be sanely accessed on the agent. In reality, there is one MIB and the Internet Assigned Numbers Authority (IANA) manages the structure of it. Devices only implement a subset of the MIB tree with objects relevant to their operation.


From MOdulate/DEModulate, a modem is a device that encodes (by modulation of a carrier signal) digital data for transmission over an analog phone connection, and decodes a received analog signal back into a digital stream. Modems are best known for connecting two computers over the telephone system, but different forms of modems using other analog transmission mediums (such as radio) exist.

MPPE—Microsoft Point-to-Point Encryption

A protocol used to encrypt PPP and VPN connections. MPPE uses RSA's RC4 encryption using up to 128-bit session keys. Session keys are changed frequently for extra security, but due to keys being derived from information originally sent as plaintext, MPPE is not particularly robust encryption.


IP Multicast is the process of sending a packet to multiple machines on a network. Contrast this with Unicast (sending to one host only) and with Broad-casting (sending to all hosts). Multicast only requires the source to send a packet once, no matter the number of receivers—it's the nodes within a network that replicates the packet as many times as needed. Movement and replication of the packet within the network to the correct hosts depends on the source sending to a group address, and having multiple receivers who have already announced to the network that they are part of that group. Nodes within the network (knowing who has joined the multicast group) can then intelligently forward the packet on, replicating it only when needed.


NAS—Network Access Server

A point of access to a network that guards access to that network. The NAS takes credentials from a client wishing to connect to the network, passes them to an authentication service of some kind, and then grants or denies the client access depending on the response from the authentication service. To perform as a NAS, a server does not require information about which clients are allowed access, although the authentication service used by the NAS may run on the same physical device. All the NAS must be able to do is prevent or allow a client access to the resources behind it.

NAT—Network Address Translation

A method used to allow a single public IP address to represent an entire private subnet, and to run public servers with private nonroutable addresses. A typical Internet connection may have one public IP address, and a LAN of 25 workstations, laptops, and servers behind it, protected by an iptables NAT firewall. The entire network will appear to the outside world as a single computer. Source NAT (SNAT) rewrites the source addresses of all outgoing packets to the firewall's address, and can retranslate the other way, too, when responses for machines inside the private network are received from the Internet. While having public routable IP addresses is desirable for public services, like web and mail servers, you can get by on the cheap without them and run public servers on private addresses. Destination NAT (DNAT) rewrites the destination address, which is the firewall address, to the real server addresses, then iptables forwards incoming traffic to these servers.


Subnet Mask. (See also Subnet.)

NIC—Network Interface Card or Network Interface Controller

The hardware that allows a computer to connect to a network. It may consist of a card that plugs in to a computer motherboard, it could connect via USB port, or it could be integrated into the motherboard itself. It provides the physical connection that allows the computer to talk to the rest of the network. Most common is a connection to a TCP/IP network that may use cat5, wireless, or coax connections. NICs exist for other network types, including token ring and optical fiber.

NSS—Name Service Switch

A part of many Unix and related systems that defines how lookups for information relating to the environment of the machine are made. By default, most lookups for names such as user passwords, groups, hosts, and so on are done via files such as /etc/passwd or /etc/hosts. The Name Service Switch allows lookups using other databases to discover the same information, and defines the order in which those databases are accessed. It is through configuration of this switch that a Linux system can be used on a Windows domain, with the Winbind NSS module providing users and groups from a Windows domain.

NTP—Network Time Protocol

A protocol designed to allow computers on a network to synchronize their clocks, taking into account the variable latency on a packet switched network. Using NTP, it's possible for all computers on a network (like the Internet) to have clocks synchronized to within hundredths of a second. This is required for some network activities, such as Kerberos authentication, which in part relies upon accurate timestamps.

Null modem cable

A cable that allows a PC to connect directly to another PC via serial ports. Similar to a normal modem cable (except where receive/transmit lines would go straight through to transmit/receive pins on the modem), a Null modem cable swaps the lines inside the cable, allowing the two PCs to communicate using the same serial connection software and serial ports used to connect to a modem.

NVRAM—Non-Volatile Random Access Memory

Unlike the normal RAM inside a PC, NVRAM doesn't lose its contents when power is removed. Various forms of NVRAM generally come with disadvantages compared to normal RAM—it's often slower, requires more power to read, and many times more to write, and may wear out with the masses of writing that normal RAM requires. Different forms of NVRAM are most often used to store some settings within a device, where only occasional writes are required, but it can also serve as a silent replacement for a small hard drive. Flash memory is the most well-known form of NVRAM.


OID—Object IDentifier

Within the context of SNMP, a unique identifier referring to an object within a Management Information Base (MIB) used to store information and settings related to a network device. The OID is represented as a string of numbers separated by dots, and refers to an object's position in the tree structure of the MIB. For example, would be a sibling of, and both are children of 1.3.4. The object and the information it contains can be anything relevant to the device's operation, from the name of the device to the speed of fans, memory usage, bandwidth usage, or the number of hamster wheels in use.

OSPF—Open Shortest Path First

A link-state routing protocol, implemented by routers to dynamically adjust routing to changing network conditions. An OSPF router multicasts information to other routers when changes have occurred around its network, as well as routine updates every 30 minutes. From this information, each individual OSPF router builds a link-state database that contains a representation of the entire topology of the network in tree form, with the router itself at the root. When a router needs to forward a packet, it can use its copy of the link-state database to calculate the best path from the root (itself) to the destination on the tree, using a path cost as its routing metric (as opposed to RIP's hop count). In a practical sense, path cost is mainly determined by link speed over a given route, so a packet is forwarded toward the fastest of multiple routes. As a network grows larger, routers will spend more time and bandwidth talking to each other, which consumes valuable bandwidth just keeping the network together. OSPF addresses this issue by allowing the division of a network into areas. Areas must all be connected to a common backbone, and the routers inside each area only need to contain the topology for that area, with border routers communicating between different areas. (See also RIP.)


Packet filtering

Filtering by the attributes of a packet entering a device or network. Attributes may include the source or destination address for the device, the port, connection type, elements of the data payload, or any other number of detectable attributes of the packet.

Packet switching

A packet switched network breaks information to be transmitted into discrete packets, each of which is sent over a shared network used by multiple machines or users. Each individual packet contains information pertaining to its source and destination, and does not require a dedicated path to reach its destination; indeed, packets may travel between the same source and destination using different paths. Multiple users may transmit packets over the same connection at the same time, independently of one another. (Contrast with Circuit switching.)

PAM—Pluggable Authentication Modules

A system whereby applications that require authentication can use many kinds of authentication, all using the same API. An application only needs to know it is using PAM, and the relevant modules provide one of many kinds of authentication, transparently.

PBX—Private Branch eXchange

A PBX was originally a private telephone exchange that handled a business' own internal telephone requirements, so that an entire building's internal phone calls wouldn't need to use the costly public phone network. Now, a PBX is any system that handles in-house telephony, from manual exchanges to VOIP systems that route telephony over IP networks.

PCI—Peripheral Component Interconnect

The PCI Standard defines a 32-or 64-bit parallel bus for connecting devices to a computer motherboard. Peripherals connected via a PCI bus vary widely, including graphics cards, network cards, modems, diskcontrollers, and other I/O devices. The original PCI bus specification consisted of a 33 MHz 32-bit bus, and has been revised multiple times, culminating in PCI-X running up to 533 MHz with 64-bit signalling. PCIe (also called PCI Express) is a far faster interface that is physically and electrically very different to PCI, but retains software compatibility; i.e., an operating system written to talk to PCI devices won't be confused when it finds it's running on a PCIe system.

PDC—Primary Domain Controller

A server catering to Windows NT style domains that can give a user access to multiple resources on a network with the use of one login. NT Server domains have one Primary Domain Controller, and optionally multiple Backup Domain Controllers. While the Primary Domain Controller contains the database of accounts and privileges in a read/write form, each Backup Domain Controller gets a full backup of the database, but is read-only. If needed, a PDC can be removed and a BDC can be promoted to PDC. Under Linux, Samba can perform as a PDC. (Contrast to Active Directory, which supersedes NT-style domains.)

PKI—Public Key Infrastructure

A system that handles the work of creating public-key certificates containing identities tied to public keys and signed by a certificate authority (CA). The PKI can publish the public-key certificates to those who wish to communicate with the keys' owners, and verify that a certificate containing some public key and identity is genuine, so the public key can be trusted to belong to the owner described.

PPP—Point-to-Point Protocol

In its most common form, PPP is used to provide an OSI layer 2 (data link) between two nodes over a serial modem connection to allow TCP/IP to function and give a computer Internet access. Defined within PPP's specification is Link Control Protocol (LCP), which automatically configures the interfaces at each end of the PPP connection. PPP is also used as part of PPP over Ethernet (PPPoE) for some ADSL connections, and PPP over ATM (PPPoA) for some ADSL and Cable Internet connections.

PPTP—Point-to-Point Tunneling Protocol

A protocol used to create a VPN over an IP-based network such as the Internet. Network protocols on the original networks are sent over a regular PPP session using a Generic Routing Encapsulation (GRE) tunnel. A PPTP VPN can be encrypted using Microsoft Point to Point Encryption (MPPE), but the implementation isn't particularly secure in comparison to the SSL-based OpenVPN.


QoS—Quality of Service

Any system whereby packets zipping around your network are handled in different ways according to their importance and need. Applications sending/receiving data don't all require the same performance from the network; VoIP may have strict requirements for low delay, high quality video may need consistent high throughput, an SSH session may require little bandwidth but must be highly responsive, and network warnings to on-call admins (you really do want to know when your most critical servers have something to complain about) absolutely must get through.


RAS/RRAS—Remote Access Service, Routing & Remote Access Service

RAS is Windows NT's Remote Access Service, which allows the sharing of network services over a dial-up connection. A remote user would dial in to a server, and then have the same access to the server's network as if they were connected to it physically.

RRAS is the equivalent to RAS in Windows 2000 Server and above, which not only provides dial-up remote access, but also a VPN server, IP Routing, and NAT.

RDP—Remote Desktop Protocol

The protocol used by client software to connect to a remote Windows computer running Microsoft Terminal Services, and to use that computer as if it were the local machine. Currently, the server software only runs on Windows, but clients are available for other operating systems, including Linux, Mac OS X, BSDs, and Solaris. RDP not only allows the remote machine to display graphics on the local screen, but applications on the remote can play audio and use serial ports, parallel ports, and printers on the local device.

Not all Windows computers can run an RDP service; notable exceptions are Windows XP Home Edition and Windows Vista Home Basic or Home Premium.

RFC—Request For Comments

Documents containing standards, technical, and organizational information about the Internet. An individual RFC is not necessarily a standard or even a proposed standard, but may be published to provide information about how other standards work in practice when applied to the Internet, to provide information on de facto adopted standards, or to convey new concepts related to the Internet. RFCs are serialized, and referred to by number; for example, RFC 4406 is a document covering an experimental protocol for email authentication. Anyone may publish a document to the Internet Engineering Task Force for inclusion as a possible RFC. The official source for RFCs is

RIP—Routing Information Protocol

A method by which routers within a network are able to adapt to changing network conditions (such as a downed router or suddenly congested links) by communicating to other routers. About every 30 seconds, a RIP-enabled router multicasts its routing table to any other connected routers, and can be triggered to do the same on certain events for quickre sponse to sudden changes. As a distance-vector routing protocol, RIP uses the hop count of a destination to detect the most desirable path to route packets, but limits the number of hops to 15 to prevent routing loops. This creates a limit to the size of a network that can be supported by RIP, as anything more than 15 hops away appears not to exist to RIP routers. RIP benefits from simple configuration and low processing requirements, so for a relatively small LAN, RIP may be ideal. (See also OSPF.)


IP Routing is the process of path selection for packets traveling through an IP-based network. Compared to bridging, which automatically discovers the route that network traffic takes between multiple network segments, and does so via OSI Layer 2 (the data linklayer), routing relies upon a coordinated OSI Layer 3 (network layer) network, and uses the IP addresses of packets to decide where to forward them. Routing is usually controlled by pre-constructed routing tables that define where a packet should go. Each router only needs to know where a packet should be sent on its next hop, and doesn't know nor care what happens afterward; the next hop plus one is the responsibility of the next router, and so on through the network until a packet reaches its destination.


SBC—Single Board Computer

A computer where everything needed to function is on a single board (mostly). A desktop computer can require a whole load of different boards and accessories to make it work. There's the motherboard, some RAM modules, a hard drive, a graphics card, a keyboard, and a mouse—and that's just for a basic system without including extra storage, exotic graphics setups, extra USB ports, or specialized sound and media cards. On the other hand are the single board computers with much more modest hardware. A fanless basic processor, RAM, flash RAM storage, multiple networking ports, and serial connections all on the one board is the norm. There may be some basic expansion available, but it's not necessary for most operations. The idea is that many specialized repetitive tasks like routing, firewalls, and some services can be handled by computers at about the speed of an early Pentium, and that's where these boards fit. Just cram it in a box, add power and an operating system to its flash RAM, and you're on your way.

Serial console

Any PC, laptop, or PDA that controls another machine via the serial port. Some folks think that only a real hardware serial terminal, like a Wyse terminal, can be called a console. Using an old PC for a serial console is a nice way to get a few more years' life out of an old machine.

SIP—Session Initiation Protocol

The SIP protocol is probably the most popular VoIP protocol in use now. Commercial VoIP providers like Vonage use SIP. SIP is not a multimedia protocol itself, but rather carries any type of audio or video stream, and it creates, modifies, and terminates sessions between at least two endpoints.

SLA—Service Level Agreement

A formal agreement that defines the level of service to be expected from a provider of those services. For example, with an Internet connection, an SLA may define the percentage of time a connection remains open and fully usable, the average time before the helpdesk answers their phones, or the average time taken for problems to be fixed. An SLA can also lay out billing reductions for the client or penalties for the provider if they fail to honor the level of service described.


A Smurf attack is a form of Denial of Service attack that exploits the response of computers on a network to a broadcast ICMP echo request (a ping). The basic element of a Smurf attack is a single ICMP echo request carrying a faked source IP address, sent to a broadcast address. The routing device that receives the echo request then broadcasts the single request to all IP addresses covered by that broadcast address, and each one sends backan ICMP echo response directed to the faked source IP address. In this way, a single ping request from somewhere on the Internet can generate a much larger ping response to the faked source address (the victim). Floods of such pings can multiply the response hundreds-fold, and overwhelm the network connection or computer at the faked source IP.

SNMP—Simple Network Management Protocol

SNMP consists of managers (stations that oversee devices on a network) and agents (inside a network device itself) communicating through a simple language. Using SNMP, a manager is able to read information from an agent, or read and write information depending on the permissions it has to that agent. Information within agents is stored by objects within a Management Information Base (MIB), and those objects may contain a wide range of information about a device such as settings, usage statistics, performance data, or physical properties (e.g., temperature or fan speed).

SOHO—Small Office/Home Office

A term applying to a small business with up to about 10 users. Computing equipment labeled SOHO may be designed with some features typically for business use, but not necessarily capable of handling the requirements of large organizations with hundreds of users.


A package for Red Hat-based Linux systems that contains source code and a spec file that lets the rpm utility compile and build an RPM package. The resulting RPM package can then be installed and managed like any other RPM.

SSH—Secure SHell

A protocol that allows the opening of a secure, encrypted channel between two computers with secure authentication. SSH is most often used to provide a secure shell to log in to a remote machine, but also supports file transfers, TCP, and X11 tunneling.

SSL/TLS—Secure Sockets Layer/Transport Layer Security

SSL and TLS are similar, related protocols for providing secure data transmission and authentication over networks, including the Internet. SSL was originally developed by Netscape in 1994, and was revised to become SSL 3.0 in 1996, which became the base of TLS. TLS 1.1 is the current version of the protocol. An SSL/TLS connection is started by a client requesting a secure connection to a server. The client and server decide on the strongest cipher and hash function they both share, and the server presents a digital certificate that can be checked by the client with the issuing certificate authority. Within the server's certificate is its public key, which the client uses to encrypt a random number to send to the server. If the connection is genuine, the server is able to decrypt the message and the server and client now have a matching secret random number that can be used to generate keys for data transfer. Now that this handshaking is complete, the server and client may communicate over a secure connection. The client may also present a digital certificate as part of the handshaking process, so that the server, too, can verify the client's identity.

State (packet filtering)

Filtering on the known state of a packet, identified by previous network activity. A single packet coming from a random machine on the Internet may be dropped by a firewall, or it may be accepted, depending on the known state. For example, a machine behind a firewall may request a web page from a web server. The web server then sends a response back, and the firewall allows the response because it knows a machine requested information from that server. The same response from the web server would be denied if there had been no original request passing through the firewall. While there was not necessarily any information within the packet that defined whether it was a valid response to be passed through, its state was derived by the firewall through previous activity between the two hosts.

Static address

A Static address is one meant to be matched to a particular computer, so that it always has the same address. Necessary when you have a server on a network, and must know a permanent IP address in order to use it. (Contrast with a Dynamic address.)


In the context of an IP-based network, a subnet is a group of related IP addresses all beginning with the same binary network part, and ending in a unique binary sequence identifying the host within the subnet. An example might be the IP address with subnet maskof The first 24 bits of the address, shown by bits in the subnet mask, reveal which part is the network address (, with the last 8 bits correspond to the hosts part (12 in this case). The entire subnet thus spans the address range to Dividing a network into subnets in this hierarchical sense keeps routing easy, as the IP addresses within a subnet can all be derived from the network address.


At first glance, a switch may look very similar to a hub, but it will act far more intelligently. Switches take note of the addresses of connected computers in order to send only data to the correct machine. For example, a packet arrives in a port on a switch, and is destined for one particular machine connected via another port. The switch has previously paid attention to which machines are connected to which port, and forwards the packet out only to the correct machine. An unmanaged switch has no configuration options, and simply connects to multiple network computers. A managed switch can be configured for various network fine tuning, such as limiting speed on certain ports, QoS, SNMP reporting/control, link aggregation, and so on. (Contrast with Hub.)


Part of opening a new TCP connection. When a client wishes to connect to a server on the Internet, it first sends a SYN packet to the server. The server responds backwith a SYN-ACK (an acknowledgment), and the client returns a SYN-ACK-ACK (another acknowledgment). Both acknowledgments together indicate that the server can talk to the client, the client can talkto the server, and a TCP connection is now open for use between the two hosts.


TCAM—Ternary Content Addressable Memory

Unlike normal RAM in a computer where data is stored in many addresses and the RAM can only be queried for the contents at a given address, Content Addressable Memory (CAM) works in the other direction. CAM is provided with content, then searches its memory in order to return a list of addresses where the content was found. With RAM, a search requires software to repeatedly read from a memory address, compare the contents of memory to the content being searched for, then move on to the next address, repeating until the area of RAM to be searched is exhausted. With CAM, content can be provided, and the list of addresses containing that content is returned in one operation, which provides a phenomenal speedup for searching the contents of memory.

Ternary Content Addressable Memory takes this a step further. With normal CAM, the stored data is only in the form of bits—a word at an address may be 10011101, but TCAM may contain a third state of "don't care" or "X" in memory—so a word at an address could be 10011X01, which would match the search for 10011101 and 10011001. CAM and TCAM are often used in switches and routers to store MAC lookup tables and routing tables, respectively. A router may have a network address in memory, and when a packet arrives to be routed, its destination IP address can be searched for in TCAM, which will instantly return the address of a routing table entry for its destination address, stored with only the network part of the destination network as 1 or 0, and host part as X. CAM and TCAM are far more complex, expensive, and power-hungry memory-wise than normal RAM, but are necessary for applications like routing where a search through a routing table must be done thousands or millions of times per second.

TCP—Transmission Control Protocol

One of the central protocols essential to the function of the Internet, TCP allows applications to create connections that, once established, the applications can stream data across. TCP stacks in an operating system do the hard work of splitting the stream of data into segments with a sequence number, and sending them out over an IP-based network. At the remote end, the TCP stack acknowledges packets that have been received (so that missing packets can be resent) and reassembles received packets in the correct order to provide an in-order data stream to the remote application.

TLS/SSL—Transport Layer Security/Secure Sockets Layer


TTL—Time To Live

A TTL is a limit on how long a piece of information can exist before it should be discarded. One example is a DNS record. When first looked up by a caching DNS server, a domain's DNS records will be cached and the TTL will be recorded in seconds. Before the number of seconds has passed, any subsequent DNS lookups of that record will come from the cache. Once the TTL has passed, the cached record expires, and should be looked up again from an authoritative source. The time may also be a number of transmissions or hops on a network, for example performing a traceroute depends on a TTL being reduced by 1 on every hop. When a traceroute runs, a series of packets are sent towards a destination with increasing TTL values. With each hop, the TTL is reduced—when it reaches 0, the packet is considered expired, and an ICMP Time Exceeded packet is returned to the sender. The traceroute utility is able to record the origin of each ICMP packet returned as each successive longer TTL allows the packet to reach further through a network, then display the list of hosts a packet passes through to reach the destination.


UART—Universal Asynchronous Receiver/Transmitter

A UART is a device that performs a conversion between data in parallel form, such as bytes in memory, and a serial stream for transmission over a serial connection. Universal refers to the ability of the Asynchronous Receiver/Transmitter to operate at a number of different bit rates, depending on the need at the time.


VLAN—Virtual LAN

A method whereby multiple logical LAN segments are created on top of an existing physical LAN. An existing LAN segment may consist of 10 computers physically connected as a LAN. Along comes the concept of a VLAN, and it defines three of those computers as belonging to VLAN1, with the remaining seven on VLAN2. To software running on the machines in VLAN1, the entire LAN consists of just three computers, and the other seven (although physically connected as if they were part of the same LAN) are not seen. This logical subnetting reduces traffic on the network by providing smaller (and more numerous) broadcast domains, and subnets can be created without needing to rewire or relocate hardware physically. VLANs are implemented through the use of IEEE 802.1Q, which allows the tagging of Ethernet frames with information that identifies which VLAN they belong to.

VNC—Virtual Network Computing

VNC is a remote display system where a user can view or control the desktop environment of a remote computer that may be across the room, or on the other side of the world over the Internet. When controlling, communication goes both ways—keyboard and mouse events are sent from the viewer (the client) to the remote machine, and the remote (the server) provides updates of the screen display back to the client. VNC works on a framebuffer level, and does not require higher-level protocols to display windows, text, animation and so on—all screen updates are purely image based. A user may connect to a server, use its desktop for a time, then disconnect and move to another location. Upon reconnecting to the server, the user will see the exact desktop, down to the mouse pointer being in the same place.

There are many VNC implementations; you can control two PCs from a single keyboard and mouse, attach to an existing session, and mix-and-match operating systems.

VoIP—Voice over IP

Using packet-switched networks to transmit voice traffic instead of the traditional circuit-switched networks. Packet-switching allows the physical circuits to carry far more traffic.

VPN—Virtual Private Network

In its broadest sense, a network tunneled through another network. In the term's usage in this book, it is a tunnel used to connect trusted remote users (such as those on laptops working from home), or other remote networks (such as a branch office) into a LAN, so that the remote users may have full network access as if their computer were connected directly to the LAN. The connection is tunneled over the Internet, and the two endpoints authenticate to one another and encrypt communications. Think of it as a long, private Ethernet cable that extends over the Internet to your users in the field.


WAN—Wide Area Network

A Wide Area Network is a network that spans a large geographic area relative to a LAN. It will likely contain a paid network connection by a telecommunications provider, and cross legal (including national) boundaries. A school campus may consider its entire on-campus network to be a LAN (even if that supplies hundreds of buildings on the one site), and the connection to other campuses in different cities to be part of the WAN. On a different scale, a community wireless network may consider home computer networks of one or two machines to each be LANs, and the wireless network that connects them all across one part of a city to be their WAN. The Internet can be considered the largest of all WANs.

WAP—Wireless Access Point

The device that connects a wired LAN to a wireless network, and acts to move data between wireless devices and the wired LAN, or directly to the Internet. The WAP contains the antenna that transmits/receives wireless signals to/from any wireless-connected devices such as laptops, and is the device that implements the encryption required for good wireless security.

WEP—Wired Equivalent Privacy (or Wireless Encryption Protocol)

An encryption scheme used to secure wireless networks, part of the 802.11 standard. WEP is particularly weak protection, and vulnerable to an attacker within minutes using freely available tools such as AirSnort and WEPCrack. If your hardware only supports WEP, upgrade to something supporting WPA/WPA2. As of August 2003, Wi-Fi certification is not possible without WPA support.


Wi-Fi refers to standards (the 802.11 family) that define wireless networking most commonly used on LANs. While IEEE formally defines the 802.11 standards, testing and certification of products following the standard is performed by the Wi-Fi Alliance, an industry group formed to push the adoption of standard wireless networking. Only products tested by the Wi-Fi Alliance may carry the Wi-Fi trademark. Wi-Fi certification is a moving target that involves not just the wireless connection itself, but relevant technologies such as encryption, QoS, and power saving. As new wireless developments are ratified, the requirements for Wi-Fi certification change, too. One example is security; WPA2 certification is compulsory in order to obtain Wi-Fi certification as of 2006.


A Name Service Switch (NSS) module that allows a Linux (and Unix/Unix-alike) system to join a Windows domain and obtain login information from the domain, instead of from the Linux system's local user database. Essentially, this means Windows domain users (NT or Active Directory) can appear and operate as Linux users on the Linux machine, and gain access to Windows domain services. Winbind is part of the Samba suite.

WINS—Windows Internet Name Service

WINS is Microsoft's name resolution service for NetBIOS computer names. A WINS server allows computers to register their NetBIOS names and IP addresses dynamically upon joining a network. A computer queries the WINS server by providing the NetBIOS name of a machine it is interested in, and the WINS server returns that machine's IP address. WINS is essentially to NetBIOS names as DNS is to domain names. Under Linux, Samba is perfectly capable of acting as a WINS server.

WPA/WPA2—Wi-Fi Protected Access

Encryption schemes used to secure wireless networks. There are two flavors of WPA: WPA and WPA2. WPA is an upgrade of WEP; both use RC4 stream encryption. It was designed to be a transitional protocol between WEP and WPA2. WPA is stronger than WEP, but not as strong as WPA2. WPA2 uses a new strong encryption protocol called Counter Mode with CBC-MAC Protocol (CCMP), which is based on Advanced Encryption Standard (AES).

If you enjoyed this excerpt, buy a copy of Linux Kernel in a Nutshell