Intro to Networking Chapter 4: Protocols
Dynamic ARP table entries
created when a client makes an ARP request for information that could not be satisfied by data already in the ARP table; once received, the new information is recorded in the table for future reference.
keep information private
he purpose of encryption is to
layer 2 switch
if a switch reads and processes the data link layer header but passes the message along without reading higher-layer headers, it is known as a
Static ARP table entries
A record in an ARP table that someone has manually entered using the ARP utility.
introduce themselves to each other and establishes terms for how they will securely exchange data.
A session is created by a handshake protocol, one of several protocols within SSL/TLS, and perhaps the most significant. As its name implies, the handshake protocol allows the client and server to
jumbo frame
A setting on Ethernet network devices that allows the creation and transmission of extra-large frames, which can be as large as just over 9,000 bytes.
digital certificates
A small file containing verified identification information about the user and the user's public key.
LLC (logical link control) sublayer
A sublayer of layer 2 that is primarily concerned with multiplexing, flow and error control, and reliability.
three-way handshake
A three-step process in which transport layer protocols establish a connection between nodes.
CIA (confidentiality, integrity, and availability) triad
A three-tenet, standard security model describing the primary ways that encryption protects data. Confidentiality ensures that data can only be viewed by its intended recipient or at its intended destination. Integrity ensures that data was not modified after the sender transmitted it and before the receiver picked it up. Availability ensures that data is available to and accessible by the intended recipient when needed.
asymmetric encryption
A type of encryption (such as public key encryption) that uses a different key for encoding data than is used for decoding the cipher text.
Private key encryption
A type of key encryption in which the sender and receiver use a key to which only they have access. Also known as symmetric encryption.
CA (certificate authority)
An organization that issues and maintains digital certificates as part of the PKI (public-key infrastructure).
Ver: IPV4 Header length: 20 bytes= minimum size for IP header Differentiated serv field: No options for priority handling are set, which is not unusual in routine data exchanges such as requesting a web page. Total Length: 44 Bytes= Header length + TCP segment= 24 Identification= uniquely identifies the packet. This is the first one. Flag= 1 means on 0 means off, Time to live: This packet's TTL is set to 64. If the packet were to keep traversing networks, it would be allowed 64 more hops before it was discarded. Protocol= TCP segment is encapsulated within the packet. TCP is always indicated by the hexadecimal string of 0x06. Header checksum= which is used by the recipient of this packet to determine whether the header was damaged in transit. Source and Destination= These last two fields show the IPv4 addresses for the packet's source and destination, respectively.
Explain the headers of IPv4
Encryption
The use of an algorithm to scramble data into a format that can be read only by reversing the algorithm—that is, by decrypting the data—to keep the information private.
MTU (maximum transmission unit)
The largest IP packet size in bytes that routers in a message's path will allow without fragmentation and excluding the frame.
MAC sublayer
The lower portion of the data link layer that is specifically involved with managing MAC addresses in message frames.
PKI (public-key infrastructure)
The use of certificate authorities to associate public keys with certain users.
large enough to fill the entire cable during transmission.
To ensure that any collisions are detected, frames are made
SSL (Secure Sockets Layer) and TLS (Transport Layer Security)
both methods of encrypting TCP/IP transmissions—including web pages and data entered into web forms—en route between the client and server using public key encryption technology.
IP (Internet Protocol)
It specifies where data should be delivered, identifying the data's source and destination
NDP (Neighbor Discovery Protocol)
A data link layer protocol that works with ICMPv6 to detect neighboring devices on an IPv6 network, helps manage the SLAAC (stateless address autoconfiguration) process, and oversees router and network prefix discovery.
ARP table
A database of records that maps MAC addresses to IP addresses. The ARP table is stored on a computer's hard disk where it is used by the ARP utility to supply the MAC addresses of network nodes, given their IP addresses.
Public key encryption
A form of key encryption in which data is encrypted using two keys: One is a key known only to a user (that is, a private key), and the other is a key associated with the user and that can be obtained from a public source
IPsec (Internet Protocol Security)
A layer 3 protocol that defines encryption, authentication, and key management for TCP/IP transmissions. An enhancement to IPv4 and is native to IPv6.
symmetric encryption
A method of encryption that requires the same key to encode the data as is used to decode the cipher text.
checksum
A method of error checking that determines if the contents of an arriving data unit match the contents of the data unit sent by the source.
CSMA/CD (Carrier Sense Multiple Access with Collision Detection)
A network access method specified for use by IEEE 802.3 (Ethernet) networks. each node waits its turn before transmitting data to avoid interfering with other nodes' transmissions.
Type- Indicates the type of ICMP message, such as Destination Unreachable. Code- Indicates the subtype of the message, such as Destination host unknown. Checksum- Allows the receiving node to determine whether the ICMP packet became corrupted during transmission. Rest of header- Varies depending on message type and subtype. Data- Usually contains the IP header and first 8 bytes of the data portion of the IP packet that triggered the ICMP message.
DDescribe the functions of each field in the ICMP packet
HTTP (HTTPS): Encryption: SSL/TLS provides encryption for data transmitted between a user's web browser and a web server. This ensures that sensitive information, such as login credentials and personal data, is protected from eavesdropping. Authentication: SSL/TLS enables server authentication, allowing the user's browser to verify the identity of the web server. This helps prevent man-in-the-middle attacks.
Describe the security provided by SSL/TLS for HTTP
LDAP (LDAPS): Encryption: LDAPS (LDAP Secure) is the secure version of the Lightweight Directory Access Protocol. SSL/TLS encrypts data exchanged between LDAP clients and servers, protecting directory information. Authentication: SSL/TLS in LDAPS helps verify the authenticity of the LDAP server and ensures the confidentiality of sensitive directory data.
Describe the security provided by SSL/TLS for LDAP
SMTP (SMTPS): Encryption: For SMTP, SSL/TLS can be used to encrypt the communication between email clients and servers. This is known as SMTPS (SMTP Secure). Authentication: SSL/TLS in SMTP helps ensure that the email server is the legitimate one and prevents unauthorized access to email communication.
Describe the security provided by SSL/TLS for SMTP
Association between the client and server that is defined by an agreement on a specific set of encryption techniques. The session allows the client and server to continue to exchange data securely as long as the client is still connected to the server. Created by the handshake protocol
Each time a client and server establish an SSL/TLS connection, they establish a unique session, which is an
LLC (logical link control) sublayer MAC Sublayer
Ethernet standards. Interestingly, the data link layer can be divided into two sublayers, as follows:
VER: Indicates which IP version the packet uses. Traffic class: Identifies the packet's priority Flow label: Indicates which flow, or sequence of packets from one source to one or multiple destinations, the packet belongs to. Payload length: Indicates the size of the payload carrried Next header: Identifies the type of header that immediately follows the IPv6 packet header, usually TCP or UDP. Hop limit: Indicates the number of times the packet can be forwarded by routers on the network, similar to the TTL field in IPv4 packets. When the hop limit reaches 0, the packet is discarded. Source address: Indicates the full IPv6 address of the source host. Destination address: Indicates the full IPv6 address of the destination host. Data: Includes the data originally sent by the source host, plus any headers from higher layers.
Explain the fields in a IPV6 Packets
correct errors it detects—those functions are left to higher-layer protocols, such as TCP.
ICMP announces these transmission failures to the sender, but it does not
critical information for troubleshooting network problems.
ICMP's announcements provide
network layer of the OSI model
IP (Internet Protocol) belongs to the
establish a session to send its packets
IP is a connectionless protocol, meaning IP does not
Transport mode—Connects two hosts. Tunnel mode—Runs on routers or other connectivity devices in the context of VPNs.
IPsec can be used with any type of TCP/IP transmission and operates in two modes:
network layer of the OSI model
IPsec works at the
transmitted before a collision can be detected. In this case, the node does not know to resend the corrupted transmission.
If a cable is too long, the entire message can be
Source port-16= process on host for docking incoming info Designation port-16- designation for info Sequence number- 32- position of data sent Acknowledgement number- 32- confirmation of data sent TCP header length- 4= the length of the TCP header in bytes. reserved- 6 = a field reserved for later use. flags-6 - Identifies a collection of six 1-bit fields or flags that signal special conditions about other fields in the header. Sliding-window size (or window)- 16= how many bytes the sender can issue to a receiver before acknowledgment is received. Check Sum- 16= Allows the receiving node to determine whether the TCP segment became corrupted during transmission. Urgent Pointer- 16= location in the data field where urgent data resides Options- 0-32= Specifies special options, such as the maximum segment size a network can handle. Padding- Var= ensure that the size of the TCP header is a multiple of 32 bits.
Name the length and function of each field in this photo-
TCP to ensure the messages are reassembled in the right order, if that's necessary. It also relies on either TCP or UDP to ensure each message reaches the correct application on the receiving host.
Once IP delivers the message to the correct host, it depends on
backward compatibility or to meet the needs of specific situations or vendor-specific devices.
Other Ethernet standards exist, such as Ethernet 802.3. However, those standards tend to be used only for
enabled for backward compatibility. You'll also often see the terms used interchangeably—many times, even when someone says SSL, they're referring to TLS.
SSL has now been deprecated and should be disabled whenever possible, leaving the more secure TLS to provide protection. In reality, you'll often see them both
Step 1: Computer A initiates a connection by sending a SYN (request for connection) message to Computer B. This message includes a randomly selected sequence number for synchronization, with the SYN flag activated, indicating a desire to communicate. The ACK bit is set to 0 in this initial transmission. Step 2: Upon receiving the SYN message, Computer B responds with a SYN/ACK (acknowledgment of the request) message. Both the ACK and SYN bits are set to 1, confirming readiness to communicate. In its Sequence number field, computer B sends its own seemingly random number Step 3: Computer A acknowledges the response by sending an ACK (connection established) message. The sequence number is set to match the one expected by Computer B, and the Acknowledgment number field equals the sequence number from Computer B plus 1. The ACK bit is set to 1, finalizing the establishment of the connection.
Summarize the Three connections during the Three way hand shake:
Carrier Sense refers to an Ethernet NIC listening and waiting until no other nodes are transmitting data. Multiple Access refers to several nodes accessing the same network media. Collision Detection refers to what happens when two nodes attempt a transmission at the same time.
Take a minute to think about the full name Carrier Sense Multiple Access with Collision Detection:
RA (router advertisement)- A router periodically sends an RA message out each of its configured interfaces to provide information about the network prefix, link MTU, and hop limits. RS (router solicitation)- To avoid waiting for the next scheduled RA message, a newly connected IPv6 host can send an RS message to request information from the router right away. Redirect- to inform hosts on the network that another router is a better gateway for a particular destination network. NS (neighbor solicitation)- request the MAC address of a neighboring node. to ensure no two devices are using the same IPv6 address and to verify a neighbor's reachability. NA (neighbor advertisement)- for responding to NS messages to inform other network devices of their MAC address information.
The SLAAC process you learned about earlier is managed by NDP, as are router and network prefix discovery and neighbor discovery. NDP offers several ICMPv6 message types to perform these tasks, as follows:
static entry to the ARP table
The command arp -s can be used to add a
Public and Private Key encryption
The key is created according to a specific set of rules, or algorithms. Key encryption can be separated into two categories
1.Sending the message, which contains information about what level of security the browser is capable of accepting and what type of encryption the browser can decipher. The client hello message also establishes a randomly generated number that uniquely identifies the client and another number that identifies the session. 2. The server responds with a server hello message that confirms the information it received from the browser and agrees to certain terms of encryption based on the options supplied by the browser. The server might choose to issue to the browser a public key or a digital certificate. 3. If the server requests a certificate from the browser, the browser sends it. Any data the browser sends to the server is encrypted using the server's public key. After the browser and server have agreed on the terms of encryption, the secure channel is in place and they begin exchanging data.
This handshake conversation is similar to the TCP three-way handshake you learned about earlier in this module. Given the scenario of a browser accessing a secure website, the SSL/TLS handshake works as follows:
beginning of the message starts arriving at its destination before the end of the message has been completely transmitted.
With a long enough transmission, a similar thing happens on a cable—the
digital certificates
With the abundance of private and public keys, not to mention the number of places where each may be kept, users need simple and secure key management. One answer to this problem is to use
ICMP (Internet Control Message Protocol)
a core network layer protocol that reports on the success or failure of data delivery. It can indicate when part of a network is congested, when data fails to reach its destination, and when data has been discarded because the allotted Time to Live has expired
layer 3 device
a router that reads and processes the network layer header and leaves alone the transport layer header is known as a
packets
at the network layer of the OSI model, data is organized in
ARP (Address Resolution Protocol)
is a layer 2 protocol that works with IPv4 in layer 3. It's sometimes said to function at layer 2.5 because it touches information (IP addresses and MAC addresses) at both layers. However, it operates only within its local network bound by routers.
TLS
operates in the transport layer and uses slightly different encryption algorithms than SSL, but otherwise is essentially the updated version of SSL.
TCP (Transmission Control Protocol)
operates in the transport layer of the OSI model and provides reliable data delivery services.
the sender must somehow share the key with the recipient without it being intercepted.
potential problem with private key encryption is that
Encryption
the last layer of defense against data theft.
layer 4 firewall
will dig deep enough to read the transport layer header to check which port a message is directed to
ARP (Address Resolution Protocol)
works in conjunction with IPv4 to discover the MAC address of a node on the local network and to maintain a database that maps local IP addresses to MAC addresses.
IPv4 Addresses
An ARP table maps MAC addresses to what information?
Ethernet
The most important data link layer standard
1. IPsec Initiation- Noteworthy traffic, as defined by a security policy, triggers the initiation of the IPsec encryption process. 2. Key management- two nodes agree on common parameters for the keys they will use. This phase primarily includes two services: IKE (Internet Key Exchange)—Negotiates the exchange of keys, including authentication of the keys; the current version is IKEv2, which you'll see again in the discussion on VPNs (virtual private networks) later in this module. ISAKMP (Internet Security Association and Key Management Protocol)—Works within the IKE process to establish policies for managing the keys.
IPsec adds security information to the headers of IP packets and encrypts the data payload. IPsec creates secure connections in five steps, as follows: First 2 steps
3. Security negotiations—IKE continues to establish security parameters and associations that will serve to protect data while in transit. 4. Data transfer—After parameters and encryption techniques are agreed upon, a secure channel is created, which can be used for secure transmissions until the channel is broken. Data is encrypted and then transmitted. Either AH (authentication header) encryption or ESP (Encapsulating Security Payload) encryption may be used. Both types of encryption provide authentication of the IP packet's data payload through public key techniques. In addition, ESP encrypts the entire IP packet for added security. 5. Termination—IPsec requires regular reestablishment of a connection to minimize the opportunity for interference. To maintain communication, the connection can be renegotiated and reestablished before the current session times out.
IPsec adds security information to the headers of IP packets and encrypts the data payload. IPsec creates secure connections in five steps, as follows: Last 3 steps
ICMPv6 (Internet Control Message Protocol for use with IPv6)
IPv6 relies on what to perform the functions that ICMPv4 and ARP perform in IPv4 networks. This includes detecting and reporting data transmission errors, discovering other nodes on a network, and managing multicasting.
flush the ARP table on any device experiencing the problem with the command arp -d. This forces the device to repopulate its ARP table and correct any errors. You can also list a specific IP address to delete only that one record from the ARP table: arp -d 192.168.1.15. After deleting an entry, you can run a ping to repopulate the ARP table with the target device's information.
If you notice inconsistent connectivity issues related to certain addresses, you might need to
collision
In Ethernet networks, the interference of one node's data transmission with the data transmission of another node sharing the same segment.
Source port, Destination port, Length, and Checksum
In contrast to a TCP header's 10 fields, the UDP header contains only four fields:
Rest: Data is most secure when it's stored on a device that is protected by a firewall, anti-malware software, and physical security (such as being inside a locked room). However, these protections are no guarantee. Additional protections include storing portions of the data in separate locations so that no single portion is meaningful on its own. Use: For data to be used, it must be accessible, which brings inherent risk. Tightly controlling access to the data and reliable authentication of users help reduce these risks. Motion: when data is most vulnerable. Especially when data must leave your own, trusted network, it's exposed to a multitude of potential gaps, intrusions, and weak links.
In terms of security, data exists generally in three states:
ESP (Encapsulating Security Payload)
In the context of IPsec, a type of encryption that provides authentication of the IP packet's data payload through public key techniques and encrypts the entire IP packet for added security.
AH (authentication header)
In the context of IPsec, a type of encryption that provides authentication of the IP packet's data payload through public key techniques.
URG—If set to 1, the Urgent pointer field later in the segment contains information for the receiver. If set to 0, the receiver will ignore the Urgent pointer field. ACK—If set to 1, the Acknowledgment field earlier in the segment contains information for the receiver. If set to 0, the receiver will ignore the Acknowledgment field. PSH—If set to 1, data should be sent to an application without buffering. RST—If set to 1, the sender is requesting that the connection be reset. SYN—If set to 1, the sender is requesting a synchronization of the sequence numbers between the two nodes. This code indicates that no payload is included in the segment, and the acknowledgment number should be increased by 1 in response. FIN—If set to 1, the segment is the last in a sequence and the connection should be closed.
The following flags are available to the sender:
Ethernet 2
The most common Ethernet standard today. Ethernet II is distinguished from other Ethernet frame types in that it contains a 2-byte type field to identify the upper-layer protocol contained in the frame.
link-layer address
The name for a MAC address on an IPv6 network.
collision domain
The portion of an Ethernet network in which collisions could occur if two nodes transmit data at the same time. Today, switches and routers separate collision domains.
Authentication
The process of comparing and matching a client's credentials with the credentials in a client database to enable the client to log on to the network.
Fragmentation
The process of dividing packets that are too large for a network's hardware into smaller packets that can safely traverse the network. In an IPv4 network,
Confidentiality—Data can only be viewed by its intended recipient or at its intended destination. Integrity—Data is not modified in the time after the sender transmits it and before the receiver picks it up. Availability—Data is available and accessible to the intended recipient when needed, meaning the sender is accountable for successful delivery of the data.
To protect data at rest, in use, and in motion, encryption methods are primarily evaluated by three benchmarks:
, open a PowerShell or Command Prompt window and enter the command arp -a
To view a Windows workstation's ARP table,
handshake to establish a connection, acknowledgment of transmissions received, error checking, sequencing, or flow control and is, therefore, more efficient and faster than TCP.
UDP (User Datagram Protocol) does not
delivery of data, and no connection is established by UDP before data is transmitted.
UDP does not guarantee
a great volume of data must be transferred quickly, such as live audio or video transmissions over the Internet. It's also used for small requests, such as DNS, or in situations when the data changes often and speed is more important than complete accuracy, such as when gaming over a network.
UDP is useful when
The physical layer on the NIC receives the frame and places the actual transmission on the network.
What happens on layer 1
The packet is passed to the data link layer on the NIC, which encapsulates this data with its own header and trailer, creating a frame. This layer's frame includes a physical address used to find a node on the local network.
What happens on layer 2
The network layer adds its own header in front of the passed-down segment or datagram. This header identifies the IP address of the destination host and the message is called a packet.
What happens on layer 3
In the process of encapsulation, a transport layer protocol, usually either TCP or UDP, adds a header in front of the payload. This header includes a port to identify the receiving application on the destination host. The entire message then becomes a segment (when using TCP) or datagram (when using UDP).
What happens on layer 4
Data and instructions, known as the payload, are generated by an application running on the source host
What happens on layer 7, 6, and 5
1. Confidentiality: Ensures that information is accessible only to those who have the authorized permission to access it. Confidentiality aims to prevent unauthorized disclosure of sensitive information. 2.Integrity: Focuses on maintaining the accuracy, consistency, and trustworthiness of data over its entire lifecycle. It ensures that data is not altered or tampered with by unauthorized individuals or processes. 3.Availability: Guarantees that information and resources are accessible and usable when needed by authorized users. Availability measures the system's ability to withstand and recover from disruptions, such as hardware failures, natural disasters, or cyberattacks.
What is the CIA triad?
website's digital certificate used by the encryption protocol SSL/TLS (which is used to secure HTTP) was not signed by a trusted CA, the certificate has expired, or it wasn't associated with a trusted root certificate.
When surfing the web, at some point you might have gotten an error that said the website's SSL certificate was untrusted. Certificate issues like this might mean the
IPV6
Which of these protocols does not include some kind of integrity check field in its header?
Ethernet
Which protocol's header includes the source MAC address?
Integrity and Confidentiality
Which two components of the CIA triad are ensured by adequate encryption methods?
IP Packets
acts as an addressed envelope for data and contains information necessary for routers to transfer data between different LAN segments, getting data where it needs to go.
data confidentiality, as only the intended recipient (the owner of the keys) can decrypt the data.
data can be encrypted with the public key, and then can only be decrypted with the matching private key. This ensures
NDP
eliminates the need for ARP and some ICMP functions in IPv6 networks, and it's much more resistant to hacking attempts than ARP.
Connection Oriented- Beofe data transmission, TCP ensures connection establishment. by using the three way handshake technique. Only after TCP establishes this connection does it transmit the actual data, such as an HTTP request for a web page. Sequencing and checksums- because message don't always arrive in the same order of creation, TCP attaches a number to each so the destination host can reorder them. it also error checks to determine if the contents of an arriving data unit match the contents of the data unit sent by the source. Flow Control- is the process of gauging the appropriate rate of transmission based on how quickly the recipient can accept data. If recipients buffer can only handle 100 bytes, the sender will issue 100 byte packets sizes at a time, wait, then sends more data
three characteristics of TCP in its role as a reliable delivery protocol: