NET-2-Network Fundamentals

Ace your homework & exams now with Quizwiz!

The OSI model Seven layers:

Application, Presentation, Session, Transport, Network, Datalink, and Physical.

ARP Table (Cache)

Command: arp -a The ARP table or cache is stored in the RAM of the device. The ARP contains three parameters: • Destination host IP • Corresponding MAC of that host • Entry source MAC learned automatically or manually arp -a and arp -g display the host ARP table. Show arp displays a Cisco device ARP table.

HTTP Traffic

HTTP is an unsecure protocol used to transfer information over the web. Since HTTP traffic is not encrypted, it can be sniffed on the network. Captured data can be saved as a .pcap or .pcapng files for later use or sharing. This option is available by clicking "File" and selecting "Save As...". The .pcapng files store additional information regarding captured data, such as interfaces, statistics, name resolution, and more.

Headers and Trailers

Headers and trailers represent control data added by protocols to the beginning and end of each data unit, in each layer. For example, IP packages the logical source and destination address in an IPv4 header, and adds it to the data unit in the Network Layer.

Registered Ports (1024-49151)

IANA assigned these ports for IT companies that want to register them for proprietary applications. For example, Microsoft RDP 3349 and Dropbox 7600.

ARP and Encapsulation

If a device wants to communicate with another device on the same LAN, it must encapsulate the MAC address of the destination device. To get the MAC address, it uses a protocol called ARP (Address Resolution Protocol), that resolves a logical address (IP) to a physical address (MAC), and saves the results in the host ARP cache. ARP operates in Layers 2 and 3 of the OSI model. Every Layer 3 device uses ARP. Note: Switches make forwarding decisions based on the physical address of the frame.

Main View-Wireshark

Packet List - Packet List is the main view of Wireshark. It lists captured packets in the order of their capture, and offers various search and filter options. Packet Details - Packet Details is the part in the middle that displays the details of a specific packet. The details are divided into fields corresponding to TCP/IP layers, such as the Frame (Physical), Ethernet (Data Link), and IP (Network). Packet Bytes - The bottom part of the view corresponds to the actual bytes of the selected packet, in hexadecimal format and ASCII encoding

Well-Known Ports (0-1023)

Port numbers in the "well-known" range are assigned to commonly used and essential protocols. The port numbers are permanent, and every network administrator must know them. The range includes protocols such as HTTPS, DNS, DHCP, Email protocols, and others.

Viewing Open Ports

Ports are used to receive and send data. A web server will open Port 80 in listening mode if it intends to receive HTTP traffic. A client will open a random port for each server it accesses when browsing the web. To inspect open ports, use the command netstat -ab, where: a represents 'all', and b represents the names.

PDU -

Protocol Data Unit is a piece of information added to or removed from the first 4 layers of the OSI model and the first 3 layers of the TCP/IP model. PDU consists of protocol-specific control information and user data. Examples are segments, packets, and frames.

TCP Flags

Provide additional useful information or control the connection.

Logical Ports

In computer science, a logical port is a number assigned to a "logical" connection, which is used to represent a service or protocol on the end device. There are 65,536 in TCP and 65,536 UDP ports, ranging from 0 to 65535. An IP address can send packets to the destination host, but not to the destination service on that end device. As an example, a street address can lead to the correct building, but it does not specify the apartment number within that building.

Client-Server Model

Represents the endpoint device (not necessarily a PC) that requested an operation. A server represents the endpoint device that receives a request and performs the requested operation. Is a distributed application structure that manages tasks and workloads by sharing them among providers of resources and services (servers), and delivers responses to service requesters (clients). An alternative method is to use broadcast or multicast channels to distribute information.

DNS Traffic

Includes multiple requests and replies. Most of a search tree will not appear in a packet; only the request and response. DNS may try to automatically resolve both A and AAAA records corresponding to the IPv4 and IPv6 addresses, respectively.

3-Way Handshake (TCP)

Is responsible for communication between network devices that use TCP. It includes 3 steps: 1. The client sends "SYN". 2. The server responds with "SYN-ACK". 3. The client finalizes with "ACK". If the process ends successfully, a connection is established between the client and the server, and data can immediately be transferred between them

Session termination

Is the last stage of a TCP connection. This is when communication ends and the session is closed. Step 1 - One of the sides (client) requests to close the connection, by sending a FIN flag to the other side (server). Step 2 - The receiver of the FIN flag (server) returns an ACK flag, to approve the request. Step 3 -The server then sends a FIN flag to the client. Step 4 - The client approves the FIN request by the server, and responds with an ACK flag. The connection is then terminated.

HTTPS

It is used for secure communication and is widely used on the Internet. Communication is encrypted using TLS (Transport Layer Security) or SSL (Secure Socket Layer).

ARP Process

Scenario: Host A wants to communicate with host B. Host A knows host B's IP address but not its MAC address. Step 1 - Host A sends an ARP Request to all hosts on the network (Broadcast), with Host B's IP as the destination MAC, requesting its MAC address. Step 2 - The switch forwards the ARP request to all ports. Step 3 - Host B recognizes the IP address in the request, so it performs an ARP reply, in which it lists its own MAC address. Step 4 - Host A receives the ARP reply and saves host B's MAC address in the ARP cache, together with Host B's corresponding IP address.

SSH

Secure SHell is a secure command-line protocol that allows the user to run remote commands on a remote machine. Any data that passes through SSH is encrypted. For example, when a remote connection is made to a device, the connection is made using SSH on port 22.

SMTP

Simple Mail Transfer Protocol is the standard protocol for mail transfer over the Internet. an Email is sent over the network, the SMTP protocol manages the operation.

TCP/IP

TCP/IP is used more as a practical model. The first TCP/IP specification was submitted several years after the OSI model. The original TCP/IP model consisted of 4 layers but was later updated to the current 5 layers. However, the 4-layer version is still more commonly used. TCP/IP is typically used for network analysis due to its lesser involvement with the top 3 layers.

Layer 1

The Network Access Layer is the lowest layer of the TCP/IP protocol model. It corresponds to the Data Link and Physical layers of OSI. Packets from the Internet layer are sent to the Network Access layer for delivery within the physical network. Data in this layer is organized in frames. Protocols in this layer provide the means for the system to deliver data to other devices in a directly connected network, using physical addresses (MACs). The protocols and standards defined for this layer dictate how data is transmitted on the media (Ethernet cable, wireless connection, others). The Access Layer of the TCP/IP model corresponds to the Data Link and Physical layers of OSI.

Layer 3

The Network Layer organizes data into packets, known as IP datagrams. The datagrams contain logical source and destination addresses. Routers operate in this layer. The Network Layer's job is to allow hosts to send packets across multiple paths to any other network, and deliver them to their destinations, via routers that operate in Layer 3. Diagnostic tools, such as ping and tracert, operate in this layer.

Layer 1

The Physical Layer defines the details of how data is physically sent through the network. This layer determines how bits are electrically or optically transferred by hardware devices that interface directly with a network medium, such as coaxial cable, optical fiber, or twisted-pair copper wire. Hubs operate in this layer.

ICMP Traffic

The Ping command includes a request and a reply. Each ICMP packet is numbered and can be identified to find a corresponding response. ICMP has only four fields since it is a Layer 3 protocol. Each ICMP echo (ping) packet includes all the basic symbols and numbers on the keyboard.

Layer 6

The Presentation Layer prepares or translates data from application format to network format, and vice versa. An example of the Presentation Layer operation is the encryption and decryption process.

Layer 4

The Transport Layer handles the coordination of data transfer between end systems and hosts, including how much data to send, at what rate, destination, and more. Data in this layer is organized in segments. The transport layer determines if the connection should be instantiated, how to verify data integrity, how to recover from a connection error, and if retransmission is necessary. The protocols in this layer provide flow control, multiplexing, and reliability.

Layer 3

The Transport Layer in TCP/IP corresponds to the Transport Layer in OSI. It handles the coordination of data transfer between end systems and hosts, including how much data to send, at what rate, destinations, etc. The transport layer determines if the connection should be instantiated, how to verify data integrity, how to recover from a connection error, and if retransmission is necessary. Data in this layer is organized in segments. The protocols in this layer provide flow control, multiplexing, and reliability.

Layer 4

The Application Layer defines TCP/IP application protocols and how host programs interface with Transport Layer services to use the network. The Application Layer includes all higher-level protocols, such as DNS, HTTP, Telnet, SSH, FTP, TFTP, SNMP, SMTP, DHCP, X Windows, RDP, and others. The TCP/IP top layer is equivalent to the combined three top layers of OSI.

Encapsulation Process

The Application layer creates an HTTP header requesting the web page from the server. The Presentation layer encodes, encrypts, or compresses the data traveling down from the Application layer, if necessary. For example, it may convert text to a binary string. The Session layer determines the direction of the data, one-way or two-way, and whether the connection is secure or not. In addition, a session ID is assigned to the connection. The Transport layer adds a header containing the source and destination logical ports, and other control information. This layer also divides data from upper layers into smaller pieces called Segments. Each segment is a maximum (MSS) of 1460 bytes

Layer 2

The Data Link Layer provides node-to-node data transfer (between two directly connected nodes) and can provide the means to detect errors that may occur in the Physical Layer. Data in this layer is organized into frames. The Data Link Layer includes two sub-layers: MAC (Media Access Control) and LLC (Logical Link Control). Switches operate in this layer.

Layer 2

The Internet Layer organizes data into packets known as IP datagrams. The datagrams contain logical source and destination addresses. The Internet Layer's job is to allow hosts to send packets across multiple paths to any other network, and deliver them to their destinations, via routers operating on this layer. Routers operate in this layer. The Internet layer in TCP/IP corresponds to the Network Layer in OSI.

DNS (Domain Name System)

Translates domain names to IP addresses according to predefined databases. The DNS protocol is used for address resolution in a network.

Wireshark Filters

Wireshark includes many display filters. && - means that both conditions are searched to match packets. || - means that one of the conditions is searched to match packets. == - searches for everything that matches the specified parameter. != - searches for everything that doesn't match the specified parameter.

Additional ARP Commands

arp -d deletes the host ARP table. arp -s adds a static entry to the ARP table that resolves to a specific IP address. Note: Static ARP helps reduce the risk of ARP spoofing attacks. arp inet_addr defines a specific IP address. arp eth_addr defines a specific MAC address.

DHCP -

service is responsible for assigning an IP address to each device on a network configured to use DHCP, such as PCs, routers, firewalls, servers, and others. For example, a PC configured with DHCP will automatically be assigned an IP address upon startup.

TCP/IP Model

was developed by DARPA in the US Department of Defense, in 1982. This model is a suite of communication protocols used to interconnect network devices on the Internet. The model describes how data is exchanged over the Internet, including how data should be divided into packets, addressed, transmitted, routed, and received by the destination. Designed to make networks reliable and enable them to automatically recover from a failure of any device on the network.

OSI Model

was developed by the International Organization for Standardization (ISO) in 1974. Defines a networking framework to implement protocols in layers. It conceptually divides computer network architecture into a logical seven-layer progression. Lower layers deal with electrical signals, chunks of binary data, and routing data across networks. Higher levels cover network requests and responses, data representation, and network protocols, from a user's perspective. When network traffic is generated, it is assembled (encapsulated) from the top layer to the bottom layer. When received, traffic goes through the model in the reverse direction: from bottom to top (decapsulation).

Filtering Traffic

A .pcap file can contain thousands of packets, even after a few seconds of logging. To view the packets efficiently, filters can be applied. Filters can also be applied during capture to prevent the capture of unwanted packets. Filters are logical conditions that are applied using &&, ||, == and !=. Brackets can also be used.

Encapsulation

Adding Headers and Trailers to data is called encapsulation. Processing them and removing them is called decapsulation. Depending on the communication type, protocols in each layer add the correct header to the data unit.

Encapsulation in Layers 1 to 3

During this step, the segment is encapsulated in a packet. Packets are limited to a maximum size (MTU - Maximum Transmission Unit) of 1500 bytes without fragmentation. This excludes the 18 bytes of overhead that are used for the frame's header and FCC. The Data Layer adds a Header and Trailer to the Packet. The header contains the physical source and destination addresses. The trailer, also called FCS, is for frame error checking only. The Physical layer accurately transmits the Frames along with the physical medium. For example, it sends electric pulses over an Ethernet cable, or wireless radio waves.

Protocols used in OSI Layers

Each network protocol is assigned to a particular OSI layer.

Memory Tips for OSI Layers

Layer 1 to Layer 7 - All People Seem To Need Data Processing Layer 7 to Layer 1 - Please Do Not Throw Sausage Pizza Away Layer 7 to Layer 1 - Please Do Not Touch Steve's Pet Alligator Layer 1 to 7-All Programmers Seem to Need Dr Pepper

TCP/IP Layers

Layers in the TCP/IP model are similar to those in the OSI, except for the top three layers. TCP/IP uses the client-server model of communication in which a user or machine is given access to a service by another computer on the network. Collectively, the TCP/IP suite of protocols is classified as "Stateless", which means each client request is considered new, and is unrelated to previous requests.

TCP

Operate in Layer 4 (Transport Layer), and are used to transmit data over the network. Is trusted and more commonly used, and is fully described in RFC 793. It verifies the availability of all parties before initiating a connection by performing a three-way handshake. It then marks packets and makes sure they are received in the correct order.

UDP

Operate in Layer 4 (Transport Layer), and are used to transmit data over the network. is less strict about data integrity and is more speed-oriented. It simply sends packets, without checking the data, even if no device is ready to receive them. This type of communication works better when streaming content, such as audio, where some packets may be skipped without affecting the entire stream. Fully described in RFC 768.

Common Protocol Ports

The following table lists common network protocols and their TCP and UDP ports.

Network Models

The idea behind creating a networking model was to set a standard for the development and usage of network components. Standards allow devices to communicate without requiring continuous configuration in different device platforms. In addition, dividing the networking process into smaller sub-processes helps debug issues and pinpoint solutions.

Layer 5

The session layer is responsible for creating a session between two devices. It is also responsible for session checkpoints and recovery.

Dynamic and Private Ports (49152-65535) -

This group covers the remaining logicalports that are available for any application. The port range is known as "client ports" and is usually used for logical client connection. For example, a host connecting to a web server sends requests to port 80. This lets the web server know which service the client is requesting. However, the return traffic must be sent to a source port, which is chosen randomly. When the connection closes, the port can be reused for another connection, enabling the client to establish multiple connections and manage responses from multiple sources.

Layer 7

Users interact directly with applications that operate at Layer 7. Examples of Layer 7 applications include web browsers such as Google Chrome, Firefox, and Safari, and other applications, such as SSH and FTP.

OSI

is a network model in which each functionality of the network is represented by a layer. There are seven layers, in which the functionality of each is dependent on the one below it. It was developed by the International Organization of Standardization.

HTTP

is an unsecure protocol used to transfer information over the web. Due to the fact that it's not encrypted, it can be sniffed on the network. For example, if credit card information is entered at an

ICMP (Internet Control Message Protocol)

is used by network devices to generate error messages when IP packets are not able to reach their destination.

FTP -

is used to transfer files over the network. It can be used to transfer files to another device over the network.


Related study sets

Oxygenation Practice Test - Concept 5

View Set

EVERYTHING FOR IGCSE COORDINATED SCIENCE (DOUBLE) except B10 because quizlet only allows 2000 cards per set

View Set

chapter 2: England and its American Colonies, 1607-1732

View Set

Biceps Brachii, Triceps brachii , coracobrachialis

View Set

Guía de Estudio - Comprensión y Producción de Textos Científicos (Teoría)

View Set