NSSA 241 Final (Unfinished)
Layer 4
Transport layer Protocols UDP or TCP Defines how application layer data should be treated (connection-oriented, connectionless). This includes reliability and flow control. Segmentation,multiplexing. Adressing: Port numbers Called: Segments
MAC address (definition and length in bits)
Unique address embedded in network connected devices. Best practice to use the one given to your device from the factory. 48 bits long (6 bytes) the first three bytes are the OUI the last three bytes identify the device
OSPF Message 1: Hello
Used to find other OSPF-speaking routers and exchangeinformation about what they are permitted to do
Header Checksum field IPv4 Header
Verifies the authenticity of the IPV4 header (uses hashing) Doesn't verify the data, only the header
Stub Network
One way in or out of the network, the source ordestination of the traffic is an address in the network
OSPF Message 4: LS Update
Transmit the LSAs that were requested prior. This is the full LSA data, not just a summary.
ARP
Address Resolution Protocol. Resolves IP addresses to MAC addresses. ARP poisoning attacks can redirect traffic through an attacker's system by sending false MAC address updates. VLAN segregation helps prevent the scope of ARP poisoning attacks within a network.
ICMP error message
An error message sent using the ICMP protocol. Destination Unreachable, Time Exceeded, and Parameter Problem are examples of ICMPv4 and ICMPv6 error messages.
Transit network
Capable of carrying traffic that is neither locally originated nor locally destined.
CSMA
Carrie Sense Multiple Access, a method used by Ethernet networks to allowed shared usage of a baseband network, and avoid collisions. No Longer needed now that we have full duplex
Bus Topology
A network layout in which there is one main trunk, or backbone, that all the various computers and network devices are connected to.
Simplex
A one-way mode of communication. Radio and television broadcasts ace simplex mode transmissions.
backbone router
A router with an interface in area 0 (the backbone
Exterior Gateway Protocol (EGP)
A routing protocol that discovers between AS
Interior Gateway Protocol (IGP)
A routing protocol which discovers routes within an AS
Network Protocol
A set of rules established to exhange data between devices
Source Address Table (SAT)
A switch copies the source MAC addresses and builds a table of MAC addresses of each connected computer. Can only be filled with the mac addresses of outbound traffic.
Network Switch
A switch segments network traffic by filtering based on the SAT (Source address table)
Star Topology
A topology with one central node that has each computer or network device attached to the central node. All data first goes into the central node and then is sent out to its destination. (Think of it like a bicycle wheel with spokes.)
Summary LSA
A type 3 LSA that contains the routes learned from another area. Type 3 LSAs are generated on ABRs.
Mesh Topology (WAN)
A type of WAN in which several sites are directly interconnected. Mesh WANs are highly fault tolerant because they provide multiple routes for data to follow between any two points.
OSPF Message 5: LS Acknowledgement
Acknowledge that you received LSAs sent in the LSUpdate message(s). Just a summary, not the full LSA.
TCP ACK Flag
Acknowledging the data
Amount of hosts per subnet
(2^h) - 2 Where h is the amount of bits left over after borrrowing for the subnet.
UDP Attributes
- Message-oriented - Connectionless - no reliability - Faster, cheaper
TCP Attributes
- Reliability - Stream and connection oriented - flow control - Slower, more reliable
Why are .255 and .0 reserved on every subnet
.0 is the network identifier and cannot be assigned to a specific device .255 is the broadcast address for the subnet (assuming a mask of 255.255.255.0 for these examples)
Class A IP address range and mask
0.0.0.0 - 127.255.255.255 mask: 255.0.0.0
Detination MAC address used in ARP requests
00-00-00-00-00-00
broadcast
1 host to everyone
VLAN ID
12-bit field, meaning the possible ID's are in the range0-4095
Class B IP address range and mask
128.0.0.0 - 191.255.255.255 mask: 255.255.0.0
How much payload is there per IP packet
1480 bytes ipv4 header is 20 bytes 1500 - 20 = 1480
Ethernet Frame MTU (Maximum Transmission Unit)
1500 bytes
Class C IP address range and mask
192.0.0.0 - 223.255.255.255 mask: 255.255.255.0
Class D IP Range
224.0.0.0 to 239.255.255.255 These addresses are used for multicasting
Class E IP Range
240.0.0.0 - 255.255.255.255 These are generally not available. Reserved for research purposes
IP Broadcast addresses (two)
255.255.255.255 - Limited Broadcast Address Reaches all devices on local network xxx.xxx.xxx.255 - Broadcasts to the subnet specified
Amount of subnets possible
2^n where n is the amount of bits borrowed
Data minimum for IP data field
46 bytes
Ring Topology
A LAN configuration in which all nodes are connected in a closed loop
Autonomous System (AS)
A collection of networks and devices under the control of a single entity (Concept in dynamic routing)
ARP Table
A database of records that maps MAC addresses to IP addresses. The ARP table is stored on a computer's hard disk where it is used by the ARP utility to supply the MAC addresses of network nodes, given their IP addresses.
Manchester Encoding
A digital transmission encoding scheme that represents the transition from positive to ground with a 0 and a negative to positive voltage transition in the middle of the bit period designates a binary 1.
Multicasting
A means of transmission in which one device sends data to a specific group of devices (not necessarily the entire network segment) in a point-to-multipoint fashion.
CIDR notation
Classless Inter Domain Routing (CIDR) is a method for assigning IP addresses without using the standard IP address classes like Class A, Class B or Class C. /x where x is the amount of binary 1's that form the subnet mask. /8 = 255.0.0.0
Half Duplex
Communication between two devices whereby transmission takes place in only one direction at a time.
Full Duplex
Communication that happens in two directions at the same time.
Types of routes
Connected (C) Static (S) Dynamic (O/B/R/etc.)
VLAN Trunk Link
Connects 2 VLAN-aware nodes
VLAN Access Link
Connects a VLAN-aware node (switch) to a VLAN-unaware node (client)
Network Hub
Connects computers to each other with no real understanding of what is being transferred; used for private networks with local computers. A layer 1 device
Network Bridge
Connects two or more network segments together. Makes forwarding decisions based on MAC address tables, like a switch. Layer 2 device
Layer 2
Data Link layer - Two layers : LLC ( Logical Link Control layer) & MAC ( Media Access Control Layer) - Called Frames
OSPF Message 2: DB description
Describes the LSAs in their LSDB to a neighbor.
Data Terminal Equipment (DTE)
Devices that are the source or destination of dataframes
Fragmentation at the network layer does
Divides large packets into smaller ones so it can be sent easier.
Layer 5
Application layer Provides network services to computers. Each application will define what data needs to be sent and will define a protocol do so.
Multicast
Messages are sent to a specific group of hosts on the network
Extended ACL
Filter on source socket address,destination socket address, and a protocol (IP,TCP, UDP, ICMP, etc.)
Standard ACL
Filters onky on source IP
Flooding vs Filtering
Flooding is when a packet is forwarded to everything except where it was sent from. Filtering is sending the packet to only the destination. This happens when the destination IP address is in the SAT table
How is a routing table read?
From bottom to top
Layer 3
Network Layer - Routing - Assignment IP address - Packet/ Datagram - Routers & Gateways - Called Packets
OSPF Message 3: LS Request
Now that you know what your neighbor's LSDB contains,ask for the LSAs you don't have stored
Thicknet
Older type of coaxial cable, used for Ethernet bus networking
Unicast
One host to another
Fragment fields (three)
Identification Flag Fragment offset
Identification field IPv4 Header
Identification is a packet that is used to identify fragments of an IP datagram uniquely. Some have recommended using this field for other things like adding information for packet tracing, etc. ID vs. offset: Identifies the group that the packet belongs to, while the offset identifies where the packet is ordered to reconstruct the data
TCP FIN Flag
Im done communicating
Internal Router
In OSPF, a router with all interfaces in the same non-backbone area.
Network LSA
In OSPF, a type of LSA that a designated router (DR) creates for the network (subnet) for which the DR is helping to distribute LSAs.
Router LSA
In OSPF, a type of LSA that a router creates to describe itself and the networks connected to it.
Fragment offset field IPv4 Header
Indicates the order of fragments and how it can be reconstructed
Flag field IPv4 Header
Indicates whether more packets are going to be sent as part of a fragment 0: reserved (for nothing, IEEE is silly) 1: do not fragment 2: means more fragments are coming
Data Communications Equipment (DCE)
Intermediate network devices that receive and forward frames across the network
How does TTL work
It is decremented, then forwarded by routers after it is decremented, if TTL is 0, then the packet is dropped
Logical Link Control (LLC)
Layer 2 protocol (Sublayer above MAC) This upper sublayer communicates with the network layer. It places information in the frame that identifies which network layer protocol is being used for the frame. This information allows multiple Layer 3 protocols, such as IPv4 and IPv6, to utilize the same network interface and media.
Dynamic Routing Process
P - prefix length A - administrative distance M - metric P: Longer prefix length, means superior route and is used. This is the bits in the mask (ie /24, /16, etc.) A: Lowest AD value is chosen. it quantifies the trustworthiness of a route M: Lower is better. Quantifies distance to the destination
Layer 1
Physical layer Physically send the data (1's and 0's) between devices so it reaches its destination (and everything that goes into that). Every other layer is a logical layer, this is the only physical layer.
TCP URG flag
Prioritize the data in this TCP segment.
Network Repeater
Receives a network signal, regenerates it, and resends it. Used to extend wireless network reach
Thinnet
Refers to Ethernet networking over RG58/U or RG58A/U cabling.
TCP RST Flag
Reset the connection, hard stop
Autonomous System Border Router
Router with atleast one interface in the OSPF AS and another that speaks anon-OSPF routing protocol attached to a different AS.
Area Border Router
Routers interconnecting the areas in a multi-area OSPF network. (ABR)
TCP PSH Flag
Send to application without waiting
Ping Utility (ICMP Utility)
Sends "echo request" packets to a destination and hopes for "echo replies" indicating that that destination is responding and on the network
TCP SYN Flag
Sets initial sequence number
Operation field on ARP header
The 16 bits field defining the type of packet. Packet types are ARP request (1), and ARP reply (2).
Link-State Database (LSDB)
The collection of all the LSAs known to a router.
OUI (Organizationally Unique Identifier)
The first three bytes of a MAC address that uniquely identify a network device manufacturer.
network topology
The physical and logical configuration of nodes and devices that enable communication
Protocol type field ARP header
This is 16 bits field defining the protocol. The value of this field for the IPv4 protocol is 0800H.
Hardware type field ARP header
This is 16 bits field defining the type of the network on which ARP is running. Ethernet is given type 1.
Protocol Length field ARP header
This is an 8 bits field defining the length of the logical address in bytes. For the IPv4 protocol, the value is 4.
Hardware length field ARP header
This is an 8 bits field defining the length of the physical address in bytes. Ethernet is the value 6
What is a crossover cable?
a cable in which some of the internal wires cross over each other by switching the orange-white and green-white wires, and then the orange and green wires. Used to connect two similar devices together and allows direct communication. Can be used to connect two switches to each other.
OSPF metric
the cost. It is determined by the implementation of OSPF
Trace Route (ICMP Utility)
which enables the entire path of a packet to be tracked between source and destination hosts. It is used as a troubleshooting tool. Send echo packets with increasing TTL values. This means the host can track every hop.