NETSEC 02

We now go into the topic of Networking Protocols.
In the past, computers were standalone. They were not able to connect to the internet. All resources are only for a single computer. Data was transferred around in diskettes. However, this was not really productive.

A "node" refers to any entity that can access a network. A "node" can be referred to as a "device" or a "host". Clients, printers and servers are examples of such.

Back to the previous example, if a printer is connected to the computer, then only it can use it. However, if we connect the printer to a network through a hub or switch, we would be able to then share the printer among all computers connected to the network. This increases productivity and convenience.

There are many different types of network topologies such as Star, Ring, and Bus. The most common topology is the Star Topology, where all computers are connected to a physical hub or switch. Unlike the Ring topology where all nodes connect to each other in a closed ring, one malfunctioning node does not affect the network adversely. It is also easy to add and remove nodes. However, there exists a Single Point of Failure which is the hub connecting the rest of the devices.

If the connecting node is down, then availability would be affected. To defend against this, place the switch in a physical lockdown and add redundant switches linked together.

Networks can be classified with respect to size. From the smallest to biggest, they are:
-LAN - Typically in a building, or a level of a building, or a room.
-MAN - Typically a city or town
-WAN - Typically cross country

Note that there is a different between internet and Internet. An internet is simply a group of networks joined together. An Internet, however, is THE Internet. The Internet is actually an internetwork of internets.

An internetwork is a connection of 2 or more distinct (or probably dissimilar) networks. A router is typically used to connect these.

A hub/switch is used to connect nodes to form a network segment (a LAN), while a router is used to join LANs together.

We now look at Layer 4 of the OSI model where TCP and UDP resides. FTP, HTTP and Telnet use TCP, while DNS, TFTP and DHCP use UDP.

TCP is reliable because it is connection oriented. Its reliability is dependent on the handshakes and the need for acknowledgment. Before two hosts can communicate using TCP, they must establish the connection through a Three-Way Handshake like this:
Host 1 - SYN
Host 2 - SYN, ACK
Host 1 - ACK

Each TCP packet contains two sequence numbers: The Sequence Number and the Acknowledgment Number.

If a TCP packet has its SYN bit set, it is trying to establish a connection (or it is trying to synchronize with the remote/destination host).

ACK(b) = ISN(a)+1

A UDP packet has no such facility as it is connectionless.

Here's how the ISN would look like:
Client - SYN - ISN(c) = 500
Server - SYN, ACK - ISN(s) = 4237, ACK(s) = 501
Client - ACK - ACK(c) = 4238

Now let's talk about UDP. UDP is an unreliable service that provides no guarantees for delivery and no protection from duplication. The simplicity reduces overhead and may be adequate for certain services. Examples of services that use UDP are DNS and DHCP.

IP is used to route data between systems and across the network to ensure that data arrives at the correct destination. IP implements, among other features, addressing and fragmentation. IP is an unreliable and connectionless delivery service, so it would need to rely on the higher layer for these functions.

An IP address is a 32-bit number to determine the sender (source) and receiver (destination). Routing is the process of moving the packet from source to destination, usually done by a router. Routing is a key feature of the Internet because it allows the message to traverse networks eventually reach the target machine.

Routes keep changing so we need to have the latest routing information. The Routing Table is maintained through two main IGPs: RIP and OSPF.

ICMP is one of the core protocols of the TCP/IP suite. It is usually not used directly by end-users (with ping being the exception). ICMP is used for error reporting and control messages. Gateways and hosts use ICMP to inform a sender of certain problems, such as unreachables or, in the event that there is a better route, redirects. ICMP can also be used to test whether a destination is alive and reachable, and for reporting parameter problems in a datagram header.

The functions can be summarized into two things:
-Error Reporting
-Queries

Examples of Error Reporting:
-When a packet cannot reach its destination
-When a gateway does not have the buffering capacity to forward a packet
-When a gateway can direct a host to send traffic on a shorter route

Examples of Query
-Ping
-Traceroute (reliant on Ping)

The DNS is an essential part of the Internet because it is impossible for humans to remember millions of IP addresses. IP addresses are dynamic, so the DNS provides a dynamic directory of the usually the latest IP addresses. Certain services also rely on the DNS for resolution, such as the Windows Active Directory.

Internet is IP-based, and most operations end up using an IP address. The DNS is used for resolving a domain name into its corresponding IP address. DNS stands for Domain Name System and it is similar to a telephone book.

DNS keeps a list of domain names and their corresponding IP addresses. If a DNS does not know how to translate a domain name, it can perform either a Recursive or Iterative resolution.

In the recursive resolution, the DNS first asks the Root NS (usually have static IPs) which in turn asks the corresponding DNS servers responsible for the domain until an answer is found. The answer is then forwarded back the chain to the initial DNS which forwards to the user.

In Iterative, the DNS replies with the next possible DNS to ask, which the client continues to query until an answer is found. In this case, the client does all the work.

The Data Link layer defines the rules for sending and receiving information from one computer to another within a LAN. When we attempt to communicate with another host in the LAN, it must first know its MAC address. This is where ARP comes in.

IP is used for end-to-end communication, while MAC (a Layer 2 addressing) is used to communicate from point-to-point (i.e. Within the same LAN).

Each NIC has a burned in MAC address known as the physical address. ARP works by sending an ARP Request and getting the ARP Reply. Every host in the network receives the request, but only one host gets the reply.

If Host A of IP 10.0.0.1 and MAC A wishes to communicate with Host B of IP 10.0.0.2 and MAC B, it must first send out an ARP request (assuming ARP table is empty)

Host A sends out a broadcast request like this:
ETHERNET FRAME
Sender MAC (SMAC) - A
Destination MAC (DMAC) - FF-FF-FF-FF-FF-FF
ARP REQUEST
Sender Hardware Address (SHA) - A
Sender Protocol Address (SPA) - 10.0.0.1
Target Hardware Address (THA) - 00-00-00-00-00-00
Target Protocol Address (TPA) - 0.0.0.0

The reply then comes back as a unicast like this:
ETHERNET FRAME
SMAC - B
DMAC - A
SHA - B
SPA - 10.0.0.2
THA - A
TPA - 10.0.0.1

The physical layer is concerned with the transfer of information between devices in terms of bits, voltages, etc. A Hub is an example of a Layer 1 device, while a Switch is an example of a Layer 2 device. Router, of course, is a Layer 3 device. The layer here actually refers to the operation in that layer AND BELOW.