Computer Networking

A network is simply two or more computers linked together to share data, information or resources.

There are two basic types of networks:

• Local area network (LAN) - A local area network (LAN) is a network typically spanning a single floor or building. This is commonly a limited geographical area.

• Wide area network (WAN) - Wide area network (WAN) is the term usually assigned to the long-distance connections between geographically remote networks.

Network Devices:

• Hub

  • Hubs are used to connect multiple devices in a network.

  • They’re less likely to be seen in business or corporate networks than in home networks.

  • Hubs are wired devices and are not smart and are retransmitting data to all devices.

• Switch

  • Are wired devices that know the addresses of the devices connected to them and route traffic to that port/device rather than retransmitting to all devices.

  • Can also create separate broadcast domains when used to create VLANs

• Router

  • Are used to control traffic flow on networks

  • Used to connect similar networks and control traffic flow between them

  • Can be wired

  • Can be wireless

  • Can connect multiple switches

  • Smarter than hub

  • Smarten than switch

  • Determine the most efficient “route” for the traffic to flow across the network

• Firewall

  • Managing network traffic

  • Controlling network traffic

  • Protecting the network

  • A firewall is a network device used to filter traffic.

  • Typically deployed between a private network and the internet

  • Can also be deployed between departments (segmented networks) within an organization (overall network).

  • Filters traffic based on a defined set of rules

    • called filters or access control lists

• Server

  • A computer that provides information to other computers on a network

  • Some common servers are networked and accessed in some way by a client computer:

    • web servers

    • email servers

    • print servers

    • database servers

    • file servers

  • Secured differently than workstations to protect the information they contain

• Endpoint

  • The ends of a network communication link.

  • One end is often at a server where a resource resides

  • Other end is often a client making a request to use a network resource

  • An endpoint can be another

    • server

    • desktop workstation

    • laptop

    • tablet

    • mobile phone

    • any other end user device

Ethernet

Ethernet (IEEE 802.3) is a standard that defines wired connections of networked devices. This standard defines the way data is formatted over the wire to ensure disparate devices can communicate over the same cables.

Device Address

Media Access Control (MAC) Address

Every network device is assigned a Media Access Control (MAC) address.

An example is 00-13-02-1F-58-F5.

The first 3 bytes (24 bits) of the address denote the vendor or manufacturer of the physical network interface. No two devices can have the same MAC address in the same local network

Internet Protocol (IP) Address

While MAC addresses are generally assigned in the firmware of the interface, IP hosts associate that address with a unique logical address.

This logical IP address represents the network interface within the network and can be useful to maintain communications when a physical device is swapped with new hardware.

Examples are 192.168.1.1 and 2001:db8::ffff:0:1

Network diagram

all devices behind the firewall connect via the network switch, and the firewall lies between the network switch and the internet.

the primary difference between the home network and the business network is that the router, firewall, and network switch are often combined into one device supplied by your internet provider

Networking Models

The purpose of all communications is to exchange information and ideas between people and organizations so that they can get work done:

• Provide reliable, managed communications between hosts (and users)

• Isolate functions in layers

• Use packets as the basis of communication

• Standardize routing, addressing and control

• Allow layers beyond internetworking to add functionality

• Be vendor-agnostic, scalable and resilient

Application	Upper Level	Application
Presentation	Upper Level	Application
Session	Upper Level	Application
Transport	Lower Level	Data Transport
Network	Lower Level	Data Transport
Data Link	Lower Level	Data Transport
Physical	Lower Level	Data Transport

The upper layer, also known as the host or application layer, is responsible for

• managing the integrity of a connection

• controlling the session

• establishing communication sessions between two computers.

• maintaining communication sessions between two computers.

• terminating communication sessions between two computers.

• transforming data received from the Application Layer into a format that any system can understand

• allows applications to communicate

• determines whether a remote communication partner is available and accessible

The lower layer is often referred to as the media or transport layer and is responsible for

• receiving bits from the physical connection medium

• converting bits from the physical connection medium into a frame

• Frames are grouped into standardized sizes

• Route data, a destination address, is added to the frames of data to create packets

• Once we have this sorted, the host layer takes over

Open Systems Interconnection (OSI) Model

1. Communication structure for interconnected computer systems

2. Each layer communicates directly with the layer above and the layer below it

3. The Application, Presentation, and Session Layers (5-7) are commonly referred to simply as data.

4. each layer has the potential to perform encapsulation

   1. encapsulation occurs as the data moves down the OSI model from Application to Physical

   2. The addition of header and possibly a footer data by a protocol used at that layer of the OSI model

   3. data is encapsulated at each descending layer

   4. the previous layer’s header, payload and footer are all treated as the next layer’s payload

   5. The data unit size increases as we move down the conceptual model and the contents continue to encapsulate.

5. each layer has the potential to perform de-encapsulation [ decapsulation ]

   1. occurs as data moves up the OSI model layers from Physical to Application

   2. As we move up the OSI model, the data unit becomes smaller.

6. At the Physical Layer (1)

   1. the data unit is converted into binary 01010111

   2. sent across physical wires such as an ethernet cable

• When someone references an image file like a JPEG or PNG, we are talking about the Presentation Layer (6).

• When discussing logical ports such as NetBIOS, we are discussing the Session Layer (5).

• When discussing TCP/UDP, we are discussing the Transport Layer (4).

• When discussing routers sending packets, we are discussing the Network Layer (3).

• When discussing switches, bridges or WAPs sending frames, we are discussing the Data Link Layer (2).

Transmission Control Protocol/Internet Protocol (TCP/IP)

TCP/IP protocol stack comprising dozens of individual protocols was developed in the early 1970s.

Layer	TCP/IP Protocol Architecture Layers
Application Layer	Defines the protocols for the transport layer.
Transport Layer	Permits data to move among devices.
Internet Layer	Creates/inserts packets.
Network Interface Layer	How data moves through the network.

TCP is a full-duplex connection-oriented protocol

UDP is a simplex connectionless protocol

Internet Control Message Protocol (ICMP) is used to determine the health of a network or a specific link

Use ping to determine whether the remote system is online

IPv4 provides a 32-bit address space

IPv6 provides a 128-bit address space

• An IPv4 address is expressed as four octets separated by a dot

• 216.12.146.140

• Each octet may have a value between 0 and 255.

• 0 is the network itself (not a device on that network)

• 255 is generally reserved for broadcast purposes

• Each address is subdivided into two parts:

  • the network number

  • the host

• The network number assigned by an external organization, such as the Internet Corporation for Assigned Names and Numbers (ICANN), represents the organization’s network.

• The host represents the network interface within the network.

Networks are typically divided into subnets

Subnet mask is used to define the part of the address used for the subnet

Mask is usually converted to decimal notation 255.255.255.0

Private addresses available for anyone to use
10.0.0.0 to 10.255.255.254
172.16.0.0 to 172.31.255.254
192.168.0.0 to 192.168.255.254

An IPv6 address is shown as 8 groups of four digits

IPv6 addresses use the hexadecimal range (0000-ffff) and are separated by colons (:) rather than periods (.)

• can be shortened by

  • removing the leading zeros at the beginning of each field

  • substituting two colons (::) for the longest consecutive zero fields

  • All fields must retain at least one digit

2001:0db8:0000:0000:0000:ffff:0000:0001 after shortening becomes 2001:0db8::ffff:0:1

Addresses and ranges that are reserved for special uses:

1. ::1 is the local loopback address

2. 127.0.0.1 the local loopback address in IPv4

3. range 2001:db8:: to 2001:db8:ffff:ffff:ffff:ffff:ffff:ffff is reserved for documentation use

4. fc00:: to fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff are

   1. addresses reserved for internal network use

   2. are not routable on the internet

Improperly implemented TCP/IP stacks in various operating systems are vulnerable to various:

1. DoS/DDoS attacks

2. fragment attacks

3. oversized packet attacks

4. spoofing attacks

5. man-in-the-middle

6. monitoring / sniffing

physical ports are that you connect wires

1. fiber optic cables

2. Cat5 cables

to:

1. routers

2. switches

3. servers

4. computer

logical ports (sockets) that determine where the data/traffic goes

• Communication connection is established between two systems, it is done using ports.

• Ports allow a single IP address to be able to support multiple simultaneous communications, each using a different port number.

• Data types are mapped using port numbers associated with services.

• Well-known ports (0–1023)

  • related to the common protocols

• Registered ports (1024–49151)

  • proprietary applications from vendors and developers.

• Dynamic or private ports (49152–65535)

Port	Vuln	Protocol	Secure Port	Protocol
21	plaintext	File Transfer Protocol	22* - SFTP	Secure File Transfer Protocol
23	plaintext	Telnet	22* - SSH	Secure Shell
25	unencrypted	Simple Mail Transfer	587 - SMTP	SMTP with TLS
37	legacy	Time Protocol	123	Network Time Protocol
53	modified	Domain Name Serv.	853 - DoT	DNS over TLS
80	unencrypted	HTTP	443	HyperText Transfer Protocol (SSL/TLS)
143	unencrypted	IMAP	993	IMAP for SSL/TLS
161	unencrypted	SNMP	161	SNMPv3
162	unencrypted	SNMP	162	SNMPv3
389	unencrypted	LDAP	636	LDAPS
445	unencrypted	SMB	2049	Network File System

1. Between the client and the server, there is a system for synchronizing and acknowledging any request that is known as a three-way handshake.

2. This handshake is used to establish a TCP connection between two devices.

3. Depending on the exact protocol, there may be additional connection negotiation taking place.

4. First, the client sends synchronization (SYN) packet to the web server’s port 80 or 443.

5. This is a request to establish a connection.

6. The web server replies to the SYN packet with an acknowledgement known as a SYN/ACK.

7. Finally, the client acknowledges the connection with an acknowledgement (ACK).

8. At this point, the basic connection is established, and the client and host will further negotiate secure communications over that connection.

SYN, SYN-ACK, ACK Handshake