|
|
(21 intermediate revisions by the same user not shown) |
Line 1: |
Line 1: |
| = Resources =
| |
| <blockquote>
| |
| {| class="wikitable"
| |
| |-
| |
| | router overview || https://www.uhcl.edu/computing/information-security/tips-best-practices/routers
| |
| |-
| |
| |}
| |
| </blockquote><!-- Resources -->
| |
|
| |
| = Tutorials = | | = Tutorials = |
| <blockquote> | | <blockquote> |
Line 17: |
Line 8: |
| </blockquote><!-- Tutorials --> | | </blockquote><!-- Tutorials --> |
|
| |
|
| = Intro = | | = Non Routable IP Ranges = |
| == Network Layers ==
| |
| <blockquote> | | <blockquote> |
| The network layers used depend on the networking ''model'' used.
| | IP addresses that by default are not routed by domain-name servers. |
| Most networks use the IP model with 4x layers (physical, datalink, network, transport),
| | <syntaxhighlight lang="yaml"> |
| the other populare model is OSI with 6x layers
| | 127.0.0.1: 127.0.0.1 # Available IPs: 1 |
| (physical, datalink, network, transport, session, presentation).
| | 10.0.0.0/8: 10.0.0.0 – 10.255.255.255 # Available IPs: 16,777,214 |
| | 172.16.0.0/12: 172.16.0.0 – 172.31.255.255 # Available IPs: 1,048,574 |
| | 192.168.0.0/16: 192.168.0.0 – 192.168.255.255 # Available IPs: 65,534 |
| | </syntaxhighlight> |
| | </blockquote><!-- Non Routable IP Ranges --> |
|
| |
|
| The combination of these layers is referred to as the '''networking stack'''.
| | = Basics = |
| | |
| | |
| {| class="wikitable"
| |
| |-
| |
| ! Layer
| |
| ! Unit
| |
| ! Debug Tools
| |
| ! Description
| |
| |-
| |
| |-
| |
| | 1) Physical Layer || || linklight, ipconfig/ifconfig, replace-cable ||
| |
| ethernet, arp (address resolution protocol), the cord
| |
| |-
| |
| | 2) Datalink Layer || frames || arp, nd, tcpdump ||
| |
| The protocol used to transmit frames over the wire.
| |
| The Datalink layer is designed to fire frames at a target MAC addr (Media Access Control)
| |
| using ARP (Address Resolution Protocol).
| |
| |-
| |
| | 3) Network Layer || packets || ping, traceroute ||
| |
| The network layer answers 'how do i get this to the target host?'.
| |
| Unlike the physical/datalink layers which get stripped off and replaced
| |
| as the information passes through different networks, the network layer
| |
| always stays the same.
| |
| | |
| The network layer speaks a specific protocol. The internet (the one that serves you websites)
| |
| uses TCP/IP. All nodes in a TCP/IP network are assigned a globally unique address
| |
| (within that network) so that other hosts can find it.
| |
| |-
| |
| | 4) Transport || segments || netstat, netcat, tcpdump ||
| |
| Low level connectivity between hosts happens here. This is the languages that carry
| |
| the data. Examples of transport layer protocols are HTTP, DHCP, BGP, SSH, LDAP, POP, XMPP, ...
| |
| This is also the layer that carries ICMP error messages.
| |
| |-
| |
| |}
| |
| | |
| | |
| </blockquote>
| |
| | |
| == Example Transaction ==
| |
| <blockquote> | | <blockquote> |
| An example might help this sink in.
| | Information sent over a network is layered like an onion.<br> |
| | | As you progress closer to your application, the outer layers are removed,<br> |
| <syntaxhighlight lang="bash"> | | leaving only information that is useful to each stage. |
| | |
| visit a website: #(GET request on server's port 80)
| |
| | |
| transport (HTTP)
| |
| request is sliced into segments(transport) of 536 bytes or smaller
| |
| | |
| network (TCP/IP)
| |
| if network knows how to reach destination, each segment is wrapped in
| |
| TCP/IP info, and handed off to the datalink layer.
| |
| | |
| datalink (MAC,ARP)
| |
| Adds information about the physical protocol (ethernet, token-ring, ...)
| |
| and fires the data to a target MAC address.
| |
| | |
| ---
| |
| | |
| physical
| |
| the information is sent over the wire
| |
| | |
| ---
| |
| | |
| On the receiving end, datalink, and network layers are stripped off, and all
| |
| segments (transport) are re-assembled to form the request. This is handed to
| |
| the web-server, which then repeats the above with a reply.
| |
|
| |
|
| | <syntaxhighlight lang="xml"> |
| | <!-- a pseudocode piece of network data --> |
| | <datalink> |
| | <network> |
| | <transport> |
| | <application/> |
| | </transport> |
| | </network> |
| | </datalink> |
| </syntaxhighlight> | | </syntaxhighlight> |
| </blockquote><!-- example --> | | </blockquote><!-- Basics --> |
| | |
| = Layers =
| |
| <blockquote>
| |
| | |
| == Physical ==
| |
| <blockquote>
| |
| {|
| |
| | coax
| |
| |-
| |
| | optical
| |
| |}
| |
| </blockquote><!-- physical layer -->
| |
|
| |
|
| == Datalink == | | = 5-layer TCP/IP model = |
| <blockquote> | | <blockquote> |
|
| |
| {| class="wikitable"
| |
| |-
| |
| !colspan=2| protocols
| |
| |-
| |
| | [[ethernet protocol|ethernet]] || most commonly used protocol for the datalink layer
| |
| |-
| |
| |}
| |
|
| |
|
| |
| {| class="wikitable"
| |
| |-
| |
| !colspan=2|terminology
| |
| |-
| |
| | [[routing schemes]] || broadcast, unicast, multicast, ...
| |
| |-
| |
| | [[networking: duplex|duplex]] || If traffic can be sent/received at the same time
| |
| |-
| |
| | [[networking: mtu|MTU]] || the largest allowed frame-size (datalink) on a network.
| |
| |-
| |
| |}
| |
|
| |
| {| class="wikitable" | | {| class="wikitable" |
| | !- |
| | !colspan=1|layer |
| | !colspan=1|protocol |
| | !colspan=1|unit |
| | !colspan=1|address |
| |- | | |- |
| !colspan=2| Network Configurations
| | | 1 || [[networking physical layer|physical]] || 10 Base T, 802.11 || Bits || n/a |
| |- | | |- |
| | [[networking: vlan|vlan]] || using one NIC/cord to share multiple connections to separate networks (ex: WAN/LAN on firewall) | | | 2 || [[networking datalink layer|datalink]] || Ethernet, WiFi || Frames || MAC addr |
| |- | | |- |
| |} | | | 3 || [[networking network layer|network]] || IP || Datagram || IP addr |
| | |
| {| class="wikitable"
| |
| |- | | |- |
| !colspan=2| Datalink Errors
| | | 4 || [[networking transport layer|transport]] || TCP, UDP || Segment || Ports |
| |- | | |- |
| | frame errors || Frames received with an invalid checksum. | | | 5 || [[networking application layer|application]] || HTTP, SMTP, .. || Messages || n/a |
| |- | |
| | drops || Frames that were discarded by the netwk iface. unexpected VLAN tags, ipv6 packets when iface is not configured for ipv6. | |
| |-
| |
| | overruns || Too much data received too quickly (before kernel can handle them). The buffer is full, so packets are dropped.
| |
| |- | |
| | collisions || On half-duplex netwk, when 2x sides of a connection are talking at the same time. | |
| |- | | |- |
| |} | | |} |
| | | </blockquote><!-- 5-layer TCP/IP model --> |
| '''finding datalink errors'''
| |
| | |
| <syntaxhighlight lang="bash">
| |
| netstat -i
| |
| | |
| ## Windows does not officially support viewing datalink errors. check the switch
| |
| </syntaxhighlight>
| |
| | |
| <syntaxhighlight lang="bash">
| |
| TX- ## packets sent
| |
| RX- ## packets received
| |
| | |
| | |
| *-OK ## correctly recceived frames
| |
| *-ERR ## incorrect packets received
| |
| *-DRP ## packets dropped at this interface
| |
| *-OVR ## packets this interface was unable to receive
| |
| </syntaxhighlight>
| |
| | |
| </blockquote><!-- Datalink --> | |
| | |
| == Network ==
| |
| <blockquote>
| |
| | |
| {|
| |
| !colspan=2| Protocols
| |
| |-
| |
| | [[ipv4]]
| |
| |-
| |
| | [[ipv6]]
| |
| |}
| |
| | |
| | |
| </blockquote><!-- Network -->
| |
| | |
| == Transport ==
| |
| <blockquote>
| |
| | |
| {|
| |
| |-
| |
| !colspan=2| Protocols
| |
| |-
| |
| | [[tcp]]
| |
| |}
| |
| | |
| </blockquote><!-- Transport -->
| |
| </blockquote><!-- Layers -->
| |
| | |
| = Subnet Netmask =
| |
| <blockquote>
| |
| {| class="wikitable"
| |
| | microsoft subnet docs || https://support.microsoft.com/en-us/help/164015/understanding-tcp-ip-addressing-and-subnetting-basics
| |
| |-
| |
| |}
| |
| | |
| An ip address alone is not enough information to route a packet.<br>
| |
| You need to know what parts of the address belong to the '''network''' and to the '''host'''.
| |
| | |
| IPv4 addresses are normally expressed in 4x decimal numbers of 0-255.<br>
| |
| These numbers represent binary masks<br>.
| |
| | |
| <source lang="bash">
| |
| 255.255.255.0 == 11111111.11111111.11111111.0000000
| |
| </source>
| |
| | |
| A subnet mask consists entirely of 0/1s.
| |
| * digits represented by 1 belong to the network addr
| |
| * digits represented by 0 belong to the host addr
| |
| | |
| <source lang="bash">
| |
| # shamefully stolen from microsoft docs
| |
| 11000000.10101000.01111011.10000100 -- IP address (192.168.123.132)
| |
| 11111111.11111111.11111111.00000000 -- Subnet mask (255.255.255.0)
| |
| </source>
| |
| | |
| == CIDR Notation ==
| |
| <blockquote>
| |
| <source lang="bash">
| |
| 111.222.333.444 # ip address.
| |
| | |
| 111.222.333.444/32 # network=111.222.333.444 host=0.0.0.0 (1 node on netwk)
| |
| 111.222.333.444/24 # network=111.222.333.0 host=0.0.0.444 (254 nodes on netwk)
| |
| 111.222.333.444/16 # network=111.222.0.0 host=0.0.333.444 (65,534 nodes on netwk)
| |
| 111.222.333.444/8 # network=111.0.0.0 host=0.222.333.444 (16,777,214 nodes on netwk)
| |
| </source>
| |
| | |
| You are not limited to /32, /24, /16, and /8, these are just the most common.<br>
| |
| See http://droptips.com/cidr-subnet-masks-and-usable-ip-addresses-quick-reference-guide-cheat-sheet
| |
| | |
| </blockquote>
| |
| </blockquote><!-- Subnet Netmask -->
| |