|
|
(18 intermediate revisions by the same user not shown) |
Line 1: |
Line 1: |
| = Resources =
| |
| <blockquote>
| |
| {| class="wikitable"
| |
| |-
| |
| | router overview || https://www.uhcl.edu/computing/information-security/tips-best-practices/routers
| |
| |-
| |
| |}
| |
| </blockquote><!-- Resources -->
| |
|
| |
| = Tutorials = | | = Tutorials = |
| <blockquote> | | <blockquote> |
Line 17: |
Line 8: |
| </blockquote><!-- Tutorials --> | | </blockquote><!-- Tutorials --> |
|
| |
|
| = Intro = | | = Non Routable IP Ranges = |
| == Network Layers ==
| |
| <blockquote> | | <blockquote> |
| The network layers used depend on the networking ''model'' used.
| | IP addresses that by default are not routed by domain-name servers. |
| Most networks use the IP model with 4x layers (physical, datalink, network, transport),
| | <syntaxhighlight lang="yaml"> |
| the other populare model is OSI with 6x layers
| | 127.0.0.1: 127.0.0.1 # Available IPs: 1 |
| (physical, datalink, network, transport, session, presentation).
| | 10.0.0.0/8: 10.0.0.0 – 10.255.255.255 # Available IPs: 16,777,214 |
| | | 172.16.0.0/12: 172.16.0.0 – 172.31.255.255 # Available IPs: 1,048,574 |
| The combination of these layers is referred to as the '''networking stack'''.
| | 192.168.0.0/16: 192.168.0.0 – 192.168.255.255 # Available IPs: 65,534 |
| | | </syntaxhighlight> |
| | | </blockquote><!-- Non Routable IP Ranges --> |
| {| class="wikitable"
| |
| |-
| |
| ! Layer
| |
| ! Unit
| |
| ! Debug Tools
| |
| ! Description
| |
| |-
| |
| |-
| |
| | 1) Physical Layer || || linklight, ipconfig/ifconfig, replace-cable ||
| |
| ethernet, arp (address resolution protocol), the cord
| |
| |-
| |
| | 2) Datalink Layer || frames || arp, nd, tcpdump ||
| |
| The protocol used to transmit frames over the wire.
| |
| The Datalink layer is designed to fire frames at a target MAC addr (Media Access Control)
| |
| using ARP (Address Resolution Protocol).
| |
| |-
| |
| | 3) Network Layer || packets || ping, traceroute ||
| |
| The network layer answers 'how do i get this to the target host?'.
| |
| Unlike the physical/datalink layers which get stripped off and replaced
| |
| as the information passes through different networks, the network layer
| |
| always stays the same.
| |
| | |
| The network layer speaks a specific protocol. The internet (the one that serves you websites)
| |
| uses TCP/IP. All nodes in a TCP/IP network are assigned a globally unique address
| |
| (within that network) so that other hosts can find it.
| |
| |-
| |
| | 4) Transport || segments || netstat, netcat, tcpdump ||
| |
| Low level connectivity between hosts happens here. This is the languages that carry
| |
| the data. Examples of transport layer protocols are HTTP, DHCP, BGP, SSH, LDAP, POP, XMPP, ...
| |
| This is also the layer that carries ICMP error messages.
| |
| |-
| |
| |}
| |
| | |
| | |
| </blockquote> | |
|
| |
|
| == Example Transaction == | | = Basics = |
| <blockquote> | | <blockquote> |
| An example might help this sink in.
| | Information sent over a network is layered like an onion.<br> |
| | | As you progress closer to your application, the outer layers are removed,<br> |
| <syntaxhighlight lang="bash"> | | leaving only information that is useful to each stage. |
| | |
| visit a website: #(GET request on server's port 80)
| |
| | |
| transport (HTTP)
| |
| request is sliced into segments(transport) of 536 bytes or smaller
| |
| | |
| network (TCP/IP)
| |
| if network knows how to reach destination, each segment is wrapped in
| |
| TCP/IP info, and handed off to the datalink layer.
| |
| | |
| datalink (MAC,ARP)
| |
| Adds information about the physical protocol (ethernet, token-ring, ...)
| |
| and fires the data to a target MAC address.
| |
| | |
| ---
| |
| | |
| physical
| |
| the information is sent over the wire
| |
| | |
| ---
| |
| | |
| On the receiving end, datalink, and network layers are stripped off, and all
| |
| segments (transport) are re-assembled to form the request. This is handed to
| |
| the web-server, which then repeats the above with a reply.
| |
|
| |
|
| | <syntaxhighlight lang="xml"> |
| | <!-- a pseudocode piece of network data --> |
| | <datalink> |
| | <network> |
| | <transport> |
| | <application/> |
| | </transport> |
| | </network> |
| | </datalink> |
| </syntaxhighlight> | | </syntaxhighlight> |
| </blockquote><!-- example --> | | </blockquote><!-- Basics --> |
|
| |
|
| = Layers = | | = 5-layer TCP/IP model = |
| <blockquote> | | <blockquote> |
|
| |
| == Physical ==
| |
| <blockquote>
| |
| {|
| |
| | coax
| |
| |-
| |
| | optical
| |
| |}
| |
| </blockquote><!-- physical layer -->
| |
|
| |
| == Datalink ==
| |
| <blockquote>
| |
|
| |
| {| class="wikitable" | | {| class="wikitable" |
| | !- |
| | !colspan=1|layer |
| | !colspan=1|protocol |
| | !colspan=1|unit |
| | !colspan=1|address |
| |- | | |- |
| !colspan=2| protocols
| | | 1 || [[networking physical layer|physical]] || 10 Base T, 802.11 || Bits || n/a |
| |- | | |- |
| | [[ethernet protocol|ethernet]] || most commonly used protocol for the datalink layer | | | 2 || [[networking datalink layer|datalink]] || Ethernet, WiFi || Frames || MAC addr |
| |- | | |- |
| |} | | | 3 || [[networking network layer|network]] || IP || Datagram || IP addr |
| | |
| | |
| {| class="wikitable"
| |
| |- | | |- |
| !colspan=2|terminology
| | | 4 || [[networking transport layer|transport]] || TCP, UDP || Segment || Ports |
| |- | | |- |
| | [[routing schemes]] || broadcast, unicast, multicast, ... | | | 5 || [[networking application layer|application]] || HTTP, SMTP, .. || Messages || n/a |
| |-
| |
| | [[networking: duplex|duplex]] || If traffic can be sent/received at the same time | |
| |-
| |
| | [[networking: mtu|MTU]] || the largest allowed frame-size (datalink) on a network.
| |
| |- | | |- |
| |} | | |} |
| | | </blockquote><!-- 5-layer TCP/IP model --> |
| {| class="wikitable"
| |
| |-
| |
| !colspan=2| Network Configurations
| |
| |-
| |
| | [[networking: vlan|vlan]] || using one NIC/cord to share multiple connections to separate networks (ex: WAN/LAN on firewall)
| |
| |-
| |
| |}
| |
| | |
| {| class="wikitable"
| |
| |-
| |
| !colspan=2| Datalink Errors
| |
| |-
| |
| | frame errors || Frames received with an invalid checksum.
| |
| |-
| |
| | drops || Frames that were discarded by the netwk iface. unexpected VLAN tags, ipv6 packets when iface is not configured for ipv6.
| |
| |-
| |
| | overruns || Too much data received too quickly (before kernel can handle them). The buffer is full, so packets are dropped.
| |
| |-
| |
| | collisions || On half-duplex netwk, when 2x sides of a connection are talking at the same time.
| |
| |-
| |
| |}
| |
| | |
| '''finding datalink errors'''
| |
| | |
| <syntaxhighlight lang="bash">
| |
| netstat -i
| |
| | |
| ## Windows does not officially support viewing datalink errors. check the switch
| |
| </syntaxhighlight>
| |
| | |
| <syntaxhighlight lang="bash">
| |
| TX- ## packets sent
| |
| RX- ## packets received
| |
| | |
| | |
| *-OK ## correctly recceived frames
| |
| *-ERR ## incorrect packets received
| |
| *-DRP ## packets dropped at this interface
| |
| *-OVR ## packets this interface was unable to receive
| |
| </syntaxhighlight>
| |
| | |
| </blockquote><!-- Datalink -->
| |
| | |
| == Network ==
| |
| <blockquote>
| |
| | |
| {|
| |
| !colspan=2| Protocols
| |
| |-
| |
| | [[ipv4]]
| |
| |-
| |
| | [[ipv6]]
| |
| |}
| |
| | |
| | |
| </blockquote><!-- Network --> | |
| | |
| == Transport ==
| |
| <blockquote>
| |
| | |
| {|
| |
| |-
| |
| !colspan=2| Protocols
| |
| |-
| |
| | [[tcp]]
| |
| |}
| |
| | |
| </blockquote><!-- Transport -->
| |
| </blockquote><!-- Layers -->
| |