Networking Overview
Resources
router overview https://www.uhcl.edu/computing/information-security/tips-best-practices/routers
Tutorials
code a TCP/IP stack https://www.saminiir.com/lets-code-tcp-ip-stack-1-ethernet-arp/
Intro
Network Layers
The network layers used depend on the networking model used. Most networks use the IP model with 4x layers (physical, datalink, network, transport), the other populare model is OSI with 6x layers (physical, datalink, network, transport, session, presentation).
The combination of these layers is referred to as the networking stack.
Layer Unit Debug Tools Description 1) Physical Layer linklight, ipconfig/ifconfig, replace-cable ethernet, arp (address resolution protocol), the cord
2) Datalink Layer frames arp, nd, tcpdump The protocol used to transmit frames over the wire. The Datalink layer is designed to fire frames at a target MAC addr (Media Access Control) using ARP (Address Resolution Protocol).
3) Network Layer packets ping, traceroute The network layer answers 'how do i get this to the target host?'. Unlike the physical/datalink layers which get stripped off and replaced as the information passes through different networks, the network layer always stays the same.
The network layer speaks a specific protocol. The internet (the one that serves you websites) uses TCP/IP. All nodes in a TCP/IP network are assigned a globally unique address (within that network) so that other hosts can find it.
4) Transport segments netstat, netcat, tcpdump Low level connectivity between hosts happens here. This is the languages that carry the data. Examples of transport layer protocols are HTTP, DHCP, BGP, SSH, LDAP, POP, XMPP, ... This is also the layer that carries ICMP error messages.
Example Transaction
An example might help this sink in.
visit a website: #(GET request on server's port 80) transport (HTTP) request is sliced into segments(transport) of 536 bytes or smaller network (TCP/IP) if network knows how to reach destination, each segment is wrapped in TCP/IP info, and handed off to the datalink layer. datalink (MAC,ARP) Adds information about the physical protocol (ethernet, token-ring, ...) and fires the data to a target MAC address. --- physical the information is sent over the wire --- On the receiving end, datalink, and network layers are stripped off, and all segments (transport) are re-assembled to form the request. This is handed to the web-server, which then repeats the above with a reply.
Layers
Physical
coax optical Datalink
protocols ethernet most commonly used protocol for the datalink layer
terminology routing schemes broadcast, unicast, multicast, ... duplex If traffic can be sent/received at the same time MTU the largest allowed frame-size (datalink) on a network.
Network Configurations vlan using one NIC/cord to share multiple connections to separate networks (ex: WAN/LAN on firewall)
Datalink Errors frame errors Frames received with an invalid checksum. drops Frames that were discarded by the netwk iface. unexpected VLAN tags, ipv6 packets when iface is not configured for ipv6. overruns Too much data received too quickly (before kernel can handle them). The buffer is full, so packets are dropped. collisions On half-duplex netwk, when 2x sides of a connection are talking at the same time. finding datalink errors
netstat -i ## Windows does not officially support viewing datalink errors. check the switchTX- ## packets sent RX- ## packets received *-OK ## correctly recceived frames *-ERR ## incorrect packets received *-DRP ## packets dropped at this interface *-OVR ## packets this interface was unable to receiveNetwork
Protocols ipv4 ipv6
Transport
Protocols tcp
Subnet Netmask
microsoft subnet docs https://support.microsoft.com/en-us/help/164015/understanding-tcp-ip-addressing-and-subnetting-basics An ip address alone is not enough information to route a packet.
You need to know what parts of the address belong to the network and to the host.IPv4 addresses are normally expressed in 4x decimal numbers of 0-255.
These numbers represent binary masks
.255.255.255.0 == 11111111.11111111.11111111.0000000A subnet mask consists entirely of 0/1s.
- digits represented by 1 belong to the network addr
- digits represented by 0 belong to the host addr
# shamefully stolen from microsoft docs 11000000.10101000.01111011.10000100 -- IP address (192.168.123.132) 11111111.11111111.11111111.00000000 -- Subnet mask (255.255.255.0)