TCP/IP Networking Essentials
TCP/IP Networking Essentials
* Protocol - A defined set of standards that computers must follow in order to communicate properly.
* Computer Networking - Full scope of how computers communicate with each other.
1. Physical Layer
------------------
* Represents the physical devices that interconnect computers, specification, joiner, specifications of the
signals sent through, cabling, connectors and sending signals;
-------------------------------------------------------------------
* Responsible for defining a common way of interpreting these signals so network devices can communicate;
* Many protocols for the Data link layer - most common - Ethernet, although wireless technologies are
becoming popular;
- The Ethernet standard - specifies the physical layer attributes and defines protocols responsible for
getting data to nodes on the same network or link;
- The data link layer is responsible to get data across a single link;
----------------------------------
* Enables different networks to communicate with each other through a devices known as routers;
- A collection of networks connected together through routers is called the Internetwork - Internet;
- The network layer is responsible for getting data delivered across a collection of networks;
- IP is the heart of the Internet and most smaller networks around the world;
4. Transport Layer
------------------
* Sorts out which client and server programs are supposed to get the data;
- Another protocol - UDP - User Datagram Protocol - does not provide data reliability;
- The Transport Layer (TCP/UDP) - ensures the data on the node gets to the respective application;
5. Application Layer
---------------------
1. Cables - Connect different devices to each other allowing data to be transmitted over them;
- Binary data value is sent through these copper cables by changing the voltage and the system at the
receiving end can interpret these voltage changes and the binary data;
a. The most common forms of copper twisted-pair cables used in networking are Cat5, Cat5e, and Cat6 cables;
- Cat -> category - different physical categories like the number of twists, lengths and transfer rates,
interferences, crosstalk;
* Crosstalk - When an electrical pulse on one wire is accidently detected on another wire;
b. Fiber optic cables - Contain individual optical Fiber, which are tiny tubes made of glass about the width
of a human hair;
- Pulses of light are used to represent ones and zeros of the data;
----------------------
* Hub - A physical layer device that allows for connections from many computers at once, it could cause a
collision domain;
- Collison domain - a network segment where only one device can communicate at a time, otherwise electrical
signal from other systems will interfere, slows;
* Switch - A Data-link layer device - It inspects the contents of the Ethernet protocol data being sent
around the network, determine which system the data is intended for and send it to it; Eliminates collision
domain;
3. Routers
------------
* Hubs and Switches are the primary devices used to connect computers on a single network , usually referred
to as LAN (Local Area Network);
- Router - A device that knows how to forward data between independent networks;
- Routers store internal tables containing information about how to route traffic between lots of different
networks in the world;
- Home network , local office networks have less sophisticated routers, whereas the one connected to the ISP
are called core routers which handle a lot of traffic and functionality;
- Border Gateway Protocol (BGP) - Routers share data with each other via this protocol, which lets them to
learn about the most optimal paths to forward traffic;
Physical Layer
* Focus is moving ones and zeros from one end of the link to the next;
- It consists of devices and means of transmitting bits across the computer networks;
* Bit - The smallest representation of data that a computer can understand; it's a one or zero;
- Ones and Zeros are sent across the network through a process called modulation;
* Modulation - It is a way of varying the voltage of the charges moving across the cable;
* Line coding - Modulations used for computer networks - enable devices and both ends of the network to
realize the data of data as a ) or a 1;
- Line coding is the modulation of an electrical charge so that each side of a connection knows what is a
one and what is a zero.
- Twisted Pairs -> Copper wires twisted that behave as a conduct of information preventing electromagnetic
interference and crosstalk from neighbouring pairs;
- Standard cat six cable -> 8 wires, 4 twisted pairs inside a single jacket, based on the transmission
technology used the respective no of pairs are used;
* Duplex Communication - The concept that information can flow in both directions across the cable;
- Networking cables ensures duplex communication is possible is by reserving one or two pairs for
communicating in one direction and the other one or two pairs for communicating in the other direction -
simultaneous communication is possible - full duplex;
* Half duplex - while full duplex communication is possible it is possible for only one device;
- Full duplex allows communications in two directions at the same time; half duplex means that only one side
can communicate at a time.
-------------------------------
* The ends of the twisted pair are attached to plugs. A common plug is the RJ45 port (Registered Jack 45).
- A network cable with RJ-45 plug can connect to an RJ-45 network port.
* Network ports are generally directly attached to the devices that make up a computer network;
- Switched will have many network ports because their purpose is to connect to many devices;
- Servers and desktops usually have only one or two network ports;
- Laptops, Servers, Tablets, or phones probably do not have any network ports; (Wireless networking);
- Most network ports have two small LEDs - Link LED and the other Activity LED;
-> Link Light - lit when a cable is properly connected to two devices that are both powered on.
-> Activity Light - will flash when data is actively transmitted across the cable; (Traffic or not);
- Switches - sometimes the same LED is used for both link and activity status - additionally could indicate
- link speed;
* Patch panel - It is a device containing many network ports; It is just a container for the endpoints of
many runs of cable;
- Additional cables are run from a patch panel to switches or routers to provide network access to the
computers at the other end of those links.
Data Link Layer
-> Ethernet - The protocol most widely used to send data across individual networks;
-> Ethernet and the data link layer allow software at the higher-level stack to send and receive data;
-> Ethernet solved the problem with collision domain by - carrier sense multiple access with collision
domain - CSMA/CD;
-> CSMA/CD - Used to determine when the communication is clear and when a device is free to transmit data;
- If there is no data being transmitted on the network segment, a node will feel free to send the data;
- If two or more computers end up trying to send data at the same time the computers detect the
collision and stop sending the data;
- Each device involved with the collision then waits a random interval of time before trying to send
data again;
- This random interval prevents the data from computers from colliding again;
-> A MAC address is split into two -> OUI ( Organizationally Unique Identifier)
- OUI ( Organizationally Unique Identifier) - First three octets of a MAC address, these are assigned
to individual hardware manufacturers by IEEE;
- the last three octets of MAC address can be assigned in any way the manufacturer would want but it
must be unique;
-> Ethernet uses MAC addresses to ensure that data it sends has both an address for the machine that
sent the transmission as well as the one the transmission was intended for;
- Identification - If the least significant bit in the first octet of a destination address is set to
zero, it means that ethernet frame is intended for only the destination address.
-> Multicast - Identification - If the least significant bit in the first octet of a destination address
is set to one, it means that ethernet frame is a multicast frame.
-> Broadcast - intended for all receivers on the LAN. It uses a broadcast address and constitutes of all
F's. FF:FF:FF:FF:FF:FF;
-------------------------------
-> Data packet - An all-encompassing term that represents any single set of binary data being sent across
a network link;
-> Data packets at the Ethernet level are known as Ethernet frames;
-> Ethernet Frame - A highly structured collection of information presented in a specific order;
* Ethernet Frame
-----------------
Preamble - 8 bytes
Tag - 4 bytes
Ether-type - 2 bytes
1. Preamble - 8 bytes long, can be split into 2 sections; - first 7 byes - series on 1's and 0's
- used by network interfaces to synchronize internal clocks they use regulate the speed at which data is
sent;
- last byte -> SFD - Start Frame Delimiter - Signals to a receiving device that the preamble is over and
that the actual frame contents will follow;
2. Destination MAC Adress - The hardware address of the intended recipient; (48 bits / 6 bytes)
4. Ether Type - 16 bits / 2 bytes long and used to describe the protocol of the contents of the frame;
5. Tag/VLAN Tag/ VLAN Header - 4 bytes - Indicates a VLAN frame - VLAN - Virtual LAN - A technique that
enables multiple logical LANs operating on the same physical equipment; VLANs are used to segregate
different forms of traffic;
6. Payload - It is the actual data being transported excluding the header; - contains data from higher
network layers - IP, transport;
7. FCS - Frame Check Sequence - 4 bytes - checksum value for the entire frame - it is calculated by
performing what is known as a cyclical redundancy check against the frame;
* Cyclical Redundancy Check (CRC) - An important concept for data integrity and is used all over computing,
not just network transmissions - uses polynomial division to create a number that represents a larger set of
data - to ensure the data is not corrupted;
-> Ethernet reports of data integrity; The FCS on the sender is matched with the receiver in case of a
mismatch it is thrown out and is up to a higher-level protocol to decide if the frame needs to be re-
transmitted;
-----------------------------------------------------------------------------------------------------------
Network Layer
-> In LAN - nodes can communicate with each other through their physical MAC addresses - works well on small
scale and switches can learn the MAC addresses connected to each other port to forward transmission;
-> Every single network interface has a unique MAC address and are not ordered in a systematic way, hence no
way of knowing the location of MAC address at any point of time - not ideal for communicating long
distances;
- The nodes learn about each other through physical addressing that isn't translatable to anything besides a
single network signet;
* IP Addresses:
---------------
-> IP addresses are 32-bit long numbers made up of 4 octets, and each octet is described in decimal numbers.
172.16.254.1 -> 10101100 . 00010000 . 11111110 . 00000001 -> 4 bytes - 32 bits; (0-255) -> Dotted
Decimal Notation;
-> IP Addresses are distributed in large sections to various organizations and companies instead of being
determined by hardware vendors - IP addresses are more hierarchical and easier to store data than physical
addresses;
-> A Laptop will have the same MAC address where ever it is by an IP address will differ - home network,
cafe network, etc, the LAN at a home network or internet cafe will each be individually responsible to
handing out an IP address;
-> Dynamic Host Configuration Protocol (DHCP) - enables to add a new host to the network, or add an IP
address to a host newly added to the network - this is termed as Dynamic IP Address; The other alternative
is Static IP Address(Configured on a node manually);
-> In most cases, static IP addresses are reserved for servers and network devices, while dynamic IP
addresses are reserved for clients;
-----------------------------------
0 4 8 16 19 31
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------
| Source IP Address |
-----------------------------------------------------------------------------
| Destination IP Address |
-----------------------------------------------------------------------------
| Options | Padding |
2. Header Length - 4 bit - length of the entire header; (20 bytes length - IPv4 )
3. Service Type - 8 bits - specify the quality of the service - QoS technologies - could also prioritize IP
Datagrams;
4. Total Length - 16 bits - Indicate the total length of the IP datagram it's attached to;
The maximum size of a single datagram is the largest number that can be represented with 16 bits; 65,535;
If the total amount of data that needs to be sent is larger than what can fit a single datagram, the IP
layer needs to split the data up into many individual packets and the identification number will be the same
for the packets to ensure the receiving ends understands it’s all a part of the same transaction;
6. Flag - used to indicate if a datagram is allowed to be fragmented or to indicate the datagram has been
fragmented already;
7. Fragmentation - Process of taking a single IP datagram and splitting it up into several smaller
datagrams;
8. TTL - Time to Live - 8 bit, indicates how many routers hops a datagram can traverse before it's thrown
away;
As a datagram hops from one router to another each router decrements the TTL value by 1, and it's
forwarded until it reaches 0, thereafter it is discarded this prevents looping;
9. Protocol - 8 bit, contains data about the transport layer protocol being used - TCP/UDP;
10. Header checksum field - A checksum of the contents of the entire IP datagram header - ensures the
datagram data is not corrupted and as the TTL value changes at each router it touches the checksum field
value also changes;
13. Options - An optional field and is used to set special characteristics for datagrams primarily for
testing purpose;
14. Padding - Series of 0's to ensure the header is the correct total size;
-> Encapsulation -> The entire content of an IP datagram is encapsulated as the payload of an Ethernet
frame;
-----------------
------------------
---------------------------------
---------------------------------
--------------------------------------------
--------------------------------------------
----------------------------------------------------------------------------
-----------------------------------------------------------------------------
Each layer is needed for the one above it;
* IP Address Classes:
--------------------
-> IP addresses can be split into 2 sections - network ID and the host ID;
-> Address Class System - A way of defining how a global IP address space is split up;
* Class A - 1st octet - Network ID, last three are used for Host ID; begin 0 ; 0 - 126 | 16 Million hosts
;
* Class B - first two octets - Network ID, second two are used for the Host ID; begins with 10 ; 128 - 191
| 6400 Hosts ;
* Class C - first three octets - Network ID, last octet - Host ID; begins with 110 ; 192 - 223 | 254 Hosts
;
* Class D - Begin with 1110 - used for multicasting - how a single IP datagram can be sent to an entire
network at once ; 224 - 239;
-> This class system has been replaced by CIDR (Classless inter-domain routing);
-------------------------------------
-> ARP - A protocol used to discover the hardware address of a node with certain IP address;
-> Most network connected devices while retaining local ARP table;
-> ARP table - A list of IP Addresses and the MAC addresses associated with them;
-> The IP datagram once fully formed needs to be encapsulated inside an Ethernet frame, hence the
transmitting device needs a destination MAC address to complete the Ethernet frame header;
-> Using the data in the ARP table the destination MAC address is seeked or else the transmitting device
sends a broadcast ARP message to the MAC broadcast address which is FF:FF:FF:FF:FF:FF - these are delivered
to all computers on a local network and the respective network interface sends an ARP response - that
contains the MAC address for the network interface;
-> ARP table entries generally expire after short amount of time to ensure changes in the network are
accounted;
* Subnetting:
--------------
-> The process of taking a large network and splitting it up into many individual and smaller subnetworks or
subnets;
-> Address classes give us a way to break the total global IP space into discrete networks;
- Core routers on the Internet know the IP belongs to 9.0.0.0 Class network;
- The Core routers route the message to the Gateway router responsible for the network by looking at the
network ID;
- Once the packet gets to the gateway router 9.0.0.0 Class A network, the router is responsible for
getting it to the proper system by looking at the host id;
- But a Class A address - consists of 16 Million hosts (Just too many devices to connect to the same
router) - That when subnetting comes in - each individual subnet will have its own gateway routers serving
as an ingress and egress point for each subnet.
-> A Gateway router specifically serves as the entry and exit path to a certain network;
-> On the other hand, core internet routers communicate with only other core internet routers;
* Subnet Masks
----------------
- Network Id's are used to identify networks and Host ID's are used to identify individual hosts;
- Subnet ID
- An IP address is 32-bit long, without subnetting - certain portion consists of network id and the rest
will be host ids;
- With subnetting - some of the bits that would normally comprise of the host ID are actually used for
the subnet ID;
- At the internet level - core routers care about the network id - use it to send the datagram to the
appropriate gateway router;
- The gateway router then has additional information it can use to send the datagram along to the
destination machine or the next router in the path to get there;
- Finally, the host id is used by the last router to deliver the datagram to the intended recipient
machine;
-> Subnet masks - 32-bit numbers that are normally written as four octets in decimal - It is a binary
number that has two sections - the beginning part - the mask itself is a string of ones and zeros come
after that;
- The subnet masks with 1's tells us what we can ignore when computing a Host Id;
- Example 1.- subnet mask - 255.255.255.0 -> 11111111 11111111 11111111 00000000; (Here only the last
octet can be reserved for host ids)
- 1's - tell the router what part of an IP address is the subnet ID;
* A subnet can usually only contain two less than the total number of the host IDs available; (0 - 22, 0
can't be used and 255 is used for broadcast address for the subnet); (1-254 are available for the hosts);
- Example 2. The subnet id -> 255.255.255.224 -> 11111111 11111111 11111111 11100000; (5 0's); - Means
five bits of Host ID space or a total of 32 addresses;
Representation - 9.100.100.100/27;
* Subnet Masks - A way for computers to use "and operators" to determine if an IP address exists on the same
network;
-------------------------------------------
-> Address classes were the first attempt at splitting the global Internet IP space;
-> Subnets were address when the address classes weren't an efficient way of keeping everything organized;
- CIDR - flexible approach to describe blocks of IP addresses - it expands on the concepts of subnetting by
using subnet masks to demarcate networks;
* Demarcation point - To describe where one network or a system ends and another one begins;
- Previously - n/w id/ subnet id/host id - were required to deliver a datagram to the intended destination,
but with CIDR the network id and the subnet id are combined into one;
- Consider
Ip address - 9.100.100.100;
9.100.100.100/24
- Previously networks were static - class a, b, etc, but subnets could change;
- If a company need more addresses than a single class C could provide, they would need another entire
second class C; - Routers will have multiple entries in the routing table;
- With CIDR - they could combine the address space into one contiguous chuck with a net mask; Example (/23
- 255.255.254.0);
- Here the routers will now have only one entry in the routing table to deliver traffic to these addresses
instead of two;
-----------------------------------------------------------------------------------------------------------
* Basic Routing Concepts:
-------------------------
-> Router - A network device that forwards traffic depending on the destination address of that traffic, it
has to be connected to at least two network interfaces to complete the job;
-----------------------------
- A computer on a network with IP address - 192.168.1.100 sends a packet to the address on network B -
10.0.0.10;
2. The computer in Network A knows that 10.0.0.10 is not on its local subnet;
3. The routers interface at Network A receives the packet, since the destination MAC address belongs to it.
4. The router then trips away the Data Link Layer encapsulation, leaving the network layer content (IP
datagram);
5. The router now examines and inspects the IP datagram header for the destination IP field - it finds the
destination IP of 10.0.0.10;
6. The router looks at its routing table and sees that Network B is the correct network for the destination
IP;
7. It also sees this network is just one hop away, since it is directly connected, the router even has the
MAC address for this IP in its ARP table;
8. The router now needs to form a new packet to forward it along to network B.
9. It takes all the data from the IP datagram and duplicates it, decrements the TTL field by 1 and
calculates a new checksum;
10. The router then encapsulates the new IP datagram inside a new Ethernet frame - by setting its own MAC
address of the interface on network B as the source MAC address and since it has the MAC address of
10.0.0.10 in its ARP table it sets it as the destination MAC address;
11. Lastly, the packet is sent out of its network interface on Network B and the data gets delivered to the
node at 10.0.0.10;
---------------------------
* In order to protect against breakages, core Internet routers are connected in a Mesh, there might be many
different paths for a packet to take;
* Routing Tables:
----------------------
a. Destination Address - a row for each network the router knows; - Network IP and net Mack -
192.168.1.1 | 255.255.255.0 -> CIDR - 192.168.1.1/24
Catchall entry - that matches any IP address that does not have an explicit network listing;
b. Next Hop - The IP address of the next router that should receive data intended for the destination;
c. Total Hops - Keeps track of how far away the destination currently is;
-----------------------------
-> Routing Protocols - Special protocols that routers use to communicate with each other to share
information;
a. Interior Gateway Protocols - split into 2 - Link state routing protocols, and distance-vector
protocols;
-> Interior Gateway Protocols - Used by routers to share information within a single autonomous system;
-> Autonomous System - A collection of networks that all fall under the control of a single network
operator;
1. Distance-Vector Protocol - older standard, any router employing distance vector protocol - takes the
routing table and sends the list/vector to every neighbouring router; the routers are updates and the
optimum path is chosen to transfer the traffic;
- The routers don't know must about the state of the autonomous system, hence can be slow to adapt to
changes in the network far from it;
2. Link state protocol - Each router advertises the state of the link to the network interfaces; Requires
more memory to hold all the data and more processing power - calculate using sophisticated algorithms;
-----------------------------
- Internet Assigned Numbers Authority (IANA) - A non-profit organization that helps manage IP address
allocation and ASN (Autonomous System Number) allocation;
- ASN - Numbers assigned to individual autonomous systems - 32bit numbers - single decimal number;
- It never needs to change in order to represent networks or hosts, only core internet routing tables need
to be updated;
-----------------------------
1. RIP, or Routing Information Protocol - employs the hop count as a routing metric.
2. EIGRP, or Enhanced Interior Gateway Routing Protocol - used on a computer network for automating routing
decisions and configuration.
1. OSPF, or Open Shortest Path First - Is a routing protocol for Internet Protocol (IP) networks. It uses a
link state routing (LSR) algorithm and falls into the group of interior gateway protocols (IGPs), operating
within a single autonomous system (AS).
-----------------------------
In terms of exterior gateway protocols, there is only one in use today. The entire Internet needs to agree
on how to exchange this sort of information, so a single standard has emerged. This standard is known as
BGP, or Border Gateway Protocol.
BGP - Standardized exterior gateway protocol designed to exchange routing and reachability information among
autonomous systems (AS) on the Internet. The Border Gateway Protocol makes routing decisions based on paths,
network policies, or rule-sets configured by a network administrator and is involved in making core routing
decisions.
-----------------------------
-> RFC 1918 - outlined a number of networks that would be defined as non-routable address space;
-> Non-Routable Address Space - range of IPs set aside for use by anyone that cannot be routed to - They
allows nodes on such a network to communicate with each other but no gateway router will attempt to forward
traffic to this type of network;
-> NAT - Network Address Translation - Allows non-routable address space to communicate with other devices
on the Internet;
-> RFC 1918 defined 3 ranges of IP addresses that will never be routed anywhere by co-routers - means that
they belong to no one and anybody can use them;
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
* These ranges are free for anyone to use for their internal networks - interior gateway protocols will
route these address spaces within an autonomous system by exterior gateway protocols will not;
-----------------------------------------------------------------------------------------------------
* Transport Layer
-------------------
* Application Layer
---------------------
-----------------------
* Multiplexing -> The nodes on the network have the ability to direct traffic towards many different
receiving services.
Process 1 -> |
| M
Process 2 -> | u p
| l l x r | -> IP
Process 3 -> | t e e |
| i
Process 4 -> |
* Demultiplexing -> Taking traffic aimed at the same node and delivering it to the proper receiving
service;
| D
| e l
| m e | -> Process 1
| l |
| t | -> Process 3
| i | -> Process 4
| p
- Different network services run while listening on specific ports for incoming request.
- Example : Traditional port for - HTTP or unencrypted web traffic is port 80; While requesting a webpage
from a web server running on a computer listening on IP 10.1.1.100 - the traffic would be directed to port
80 on that computer;
- Ports are denoted by a colon after the IP address -> 10.1.1.100:80 -> Socket Address / Socket number;
- The same device might also be running an FTP (File Transfer Protocol) server - FTP an older method for
transferring files from one computer to another but is still in use;
-> In small environments - a single server can host all the applications needed to run a business - internal
website, mail server, file server - share files, print servers - share network printers, etc - possible
because of multiplexing and demultiplexing and addition of ports to the addressing scheme;
-----------------------------
-> An ethernet framer encapsulates an IP datagram, an IP datagram encapsulates a TCP segment; The ethernet
frame's payload is the entire content of the IP datagram; The IP datagram's payload section is made up of
the TCP segment;
-> TCP segment – made up of a TCP header and a data section; The data section is where the application layer
places its data;
----------------------------------------------------------------------------------
----------------------------------------------------------------------------------
----------------------------------------------------------------------------------
---------------------------------------------------------------------------------- 20
---------------------------------------------------------------------------------- Bytes
----------------------------------------------------------------------------------
----------------------------------------------------------------------------------
----------------------------------------------------------------------------------
1. Source port - A high-number port chosen from a special section of ports known as ephemeral ports -
required to keep lots of outgoing connections separate - response is received by the web browser;
2. Destination port - The port of the service the traffic is intended for;
3. Sequence number - A 32-bit number used to keep track of where in a sequence of TCP segments this one is
expected to be;
The Ethernet frame has a limit of 1518 bytes and if the intended data to be sent is more than that the
it is fragmented and sent;
5. Header length/ Data offset - 4bit number that communicates how long a TCP header for this segment is;
6. Empty -
8. TCP Window - specifies the range of sequences numbers that might be sent before the acknowledgment is
required;
9. Checksum - When all the segments are ingested by the recipient the checksum is calculated across the
entire segment and compared with the checksum in the header to make sure no data is lost or corrupted;
10. Urgent - Used in conjunction with one of the TCP control flags to point out particular segments that
might be more important than others;
12. padding - extra zeros to ensure that the data payload section begins at the expected location;
-------------------------------------------------
-> TCP as a protocol establishes connections used to send long chains of segments of data.
-> TCP establishes connections through the use of different TCP control flags used in a very specific order.
-> 6 TCP control flags - order they appear in the TCP header:
------------------------
1. URG -> Urgent - A value of one here indicates that the segment is considered urgent and that the urgent
pointer field has more data about this;
2. ACK -> Acknowledged - A value of one in this field means that the acknowledgment number field should be
examined.
3. PSH -> push - The transmitting device wants the receiving device to push currently-buffered data to the
application on the receiving end as soon as possible.
(A buffer is a computing technique where a certain amount of data is held somewhere, before being sent
elsewhere - used to send large chunks of data more efficiently);
4. RST - Reset - One of the sides in a TCP connection has not been able to properly recover from a series of
missing or malformed segments;
5. SYN (synchronize) - It's used when first establishing a TCP connection and makes sure the receiving end
knows to examine the sequence number field;
6. FIN (finish) - When this flag is set to one, it means the transmitting computer does not have any more
data to send and the connection can be closed.
* Example of how a TCP control flags are used and connections are set:
----------------------------------------------------------------------
a. Computer A wants to establish connection with Computer B; Computer A - transmitting computer, Computer B
- Receiving Computer;
b. Computer A - sends a TCP segment top Computer B with the SYN flag set - Computer A wants to establish
connection with Computer B and look at A's sequence number field;
c. Computer B responds - by sending - a SYN/ACK Flags set - in order to establish the connection;
d. Computer A responds only with the ACK flag set - to send data;
Handshake -> A way for two devices to ensure that they are speaking the same protocol and will be able to
understand each other.
A B
-------SYN-------->
<----SYN/ACK-------
-------ACK--------->
Since both A and B are able to exchange data - TCP connection at this state is operating in full DUPLEX;
--------------------------------------------
A B
<---------FIN-------------------
----------ACK------------------->
------------FIN----------------->
<-----------ACK------------------
---------------------
-> The traffic can be sent to any port, but the response will be available only if the program has opened a
socket on that port.
a. LISTEN - A TCP socket is ready and listening for incoming connections - only on the server side;
b. SYN_SENT - A synchronization request has been sent but the connection hasn't been established yet; -
only on the client side;
c. SYN-RECEIVED - A socket previously in a LISTEN state has received a synchronization request and sent a
SYN/ACK back; - only on the server side;
d. ESTABLISHED - The TCP connection is in working order and both sides are free to send to each other
data; - state is available in both the client and server sides of the connection;
e. FIN_WAIT - A FIN has been sent, but the corresponding ACK from the other end hasn't been received yet;
f. CLOSE_WAIT - The connection has been closed at the TCP layer, but that the application that opened the
socket hasn't released its hold on the socket yet;
g. CLOSED - The connection has been fully terminated and that no further communication is possible;
There are more socket states, TCP protocols is universal but the socket states names may vary from operating
systems but their functionality is the same;
--------------------------------------------------
-> Connection-oriented Protocols - Establishes a connection, and uses this to ensure that all data has been
properly transmitted. (TCP);
- At the Ethernet and IP layer if the Checksum does not computer all the data is discarded, and it is up to
TCP to determine when to resend the data since TCP expects an ACK for every bit of data it sends;
------------------------------------
- Transportation layer protocols use the concept of ports and multiplexing and demultiplexing to deliver
data to individual service listening on network nodes. These ports are represented by a single 16-bit number
(0 - 65535);
---------------------------------------------------------
- Port 0 - It is not used for network traffic, but for communication between different programs on the same
computer;
Most OS Administrative access is required to start a program that listens on a system port;
- Ports 1024 - 49151 - registered ports - used for uncommon network services;
On most operating systems, any user of any access level can start a program listening on a registered
port.
Ephemeral ports can’t be registered with the IANA and are generally used for establishing outbound
connections.
When a client wants to communicate with a server, the client will be assigned an ephemeral port to be
used for just that one connection, while the server listens on a static system or registered port.
* Firewalls:
---------------
- Provide secure network and can operate at lots of different layers of a network;
- Firewalls will have configuration to enable data to flow through certain ports while be blocked on
other ports;
-> A firewall can be configured at the perimeter of the network enabling clients/IPs to view the network and
preventing any other information or access;
-> Firewalls can be independent networks but could also be programs that could be run anywhere;
-> Many cases the functionality of the router and firewalls is performed by the same device;
-> Firewalls can run on individual hosts instead of being a network device;
-> All major modern OS have firewall functionality built-in - therefore blocking services to ports can be
performed at the host level as well;
----------------------------------------------------------------------------------------------------------
The Application Layer:
------------------------
A. Physical Layer - Computers send electrical/optical signals to send communication across a cable;
B. Datalink layer - Individual computers can address each other and send data using the ethernet at the
data-link layer;
C. Network Layer - Computers and routers communicate between different networks using IP.
* The TCP section has a generic data section, the payload section is the entire content of the data
application - web pages from server to browser, video content, word-content a word processor is sending to a
printer;
- Multiple protocols operate at the application layer - HTTP, SMTP, etc - they are standardized across
application types;
Most common servers - Microsoft IIS, Apache, and nginx for web browsers they need to be compatible and
communicate over the same protocol;
-----------------------------------------
7 Layer
-------
Application
Presentation - Responsible for making sure that the unencapsulated application layer data is understood
by the application. It handles encryption and compression of data;
Session - Facilitating communication between actual applications and the transport layer, takes
the application layer data and sends it to the presentation layer;
Transportation
Network
Data link
Physical
All layers working in Unison
------------------------------
| | |
| | |
| |
| |
| |
| |
Computer 1 Computer 2
10.1.1.100 172.16.1.100
Web server
listening on port 80;
-> 3 Networks - computer 1 connected to network a wants data from computer 2 connected to network c;
1. Web browser on computer 1 -> (URL - 172.16.1.100 entered in the address bar) - request the web page from
172.16.1.100;
2. The web browser communicates with the local networking stack which is part of the OS - handles n/w
functions - that it wants to establish a TCP connection to 172.16.1.100, port 80;
3. The networking stack examines its own subnet. It sees that it lives on the network 10.1.1.0/24, which
means that the destination 172.16.1.100 is on another network.
4. At this point, computer 1 knows that it'll have to send any data to its gateway for routing to a remote
network - 10.1.1.1;
5. Computer 1 looks at its ARP table to determine what MAC address of 10.1.1.1 is, but it doesn't find any
corresponding entry.
6. Computer A crafts an ARP request for an IP address of 10.1.1.1, which it sends to the hardware broadcast
address of all Fs. This ARP discovery request is sent to every node on the local network.
7. When router A receives this ARP message, it sees that it's the computer currently assigned the IP address
of 10.1.1.1. So it responds to computer 1 to let it know about its own MAC address of 00:11:22:33:44:55.
8. Computer 1 receives this response and now knows the hardware address of its gateway. This means that it's
ready to start constructing the outbound packet.
9. Computer 1 knows that it's being asked by the web browser to form an outbound TCP connection - therefore
needs an outbound TCP port;
10. The operating system identifies the ephemeral port of 50000 as being available, and opens a socket
connecting the web browser to this port.
- The networking stack starts to build a TCP segment. It fills in all the appropriate fields in the header,
including a source port of 50000 and a destination port of 80. A sequence number is chosen and is used to
fill in the sequence number field. Finally, the SYN flag is set, and a checksum for the segment is
calculated and written to the checksum field.
- The constructed TCP segment is now passed along to the IP layer of the networking stack. This layer
constructs an IP header. This header is filled in with the source IP, the destination IP, and a TTL of 64,
which is a pretty standard value for this field.
- The TCP segment is inserted as the data payload for the IP datagram. And a checksum is calculated for
the whole thing. Now that the IP datagram has been constructed, computer 1 needs to get this to its gateway,
which it now knows has a MAC address of 00:11:22:33:44:55, so an Ethernet Datagram is constructed. All the
relevant fields are filled in with the appropriate data, most notably, the source and destination MAC
addresses.
- Finally, the IP datagram is inserted as the data payload of the Ethernet frame, and another checksum
is calculated.
- Now we have an entire Ethernet frame ready to be sent across the physical layer.
12. The network interface connected to computer 1 sends this binary data as modulations of the voltage of an
electrical current running across a CAT6 cable that's connected between it and a network switch.
13. This switch receives the frame and inspects the destination MAC address. The switch knows which of its
interfaces this MAC address is attached to, and forwards the frame across only the cable connected to this
interface.
14. At the other end of this link is router A, which receives the frame and recognizes its own hardware
address as the destination.
15. Router A knows that this frame is intended for itself. So it now takes the entirety of the frame and
calculates a checksum against it. Router A compares this checksum with the one in the Ethernet frame header
and sees that they match. Meaning that all the data has made it in one piece. Next, Router A strips away the
Ethernet frame, leaving it with just the IP datagram.
16. Again, it performs a checksum calculation against the entire datagram. And again, it finds that it
matches, meaning all the data is correct. It inspects the destination IP address and performs a lookup of
this destination in its routing table. Router A sees that in order to get data to the 172.16.1.0/24 network,
the quickest path is one hop away via Router B, which has an IP of 192.168.1.1. Router A looks at all the
data in the IP datagram, decrements the TTL by 1, calculates a new checksum reflecting that new TTL value,
and makes a new IP datagram with this data.
17. Router A knows that it needs to get this datagram to router A, which has an IP address of 192.168.1.1.
It looks at its ARP table, and sees that it has an entry for 192.168.1.1. Now router A can begin to
construct an Ethernet frame with the MAC address of its interface on network B as the source. And the MAC
address on router B's interface on network B as the destination. Once the values for all fields in this
frame have been filled out, router A places the newly constructed IP datagram into the data payload field.
Calculates a checksum, and places this checksum into place, and sends the frame out to network B.
18. This frame makes it across network B, and is received by router B. Router B performs all the same
checks, removes the Ethernet frame encapsulation, and performs a checksum against the IP datagram.
19. It then examines the destination IP address. Looking at its routing table, router B sees that the
destination address of computer 2, or 172.16.1.100, is on a locally connected network. So it decrements the
TTL by 1 again, calculates a new checksum, and creates a new IP datagram. This new IP datagram is again
encapsulated by a new Ethernet frame. This one with the source and destination MAC address of router B
and computer 2. And the whole process is repeated one last time.
20. The frame is sent out onto network C, a switch ensures it gets sent out of the interface that computer 2
is connected to. Computer 2 receives the frame, identifies its own MAC address as the destination, and knows
that it's intended for itself. Computer 2 then strips away the Ethernet frame, leaving it with the IP
datagram. It performs a CRC and recognizes that the data has been delivered intact. It then examines
the destination IP address and recognizes that as its own.
21. Next, computer 2 strips away the IP datagram, leaving it with just the TCP segment. Again, the checksum
for this layer is examined, and everything checks out. Next, computer 2 examines the destination port, which
is 80. The networking stack on computer 2 checks to ensure that there's an open socket on port 80, which
there is. It's in the listen state, and held open by a running Apache web server. Computer 2 then sees that
this packet has the SYN flag set. So it examines the sequence number and stores that, since it'll need to
put that sequence number in the acknowledgement field once it crafts the response.
22. Finally get a single TCP segment containing a SYN flag from one computer to a second one. Everything
would have to happen all over again for computer 2 to send a SYN-ACK response to computer 1. Then everything
would have to happen all over again for computer 1 to send an ACK back to computer 2, and so on and so on.