Overview

• This chapter covers:

 Networking concepts and terminology
 Common networking and communication applications
 Technical issues related to networks, including the major types of networks, how
data is transmitted over a network, and types of transmission media involved.
 Explanation of the various ways networked devices communicate with one another
 Various types of Protocols.
 Introduction to Physical and Logical Addresses
 OS Architecture and Functionality.
 Brief about Kali Linux and installation.
 Explanation of Firewalls && IDS and IPS.
INTRODUCTION
• Earlier, computer networks consisted of mainframes in an enclosure. Input was in the form of
punch cards read by card readers and output was in the form of printed results via local printers.
Local terminals were mostly used for control and programming input.
• All processing was on a batch basis, rather than being interactive. In other words, the input was
transmitted in a batch from a card reader over a short circuit to the processor, the processor
processed the program in a batch and the output to the printer was in a batch.
• The first true mainframe was the IBM 360, introduced in 1964. Over time, mainframe was
extended to multiple users at dumb terminals that connected to ports on the mainframe through
terminal controllers, or cluster controllers. In parallel to the development of data networking, the
computers began to change.
 Mainframes in our midst

• Hidden from the public eye – background servers

Who uses mainframes?

• Most Fortune 1000 companies use a mainframe environment

• 60% of all data available on the Internet is stored on
Mainframe mainframe computers

facts Why mainframes?

• Large-scale transaction processing

• Thousands of transactions per second
• Support thousands of users and application programs
• Simultaneously accessing
• Terabytes of information in databases
• Large-bandwidth communications
Mainframe
Typical Batch use

Residence Branch offices

CREDIT CARD Main
12
23
34
4 5
56
67
78
8 9
90
01
12
2
Account balances office
1
VALID FROM
XX
XX/X
PA
/XX
AU
UL
X/X
/XX
LF
FIS
X
ISC
CH
HE
ER
R
GOOD THRU
XX
XX/X
/XX
X/X
/XX
X bills, etc
P

5
5
6
6 Reports
Processing
reports 7
7
Statistics,
4
4 summaries,
exceptions

8
8 Mainframe
Partners Processing batch jobs
and clients
exchange Reports
information 2
2

1 Reports
1

Backups
3
3

Data
update Tape Storage
1
10
0 Sequential
9
9 data sets

Disk Storage
Production System databases
Control Operator
Computer
Network
Computer Network
 A computer network is a system in which multiple computers are connected to each other to share information and
resources.
 The physical connection between networked computing devices is established using either cable media or wireless
media.
 The best-known computer network is the Internet.
Advantages of networking.
Communication: “To be precise, an effective and faster Data Sharing: Another wonderful advantage of
communication between computers, which computer networks is the data sharing.
enable us to communicate effectively”
Computer networking technology has improved the way of Data such as documents, file, accounts information, reports,
communication between people from the same or different presentation files, videos, images etc
organizations, Can be shared within a local network or remotely connected
They can communicate in a matter of seconds for collaborating the networks.
work activities.
In offices, networked computers are serving as the backbone for the
daily communication from top to bottom level of organization.
Different types of software can be installed which are useful for
transmitting messages and emails at fast speed.
Instant and multiple Access : One of the other advantages of computer networking is that it
enable multiple users to access same data at the same time from a same or remote location.
• One of the real time examples is a world wide web.
• Everyone can access a web page from a different location and read the same information at a same time.

Cost Effective: Building a computer network, save a lot of cost for any organizations in different ways.
• Building “uplinks” through the computer networking, immediately transfers files and messages to the
other people which reduced transportation and communication expense.
• It also raises the standard of the organization because of the advanced technologies that re used in
networking.

Flexible: Computer network technology is quite flexible.

• Based on requirements of the organization, the network can be performed
Disadvantages of networking

Lack of data security and privacy:

• Because there would be huge number of people who would be using a computer network to get and
share some of their files and resources, a certain users security would be always at risk.
• There might be illegal activities that would occur, which you need to be careful about and aware of.

Presence of computer viruses and malware: If even one computer on a network gets affected
by a virus,
• There is a possible threat for the other systems getting affected too. Viruses can spread on a network
easily,
• Because of the inter- connectivity of workstations. Moreover, multiple systems with common resources
are the
• Perfect breeding ground for viruses that multiply.
• Lack of Independence: Since most networks have a centralized server and dependent clients, the
client users lack any freedom whatsoever. Centralized decision making can sometimes hinder how a client
user wants to use his own computer.

• Lack of Robustness: As previously stated, if a computer network’s main server breaks down, the
entire system would become useless. Also, if it has a bridging device or a central linking server that fails, the
entire network will also come to a standstill.
ELEMENTARY TERMINOLOGY OF NETWORKS

• It is some time to learn about the components/terms mostly used in networking.

• Whenever we talk about a network it includes: the hardware and the software that make up the network.
• Now let us have a look at some typical hardware components of network.
• Computer networks have opened up an entire frontier in the world ofcomputing called the client/server model
Nodes(workstations)
• The term nodes refers to the computers that are attached to a network and are seeking to share the resources of
the network.
• Of course, if there were no nodes (also called workstations), there would be no network at all.
• A computer becomes a workstation of a network as soon as it is attached to a network
Server
Server Def: A computer that facilitates "the sharing of data" software and hardware - resources (e.g. printers,
modems etc,) on the network is termed as a SERVER.
On small networks, sometimes, all the shareable stuff (like files, data, software etc.) is stored on the server. A
network can have more than one server also. Each server has a unique name on the network and all users of
network identify the server by its unique name. Servers can be of two types:

 Non-dedicated
 Dedicated servers
Non-dedicated Servers

• On small networks, a workstation that can double up as a server, is known as non-

dedicated server
• since it is not completely dedicated to the cause of serving.
• Such servers can facilitate the resource-sharing among workstations on a
proportionately smaller scale.
• Since one computer works as a workstation as well as a server, it is slower and
requires more memory.
• The (small) networks using such a server are known as peer-to-peer networks.
Dedicated Servers:

• On bigger network installations, there is a computer reserved for server's job

• And its only job is to help workstations access data, software and hardware
resources.
• It does not double-up as a workstation and such a server is known as dedicated
server.
• The networks using such a server are known as master-slave networks.
Network Interface Unit (NIU)

• A NETWORK INTERFACE UNIT is an interpreter that helps to

establish communication between the server and workstations.

• Each network-interface-unit that is attached to a workstation has a

unique number identifying it which is known as the node address. The
NIU is also called Terminal Access Point (TAP). Different
manufacturers have different names for the interface.
Applications & Uses of Networks
• In the short time they have been around, data communication networks have become an indispensable part of
business, industry, and entertainment.
• Some of the network applications in different fields are the following:
• Marketing and sales: Computer networks are used extensively in both marketing and sales organizations.
• Marketing professionals use them to collect, exchange, and analyze data relating to customer needs and
product development cycles.
• Sales applications include teleshopping, which uses order entry computers or telephones connected to an
order-processing network, and on-line reservation services for hotels, airlines, and so on.
Financial services: Today's financial services are totally dependent on computer networks.
• Applications include credit history searches, foreign exchange and investment services, and electronic
funds transfer (EFT), which allows a user, to transfer money without going into a bank (an automated
teller machine is a kind of electronic funds transfer; automatic paycheck deposit is another).

Manufacturing:
• Computer networks are used today in, many aspects of manufacturing, including the manufacturing
process itself.
• Two applications that use networks to provide essential services are computer-assisted design (CAD) and
computer-assisted manufacturing (CAM), both of which allow multiple users to work on a project
simultaneously.
Electronic messaging: Probably • Directory services: Directory • Information services: • Electronic data interchange • Teleconferencing:
the most widely used network services allow lists of files to be Network information services (EDI): EDI allows business Teleconferencing allows
application is electronic mail stored in a central location to include bulletin boards and information (including conferences to occur without
(e-mail). speed worldwide search data banks. A World Wide Web documents such as purchase the participants being in the
operations. site offering the technical orders and invoices) to be same place. Applications
specifications for a new transferred without using include simple text
product is an information paper. conferencing (where
service. participants communicate
through their keyboards and
computer monitors). voice
conferencing (where
participants at a number of
locations communicate
simultaneously over the
phone) and video conferencing
(where participants can see as
well as talk to one another).
• Bits & Bytes
Bit - One digit either 0 or 1.
Byte - Any combination of 0 or 1.
also called an octet.

• 0 – OFF
• 1 – ON
• computer only Understand 0 or 1.
HISTORY
HISTORY
• History (Development) of Computer Networks Each of the past three
centuries has been dominated by a single technology. The 18th century
was the era of the great mechanical systems accompanying the
Industrial Revolution. The 19th century was the age' of the steam
engine. During the 20th century, the key technology was information
gathering, processing, and distribution.
 Intro: Communication
 Process of transferring information form one point to another.
 It may contain message, gestures, video, audio, etc,.
 It uses a medium do transmit data called channel.
Old methods of
Communication
 Not efficient
 It is an Analog communication.
 Not all can use it.
 You need to know “morse code” to use telegraphy
 Disturbances
 High maintained
Development…
Why Analog??
 Can’t we use wire less…..
Birth of internet
•Today we use internet more than the amount of time we read books in
our entire life.
 ARPA ( Advanced Research Project Agency)
 RAND (Military corporation, USA)
 NPL (National Physical Laboratory, ENGLAND)
 CYCLADES (Scientific Network, FRANCE)
 All the above are the fundamentals of INTERNET.
 ARPANET…

All started in 1966….

Packet switching
FIRST INTERNET…
FINAL BASIC MODEL
What is the ARPANET?

• The first workable prototype of the Internet came in the late 1960s with the creation of ARPANET,
or the Advanced Research Projects Agency Network. Originally funded by the U.S. Department of
Defense, ARPANET used packet switching to allow multiple computers to communicate on a
single network.
Telnet (Remote Computing)
 Telnet or remote computing is telecommunication utility software, which uses available
telecommunication facility and allows you to become a user on a remote computer.
 Once you gain access to the remote computer, you can use it for the intended purpose.
 The TELNET works in a very step by step procedure. The commands typed on the client computer
are sent to the local Internet Service Provider (ISP), and then from the ISP to the remote computer
that you have gained access.
 Most of the ISP provides facility to TELNET into your own account from another city and check
your e-mail while you are traveling or away.
What is the Internet?

• The Internet is a global network of billions of computers and other electronic devices. With the Internet, it's
possible to access almost any information, communicate with anyone else in the world, and do much more.
• You can do all of this by connecting a computer to the Internet, which is also called going online. When
someone says a computer is online, it's just another way of saying it's connected to the Internet.
Internet
 The Internet is a network of networks
 Computer users on the Internet can contact one another anywhere in the world
 In Internet a huge resource of information is accessible to people across the world
 Information in every field starting from education, science, health, medicine,
history, and geography to business, news, etc. can be retrieved through Internet
 You can also download programs and software packages from anywhere in the
world
What is the Web?

• The World Wide Web—usually called the Web for short—is a collection of
different websites you can access through the Internet. A website is made up of related text,
images, and other resources. Websites can resemble other forms of media—like newspaper articles
or television programs—or they can be interactive in a way that's unique to computers.
Conclusion
INTER-NET today we took 40 years to grow.
Today we access internet through optical fibers
connected around the globe
It has become the most important thing in our life.
NETWORK
TOPOLOGY
NETWORK TOPOLOGY
• The pattern of interconnection of nodes in a network is called the TOPOLOGY. The selection of a topology for a network
cannot be done in isolation as it affects the choice of media and the access method used.
• The way a network is arranged can make or break network functionality, connectivity, and protection from downtime. The
question of, “What is network topology?” can be answered with an explanation of the two categories in the network
topology.

1) Physical – The physical network topology refers to the actual connections (wires, cables, etc.) of how the network
is arranged. Setup, maintenance, and provisioning tasks require insight into the physical network.
2) Logical – The logical network topology is a higher-level idea of how the network is set up, including which nodes
connect to each other and in which ways, as well as how data is transmitted through the network. Logical network
topology includes any virtual and cloud resources.
Types of Network Topology
BUS TOPOLOGY

 In bus topology there is a main cable and all the devices are connected to this main cable through drop lines.
There is a device called tap that connects the drop line to the main cable. Since all the data is transmitted over
the main cable, there is a limit of drop lines and the distance a main cable can have.
Advantages of bus topology
Easy installation.
It uses less cable tahn other topologies.
It is relatively inexpensive.

Disadvantages of bus topology

Difficultly in troubleshoot.
It provides slow tansfer speed.
Not scalable as there is a limit of how many nodes you can connect with backbone
cable.
Ring Topology
• In ring topology each device is connected with the two devices on either side of it. There are two dedicated point to
point links a device has with the devices on the either side of it. This structure forms a ring thus it is known as ring
topology. If a device wants to send data to another device then it sends the data in one direction, each device in
ring topology has a repeater, if the received data is intended for other device then repeater forwards this data until
the intended device receives it.
Advantages of Ring Topology
Easy to install.
Managing is easier as to add or remove a device from the topology only two
links are required to be changed.
Since data flows in one direction, there is no collision in network.

Disadvantages of Ring Topology

A link failure can fail the entire network as the signal will not travel
forward due to failure.
Data traffic issues, since all the data is circulating in a ring.
 Star Topology
 In star topology each device in the network is connected to a central device called hub. Unlike Mesh topology, star topology doesn’t allow direct
communication between devices, a device must have to communicate through hub. If one device wants to send data to other device, it has to first send
the data to hub and then the hub transmit that data to the designated device.
Advantages of Star topology
Less expensive because each device only need one I/O port and needs to be connected
with hub with one link.
Easier to install
Less amount of cables required because each device needs to be connected with the
hub only.
Robust, if one link fails, other links will work just fine.
Easy fault detection because the link can be easily identified.

Disadvantages of Star topology

If hub goes down everything goes down, none of the devices can work without hub.
Hub requires more resources and regular maintenance because it is the central system
of star topology.
 Mesh Topology
In mesh topology each device is connected to every other device on the network through a dedicated point-to-
point link. When we say dedicated it means that the link only carries data for the two connected devices only. Lets say we
have n devices in the network then each device must be connected with (n-1) devices of the network. Number of links in a
mesh topology of n devices would be n(n-1)/2.
Advantages of Mesh Topology
 No data traffic issues as there is a dedicated link between two devices which means the link is only
available for those two devices.
 Mesh topology is reliable and robust as failure of one link doesn’t affect other links and the
communication between other devices on the network.
 Mesh topology is secure because there is a point-to-point link thus unauthorized access is not possible.
 Fault detection is easy.

Disadvantages of Mesh topology

 Number of wires required to connected each system is a headache.
 Since each device needs to be connected with other devices, number of I/O ports required must be
huge.
 Scalability issues because a device cannot be connected with large number of devices with a dedicated
point to point link.
Point to Point
-->When you change TV channels by remote, you are establishing a point-to-
point connection between the remote control and the TV’s control system.
-->The transfer of data in a point-to-point topology can be in multiple ways
across the network: in a simplex, in full duplex, or half duplex.

• In Simplex mode of communication, signal flows in ONE direction and only one
node transmit and the other receives.
• In Half duplex mode of communication, each node can transmit and receive but
NOT at the same time.
• In Full-duplex mode of communication, both stations transmit and receive
simultaneously.
Point to Point:
Topology
 Advantages and Disadvantages

Advantages Disadvantages
VS
• Highest Bandwidth because there is • This topology is only used for small
only two nodes having entire areas where nodes are closely located.
bandwidth of a link • The entire network depends on the
• Very fast compared to other network common channel in case of link
topologies because it can access only broken entire network will become
two nodes. dead.
• Very simple connectivity • There are only two nodes if any of the
node stops working, data cannot be
• Easy to handle and maintain
transfer across the network.
Tree Topology
A tree topology is a special type of structure where many connected elements are
arranged like the branches of a tree. For example, tree topologies are frequently
used to organize the computers in a corporate network, or the information in a
database.
Advantages of Tree Topology
• It provides high scalability, as leaf nodes can add more nodes in the hierarchical chain.
• Other nodes in a network are not affected, if one of their nodes get damaged.
• It provides easy maintenance and fault identification.

Disadvantages of Tree Topology

• This network is very difficult to configure as compared to the other network topologies.
• Length of a segment is limited & the limit of the segment depends on the type of cabling
used.
• Due to the presence of large number of nodes, the network performance of tree
topology becomes a bit slowly.
 Hybrid topology
• A combination of two or more topology is known as hybrid topology. For example, a combination of star and mesh
topology is known as hybrid topology.
Advantages of Hybrid topology
We can choose the topology based on the requirement for example, scalability is our concern then
we can use star topology instead of bus technology.
Scalable as we can further connect other computer networks with the existing networks with
different topologies.

Disadvantages of Hybrid topology

Fault detection is difficult.
Installation is difficult.
Design is complex so maintenance is high thus expensive
NETWORK MODELS
NETWORK MODELS
In computer networks, reference models gives a conceptual framework that standardizes
communication between heterogeneous networks.

Why is a network model needed?

1. The main purpose of having several layers in a computer network model is to divide a
process of sending and receiving data into small tasks.
2. These layers are connected with each other; each layer provide certain data to its
immediate higher and immediate lower layer and receives certain data from the same.

The two popular reference models are −

 OSI Model
 TCP/IP Protocol Suite
Introduction OSI
• The Open System Interconnection Reference Model (OSI Reference Model or OSI
Model) is an abstract description for layered communications and computer network
protocol design.

• OSI stands for Open System Interconnection is a reference model that describes how
information from a software application in one computer moves through a physical
medium to the software application in another computer.

• It divides network architecture into seven layers which, from top to bottom, are the
Application, Presentation, Session, Transport, Network, Data Link, and Physical
Layers. It is therefore often referred to as the OSI Seven Layer Model.
OSI History

In 1978, the International Standards OSI has two major components: an The concept of a 7 layer model was Various aspects of OSI design evolved
Organization (ISO) began to develop its abstract model of networking, called the provided by the work of Charles from experiences with the Advanced
OSI framework architecture. Basic Reference Model or seven-layer Bachman, then of Honeywell. Research Projects Agency Network
model, and a set of specific protocols. (ARPANET) and the fledgling Internet.
OSI Groups

Application Layer

Presentation Layer Application Group

Session Layer

Transportation Layer Transportation Layer

Network Layer

Data-Link Layer Network Layer

Physical Layer
 Layer1: Physical Layer
• The Physical Layer defines the electrical and physical specifications for devices. In particular, it defines
the relationship between a device and a physical medium.
• This includes the layout of pin, voltages, cable specification, hubs, repeaters, network adapters, host
bus adapters, and more.

Physical Layer Physical Layer

Layer1: Physical Layer

• The major functions and services performed by the Physical Layer are:
• Establishment and termination of a connection to a communication
medium.
• Participation in the process whereby the communication resources are
effectively shared among multiple users. For example, flow control.
• Modulation, or conversion between the representation of digital data in
user equipment and the corresponding signals transmitted over a
communications channel. These are signals operating over the physical
cabling (such as copper and optical fiber) or over a radio link.
Layer 2: Data Link Layer

• The Data Link Layer provides the functional and procedural means to transfer data between network entities
and to detect and possibly correct errors that may occur in the Physical Layer.
• Originally, this layer was intended for point-to-point and point-to-multipoint media, characteristic of wide
area media in the telephone system.
• The data link layer is divided into two sub-layers by IEEE.

Data-Link Layer Data-Link Layer

Physical Layer Physical Layer

Layer 2: Data Link Layer

• One is Media Access Control (MAC) and another is Logical Link Control
(LLC).
• Mac is lower sub-layer, and it defines the way about the media access
transfer, such as CSMA/CD/CA(Carrier Sense Multiple Access/Collision
Detection/Collision Avoidance)
• LLC provides data transmission method in different network. It will re-
package date and add a new header.
Layer 3: Network Layer

• The Network Layer provides the functional and procedural means of transferring variable
length data sequences from a source to a destination via one or more networks, while maintaining the quality
of service requested by the Transport Layer.

Network Layer Network Layer

Data-Link Layer Data-Link Layer

Physical Layer Physical Layer

Layer 3: Network Layer

• The Network Layer performs

• network routing functions,
• perform fragmentation and reassembly,
• report delivery errors.
• Routers operate at this layer—sending data throughout the extended
network and making the Internet possible.
Layer 4: Transport Layer
• The Transport Layer provides transparent transfer of data between end users, providing reliable data transfer services
to the upper layers.
• The Transport Layer controls the reliability of a given link through flow control, segmentation/desegmentation, and
error control.
• In this layer use of TCP & UDP (User Datagram Protocol.

Transport Layer Transport Layer

Network Layer Network Layer

Data-Link Layer Data-Link Layer

Physical Layer Physical Layer

Layer 5: Session Layer
• The Session Layer controls the dialogues (connections) between computers.
• It establishes, manages and terminates the connections between the local and remote application.
• It provides for full-duplex, half-duplex, or simplex operation, and establishes checkpointing, adjournment, termination, and
restart procedures.

Session Layer Session Layer

Transport Layer Transport Layer

Network Layer Network Layer

Data-Link Layer Data-Link Layer

Physical Layer Physical Layer

Layer 5: Session Layer

• The OSI model made this layer responsible for graceful close of sessions, which is a property of
the Transmission Control Protocol, and for session check pointing and recovery, which is not
usually used in the Internet Protocol Suite. The Session Layer is commonly implemented
explicitly in application environments that use remote procedure calls.

• In this layer uses of POP, TCP/IP protocols.

• The session layer decides when to turn communication on and off between two computer- it
provides the mechanisms that control the data exchange process and coordinates the interaction
between them.
Layer 6: Presentation Layer

• The Presentation Layer establishes a context between Application Layer entities,

in which the higher-layer entities can use different syntax and semantics, as long
as the presentation service understands both and the mapping between them.
• This layer provides independence from differences in data representation (e.g.,
encryption) by translating from application to network format, and vice versa.
• This layer formats and encrypts data to be sent across a network, providing
freedom from compatibility problems.
• It is sometimes called the syntax layer.
 Layer 6: Presentation Layer
• This layer can in some ways be considered the function of the operating
system.
Presentation Layer Presentation Layer

Session Layer Session Layer

Transport Layer Transport Layer

Network Layer Network Layer

Data-Link Layer Data-Link Layer

Physical Layer Physical Layer

Layer 7: Application Layer
• The application layer is the OSI layer closest to the end user, which means that both the OSI application
layer and the user interact directly with the software application.
• Application layer functions typically include:
• identifying communication partners,
• determining resource availability,
• synchronizing communication.
• Identifying communication partners
• Determines the identity and availability of communication partners for an application with data to
transmit.
• Determining resource availability
• Decide whether sufficient network or the requested communication exist.
• Synchronizing communication
• All communication between applications requires cooperation that is managed by the application layer.
 Reference Models

The OSI
reference model.

77
Layer 7: Application Layer

• Some examples of application layer implementations include

• Hypertext Transfer Protocol (HTTP)
• File Transfer Protocol (FTP)
• Simple Mail Transfer Protocol (SMTP)
The TCP/IP Reference Model

• The Internet Protocol Suite (commonly known as TCP/IP) is the set

of communications protocols used for the Internet and other similar networks.
• It is named from two of the most important protocols in it:
• the Transmission Control Protocol (TCP) and
• the Internet Protocol (IP), which were the first two networking protocols
defined in this standard.
TCP/IP
Encapsulation
TCP/IP Layers
OSI TCP/IP

Application Layer
Application Layer
Presentation Layer TELNET, FTP, SMTP, POP3, SNMP, NNTP,
DNS,NIS, NFS, HTTP, ...
Session Layer

Transport Layer Transport Layer

TCP , UDP , ...

Network Layer Internet Layer

IP , ICMP, ARP, RARP, ...

Data Link Layer

Link Layer
FDDI, Ethernet, ISDN, X.25,...
Physical Layer
A Comparison of the OSI and TCPI / IP Reference Models
The OSI and TCP/IP reference models have much in common. Both are based on the
concept of a stack of independent protocols. Also, the functionality of the layers is
roughly similar. For example, in both models the layers up through and including the
transport layer are there to provide an end-to-end, network-independent transport
service to processes wishing to communicate. These layers form the transport
provider.

Again, in both models, the layers above transport are application-oriented users of the
transport service. Despite these fundamental similarities, the two models also have
many differences. In this section we will focus on the key differences between the two
reference models. It is important to note that we are comparing the reference models
here, not the corresponding protocol stacks. The protocols themselves will be
discussed later. Three concepts are central to the OSI model:
1. Services.
2. Interfaces.
3. Protocols.
OSI vs TCP/IP
NETWORK ADDRESS
NETWORK ADDRESS
• A network address is any Logical or Physical address that uniquely distinguishes
a network node or device over a computer or telecommunications network. It is a
numeric/symbolic number or address that is assigned to any device that seeks
access to or is part of a network.

• PHYSICAL ADDRESS
• When referring to computers in general or computer memory, the physical address is the
computer memory address of a physical hardware device.

• When referring to a network address, physical address is sometimes used to describe the
MAC address.

• This is specified by the manufacture company of the card.

• This address is used by data link layer.

MAC address:
A “MAC” address is the physical address of the device. It is 48 bits (6 bytes) long and is made up of two
parts: the organizational unique identifier (OUI) and the vendor-assigned address, as illustrated in below diagram.

Model is divided into two sub-layers

1. Logical Link Control (LLC) layer
2. Media Access Control (MAC) layer

• The MAC layer interfaces directly with the network medium. Consequently, each different type of network medium
requires a different MAC layer.
• The chance to see the MAC address is very difficult for any of your equipment.
 MAC
• A MAC address is a unique character string, and since it identifies a specific physical device -one individual NIC -- the MAC
address, by convention, never changes for the life of the NIC. Two NICs never have the same MAC address (unless some
manufacturer screws up royally [which has happened]). Because your NIC's MAC address is permanent, it's often referred to as
the "real" or physical address of a computer.

• If you'd like to see the MAC address and logical address used by the Internet Protocol (IP) for your Windows computer, you can
run a small program that Microsoft provides.
• Go to the "Start" menu, click on "Run," and in the window that appears, type WINIPCFG (IPCONFIG/ALL for Windows
2000/XP).
• When the gray window appears, click on "More Info" and you'll get information.
Physical Address
LOGICAL ADDRESS

An IP address of the system is This address is the combination

called logical address. of Net ID and Host ID.

This address is used by network This address can be changed by

layer to identify a particular changing the host position on
network (source to destination) the network. So it is called
among the networks. logical address.

The IP address is the logical The logical address is what the

address assigned to your network uses to pass
connection by your ISP or information along to your
network administrator. computer.
Class A Public Address

• Class A addresses are for networks with large number of total hosts. Class A allows for 126 networks by
using the first octet for the network ID. The first bit in this octet, is always set and fixed to zero. And next
seven bits in the octet is all set to one, which then complete network ID. The 24 bits in the remaining octets
represent the hosts ID, allowing 126 networks and approximately 17 million hosts per network. Class A
network number values begin at 1 and end at 127.
• IP Range: 1.0.0.0 to 126.0.0.0
• First octet value range from 1 to 127
• Subnet Mask: 255.0.0.0 (8 bits)
• Number of Networks: 126
• Number of Hosts per Network: 16,777,214
Class B Public Address

• Class B addresses are for medium to large sized networks. Class B allows for 16,384 networks
by using the first two octets for the network ID. The two bits in the first octet are always set and
fixed to 1 0. The remaining 6 bits, together with the next octet, complete network ID. The 16
bits in the third and fourth octet represent host ID, allowing for approximately 65,000 hosts per
network. Class B network number values begin at 128 and end at 191.
• Range: 128.0.0.0 to 191.255.0.0
• First octet value range from 128 to 191
• Subnet Mask: 255.255.0.0 (16 bits)
• Number of Networks: 16,382
• Number of Hosts per Network: 65,534
Class C Public Address

• Class C addresses are used in small local area networks (LANs). Class C allows for
approximately 2 million networks by using the first three octets for the network ID. In class
C address three bits are always set and fixed to 1 1 0. And in the first three octets 21 bits
complete the total network ID. The 8 bits of the last octet represent the host ID allowing for
254 hosts per one network. Class C network number values begin at 192 and end at 223.
• Range: 192.0.0.0 to 223.255.255.0
• First octet value range from 192 to 223
• Subnet Mask: 255.255.255.0 (24 bits)
• Number of Networks: 2,097,150
• Number of Hosts per Network: 254
Class D Address Class
• Classes D are not allocated to hosts and are used for multicasting.
• Range: 224.0.0.0 to 239.255.255.255
• First octet value range from 224 to 239
• Number of Networks: N/A
• Number of Hosts per Network: Multicasting

Class E Address Class

• Classes E are not allocated to hosts and are not available for general use. They are reserved for research
purposes.
• Range: 240.0.0.0 to 255.255.255.255
• First octet value range from 240 to 255
• Number of Networks: N/A
• Number of Hosts per Network: Research/Reserved/Experimental
Private Addresses

• Within each network class, there are designated IP address that is reserved specifically for
private/internal use only. This IP address cannot be used on Internet-facing devices as that are non-
routable. For example, web servers and FTP servers must use non-private IP addresses. However,
within your own home or business network, private IP addresses are assigned to your devices (such as
workstations, printers, and file servers).
1. Class A Private Range: 10.0.0.0 to 10.255.255.255
2. Class B Private APIPA Range: 169.254.0.0 to 169.254.255.255
3. Automatic Private IP Addressing (APIPA) is a feature on Microsoft Windows-based computers to
automatically assign itself an IP address within this range if a Dynamic Host Configuration
Protocol (DHCP) server is not available. A DHCP server is a device on a network that is responsible for
assigning IP address to devices on the network.
4. Class B Private Range: 172.16.0.0 to 171.31.255.255
5. Class C Private Range: 192.168.0.0 to 192.168.255.255
Special Addresses
• IP Range: 127.0.0.1 to 127.255.255.255 are network testing addresses
(also referred to as loop-back addresses)
IP (Internet Protocol)
• The core of the TCP/IP protocol suite
• Two versions co-exist
• v4 – the widely used IP protocol
• v6 – has been standardized in 1996, but still not widely deployed
• IP (v4) header minimum 20 octets (160 bits)

96
IPV4
• The IPv4 address is a 32-bit number that uniquely identifies a network interface on a machine. An IPv4
address is typically written in decimal digits, formatted as four 8-bit fields that are separated by
periods. Each 8-bit field represents a byte of the IPv4 address.
Ex: 192.168.1.1

IPV6
• An IPv6 address is represented as eight groups of four hexadecimal digits, each group representing
16 bits (two octets, a group sometimes also called a hextet). The groups are separated by colons (:). An
example of an IPv6 address is:
Ex: 2001:0db8:85a3:0000:0000:8a2e:0370:7334.
Difference
between IPV4
and IPV6
Router, Switches
and Hub
Hubs
• Hubs are networking devices operating at a physical layer
of the OSI model that are used to connect multiple
devices in a network. They are generally used to connect
computers in a LAN.
• A hub has many ports in it. A computer which intends to
be connected to the network is plugged in to one of these
ports. When a data frame arrives at a port, it is broadcast
to every other port, without considering whether it is
destined for a particular destination device or not.

• Features of Hubs
• A hub operates in the physical layer of the OSI model.
• A hub cannot filter data. It is a non-intelligent network
device that sends message to all ports.
• Transmission mode is half duplex.
Switches
• Switches are networking devices operating at layer 2 or a data link layer of the OSI model.
They connect devices in a network and use packet switching to send, receive or forward data
packets or data frames over the network.
• A switch has many ports, to which computers are plugged in. When a data frame arrives at
any port of a network switch, it examines the destination address, performs necessary
checks and sends the frame to the corresponding device(s).It supports unicast, multicast
as well as broadcast communications.
• Features of Switches
• A switch operates in the layer 2, i.e., data link layer of the OSI model.
• It is an intelligent network device that can be conceived as a multiport network bridge.
• It uses MAC addresses (addresses of medium access control sublayer) to send data packets to
selected destination ports.
• It is supports unicast (one-to-one), multicast (one-to-many) and broadcast (one-to-all)
communications.
Switches
Routers
• Routers are networking devices operating at layer 3 or a network layer of the OSI model. They are
responsible for receiving, analyzing, and forwarding data packets among the connected computer
networks. When a data packet arrives, the router inspects the destination address, consults its routing
tables to decide the optimal route and then transfers the packet along this route.

• Features of Routers
• A router is a layer 3 or network layer device.
• It connects different networks together and sends data packets from one network to another.
• A router can be used both in LANs (Local Area Networks) and WANs (Wide Area Networks).
• Routers provide protection against broadcast storms.
• Routers are more expensive than other networking devices like hubs, bridges and switches.
• Routers are manufactured by some popular companies like −
Cisco
D-Link
HP
3Com
Juniper
Nortel
PROTOCOL
• A communication protocol is a system of rules that allows two or more entities of a
communications system to transmit information via any kind of variation of a
physical quantity.
• In networking, a protocol is a set of rules for formatting and processing data.
Network protocols are like a common language for computers. The computers
within a network may use vastly different software and hardware; however, the use
of protocols enables them to communicate with each other regardless.
Protocols and Port numbers
 • Port numbers are used to determine what protocol
incoming traffic should be directed to.
• Each port number identifies a distinct service, and
each host can have 65535 ports per IP address.
• Port use is regulated by the Internet Corporation
for Assigning Names and Numbers (ICANN). By
Port ICANN there are three categories for ports:
numbers….. • The port numbers are divided into three
categories:
 Well-known ports
 Registered ports
 Dynamic ports
Address Resolution Protocol (ARP)
Address Resolution Protocol (ARP)
• Address Resolution Protocol (ARP) is a procedure for mapping a dynamic Internet Protocol address (IP address) to
a permanent physical machine address in a local area network (LAN). The physical machine address is also known
as a Media Access Control or MAC address.

• The job of the ARP is essentially to translate 32-bit addresses to 48-bit addresses and vice-versa. This is necessary
because in IP Version 4 (IPv4), the most common level of Internet Protocol (IP) in use today, an IP address is 32-
bits long, but MAC addresses are 48-bits long.

• ARP can also be used for IP over other LAN technologies, such as token ring, fiber distributed data interface
(FDDI) and IP over ATM.

• In IPv6, which uses 128-bit addresses, ARP has been replaced by the Neighbor Discovery protocol.
How ARP works
FTP
FTP existed as one of the original programs for accessing information on the Internet, long before HTTP became popular for accessing web
pages. As such, your PC’s web browser, as well as the Windows Explorer program that displays files on your computer, can be used to access
FTP servers to get or put files from places remote.
1. FTP stands for File Transfer Protocol.
2. The term get is used in FTP to refer to receiving files.
3. The term put is used in FTP to refer to sending files.
4. In the modern context, using FTP in Windows is similar to opening a Windows Explorer window for a remote folder on a network
computer.
5. A computer on the Internet that offers FTP access is said to be an FTP host or FTP server.
6. You’re required to enter a username and password to access an FTP server, just like logging in to your own computer.
7. Various public FTP servers don’t require you to have an account for access. Occasionally, you may have to log in to these servers.
Often, the account name is guest and the password is either please or password. Sometimes, you’re required to give your email address
as the account name and then you can type anything for the password.
8. Webpages are uploaded to the Internet by using FTP. The webpage files are created on your own computer and then sent to the ISP’s
web server by using FTP, either by itself or as part of the webpage creation program.
9. Windows comes with a text-based version of the FTP program, similar to the one originally found on the old Unix computers that
dominated the Internet back in the early days.
What is FTP?

• FTP stands for File Transfer Protocol and, as the name implies, it is a way of transferring files between computers.
It is also one of those wonderful computer terms that’s both a noun and a verb.

• As a noun, FTP is the name for a method of sending files, but also the name of the program that actually sends the
files. Usage example: “Please send the file using FTP.”

• As a verb, FTP means to send or receive files. A proper replacement is the word send or fetch.

• Usage example: “FTP it to me.”

• Originally, FTP was developed to send and receive files in the old text-based computers and networks of the pre-
graphical era of computers (before the mid-1980s). You use FTP to access a remote computer on the network
to get or receive files, or to put or send files.
TCP Features
• Connection-oriented • Full duplex
• Byte-stream • Flow control: keep sender from
• app writes bytes overrunning receiver
• TCP sends segments • Congestion control: keep sender from
• app reads bytes overrunning network
• Reliable data transfer

Application process Application process

W rite Read

…
…

bytes bytes

TCP TCP
Send buffer Receive buffer

…
Segment Segment Segment
T ransmit segments
Segment Format (cont)
• Each connection identified with 4-tuple:
• (SrcPort, SrcIPAddr, DsrPort, DstPAddr)
• Sliding window + flow control
• acknowledgment, SequenceNum, AdvertisedWinow

Data (SequenceNum)

Sender Receiver

Acknowledgment +
AdvertisedWindow
• Flags
• SYN, FIN, RESET, PUSH, URG, ACK
• Checksum is the same as UDP
• pseudo header + TCP header + data
 0 4 10 16 31
SrcPort DstPort

SequenceNum

Acknowledgment

Segment HdrLen 0 Flags AdvertisedWindow

Format
Checksum UrgPtr

Options (variable)

Data
Connection Termination

Active participant Passive participant

(server) (client)

Three-way Handshake
SECURE SHELL PROTOCOL(22)

ABOUT:
• Secure shell is a cryptography network
protocol for operating network.
• The standard TCP port for SSH is 22.
• SSH is generally used to access Unix-like
operating system.
• SSH provides a secure channel over an
unsecured network
ADVANTAGES:
•Strong encryption
•Integrity protection
DISADVANTAGES:
•slightly complex to administer
•some delay during authentication
TELNET(23)
SMTP
• SMTP full form is Simple Mail Transfer
Protocol
• It is used for sending emails Most e-mail
systems that send mail over the Internet
use SMTP to send messages from one
server to another
• POP3 and IMAP is responsible for
receiving mails
• It is a text-based protocol it uses text strings
to communicate with other mail servers
Working of SMTP
Mail server communication through SMTP Commands
Continues:
HTTP
What is HTTP (Hypertext Transfer Protocol)?
• The Hypertext Transfer Protocol is an application protocol for distributed,
collaborative, hypermedia information systems that allows users to communicate data
on the World Wide Web.
What is the purpose of HTTP?
• HTTP was invented alongside HTML to create the first interactive, text-based web
browser: the original World Wide Web. Today, the protocol remains one of the
primary means of using the Internet.
How does HTTP work?
As a request-response protocol, HTTP gives users a way to interact with web resources such as HTML
files by transmitting hypertext messages between clients and servers. HTTP clients generally use
Transmission Control Protocol (TCP) connections to communicate with servers.

 HTTP utilizes specific request methods in order to perform various tasks:

 GET--requests a specific resource in its entirety
 HEAD--requests a specific resource without the body content
 POST--adds content, messages, or data to a new page under an existing web resource
 PUT--directly modifies an existing web resource or creates a new URI if need be
 DELETE--gets rid of a specified resource
 TRACE--shows users any changes or additions made to a web resource
 OPTIONS--shows users which HTTP methods are available for a specific URL
 CONNECT--converts the request connection to a transparent TCP/IP tunnel
 PATCH--partially modifies a web resource

All HTTP servers use the GET and HEAD methods, but not all support the rest of these request
methods.
What is https?
• HTTPS stands for Hyper Text Transfer Protocol Secure. It is a protocol for securing the communication between two systems e.g. the
browser and the web server.
• The following figure illustrates the difference between communication over http and https:

• Communication over https and http

 Advantage of https

• Secure Communication: https makes a secure connection by establishing an encrypted link between the browser and the
server or any two systems.

• Data Integrity: https provides data integrity by encrypting the data and so, even if hackers manage to trap the data, they cannot
read or modify it.

• Privacy and Security: https protects the privacy and security of website users by preventing hackers to passively listen to
communication between the browser and the server.

• Faster Performance: https increases the speed of data transfer compared to http by encrypting and reducing the size of the

HTTP •
data.

SEO: Use of https increases SEO ranking. In Google Chrome, Google shows the Not Secure label in the browser if users' data
is collected over http.

VS • Future: https represents the future of the web by making internet safe for users and website owners.

HTTPS
What is DHCP?

Dynamic Host Configuration Protocol

It is a method for assigning Internet Protocol (IP)

addresses permanently or to individual computers in an
organization’s network

DHCP lets a network administrator supervise and

distribute IP addresses from a central point and
automatically sends a new IP address when a
computer is plugged into a different place in the
network
How does it work?
(1) IP scope (0)
DHCP discover
MAC address
DHCP
CLIENT DHCP offer
IP#, lease time
DHCP DHCP
(2) SERVER
DATABASE
DHCP request
IP#, MAC address
DHCP MAC address, IP#,
CLIENT DHCP ack
lease time
IP#, lease time

• Scope - a range of IP addresses

• IP lease - the IP# is assigned temporarily
• Reserved IP - servers are assigned fixed IP addresses
 Important when it comes to
adding a machine to a
network

Mistakes are easily made

Why is DHCP When computer requests an

address, the administrator
would have to manually
Important? configure the machine
Causes difficulty for both
administrator as well as
neighbors on the network
DHCP solves all the hassle of
manually adding a machine
to a network
Advantages of DHCP
• DHCP minimizes the administrative burden

• By using DHCP there is no chance to conflict IP address

• By using DHCP relay agent you provide IP address to another network

Disadvantages of DHCP
• When DHCP server is unavailable, client is unable to access enterprises network

• Your machine name does not change when you get a new IP address
DHCP and IPCONFIG
• IPCONFIG/ALL
 FQDN, servers (DNS, WINS), node type, etc
 NIC description, MAC address, IP address, gateway, subnet mask

• To handle leases
 IP CONFIG/RENEW [adapter]
 IP CONFIG/RELEASE [adapter]
 if no adapter name is specified, then the IP leases for all adapters bound to TCP/IP
will be released or renewed.
Security problem

• DHCP is an unauthenticated protocol

When connecting to a network, the user is not required to provide
credentials in order to obtain a lease
Malicious users with physical access to the DHCP-enabled network can
instigate a denial-of-service attack on DHCP servers by requesting
many leases from the server, thereby depleting the number of leases that
are available to other DHCP clients
Internet Control Message Protocol (ICMP)
The Internet Control Message Protocol (ICMP) is a network-layer protocol used by network devices to
diagnose network communication issues. ICMP is mainly used to determine whether or not data is
reaching its intended destination in a timely manner. Commonly, the ICMP protocol is used on network
devices, such as routers.
ICMP
• IP provides unreliable and connectionless • What happens if
delivery • Router discards a datagram ?
• Provides unreliable delivery • TTL expires ?
• Make efficient use of network
resources • Host didn’t receive all datagram’s
fragments ?
• No error reporting, or correcting
mechanism
• No management of queries
• Network manager might need
information about a host/router
 ICMP messages

Type Message Type Message

3 Destination Unreachable 8 or 0 Echo request or reply
4 Source Quench 13 or 14 Timestamp
11 Time Exceeded 17 or 18 Address Mask
12 Parameter problem 10 or 9 Router Sollicitation/Adv
5 Redirection
General format of
ICMP messages
• Data section in
• Error Messages carries
information to find the original
packet that had the error
• Rest of Header unused (all
0s), except for Redirection
message format
• Query Messages carries extra
information based on type of the
query.
• Rest of Header = Identifier
(8 bits) + Sequence
Number (8 bits)
Ping Program

• Ping programs uses Echo-request/reply to test reachability of a host

• Identifiers : Process ID
• If many ping programs are running
• Sequence Number : increment for each echo-request
• RTT = received_reply_time – requested_time(stored in ICMP data packet)

• Other Options:
• Use ICMP request message encapsulated into an IP packet with record route option.
• Example: Ping –R machine
• Limited number of IP addresses
• IP header lenght = 4 bits
• Allows 15* 4 bytes (60 – 20 IP header– 3 bytes for option information ) Only 9 IP addresses

• Use ICMP request message encapsulated into IP packet with timestamp option
• More severe limitation
Domain Name Service(53)
What is DNS?
• The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online
through domain names, like nytimes.com or espn.com. Web browsers interact through Internet Protocol
(IP) addresses. DNS translates domain names to IP address so browsers can load Internet resources.

• Each device connected to the Internet has a unique IP address which other machines use to find the
device. DNS servers eliminate the need for humans to memorize IP addresses such as 192.168.1.1 (in
IPv4), or more complex newer alphanumeric IP addresses such as 2400:cb00:2048:1::c629:d7a2 (in
IPv6).
 How does DNS work?
There are 4 DNS servers involved in loading a webpage:
 DNS recursor - The recursor can be thought of as a librarian who is asked to go find a particular book somewhere in a library.
The DNS recursor is a server designed to receive queries from client machines through applications such as web browsers.
Typically the recursor is then responsible for making additional requests in order to satisfy the client’s DNS query.

 Root nameserver - The root server is the first step in translating (resolving) human readable host names into IP addresses. It can
be thought of like an index in a library that points to different racks of books - typically it serves as a reference to other more
specific locations.

 TLD Nameserver - The top level domain server (TLD) can be thought of as a specific rack of books in a library. This
nameserver is the next step in the search for a specific IP address, and it hosts the last portion of a hostname (In example.com,
the TLD server is “com”).

 Authoritative Nameserver - This final nameserver can be thought of as a dictionary on a rack of books, in which a specific
name can be translated into its definition. The authoritative nameserver is the last stop in the nameserver query. If the
authoritative name server has access to the requested record, it will return the IP address for the requested hostname back to the
DNS Recursor (the librarian) that made the initial request.
The DNS Process
 Whenever a computer needs to connect to a server (such as the www.yahoo.com web
server) it must look up the server’s IP address using the DNS system.
 Each computer on the Internet has a list of the IP address of a local DNS server.
 So, when a computer needs to look up an IP address, it asks its local DNS server for it.
Step 1 Root DNS

Yahoo’s DNS
Local DNS

for
S
N P
al D ’s I
s loc .com
k o
as yaho
) PC w.
1 ww
www.yahoo.com
Web Server
PC

Step 1: If the PC does not already have the address for www.yahoo.com in its own DNS cache, it asks
its local DNS server for the IP address information.
 Step 2 Root DNS

S
o t DN
s Ro
S a sk
N
o c al D
2) L Yahoo’s DNS
Local DNS

for
S
N P
al D ’s I
s loc .com
k o
as yaho
) PC w.
1 ww
www.yahoo.com
Web Server
PC

Step 2: If the local DNS server does not already have the address for www.yahoo.com in its own DNS
cache, it asks the root DNS servers for the IP address of Yahoo’s DNS server.
 Step 3 Root DNS

S
o t DN
s Ro
’s DNS
a sk ho o
l DNS o f Ya
o ca IP
2) L re turns Yahoo’s DNS
Local DNS oot
3) R
for
S
N P
al D ’s I
s loc .com
k o
as yaho
) PC w.
1 ww
www.yahoo.com
Web Server
PC

Step 3: The root DNS server returns the IP address of Yahoo’s DNS server to the local DNS server.
Step 4 Root DNS

S
o t DN
s Ro
’s DNS
a sk ho o
l D NS o f Ya
o ca IP
2) L re turns Yahoo’s DNS
Local DNS oot NS for www’s
IP
3) R ask s Y a h o o ’s D
4) Local DNS
for
S
N P
al D ’s I
s loc .com
k o
as yaho
) PC w.
1 ww
www.yahoo.com
Web Server
PC

Step 4: The local DNS server connects to Yahoo’s DNS server and asks for www.yahoo.com’s IP
address.
Step 5 Root DNS

S
o t DN
s Ro
’s DNS
a sk ho o
l D NS o f Ya
o ca IP
2) L re turns Yahoo’s DNS
Local DNS oot NS for www’s
IP
3) R ask s Y a h o o ’s D
4) Local DNS
for
S
N P
al D ’s I 5) Yahoo’s DNS returns IP info for www.yahoo.com
s loc .com
k o
as yaho
) PC w.
1 ww
www.yahoo.com
Web Server
PC

Step 5: Yahoo’s DNS server returns the IP address information of www.yahoo.com to the local DNS
server.
Step 6 Root DNS

S
o t DN
s Ro
’s DNS
a sk ho o
l D NS o f Ya
o ca IP
2) L re turns Yahoo’s DNS
Local DNS oot NS for www’s
IP
3) R ask s Y a h o o ’s D
4) Local DNS
for
S
N P
al D ’s I 5) Yahoo’s DNS returns IP info for www.yahoo.com
s loc .com IP
s k hoo ns
C
a ya
. r e tur
P w S
1) ww D N PC
l to
o ca www.yahoo.com
L
6) Web Server
PC

Step 6: The local DNS adds www.yahoo.com’s IP address to its cache and then returns the IP address
info to the PC.
Step 7 Root DNS

S
o t DN
s Ro
’s DNS
a sk ho o
l D NS o f Ya
o ca IP
2) L re turns Yahoo’s DNS
Local DNS oot NS for www’s
IP
3) R ask s Y a h o o ’s D
4) Local DNS
for
S
N P
al D ’s I 5) Yahoo’s DNS returns IP info for www.yahoo.com
s loc .com IP
s k hoo ns
C
a ya
. r e tur
P w S
1) ww D N PC
l to
o ca www.yahoo.com
L
6) Web Server
PC 7) PC Connects to www.yahoo.com’s IP

Step 7: The PC adds the IP address info to its local cache and can then connect to www.yahoo.com
using that IP address.
Some DNS records are

Cname -- Maps an alias name to the

A record -- to Map domain name with IP AAAA record -- An AAAA record maps a canonical name, used to map the
address will store in A record (version 4) domain name to the IP address (Version 6) subdomain name to the domain hosting
that subdomain.

SOA(Start Of Authority) Record -- It stores

information about the name of the server
that supplied the data for zone.
MX Record -- Used to identify mail servers, Information like Administrator of the zone,
NS record -- It is used to Identify the name
mx record is used by the SMTP protocol to No of seconds a secondary name server
servers for a particular zone
route email to the proper host. should wait before checking for updates,
No of seconds a secondary name server
should wait before retrying a failed zone
transfer.

TXT Record -- Allows any text to be

inserted into a DNS record
Zone types

• DNS Zones provide us a way to maintain these records on one or more servers.
Primary Zone:
This is the main zone and has a read/write copy of the zone data. All changes to
the zone are made in the primary zone and are replicated to the other zones. It
is master copy of zone data
Secondary Zone:
A secondary Zone is a read-only copy of the primary zone. This zone cannot
process updates and can only retrieve updates from the primary zone. This
zone can answer DNS name resolution queries from client's nodes, this helps
reduce the workload on the primary zone.
Zone Types
• Stub Zone:
Stub zones are like a secondary zone but only stores partial zone data. These
zones are useful to help reduce zone transfers by passing the requests to
authoritative servers. These zones only contain the SOA, NS and A records.
• Forward lookup zone:
forward lookup zone provides hostname to IP address resolution. When you
access a system or website by its hostname such as mcirosoft.com DNS checks
the forward lookup zone for the IP information related to the hostname.
Zone Transfers
• A Zone transfer is where the master DNS servers transfer zone data from the master to
secondary.

• If DNS server is misconfigured, then attacker pretend to be slave and ask the master for a
copy of the zone records and gets list of domain names registered for that particular zone.
Then the attacker gathers information about all domains and try to attack any of the
domain if it is vulnerable.
OPERATING SYSTEM
OPERATING SYSTEM
• Operating System is a software, which makes a computer to actually work.
• It is the software the enables all the programs we use.
• The OS organizes and controls the hardware.
• OS acts as an interface between the application programs and the machine hardware.
• Examples: Windows, Linux, Unix and Mac OS, etc.,
What OS does?

An operating system performs basic tasks such as,

 controlling and allocating memory,

 prioritizing system requests,

 controlling input and output devices,

 facilitating networking and

 managing file systems.

OS Architecture
An Operating System acts as a communication bridge (interface) between the user and computer hardware. The purpose of an operating system is to
provide a platform on which a user can execute programs in a convenient and efficient manner. An operating system is a piece of software that
manages the allocation of computer hardware. The coordination of the hardware must be appropriate to ensure the correct working of the computer
system and to prevent user programs from interfering with the proper working of the system.

Example: Just like a boss gives order to his employee, in the similar way we request or pass our orders to the Operating System. The main goal of the
Operating System is to thus make the computer environment more convenient to use and the secondary goal is to use the resources in the most
efficient manner.
Kernel in Operating System

• Kernel is central component of an operating system that manages operations of computer and hardware.
It basically manages operations of memory and CPU time. It is core component of an operating system.
Kernel acts as a bridge between applications and data processing performed at hardware level using
inter-process communication and system calls.
 Objectives of Kernel :
• To establish communication between user level application
and hardware.
• To decide state of incoming processes.
• To control disk management.
• To control memory management.
• To control task management.
Kernel
Types of Kernel :
• Monolithic-Kernel
• Micro-Kernel
• Hybrid-Kernel
Types of Kernel

1. Monolithic-Kernel
It is one of types of kernel where all operating system services operate in kernel space. It has dependencies between systems
components. It has huge lines of code which is complex.
Example - Unix, Linux, Open VMS, XTS-400 etc.

Advantage
It has good performance.
Disadvantage
It has dependencies between system component and
lines of code in millions.
2. Micro-Kernel
It is kernel types which has minimalist
approach. It has virtual memory and thread
scheduling. It is more stable with less services
in kernel space. It puts rest in user space.
Example - Mach, AmigaOS, Minix, K42 etc.

• Advantage
It is more stable.
• Disadvantage
There are lots of system calls and
context switches.
3.Hybrid-Kernel
It is the combination of both monolithic kernel and microkernel. It has speed and design of
monolithic kernel and modularity and stability of microkernel.
Example -
Windows NT, Netware, BeOS etc.

1. Advantage
It combines both monolithic kernel and microkernel.
2. Disadvantage
It is still similar to monolithic kernel.
BIOS
 The data that is installed on a small memory chip on the motherboard is BIOS which
means Basic Input Output System.
 The first program to be launched when a computer starts is BIOS.

In this article, we will go through the details like What is BIOS, the function and types
of BIOS, BIOS Acronym, and how it works, its application, and some more details to
understand its importance.
What is the BIOS
(Basic Input
Output System)?

 The BIOS provides instructions

for loading basic computer
hardware.
 This also requires a test called a
POST (Power-On Self-Test) to
verify whether the device meets
the needs of booting correctly.
Types of BIOS (Basic Input Output System)

There are two different types of BIOS –

1. UEFI – UEFI (Unified Extensible Firmware Interface) can accommodate 2.2 TB or larger drives by using the
Master Boot Record (MBR) approach in place of the more modern GUID Partition Table (GPT) technology.
Although Intel PCs migrate away from Legacy BIOS and towards UEFI firmware, BIOS has never been used
by Apple’s Mac PCs.

2. Legacy BIOS – Older motherboards have legacy firmware on the BIOS to turn the PC on. Although it governs
how the CPU and the components communicate, like UEFI, Legacy BIOS have other limitations. These can’t
identify drives bigger than 2.1 TB, and their setup programs have text-only menus.

Which were the first BIOS?

Gary Kildall developed the first BIOS, and in 1974 it was used in the CP / M operating system. Kildall
invented the term “BIOS” to define a part of a system that loads and communicates with other
machine hardware at boot-up.
Functions of BIOS (Basic Input Output System)
The BIOS is responsible for loading the OS and it contains various instructions that are required to load the hardware.
Some of the major functions of BIOS are –
1. POST–The first and foremost task of BIOS is to ensure the proper functioning of the computer hardware, and there is no
hardware problem. Power-On Self-Check (POST) does this task efficiently. If the POST test fails, the computer produces
different forms of beeps to show the error type. If the POST test is passed then it continues to boot.
2. Booting – Upon successfully running POST, the BIOS locates and recognizes the operating system. The BIOS then
transfers access to Operating System when it detects one. This is called Booting.
3. BIOS drivers – BIOS drivers are a set of programs that are stored in the erasable memory chips which are non-volatile.
The BIOS Drivers supplies basic computer hardware information.
4. BIOS Setup – Configuration software that allows you to configure hardware settings including the device settings,
computer passwords, time and date. BIOS setup is also called a CMOS setup.
Advantages of updating the BIOS

Some of the reasons to update the BIOS are –

1. Hardware updates – New BIOS updates would allow the motherboard to correctly recognize new
hardware including processors, RAM, etc. If you have updated your processor, and the BIOS does
not recognize it, the answer could be a BIOS flash.
2. Security updates – The new BIOS updates come with security upgrades that help your BIOS
withstand tampering and increase awareness of viruses in the boot sector (if your motherboard
supports boot sector scanning).
3. Increased stability – As bugs and other problems with motherboards are discovered, the
manufacturer will release BIOS updates to address and rectify those bugs. This can directly affect
the data transfer and processing speed.
How important is BIOS in a computer system?

 The BIOS is the basic and essential portion of the Motherboard Firmware and is in charge of checking
and booting the hardware attached to the device, thereby passing the computer control to the Operating
system.

 Now we can think about imagining a machine without BIOS. The answer is No. A computer cannot
run without BIOS (Basic Input Output System).
What is a File system?
• Any computer file is stored on a storage medium with a given capacity. In
actual fact, each storage is linear space for reading or both reading and
writing digital information. Each byte of information on it has its offset
from the storage start known as an address and is referenced by this
address. A storage can be presented as a grid with a set of numbered
cells (each cell is a single byte). Any file saved to the storage gets its own
cells.
History
• Portable System Group formed November 1988
• Started with five software engineers
• Later became Windows NT
• FAT for NT was written in early 1989
• Supported DOS disk format
• Entirely new code base and programming model
• FASTFAT started in late 1989 (two person effort)
• Other file systems done by the Core NT group were
• HPFS, NTFS, CDFS, NPFS
• FS development was done concurrently with kernel development
• A lot of cooperative design between the file systems, I/O system, Memory Management, and the
Cache manager
Types of file systems

Disk file systems

• A disk file system is a file system designed for the storage of files on a data storage device, most
commonly a disk drive, which might be directly or indirectly connected to a computer.

• Examples of disk file systems include FAT, NTFS, HFS, ext2, ISO 9660, ODS-5, and UDF.

• Some disk file systems are also journaling file systems or versioning file systems.
File systems of Windows
• Microsoft Windows employs two major file systems: NTFS, the primary format most modern versions of
this OS use by default, and FAT, which was inherited from old DOS and has exFAT as its later extension.
In addition, the ReFS file system was developed by Microsoft as a new generation file system for server
computers starting from Windows Server 2012.
FAT: File Allocation System
• File Allocation Table (FAT) is a patented file system developed by Microsoft for MS-DOS and is the
primary file system for consumer versions of Microsoft Windows.

The most common implementations have a serious drawback in that when files are deleted and new
files written to the media, their fragments tend to become scattered over the entire media making
reading and writing a slow process.

De-fragmentation is one solution to this, but is often a lengthy process in itself and has to be repeated
regularly to keep the FAT file system clean.

There are 3 types of FAT: FAT12, FAT16 and FAT32

NTFS
• Developed by Microsoft
• In NTFS,
- file name,
- creation date,
- access permissions
- and even contents is stored as metadata.
• This elegant, albeit abstract, approach allowed easy addition of file system features during the course
of Windows NT's development
• It’s far more robust, it supports Unicode filenames, proper security, compression and encryption.
ext2
• The ext2 or second extended file system is a file system for the Linux kernel.
• Its main drawback is that it is not a journaling file system.
• Its successor, ext3, is a journaling file system and is almost completely compatible with ext2.
• The Ext2fs supports standard Unix file types: regular files, directories, device special files and
symbolic links.
• Ext2fs provides long file names. It uses variable length directory entries.
The maximal file name size is 255 characters. This limit could be extended to 1012 if needed.
• Ext2fs reserves some blocks for the super user (root). Normally, 5% of the blocks are reserved.
Introduction to
Kali Linux
Kali Linux
 Kali Linux is a Debian-derived Linux distribution, designed for digital forensics and penetration testing.
 Kali Linux is preinstalled with numerous penetration-testing programs.
 Kali Linux can be run from a hard disk, live CD, or live USB. It is a supported platform of the Metasploit Project's
Metasploit Framework, a tool for developing and executing security exploits.
 From the creators of BackTrack comes Kali Linux, the most advanced penetration testing distribution created till
now.
Kali

Advantages:
 It has 600+ Penetration testing and network security tools pre-installed.
 It is completely free and open source. So you can use it for free and even contribute for its development.
 It supports many languages.
 Great for those who are intermediate in linux and have their hands on Linux commands.
 Could be easily used with Rasberry Pi.

Disadvanatges:
 It is not recommended for those who are new to linux and want to learn linux.(As it is Penetration Oriented)
 It is a bit slower.
 Some software may malfunction.
What is Kali Linux used for?
Kali Linux is mainly used for advanced Penetration Testing and Security Auditing. Kali contains several
hundred tools which are geared towards various information security tasks, such as Penetration Testing,
Security research, Computer Forensics and Reverse Engineering.

Is Kali Linux illegal?

Kali Linux is not illegal by itself. After all, it is just an OS. It is however a tool for hacking too and when someone
uses it especially for hacking, it is illegal. It is legal If you install it for useful purposes like learning, or teaching,
or using it in the way to fortify your software or your network as It is not illegal to install any Operating System
which is licensed and available for download.
Why Use Kali Linux?
There are a wide array of reasons as to why one should use Kali Linux. Let me list down a few of them:

1. As free as it can get – Kali Linux has been and will always be free to use.
2. More tools than you could think of – Kali Linux comes with over 600 different penetration
testing and security analytics related tool.
3. Open-source – Kali, being a member of the Linux family, follows the widely appreciated open-
source model. Their development tree is publicly viewable on Git and all of the code is available
for your tweaking purposes.
4. Multi-language Support – Although penetration tools tend to be written in English, it has been
ensured that Kali includes true multilingual support, allowing more users to operate in their
native language and locate the tools they need for the job.
5. Completely customizable – The developers at offensive security understand that not everyone
will agree with their design model, so they have made it as easy as possible for the more
adventurous user to customize Kali Linux to their liking, all the way down to the kernel.
System Requirements for Kali Linux- (How much RAM does Kali Linux need?)

Installing Kali is a piece of cake. All you have to make sure is that you have the compatible hardware.
Kali is supported on i386, amd64, and ARM (both ARMEL and ARMHF) platforms. The hardware
requirements are minimal as listed below, although better hardware will naturally provide better
performance.

1. A minimum of 20 GB disk space for the Kali Linux install.

2. RAM for i386 and amd64 architectures, minimum: 1GB, recommended: 2GB or more.
3. CD-DVD Drive / USB boot support/ VirtualBox
Installing Kali Linux
• 1- Go to the link http://www.kali.org/downloads/
• 2- Download a proper version of the kali Linux image (based on your “system type”, if it is 32 bit or 64
bit, for example for 64-bit OS you can download Kali Linux 64-bit ISO (to find the type of the system:
right click on the computer icon in your desktop or in the start menu and go to the properties tab and
read the system type there).
• 3- Then you can write this ISO file to a cd or DVD or flash memory and use it or you can put it in the
VMware like below.
• 4- For running Kali Linux in the VMware, go to the start and type VMware Workstation and open that.
• 5- Go to the file-> new virtual machine to install the Kali Linux through this wizard.
• 6- Install the Kali Linux and select it from the list in the left side of the page and power it on.
• 7- Type the username and password (ex. User: root Pass: toor).
• 8- Go to the application->Kali Linux to see all the penetration testing tools there.
FIREWALL
FIREWALL
• The Internet is a dangerous place filled with all kinds of security threats. Therefore the moment your network – be
it small or large – connects to the internet, it gets exposed to all kinds of security issues, unless it is protected by
what is known as a firewall, which is responsible for filtering traffic which flows into (and goes out of) your
network, thereby greatly reducing the impact of malicious traffic traveling over public internet can have on your
network.
What Exactly Is A Firewall, In Simple Terms?

• Firewall, a term which is supposedly coined by AT&T’s Steven Bellovin, is a metaphor (wall on fire)
indicating that it prevents intruders (like virus, trojans, ransomware, other types of malware and other
such security threats) from breaking into networks and infecting them. Simply put, network
firewall(s) protect your networks against security threats.

Types Of Firewall
1. Packet Filtering Firewall
2. Circuit Level Firewall Or Gateway
3. Stateful Inspection Firewall
4. Application-Level Firewall
Packet-filtering Router
• Packet-filtering Firewall: this is the first firewall created for network security which was basically
responsible for filtering (inspecting) data packets coming into the network based on an established rule-set (or
criteria) – like allowing data from only certain IP addresses, packet types, port numbers etc., – and ignoring those
which don’t match them.
Packet-filtering Router

Simplicity
Advantages: Transparency to users
High speed

Difficulty of setting up packet filter rules

Disadvantages:
Lack of Authentication
Application-level Gateway
• Application-level Gateway: these firewalls operate at the application level. In other words, they filter
the traffic only with regards to the application (or service) for which they are intended. For example, a
firewall for monitoring traffic to all the web applications your network uses.
Application-level Gateway
• Advantages:
• Higher security than packet filters
• Only need to check a few allowable applications
• Easy to log and audit all incoming traffic

• Disadvantages:
• Additional processing overhead on each connection (gateway as splice point)
Circuit Level Firewall

• Circuit-level Gateway: these firewalls operate at the session level – monitoring TCP handshakes –
instead of at the data packets level. Simply put, they ensure the external sessions your network
encounters (or engages with) are legitimate or not.
Stateful Inspection Firewall

• Stateful Inspection Firewall: these network firewalls accomplish both data packet filtering and session
(TCP handshake) filtering. In other words, they do the job of both packet filtering and circuit level
filtering firewalls. This means they monitor all active sessions or connections and thus determine which
network packets should be allowed or disallowed.
Firewall

Next Gen Firewall Is The Future

The firewalls which are most popular at the moment are next-gen firewalls. The obvious reason being the
modern-day malware which is quite complex in nature gives rise to the need for a more sophisticated firewall
for monitoring (and safeguarding) the network efficiently. This firewall is the least-well delineated firewall
of all and is usually a combination of stateful inspection and deep packet inspection firewalls.

Use Comodo Internet Security (CIS)

• Comodo Internet Security, which comes equipped with impressive security features, contains the best
firewall the IT security industry has to offer. Operating using the Comodo’s patented Default Deny Approach
(which is implemented via Containment technology), it offers effective resistance not just against malware
threats but against zero-day attacks too.
• Apart from offering an award-winning best firewall, CIS also offers features like Secure Shopping, Spyware
Scanning, technologies like HIPS (Host Intrusion Prevention System) and Viruscope, and other important
features like unlimited product support, virus removal, online backup, wifi security etc.
IDS && IPS
• Intrusion
• Actions aimed at compromising the security of the target (confidentiality,
integrity, availability of computing/networking resources)

• Intrusion detection
• The identification through intrusion signatures and report of intrusion activities

• Intrusion prevention
• The process of both detecting intrusion activities and managing automatic
responsive actions throughout the network
IDS vs IPS
IPS Techniques to defend against Attacks

• Intrusion prevention sensors look at header and data portions of the traffic
looking for suspicious traffic that indicate malicious activity.

• IPS IDS Deployment

• Host based Intrusion detection and Network based Intrusion Detection
• Signature based
• Anomaly based
• Rule based
IPS and IDS vs Firewalls

 Not having an IPS system result in attacks going unnoticed. Don’t forget a firewall does the filtering, blocking and
allowing of addresses, ports, service, but also allows some of these through the network as well. However this
means that the access allowed is just let through, and firewalls have no clever way of telling whether that traffic is
legit and normal. This is where the IPS and IDS systems come into play.

 So where firewalls block and allow traffic through, IDS/IPS detect and look at that traffic in close detail to see if it
is an attack. IDS/IPS systems are made up of sensors, analysers and GUI’s in order to do their specialised job.
The Job of an IPS\IDS system

Let's take a closer at an IPS/IDS (also known as IPD systems).

Most common attack types that IPS and IDS systems are used for are;

• Policy Violations - Rules, protocols and packet designs that are violated. An example
would be an IP packet that are incorrect in length.
• Exploits - Attempts to exploit a vulnerability of a system, application or protocol. An
example would be a buffer overflow attacks.
• Reconnaissance - Is a detection method that is used to gain information about system
or network such as using port scanners to see what ports are open.
• DOS\DDOS - This is when an attack attempts to bring down your system by sending
a vast number of requests to it such as SYN flood attacks.
Conclusion
The key for building a secure network is to define what security means to you. Once it
has been defined, everything it goes on with the network can be evaluated with respect
to that policy. Projects and systems can then be broken down into their components,
and it becomes much simpler to decide whether what is proposed will conflict with
your security policies and practices.
END