4.

1 INTERNET ADDRESSES:
An internet address, also known as an IP address, is a unique numerical identifier assigned to each
device connected to the internet. IP addresses are used to route traffic between devices on the
internet.

IP addresses are written in dotted decimal notation, which consists of four numbers separated by
periods. Each number can range from 0 to 255. For example, a valid IP address is 192.168.1.1.

Internet addresses are assigned to devices by internet service providers (ISPs). ISPs typically
assign dynamic IP addresses to their customers. This means that the IP address assigned to a
device may change over time. However, some ISPs also offer static IP addresses, which do not
change.

Static IP addresses are typically used by businesses and other organizations that need to have a
consistent IP address for their servers and other devices. Static IP addresses are also sometimes
used by individuals who want to host their own websites or servers.

Internet addresses are an essential part of the internet infrastructure. They allow devices to
communicate with each other and to access websites and other online resources.

Think of the internet as a big city. Each house in the city has a unique address that allows people to
find it. Internet addresses are like the addresses of houses on the internet. They allow devices to
find each other and to communicate with each other.

----------------------------------------------------------------------------------------------------------------------------- -----

 GATEWAY ADDRESSING :

Gateway addressing is the process of configuring a device's network settings so that it knows how
to reach other devices on the internet. This is done by specifying the IP address of a gateway device,
which is a device that can route traffic between different networks.

The most common gateway device is a router. A router is a device that connects a local network
(LAN) to the internet. When a device on a LAN needs to communicate with a device on the internet,
the router forwards the traffic to the internet service provider (ISP). The ISP then routes the traffic
to the destination device.

To configure gateway addressing on a device, you need to know the IP address of the gateway
device. This information can usually be obtained from your ISP or from the router's manufacturer.

Here is an example of how gateway addressing works:

A device on a LAN has the IP address 192.168.1.100. The gateway device for the LAN has the IP
address 192.168.1.1.

If the device at 192.168.1.100 wants to communicate with a device on the internet, it will send its
traffic to the gateway device at 192.168.1.1. The gateway device will then forward the traffic to the
ISP. The ISP will then route the traffic to the destination device.

Gateway addressing is an essential part of networking. It allows devices on different networks to

communicate with each other.

----------------------------------------------------------------------------------------------------------------------------- -----

 NETWORK & BROADCAST ADDRESSING :

Network and broadcast addressing are two important concepts in computer networking.

Network addressing is the process of assigning IP addresses to devices on a network. An IP

address is a unique identifier for a device on the internet. It is made up of four numbers, each ranging
from 0 to 255.

Network addresses are assigned to devices using a subnet mask. A subnet mask is a 32-bit number
that is used to divide an IP address into two parts: the network address and the host address.

The network address identifies the network that the device is on. The host address identifies the
device on the network.

For example, the IP address 192.168.1.100 has a subnet mask of 255.255.255.0. This means that
the network address is 192.168.1.0 and the host address is 100.

There are two main types of network addresses: unicast addresses and broadcast addresses.

Unicast addresses are used to identify a single device on a network. For example, the IP address
192.168.1.100 is a unicast address.

Broadcast addresses are used to send a message to all devices on a network at the same time.
For example, the IP address 192.168.1.255 is a broadcast address.
Broadcast addressing is the process of sending a message to all devices on a network at the same
time. This is done by sending the message to the broadcast address of the network.

The broadcast address of a network is a special IP address that is used to send messages to all
devices on the network. It is calculated by setting all of the host bits in the network address to 1.
Network and broadcast addressing are used for a variety of purposes, such as:

 Dynamic Host Configuration Protocol (DHCP): DHCP is a protocol that is used to

automatically assign IP addresses to devices on a network. DHCP servers use the broadcast
address to send IP address assignments to all devices on the network.
 Address Resolution Protocol (ARP): ARP is a protocol that is used to map IP addresses to
Media Access Control (MAC) addresses. When a device needs to send a message to another
device on the network, it uses ARP to resolve the IP address of the destination device to its
MAC address. ARP uses the broadcast address to send ARP requests to all devices on the
network.
 Ping: Ping is a utility that is used to test the connectivity between two devices on a network.
Ping uses the broadcast address to send ICMP echo requests to all devices on the network.

----------------------------------------------------------------------------------------------------------------------------- -----

 DOTTED DECIMAL NOTATION

Dotted decimal notation is a way of writing IP addresses in a human-readable format. It consists of

four numbers, each ranging from 0 to 255, separated by periods (dots).

For example, the IP address 192.168.1.1 in dotted decimal notation is a 32-bit IP address that is
commonly used for private networks.

Each number in a dotted decimal IP address represents an octet, which is a group of eight bits. The
first octet represents the network address, and the remaining three octets represent the host
address.

Here is a table that shows the relationship between dotted decimal notation and binary notation:

Dotted decimal notation Binary notation

192.168.1.1 11000000101010000000000100000001

To convert from dotted decimal notation to binary notation, you can use the following steps:

1. Split the dotted decimal IP address into four octets.

2. Convert each octet to binary notation.

3. Combine the four binary octets to form a single 32-bit binary number.

To convert from binary notation to dotted decimal notation, you can use the following steps:
 1. Split the 32-bit binary IP address into four octets.

2. Convert each octet to dotted decimal notation.

3. Join the four dotted decimal octets with periods to form the complete IP address.

4. Example: Change the following IPv4 addresses from binary notation to dotteddecimal
notation.

a. 10000001 00001011 00001011 11101111

b. 11000001 10000011 00011011 11111111

Solution: We replace each group of 8 bits with its equivalent decimal number and add dots
for separation.

a. 129.11.11.239

b. 193.131.27.255

Dotted decimal notation is a convenient way to work with IP addresses, and it is an essential skill
for anyone who works with networks.

----------------------------------------------------------------------------------------------------------------------------- -----

 LOOPBACK ADDRESSING :

Loopback addressing is a special type of network addressing that allows a device to communicate
with itself. Loopback addresses are reserved IP addresses that are not assigned to any physical
network interface.

The most common loopback address is 127.0.0.1 for IPv4 and ::1 for IPv6.

Loopback addressing is used for a variety of purposes, such as:

 Testing network connectivity

 Debugging network applications

 Running local servers, such as web servers and database servers

Loopback addressing is also used by some operating systems to provide certain features, such as
printer spooling and network time synchronization.

To send a message to a loopback address, a device simply sends the message to its own IP
address. The device then processes the message as if it had been received from another device.
Loopback addressing is a powerful tool that can be used for a variety of network troubleshooting
and development tasks.

Here are some examples of how loopback addressing can be used:

 To test network connectivity, you can ping the loopback address. If you receive a reply, then
you know that your network interface is working properly.

 To debug a network application, you can set the application to listen on the loopback address.
This will allow you to test the application without having to deploy it to a network.

 To run a local server, you can start the server on the loopback address. This will allow you to
access the server from your own computer without having to publish it to the internet.

Loopback addressing is a valuable tool for anyone who works with networks. It can save you a lot
of time and frustration when troubleshooting and developing network applications.

 IP NETWORK CLASSES :

IP address classes are a way of dividing IPv4 addresses into different categories based on their
network size. There are five IP address classes: A, B, C, D, and E. Each class has a different range
of IP addresses and is used for a different purpose.

Class Range Purpose

A 0.0.0.0 to 127.255.255.255 Large networks, such as the Internet backbone

B 128.0.0.0 to 191.255.255.255 Medium-sized networks, such as corporate networks

C 192.0.0.0 to 223.255.255.255 Small networks, such as home networks

D 224.0.0.0 to 239.255.255.255 Multicasting

E 240.0.0.0 to 255.255.255.255 Experimental use

  MASK :

The mask in an IP address is a bitmask that is used to divide the IP address into two parts: the
network address and the host address.

The network address identifies the network that the device belongs to. The host address identifies
the device on the network.

The mask is a 32-bit number, and it is written in the same dotted decimal notation as IP addresses.
For example, the mask 255.255.255.0 means that the first three octets of the IP address are used
for the network address and the last octet is used for the host address.

-The masks for classes A, B, and C are shown in Table.

-The concept does not apply to classes D and E.

-The mask can help us to find the netid and the hostid.
-For example, the mask for a class-A address has eight 1s, which means the first 8 bits of any
address in class A define the netid; the next 24 bits define the hostid.

 SUBNET :

A subnet is a logical division of an IP network. It is a smaller network within a larger network. Subnets
are used to improve network performance, security, and manageability.

Subnets are created by using a subnet mask. A subnet mask is a 32-bit number that is used to
divide an IP address into two parts: the network address and the host address. The network address
identifies the subnet that the device belongs to. The host address identifies the device on the subnet.

Subnets have a number of benefits, including:

 Improved performance: Subnets can improve network performance by reducing the amount
of traffic on each subnet. This is because devices on the same subnet can communicate with
each other directly, without having to go through a router.
 Increased security: Subnets can improve network security by isolating subnets from each
other. This can make it more difficult for attackers to access devices on other subnets.
  Enhanced manageability: Subnets can make networks more manageable by dividing them
into smaller, more manageable units. This can make it easier to troubleshoot problems and
to implement security policies.

Subnets are an important part of network design. They can be used to improve network
performance, security, and manageability.

Here are some examples of how subnets can be used:

 A company might use subnets to divide its network into different departments, such as sales,
marketing, and engineering. This would make it easier to manage the network and to
implement security policies for each department.

 A school might use subnets to divide its network into different buildings, such as the main
building, the library, and the gym. This would improve network performance by reducing the
amount of traffic on each subnet.

 An internet service provider (ISP) might use subnets to divide its network into different
regions. This would improve network security by isolating subnets from each other.

Subnets are a versatile tool that can be used to improve networks in a variety of ways.

 SUBNET MASK:

The subnet mask follows two rules: o If a binary bit is set to a 1 (or on) in a subnet mask, the
corresponding bit in the address identifies the network. o If a binary bit is set to a 0 (or off) in
a subnet mask, the corresponding bit in the address identifies the host.

Finding The Subnet Address: We use binary notation for both the address and the mask and
then apply the AND operation to find the subnet address.

Example: What is the subnetwork address if the destination address is 200.45.34.56 and the
subnet mask is 255.255.240.0?

Solution :
Step 1: Convert given IP and Subnet mask to Binary
Step 2: Perform AND Operation on these two.

11001000 00101101 00100010 00111000 Binary 200.45.34.56

11111111 11111111 11110000 00000000 Subnet Mask 255.255.255.0
______________________________________
11001000 00101101 00100000 00000000

The subnetwork address is 200.45.32.0.

Step 3: Convert the result of AND operation to Dotted Decimal format which is Subnet mask.
  SUPERNET :

Supernetting in IP addresses is the process of combining multiple smaller networks into a larger
network. It is done by using a subnet mask that has fewer bits set to 1. This allows the network
address to cover a larger range of IP addresses.

 The most of the class A and class B addresses were exhausted; however, there was still a huge
demand for midsize blocks.

 The size of a class C block with a maximum number of 256 addresses did not satisfy the needs of
most organizations.

 One solution was supernetting.

 In supernetting, an organization can combine several class C blocks to create a larger range of
addresses.

 In other words, several networks are combined to create a supernetwork or a supernet.

 An organization can apply for a set of class C blocks instead of just one.

 For example, an organization that needs 1000 addresses can be granted four contiguous class C
blocks.

 The organization can then use these addresses to create one supernetwork.

Supernetting has a number of benefits, including:

 Reduced routing table size: Supernetting can reduce the size of routing tables by combining
multiple network addresses into a single network address. This can make routing more
efficient and scalable.
 Improved security: Supernetting can improve security by hiding the internal structure of a
network from outsiders. This can make it more difficult for attackers to target specific networks
or devices on a network.
 Simplified network management: Supernetting can simplify network management by
reducing the number of networks that need to be configured and maintained.

Supernetting is used by a variety of organizations, including internet service providers (ISPs),

businesses, and schools.
4.2 IP LAYER PROTOCOL :-
The IP layer protocol is the third layer of the OSI model, and it is responsible for routing packets
across networks. It uses the IP address of each device to determine the best path for a packet to
take.

The IP layer protocol is also responsible for fragmenting and reassembling packets, which is
necessary when packets are too large to be transmitted over a particular network link.

The most common IP layer protocol is IPv4, but IPv6 is becoming more widely used. IPv6 is a newer
version of the IP protocol that has a number of advantages over IPv4, including a larger address
space and better support for security.

 IPV4 :

IPv4 addresses are 32-bit numbers that are used to identify devices on the internet. They are written
in dotted decimal notation, which consists of four numbers separated by periods. Each number can
range from 0 to 255.

For example, a valid IPv4 address is 192.168.1.1.

IPv4 addresses are divided into two parts: the network address and the host address. The network
address identifies the network that the device belongs to. The host address identifies the device on
the network.

The network address is determined by the subnet mask. The subnet mask is a 32-bit number that
is used to divide the IP address into two parts. The first part of the subnet mask is the network
address and the second part of the subnet mask is the host address.
For example, the subnet mask 255.255.255.0 means that the first three octets of the IP address are
used for the network address and the last octet is used for the host address.

There are five classes of IPv4 addresses: A, B, C, D, and E. Each class has a different range of IP
addresses and is used for a different purpose.

 Class A addresses are used for large networks, such as the Internet backbone.
 Class B addresses are used for medium-sized networks, such as corporate networks.
 Class C addresses are used for small networks, such as home networks.
 Class D addresses are used for multicasting, which is a way to send a single message to
multiple devices at the same time.
 Class E addresses are reserved for experimental use.

IPv4 addresses are an essential part of the internet. They allow devices to communicate with each
other and to access resources on the internet.

 IPV6 :

IPv6 addresses are 128-bit numbers that are used to identify devices on the internet. They are
written in hexadecimal notation, which consists of eight groups of four hexadecimal digits separated
by colons. Each hexadecimal digit can range from 0 to F.

For example, a valid IPv6 address is 2001:0db8:85a3:0000:0000:8a2e:0370:7334.

IPv6 addresses are divided into two parts: the network address and the interface identifier. The
network address identifies the network that the device belongs to. The interface identifier identifies
the device on the network.
The network address is determined by the subnet prefix. The subnet prefix is a 64-bit number that
is used to divide the IP address into two parts. The first part of the subnet prefix is the network
address and the second part of the subnet prefix is the interface identifier.

For example, the subnet prefix 2001:0db8:85a3:0000/64 means that the first 64 bits of the IP
address are used for the network address and the last 64 bits are used for the interface identifier.

IPv6 addresses have a number of advantages over IPv4 addresses, including:

 Larger address space: IPv6 has a much larger address space than IPv4, which means that
there are more unique IP addresses available. This is important because the number of
devices on the internet is growing rapidly.
 Better support for security: IPv6 has built-in support for security features such as IPsec, which
can help to protect devices from attack.
 Simpler header format: The IPv6 header format is simpler than the IPv4 header format, which
makes it more efficient to process.

IPv6 addresses are becoming more widely used, but IPv4 addresses are still the most common type
of IP address in use today.
  IPV4 FRAME FORMAT :

An IPv4 frame is a packet of data that is transmitted over a network. It consists of an IPv4 header
and a payload. The IPv4 header contains information about the packet, such as the source and
destination IP addresses, the packet type, and the packet length. The payload contains the actual
data that is being transmitted.

The following is a diagram of the IPv4 frame format

Each field in the IPv4 header has a specific purpose:

 Version: This field specifies the version of the IP protocol that is being used. Currently, the
only version of the IP protocol in use is version 4.
 IHL: This field specifies the length of the IPv4 header in 32-bit words. The minimum value for
IHL is 5 and the maximum value is 15.
 Type of Service: This field specifies the priority and reliability of the packet.
 Total Length: This field specifies the total length of the IPv4 frame in bytes.
 Identification: This field is used to identify fragments of a packet.
 Flags: This field contains three flags that control how a packet is fragmented and processed.
 Fragment Offset: This field specifies the offset of the fragment in the original packet.
 Time to Live: This field specifies the maximum amount of time that a packet can remain in
the network before it is discarded.
 Protocol: This field specifies the protocol that is being used to transport the payload data.
 Header Checksum: This field is used to verify the integrity of the IPv4 header.
 Source IP: This field specifies the IP address of the device that sent the packet.
 Destination IP: This field specifies the IP address of the device that the packet is being sent
to.
 Options: This field contains optional information about the packet.
 Padding: This field is used to pad the IPv4 frame to a multiple of 32 bits.
The payload of the IPv4 frame contains the actual data that is being transmitted. The type of data in
the payload depends on the protocol that is being used to transport the data. For example, if the
protocol is TCP, then the payload will contain TCP segments.

IPv4 frames are used to transmit data over a variety of networks, including the Internet. They are a
fundamental part of the Internet protocol suite.

 IPV6 FRAME FORMAT :

An IPv6 frame format is a packet of data that is transmitted over a network using the Internet Protocol
version 6 (IPv6). It consists of an IPv6 header and a payload. The IPv6 header contains information
about the packet, such as the source and destination IPv6 addresses, the packet type, and the
packet length. The payload contains the actual data that is being transmitted.

The following is a diagram of the IPv6 frame format:

Each field in the IPv6 header has a specific purpose:

  Version: This field specifies the version of the IP protocol that is being used. Currently, the
only version of the IP protocol in use is version 6.
 Traffic Class: This field specifies the priority and reliability of the packet.
 Flow Label: This field is used to identify packets that belong to the same flow.
 Payload Length: This field specifies the length of the IPv6 payload in bytes.
 Next Header: This field specifies the type of header that follows the IPv6 header.
 Hop Limit: This field specifies the maximum number of routers that the packet can traverse
before it is discarded.
 Source Address: This field specifies the IPv6 address of the device that sent the packet.
 Destination Address: This field specifies the IPv6 address of the device that the packet is
being sent to.

The payload of the IPv6 frame contains the actual data that is being transmitted. The type of data in
the payload depends on the protocol that is being used to transport the data. For example, if the
protocol is TCP, then the payload will contain TCP segments.

IPv6 frames are used to transmit data over a variety of networks, including the Internet. They are a
fundamental part of the Internet protocol suite.

IPv6 frames are similar to IPv4 frames, but there are some key differences. IPv6 frames have a
fixed header length of 40 bytes, while IPv4 frames have a variable header length. IPv6 frames also
have a larger address space than IPv4 frames, which provides more unique IP addresses.

IPv6 is the successor to IPv4 and is gradually being deployed on the Internet. IPv6 is expected to
eventually replace IPv4 as the primary IP protocol.

 IPV4 VS IPV6 :
4.3 connection oriented & connectionless services
Connection-oriented services establish a connection between two devices before sending data.
This ensures that the data is delivered reliably and in order. Connection-oriented services are often
used for applications such as file transfer and streaming video.

Connectionless services do not establish a connection before sending data. This makes them
faster and more efficient, but it also means that there is no guarantee that the data will be delivered
reliably or in order. Connectionless services are often used for applications such as email and DNS
lookups.

Here are some examples of connection-oriented and connectionless services:

Connection-oriented services:
 TCP (Transmission Control Protocol)

 FTP (File Transfer Protocol)

 Telnet

 SSH (Secure Shell)

 VPN (Virtual Private Network)

Connectionless services:
 UDP (User Datagram Protocol)

 ICMP (Internet Control Message Protocol)

 DNS (Domain Name System)

 DHCP (Dynamic Host Configuration Protocol)

 TFTP (Trivial File Transfer Protocol)

Connection-oriented and connectionless services are both important for different types of
applications. Connection-oriented services are used for applications where reliability and order are
important. Connectionless services are used for applications where speed and efficiency are
important.
Transport Layer Protocols:
Transport Layer Works on top of Internet Layer. It is concerned with transport of packets from the
source to destination.

In TCP/IP the transport layer is represented by two Protocols:

1) TCP 2) UDP

 TCP (Transmission Control Protocol) :

 Transmission Control Protocol (TCP) is a connection-oriented protocol that provides reliable,

in-order delivery of a stream of octets (bytes) between applications running on hosts
communicating via an IP network.
 TCP works by establishing a connection between the two devices before sending data. Once
the connection is established, TCP can guarantee that the data is delivered reliably and in
order. TCP also provides flow control, which prevents one device from sending data faster
than the other device can receive it.
 TCP is used by a wide variety of applications, including web browsers, email clients, and file
transfer programs. It is also used by many other protocols, such as HTTP, FTP, and SMTP.

TCP is transmission control protocol.

It Provides:
 Connection oriented service
 Reliable service
 Stream delivery service
 Sending and receiving buffers
 Bytes and segments
 Full duplex service

 TCP is a connection oriented protocol.

 Connection oriented means that a virtual connection is established before any
user data is transferred.
 If the connection cannot be established, the user program is notified.
 If the connection is ever interrupted, the user program finds out there is a
problem.

 TCP is Reliable
 Reliable means that every transmission of data is acknowledged by the
receiver.
  Reliable does not mean that things don't go wrong, it means that we find out
when things go wrong.
 If the sender does not receive acknowledgement within a specified amount of
time, the sender retransmits the data.

 Stream delivery service:

 TCP is a stream oriented protocol.
 It allows the sending and receiving process to obtain as a stream of bytes.
 TCP creates a working environment in such a way that the sending and
receiving processes seem to be connected by an imaginary “tube” This is called
as stream delivery service.

 TCP : Flow Control

 Sending and receiving buffers:
 The sending and receiving process may not produce and receive data at the
same speed.
 Hence TCP needs buffers for storage
 There are two types of buffers used in each direction:
1) Sending buffer
2) Receiving buffer 

 Full duplex service:

 TCP offers full duplex service where the data can flow in both the direction
simultaneously.
 The TCP segments are sent both the directions
 Process to process communication:
 The TCP uses port numbers as transport layer addresses.
 Also called as Port to Port communication.
----------------------------------------------------------------------------------------------------------------------------- -----

 TCP FRAME FORMAT:-

The TCP header is the first 20 bytes of a TCP segment. It contains information about the TCP
connection, such as the source and destination port numbers, the sequence number, the
acknowledgment number, and the flags.

The following is a diagram of the TCP header format:

Each field in the TCP header has a specific purpose:

 Source Port: This field specifies the port number of the source process. A port number is a
16-bit number that is used to identify a specific process on a host.

 Destination Port: This field specifies the port number of the destination process.
Sequence Number: This field is used to identify the order of the bytes in the TCP stream. The
sequence number is a 32-bit number that is incremented for each byte that is sent.

 Acknowledgment Number: This field is used to indicate which bytes have been received and
successfully processed by the receiver. The acknowledgment number is a 32-bit number that
is equal to the sequence number of the next byte that the receiver expects to receive.

 H: This flag indicates that the TCP header has a variable length. The TCP header can have
a variable length if the TCP segment contains options.

 R: This flag indicates that the TCP segment is a retransmission. A retransmission is a TCP
segment that is sent again because the receiver did not receive the original segment.

 P: This flag indicates that the TCP segment contains urgent data. Urgent data is data that
needs to be processed immediately by the receiver.

 Reserved: These bits are reserved for future use.

 Data Offset: This field specifies the length of the TCP header in 32-bit words. The TCP header
can have a variable length if the TCP segment contains options.
  TCP Flags: This field contains eight flags that control how the TCP segment is processed.
The following are the most important TCP flags:
 SYN: This flag is used to initiate a TCP connection.
 ACK: This flag is used to acknowledge the receipt of TCP segments.
 FIN: This flag is used to terminate a TCP connection.

 Window: This field specifies the maximum amount of data that the sender can send without
receiving an acknowledgment. The window size is a 16-bit number that is negotiated between
the sender and the receiver during the TCP connection establishment process.

 Checksum: This field is used to verify the integrity of the TCP segment. The checksum is a
16-bit number that is calculated over the TCP header and the TCP data.

 Urgent Pointer: This field is used to indicate the offset of the urgent data in the TCP segment.
The urgent pointer is a 16-bit number that is relative to the beginning of the TCP data.

The TCP header is an important part of the TCP protocol. It contains information that is essential for
establishing and maintaining a TCP connection, and for reliably delivering data over the Internet.

----------------------------------------------------------------------------------------------------------------------------- -----

 USER DATAGRAM PROTOCOL :-

 UDP is user datagram protocol.

 It is connectionless protocol because data is sent without establishing a connection between
sender and receiver before sending the data.
 UDP is unreliable because data is delivered without acknowledgement.
 UDP does not perform Auto retransmission.
 UDP does not use flow control .
 UDP has high transmission speed

The User Datagram Protocol (UDP) is a communication protocol that is used to send
messages (transported as datagrams in packets) to other hosts on an Internet Protocol (IP) network.
Within an IP network, UDP does not require prior communication to set up communication channels
or data paths. This makes it a very fast and efficient protocol for streaming media, voice over IP
(VoIP), and online gaming.

UDP is a connectionless protocol, which means that it does not establish a dedicated
connection between the sender and receiver before transmitting data. This makes it less reliable
than other protocols, such as the Transmission Control Protocol (TCP), but also more efficient. UDP
does not provide any error correction or flow control mechanisms, so it is up to the application layer
to handle these tasks.
 UDP is often used for real-time applications, where speed and latency are more important
than reliability. For example, UDP is used for streaming media because it can deliver data quickly
and efficiently, even if some packets are lost. UDP is also used for VoIP and online gaming because
it can provide a low-latency connection, which is important for real-time communication and
interaction.

Here are some examples of applications that use UDP:

 Voice over IP (VoIP)

 Online gaming

 Media streaming

 Domain Name System (DNS)

 Network Time Protocol (NTP)

 Online chat

 Voice assistants

 Online multiplayer games

 Real-time video conferencing

 Online file sharing

 IP television (IPTV)

UDP is a very versatile protocol that can be used for a wide variety of applications. It is especially
well-suited for applications where speed and latency are more important than reliability.

 UDP FRAME FORMAT:-

The UDP header is a fixed 8-byte header that is used to transmit data over a network using the User
Datagram Protocol (UDP). The header contains the following fields:
  Source port: This field specifies the port number of the sender.
 Destination port: This field specifies the port number of the receiver.
 Length: This field specifies the length of the UDP header and data payload in bytes.
 Checksum: This field is used to verify the integrity of the UDP datagram.

Here is a more detailed description of each field:

 Source port

The source port is a 16-bit field that specifies the port number of the sender. This field is used to
identify the application that sent the UDP datagram. For example, the source port for DNS traffic is
typically 53.

 Destination port

The destination port is a 16-bit field that specifies the port number of the receiver. This field is used
to identify the application that should receive the UDP datagram. For example, the destination port
for DNS traffic is typically 53.

 Length

The length field is a 16-bit field that specifies the length of the UDP header and data payload in
bytes. The minimum value for the length field is 8 bytes, which is the length of the UDP header itself.
The maximum value for the length field is 65,535 bytes.

 Checksum

The checksum field is a 16-bit field that is used to verify the integrity of the UDP datagram. The
checksum is calculated over the UDP header and data payload. If the checksum is incorrect at the
receiver, the UDP datagram is discarded.

----------------------------------------------------------------------------------------------------------------------------- -----

 DIFFERENCE TCP BETWEEN UDP

4.4 DOMAIN NAME SYSTEM:
  INTRODUCTION:

The Domain Name System (DNS) is a critical component of the Internet infrastructure, enabling the
translation of human-readable domain names into machine-readable IP addresses. This essential
service allows users to easily access websites and other online resources without having to
memorize complex numerical sequences.

DNS is a hierarchical and distributed system, with servers located around the world working together
to resolve domain names quickly and efficiently. When a user enters a domain name into their web
browser, their computer sends a query to a DNS server. The server then searches its database for
the corresponding IP address and returns it to the user's computer. This process is typically
completed within milliseconds, allowing users to seamlessly access the desired online resource.

DNS is used by a wide range of online applications and services, including email, streaming media,
and cloud storage. It is also essential for the operation of critical Internet protocols, such as HTTP
and TCP/IP.

Without DNS, the Internet would be a much more difficult and cumbersome place to navigate. By
translating domain names into IP addresses, DNS makes it possible for users to easily access the
online resources they need.

The Domain Name System (DNS) is a hierarchical and distributed naming system for computers,
services, or other resources connected to the Internet or a private network. It associates various
information with domain names assigned to each of the associated entities. Most prominently, it
translates domain names meaningful to humans into the numerical IP addresses needed for locating
and identifying computer services and devices with the underlying network protocols. By providing
a worldwide, distributed directory service, the Domain Name System has been an essential
component of the functionality of the Internet since 1985.

How does DNS work?

When you type a domain name into your web browser, your computer sends a query to a DNS
server. The DNS server then looks up the IP address for the domain name and returns it to your
computer. Your computer then uses the IP address to connect to the website.
Types of DNS servers

There are two main types of DNS servers: recursive and authoritative.

 Recursive DNS servers are responsible for resolving domain names on behalf of clients. They
do this by querying other DNS servers until they find the IP address for the domain name.
  Authoritative DNS servers are responsible for storing the IP addresses for a specific domain
name. They are typically operated by the organization that owns the domain name.

DNS hierarchy :
DNS is a hierarchical system, which means that each domain name consists of a series of labels,
separated by dots. The labels are read from right to left, with the top-level domain (TLD) at the left.
For example, the domain name google.com consists of three labels: com, google, and .. The TLD
.com is a generic top-level domain (gTLD) that is used for commercial websites.
Other DNS concepts

 DNS cache: DNS caches are used to store the results of recent DNS lookups. This can
improve performance by reducing the number of times that a DNS server needs to be queried.

 DNS records: DNS records are used to store the information associated with a domain name,
such as the IP address, mail server, and web server.

 DNS zones: DNS zones are used to organize DNS records into a hierarchy.

DNS is an essential part of the Internet infrastructure. It allows us to easily access websites and
other resources without having to memorize IP addresses. DNS is also used by many different types
of online applications and services, such as email, streaming media, and cloud storage.
----------------------------------------------------------------------------------------------------------
  DSN SERVERS :
A DNS server is a computer server that maintains a database of public IP addresses and their
associated hostnames, and, in most cases, serves to resolve or translate those names to IP
addresses as requested. DNS servers run special software and communicate with each other using
special protocols.

When you type a domain name into your web browser, your computer sends a request to a DNS
server to resolve the hostname to an IP address. The DNS server then looks up the IP address in
its database and returns it to your computer. Your computer then uses the IP address to connect to
the website.

DNS servers are essential for the operation of the Internet. Without them, we would not be able to
easily access websites and other online resources by their domain names.

There are two main types of DNS servers: recursive and authoritative.

 Recursive DNS servers are responsible for resolving domain names on behalf of clients. They
do this by querying other DNS servers until they find the IP address for the domain name.
 Authoritative DNS servers are responsible for storing the IP addresses for a specific domain
name. They are typically operated by the organization that owns the domain name.

DNS servers are typically located all over the world, and they work together to resolve domain
names quickly and efficiently.

Here are some examples of DNS servers:

 Google Public DNS: 8.8.8.8 and 8.8.4.4

 Cloudflare DNS: 1.1.1.1 and 1.1.1.2

 Quad9 DNS: 9.9.9.9 and 149.112.112.112

You can change the DNS servers that your computer uses by going to your network settings.
----------------------------------------------------------------------------------------------------------
 DNS RESOLVER :

A DNS resolver is a server that translates domain names into IP addresses. It is an essential part
of the Domain Name System (DNS), which is what makes the internet possible.

When you type a domain name into your web browser, your computer does not know where to find
that website. It needs to use a DNS resolver to translate the domain name into an IP address, which
is the numerical address of the website's server.

DNS resolvers are typically provided by your internet service provider (ISP), but there are also many
public DNS resolvers available. Public DNS resolvers are often faster and more reliable than ISP-
provided DNS resolvers.

Here is a simplified explanation of how a DNS resolver works:

1. When you type a domain name into your web browser, your computer sends a DNS query to
a DNS resolver.

2. The DNS resolver checks its cache to see if it already knows the IP address for the domain
name. If it does, it returns the IP address to your computer.

3. If the DNS resolver does not know the IP address for the domain name, it forwards the DNS
query to a root nameserver.

4. The root nameserver tells the DNS resolver which top-level domain (TLD) nameserver to
contact.

5. The TLD nameserver tells the DNS resolver which authoritative nameserver to contact for
the domain name.
 6. The authoritative nameserver tells the DNS resolver the IP address for the domain name.

7. The DNS resolver returns the IP address to your computer.

Your computer then uses the IP address to connect to the website's server.

DNS resolvers are an essential part of the internet, and they play a vital role in making it possible to
access websites and other online services.

----------------------------------------------------------------------------------------------------------------------------- -----

 DNS RESOLUTION :
DNS resolution is the process of converting a domain name into an IP address. It is an essential
part of the internet, as it allows users to access websites and other online services by using human-
readable domain names instead of numerical IP addresses.

DNS resolution is performed by a DNS resolver, which is a server that maintains a database of
domain names and their corresponding IP addresses. When a user types a domain name into their
web browser, the browser sends a DNS query to a DNS resolver. The DNS resolver then checks its
database to find the IP address for the domain name. If the DNS resolver does not know the IP
address for the domain name, it will forward the query to another DNS resolver until it finds the
answer.

Once the DNS resolver has found the IP address for the domain name, it returns the IP address to
the user's browser. The browser then uses the IP address to connect to the website or other online
service.

There are a few different types of DNS resolvers, including:

 Recursive resolvers: Recursive resolvers are responsible for resolving DNS queries on behalf
of their clients. They do this by forwarding queries to other DNS resolvers until they find the
answer.
 Authoritative resolvers: Authoritative resolvers are responsible for providing DNS information
for a specific domain name or set of domain names. They are typically operated by the
domain registrar or DNS hosting provider for the domain name.
 Caching resolvers: Caching resolvers store the results of previous DNS queries in a cache.
This allows them to resolve DNS queries more quickly, as they do not need to forward the
query to another DNS resolver if the answer is already in the cache.

DNS resolution is a complex process, but it is essential for the operation of the internet. By
understanding how DNS resolution works, you can troubleshoot DNS problems and improve the
performance of your internet connection.
  DIFFERENCE BETWEEN DNS & FTP & EMAIL :
FTP, DNS, and email are all essential parts of the internet, but they serve different purposes and
have different characteristics.

FTP (File Transfer Protocol) is a protocol used to transfer files between computers over a network.
It is often used to upload and download files to and from web servers. FTP uses a client-server
architecture, where the FTP client connects to the FTP server to transfer files. FTP supports both
active and passive modes.

DNS (Domain Name System) is a system that translates domain names into IP addresses. Domain
names are human-readable names for websites and other online resources, while IP addresses are
numerical addresses that are used to identify computers on the internet. DNS uses a hierarchical
structure, with root servers at the top and authoritative name servers at the bottom.

Email is a service that allows users to send and receive electronic messages. Email messages can
contain text, images, and attachments. Email uses the Simple Mail Transfer Protocol (SMTP) to
send messages between email servers. SMTP is a client-server protocol, where the email client
connects to the email server to send messages.

Here is a table that compares FTP, DNS, and email in more detail:

Feature FTP DNS Email

To transfer files To translate domain To send and receive

Purpose
between computers. names into IP addresses. electronic messages.

Simple Mail Transfer

Protocol File Transfer Protocol Domain Name System
Protocol (SMTP)

Uploading and
Accessing websites and Sending and receiving
Typical usage downloading files to
other online services. email messages.
and from web servers.

DNS is a critical part of

FTP can be used to Email messages can be
the internet's
transfer files securely encrypted to protect them
Security infrastructure, and it is
using encryption, but it from being intercepted, but
important to use a secure
is not always enabled. it is not always enabled.
DNS provider.
 FTP requires Email requires
DNS does not require
Authentication authentication to authentication to send and
authentication.
connect to the server. receive messages.

Email delivery times can

FTP transfers can be vary depending on the size
DNS lookups are
Latency slow, especially over and complexity of the
typically very fast.
long distances. message, as well as the
load on the email servers.

FTP transfers can use Email messages can use a

a lot of bandwidth, DNS lookups use very lot of bandwidth, especially
Bandwidth
especially when little bandwidth. if they contain large
transferring large files. attachments.

In addition to the differences listed above, there are a few other things to keep in mind when
choosing between FTP, DNS, and email:

 FTP is not a good choice for transferring sensitive data, as it is not always encrypted.

 DNS is a critical part of the internet's infrastructure, and it is important to choose a reliable
DNS provider.

 Email is a popular way to communicate and share information, but it is important to be aware
of the potential security risks.

When choosing the right protocol for your needs, it is important to consider the factors listed above,
as well as your specific requirements.

----------------------------------------------------------------------------------------------
4.5 SECURITY (Social Issues, Hacking, Precautions, and Firewalls):
Security Social Issues, Hacking, Precautions, and Firewalls in Computer Networks
Security social issues are problems that can lead to cyberattacks or other security breaches. These
issues can be caused by human error, malicious actors, or system vulnerabilities.

Some common security social issues include:

 Phishing attacks: Phishing attacks are attempts to trick users into revealing sensitive
information, such as passwords or credit card numbers. These attacks are often carried out
through email or text messages.
  Social engineering: Social engineering attacks are attempts to manipulate users into taking
actions that will compromise security. For example, a social engineer might trick a user into
clicking on a malicious link or opening an infected attachment.
 Weak passwords: Weak passwords are easy to guess or crack. Passwords should be at least
12 characters long and include a mix of upper and lowercase letters, numbers, and symbols.
 Poor password hygiene: Poor password hygiene includes reusing passwords across multiple
accounts, sharing passwords with others, and not changing passwords regularly.
 Unpatched software: Unpatched software contains known vulnerabilities that can be
exploited by attackers. It is important to keep software up to date with the latest security
patches.

Hacking is the process of gaining unauthorized access to a computer system or network. Hackers
can use this access to steal data, install malware, or disrupt operations.

Some common hacking techniques include:

 Brute-force attacks: Brute-force attacks involve trying all possible combinations of characters
to crack a password.
 Dictionary attacks: Dictionary attacks involve trying common words and phrases to crack a
password.
 Malware attacks: Malware attacks involve infecting a computer with malware, which can then
be used to gain unauthorized access to the system.
 Zero-day attacks: Zero-day attacks exploit vulnerabilities in software that are not yet known
to the vendor.

Precautions can be taken to reduce the risk of cyberattacks and other security breaches.
Some common precautions include:
 Educate employees about security best practices: Employees should be trained to identify
and avoid phishing attacks, social engineering attacks, and other security threats.
 Use strong passwords and multi-factor authentication: Passwords should be strong and
unique to each account. Multi-factor authentication adds an extra layer of security by requiring
users to enter a code from their phone in addition to their password.
 Keep software up to date: Software should be kept up to date with the latest security patches.
 Use a firewall: A firewall can help to protect your network from unauthorized access.
 Use antivirus and anti-malware software: Antivirus and anti-malware software can help to
protect your computer from malware infections.

Firewalls are network security devices that monitor and control incoming and outgoing network
traffic. Firewalls can be used to block unauthorized access to a network and to prevent malware
from spreading.

There are two main types of firewalls:

  Packet filtering firewalls: Packet filtering firewalls inspect each packet of data that passes
through them and block packets that do not meet certain criteria.
 Stateful inspection firewalls: Stateful inspection firewalls track the state of network
connections and use this information to make decisions about whether to allow or block traffic.

Firewalls are an important part of any network security strategy. By using a firewall, you can help to
protect your network from unauthorized access and malware attacks.

Here are some additional tips for increasing the security of your network:
 Use a layered security approach: Implement multiple security controls, such as firewalls,
intrusion detection systems, and data encryption, to protect your network.
 Segment your network: Divide your network into smaller segments, such as a guest network
and a production network. This can help to contain the damage if one segment is
compromised.
 Monitor your network traffic: Monitor your network traffic for suspicious activity. This can help
you to identify and respond to security incidents quickly.
 Have a security plan in place: Have a plan in place for responding to security incidents. This
plan should include steps for identifying the incident, containing the damage, and recovering
from the incident.
-------------------------------------------------------------------------------------

 FIREWALL:
 A firewall is a network security device that monitors and controls incoming and outgoing
network traffic. It can be used to block unauthorized access to a network and to prevent malware
from spreading.

Firewalls work by inspecting each packet of data that passes through them and making a decision
about whether to allow or block the packet. This decision is based on a set of rules that are
configured by the network administrator.

There are two main types of firewalls:

 Packet filtering firewalls: Packet filtering firewalls inspect each packet of data and block
packets that do not meet certain criteria, such as packets that come from a specific IP address
or that are carrying a specific type of traffic.
 Stateful inspection firewalls: Stateful inspection firewalls track the state of network
connections and use this information to make decisions about whether to allow or block traffic.
For example, a stateful inspection firewall might block traffic from a specific IP address if it
knows that the IP address is trying to establish a connection to a port that is not normally
used for that type of traffic.

Firewalls can be implemented in hardware or software. Hardware firewalls are typically dedicated
devices that are installed between the network and the internet. Software firewalls can be installed
on individual computers or on servers.

Firewalls are an important part of any network security strategy. By using a firewall, you can help to
protect your network from unauthorized access and malware attacks.

Here is an example of how a firewall might be used to protect a network:

 A company has a network that is connected to the internet. The company uses a firewall to
protect its network from unauthorized access and malware attacks.

 The firewall is configured to block all traffic from the internet except for traffic that is coming
from specific IP addresses. These IP addresses are the IP addresses of the company's
servers.

 The firewall is also configured to block traffic from the company's network to the internet
except for traffic that is going to specific IP addresses. These IP addresses are the IP
addresses of the company's website and email server.

 By configuring the firewall in this way, the company is able to protect its network from
unauthorized access and malware attacks, while still allowing its employees to access the
internet and the company's servers.
  WORKING OF FIREWALL :
Here is a more detailed explanation of each step of the firewall process:
1. Receiving the packet: The firewall receives a packet of data from the network.
2. Inspecting the packet header: The firewall inspects the packet header to determine the
source and destination IP addresses, the port numbers, and the protocol type.
3. Comparing the packet header to the rule set: The firewall compares the packet header to its
rule set. The rule set is a collection of rules that specify which packets to allow, block, or log.
4. Taking action on the packet: If the packet matches a rule, the firewall takes the action that is
specified in the rule. This action may be to allow the packet to pass, to block the packet, or
to log the packet.
5. Dropping the packet: If the packet does not match any of the rules in the rule set, the firewall
drops the packet.
Here are some examples of firewall rules:
 Allow all traffic from the company's internal network to the company's website.

 Block all traffic from the internet to the company's internal network, except for traffic to the
company's email server.

 Log all traffic from the internet to port 22 (SSH).

 Allow all traffic between computers on the same internal network.

 Block all traffic from the internet to the company's database server.

Firewall rules can be quite complex, but they are essential for protecting a network from
unauthorized access and malware attacks.

Here are some of the benefits of using a firewall:

 Improved performance: Firewalls can help to improve the performance of a network by
reducing the amount of unwanted traffic that is flowing through the network.
  Increased reliability: Firewalls can help to increase the reliability of a network by preventing
outages caused by denial-of-service attacks.
 More security: Firewalls can help to improve the security of a network by blocking
unauthorized access and preventing malware from spreading.
Here are some tips for configuring and managing a firewall:
 Use the principle of least privilege: Only allow the traffic that is absolutely necessary.
 Keep the firewall rule set up to date: Add new rules as needed and remove rules that are no
longer needed.
 Monitor the firewall logs: Review the firewall logs regularly to identify any suspicious activity.
 Test the firewall regularly: Test the firewall to ensure that it is configured correctly and that it
is blocking the traffic that it is intended to block.
Here are some additional considerations for increasing the security of a firewall:
 Use multiple firewalls: Use multiple firewalls to create a layered security defense.
 Place firewalls in strategic locations: Place firewalls at the perimeter of the network and
between internal networks.
 Use a variety of firewall types: Use a variety of firewall types, such as packet filtering firewalls
and stateful inspection firewalls, to provide comprehensive protection.
 Keep firewall software up to date: Keep firewall software up to date with the latest security
patches.
------------------------------------------------------------------------------------------------------------------------------