Blue Lines and Gradients
Download
Report
Transcript Blue Lines and Gradients
CyberPatriot – UT Dallas
Networking – Pt I
14 November 2015
Objectives
Network devices
Network protocols
TCP: 3 way handshake
UDP
IP address and sub-netting
OSI Layers
Networking tools
nslookup, whois, netstat, traceroute, Wireshark
Basic IOS Commands
Switches, VLANs and Routers 101
What Are Computer Networks?
A computer network or data network is a telecommunications network
that allows computers to exchange data. In computer networks,
networked computing devices pass data to each other along data
connections.
The connections (network links) between nodes are established using
either cable media or wireless media. The best-known computer network
is the Internet. Network computer devices that originate, route and
terminate the data are called network nodes. Nodes can include hosts
such as personal computers, phones, servers, as well as networking
hardware.
Network Devices
Typically, networking devices includes gateways, routers, network
bridges, switches, hubs and repeaters. The most common kind of
networking hardware today is a copper-based Ethernet adapter because
of its standard inclusion on most modern computer systems.
Wireless networking has however, become increasingly popular,
especially for portable and handhelp devices. Other hardware prevalent
in computer networking includes data center equipment (such as file
servers, database servers and storage areas), network services (such
as DNS, DHCP, email, etc.) as well as devices which ensure content
delivery.
Network Devices
NIC – A Network Interface Controller is a computer hardware
component that connects a computer to a computer network.
Hubs – An Ethernet hub, active hub, network hub, repeater hub,
multiport repeater or hub, is a device for connecting multiple Ethernet
devices together and making them act as a single network segment.
It has multiple input/output (IO) ports, in which a signal introduced at
the input of any port appears at the output of every port except the
original incoming. When a hub receives a data packet, it sends it to
all the network devices connected to the hub.
Switches – A network switch is a computer networking device that is
used to connect devices together on a computer network. A switch is
considered more advanced than a hub because a switch will only
send a message to the device that needs or requests it, rather than
broadcasting the same message out of each of its ports.
Network Devices
Routers – A router is a device that forwards data packets between
computer networks. This creates an overlay internetwork, as a router
is connected to two or more data lines from different networks. When
a data packet comes in one of the lines, the router reads the address
information in the packet to determine its ultimate destination. Then,
using information in its routing table or routing policy, it directs the
packet to the next network on its journey.
Routers perform the “traffic directing” functions on the Internet. A data
packet is typically forwarded from one router to another through the
networks that constitute the internetwork until it reaches its
destination node.
Gateways
Bridging – Network bridging is the action taken by network equipment to
create an aggregate network from either two or more communication
networks, or two or more network segments. Bridging is distinct from
routing, which allows the networks to communicate independently as
separate networks.
Modem – A modem (modulator-demodulator) is a device that modulates
an analog carrier signal to encode digital information and demodulates
the signal to decode the transmitted information.
The goal is to produce a signal that can be transmitted easily and
decoded to reproduce the original signals, from light emitting diodes to
radio. The most familiar type is a voice band modem that turns the digital
data of a computer into modulated electrical signals in the voice
frequency range of a telephone channel. These signals can be
transmitted over telephone lines and demodulated by another modem at
the receiver side to recover the digital data.
Network Protocols
What is a protocol? A protocol is nothing but a set of rules that the network
devices follow to ensure that data packets reach the correct destination from
the source.
TCP/IP – The Internet Protocol (IP) is the principal communications
protocol in the Internet protocol suite for relaying data packets across
network boundaries. Its routing functions enables internetworking, and
essentially establishes the Internet. A set of related network protocols like
TCP, UDP, HTTP, FTP, ARP, and ICMP are used to move data around
the Internet and other networks.
This is the most commonly used protocol for Internet communication.
This is a state-full protocol.
IP Addressing – The IP address uniquely identifies computers on a
TCP/IP network. Every node, whether it is a client, server or other
networking device has a unique IP address. (e.g. 192.168.1.15)
Network Protocols
UDP – User Datagram Protocol, a state-less service. This is a main
alternative to TCP/IP.
DNS – Domain Name System, this translates network address (i.e. IP
addresses) into terms understood by humans and vice-versa. For
example IP address 74.125.21.99 is converted to human understandable
“www.google.com”
DHCP – Dynamic Host Configuration Protocol, this is used to
automatically assign Internet addresses to computers and users.
FTP – File Transfer Protocol, this is a protocol that is used to transfer and
manipulate files over the network.
HTTP – HyperText Transfer Protocol, this is an Internet-based protocol
for sending and receiving web pages over the network.
Network Protocols
HTTPS – HyperText Transfer Protocol, this is an Internet-based protocol
for sending and receiving WebPages securely over the network.
IRC – Internet Relay Chat, this is a protocol used for Internet chat and
other communications
The three protocols used for sending and receiving email are:
IMAP – Internet Message Access Protocol
POP3 – Post Office Protocol Version 3
SMTP – Simple Mail Transfer Protocol
ARP – Address Resolution Protocol, converts an IP address to its
corresponding physical network address.
Network Protocols
SNMP – Simple Network Management Protocol, this is a standard
TCP/IP protocol used to monitor and map network availability,
performance, and error rates
Telnet – This is a remote terminal access protocol
SSH – Secure Shell, this is a secure remote terminal access protocol
SSL – Secure Sockets Layer, this is a security protocol to enable
Web sites to pass sensitive information securely in an encrypted
format.
LDAP – Lightweight Directory Access Protocol, this is a network
protocol and a standard architecture for organizing the directory data .
TCP/IP Details
The Transmission Control Protocol (TCP) is one of the core protocols of the Internet
Protocol suite (IP), and is so common that the entire suite is often called TCP/IP.
TCP provides reliable, ordered and error-checked delivery of a stream of octets
between programs running on computers connected to a local area network, intranet
or the public internet.
Why is TCP/IP considered reliable?
Acknowledgments indicate delivery of data
Checksums are used to detect corrupted data
Sequence numbers detect missing, or mis-sequenced data
Corrupted data is retransmitted after a timeout
Mis-sequenced data is re-sequenced
Flow control prevents over-run of receiver
Uses congestion control to share network capacity among users
TCP/IP Details
Applications requiring reliability use the TCP/IP protocol for
communication. Some applications that depend on TCP/IP are:
WWW
E-mail
File Transfer
TCP 3-Way Handshake
The TCP three-way handshake is the method used by TCP to set
up a TCP/IP connection over an IP based network. TCP's threeway handshaking technique is often referred to as “SYN-SYNACK” because there are three messages transmitted by TCP to
negotiate and start a TCP session between two computers.
The TCP handshaking mechanism is designed so that two
computers attempting to communicate can negotiate the
parameters of the network TCP socket connections before
transmitting data such as SSH and HTTP web browser requests.
User Datagram Protocol
The User Datagram Protocol (UDP) is one of the core members of
the Internet Protocol suite. With UDP, computer applications can
send messages, in this case referred to as datagrams, to other
hosts on an Internet Protocol (IP) network without prior
communications to set up special transmission channels or data
paths.
UDP uses a simple transmission model with a minimum of protocol
mechanism. It has no handshaking dialogues, and thus exposes
any unreliability of the underlying network protocol to the user's
program. As this is normally IP over unreliable media, there is no
guarantee of delivery, ordering or duplicate protection.
Why Isn't UDP Reliable?
There is no guarantee that packets will be received
There are no acknowledgments to indicate delivery of data
Data may be received out of sequence.
Data may be duplicated or go missing
Congestion of data is common
UDP is commonly used by applications that prefer speed of
transmission over reliability. VoIP, games, DNS and streaming
media typically will use UDP.
IP Addressing and Sub-netting
An IP address is a numerical label assigned to each device (e.g.,
computer, printer) participating in a computer network that uses IP
for communication. An IP address serves two principal functions:
host or network interface, identification and location addressing.
The designers of the Internet Protocol defined an IP address as a
32-bit number consisting of 4 octets, this system is now known as
Internet Protocol Version 4 (IPv4). However, due to the enormous
growth of the Internet and the predicted depletion of available
addresses, a new version of IP (IPv6), that uses 128 bits for the
address, has been in the process of being deployed since the mid2000's.
IPv4 Addresses
An IPv4 address consists of 32 bits, which limits the number of
possible unique addresses to 232 (4,294,967,296). IPv4 reserves
some addresses for special purposes like private networks (~18
million addresses) or multicast addresses (~270 million
addresses).
IPv4 addresses are canonically represented in dot-decimal
notation, which consists of four decimal numbers, each ranging
from 0 to 255, separated by dots, (e.g. 172.16.254.1). Each part
represents a group of 8 bits (one octet) of the address. In some
cases of technical writing, IPv4 addresses my be presented in
various hexadecimal, octal, or binary representations.
Sub-netting
A sub-network, or subnet, is a logically visible subdivision of an IP
network. The practice of dividing a network into two or more
networks is called sub-netting.
All computers that belong to a subnet are addressed with a
common, identical, most-significant bit-group in their IP address.
This results in the logical division of an IP address into two fields, a
network or routing prefix and the rest field or host identifier. The
rest field is an identifier for a specific host or network interface.
OSI Layer
The Open Systems Interconnection model (OSI) is a conceptual
model that characterizes and standardizes the internal functions of
a communication system by partitioning it into abstraction layers.
The model is a product of the Open Systems Interconnection
project at the International Organization for Standardization (ISO).
The model groups communication functions into seven logical
layers. A layer serves the layer above it and is served by the layer
below it. For example, a layer that provides error-free
communications across a network provides the path needed by
applications above it, while it calls the next lower layer to send and
receive packets that make up the contents of that path. Two
instances at one layer are connected by a horizontal connection on
that layer.
OSI Layer
Layer 1: Physical Layer
The physical layer has the following major functions:
It defines the electrical and physical specifications of the data
connection. It defines the relationship between a device and a
physical transmission medium (e.g. a copper or fiber optical
cable.) This includes the layout of pins, voltages, line,
impedance, cable specifications, signal timing, hubs, repeaters,
network adapters, host bus adapters, and more.
It defines the protocol to establish and terminate a connection
between two directly connected nodes over a communications
medium.
Layer 2: Data Link Layer
The data link layer provides a reliable link between two directly
connected nodes, by detecting and possibly connecting errors
that may occur in the physical layer. The data link layer is
divided into two sublayers:
Media Access Control (MAC) layer – responsible for controlling
how computers in the network gain access to data and
permission to transmit it.
Logical Link Control (LLC) layer – control error checking and
packet synchronization.
Layer 3: Network Layer
The network layer provides the functional and procedural means of
transferring variable length data sequences (called datagrams)
from one node to another connected to the same network.
In addition to message routing, the network may implement
message delivery by splitting the message into several fragments,
delivering each fragment by a separate route and reassembling the
fragments, report delivery errors, etc.
Layer 4: Transport Layer
The transport layer provides the functional and procedural means
of transferring variable length data sequences from a source to a
destination host via one or more networks, while maintaining the
quality of service functions.
An example of a transport-layer protocol in the standard Internet
Protocol stack is TCP, usually built on top of the IP protocol.
Layer 5: Session Layer
The session layer controls the dialogues (connections) between
computers. It establishes, manages and terminates the
connections between the local and remote application. It provides
for full-duplex, half-duplex, or simplex operation, and establishes
check pointing, adjournment, termination, and restart procedures.
The OSI model made this layer responsible for graceful close of
sessions, which is a property of the Transmission Control Protocol,
and also for session check pointing and recovery, which is not
usually used in the Internet Protocol Suite. The session layer is
commonly implemented explicitly in application environments that
use remote procedure calls.
Layer 6: Presentation Layer
The presentation layer establishes context between applicationlayer entities, in which the application-layer entities may use
different syntax and semantics if the presentation service provides
a mapping between them. If a mapping is available, presentation
service data units are encapsulated into session protocol data
units, and passed down the TCP/IP stack.
This layer provides independence from data representation
(e.g., encryption) by translating between application and network
formats. The presentation layer transforms data into the form that
the application accepts. This layer formats and encrypts data to be
sent across a network. It is sometimes called the syntax layer.
Layer 7: Application Layer
The application layer is the OSI layer closest to the end user, which
means both the OSI application layer and the user interact directly with
the software application. This layer interacts with software applications
that implement a communicating component. Such application programs
fall outside the scope of the OSI model. Application-layer functions
typically include identifying communication partners, determining
resource availability, and synchronizing communication.
When identifying communication partners, the application layer
determines the identity and availability of communication partners for an
application with data to transmit. When determining resource availability,
the application layer must decide whether sufficient network or the
requested communication exists. In synchronizing communication, all
communication between applications requires cooperation that is
managed by the application layer.
Common Networking Tools
Nslookup – A network administration command-line tool available for many
computer operating systems for querying the Domain Name System (DNS)
to obtain the domain name, or IP address mapping for any specific DNS
record.
Syntax: nslookup <hostname>
In Windows:
In Linux:
Common Networking Tools
Nslookup – A network administration command-line tool available for many computer
operating systems for querying the Domain Name System (DNS) to obtain the
domain name, or IP address mapping for any specific DNS record.
Syntax: nslookup <hostname>
Whois – A query and response protocol that is widely used for querying databases
that store the registered users or assignees of an Internet resource, such as a
domain name, an IP address block or an autonomous system by searching for the
object in a WHOIS database.
Most modern versions of whois try to guess the right server to ask for the specified
object. If no guess can be made, whois will connect to whois.networksolutions.com
for NIC handles or whois.arin.net for Ipv4 addresses and network names.
Syntax: whois [-h HOST] [-p PORT] [-a CFHILMmrRSVx] [-g SOURCE:FIRST=LAST]
[-i ATTR] [-S SOURCE] [-T TYPE] object, -verbose tells whois to operate verbosely.
Common Networking Tools
Ping – A computer network administration utility used to test the reachability of a
host on an IP network and to measure the round-trip time for messages sent
from the originating host to a destination computer. Ping operates by sending
Internet Control Message Protocol (ICMP) echo request packets to the target
host and waiting for an ICMP response. In the process, it measures the time
from transmission to reception (round-trip time) and records and packet loss.
The various applications of ping are as follows:
Helps to verify IP-level connectivity.
When troubleshooting, you can use ping to send an ICMP echo
request to a target host name or IP adress.
Use ping whenever you need to verify that a host computer can
connect to the TCP/IP network and use network resources.
You can also use ping to isolate network hardware problems and
incompatible configurations.
Syntax: ping [-n Count] [-l Size] [-R] <hostname>
Common Networking Tools
Traceroute – A computer network diagnostic tool for displaying the route and
measuring the transit delays of packets across and IP network. The history of
the route is recorded as the round-trip times of the packets received from each
successive host in the route; the sum of the mean times in each hop indicates
the total time spent to establish the connection. Traceroute proceeds unless all
(three) sent packets are lost more than twice, then the connection is lost and the
route cannot be evaluate.
Syntax: traceroute <parameters> <hostname>
Parameters
-d : Specifies to not resolve addresses to host names.
-h [maximum-hops] : Specifies the maximum number of hops to
search for target
-j [host-list] : Specifies loose source route along the host-list
-w [timeout] : Waits the number of milliseconds specified by timeout
for each reply.
Common Networking Tools
Netstat (network statistics) – A command-line tool that displays network
connections, both incoming and outgoing, routing tables, and a number of
network interface and network protocol statistics. It is used for finding
problems in the network and to determine the amount of traffic on the
network as a performance measurement.
Syntax: netstat [-a] [-e] [-n] [-o] [-p Protocol] [-r] [-s] [Interval]
Wireshark – A free, open-source packet analyzer that captures packets and
displays them for easier examination. Wireshark is very similar to tcpdump,
but has a graphical front-end, plus some integrated sorting and filtering
options.
Wireshark allows the user to put network interface controllers that support
promiscuous mode, into that mode, making all traffic visible on that interface,
not just traffic addressed to one of the interface's configured addresses and
broadcast/multicast network.
Wireshark
Common uses for Wireshark:
Troubleshot network issues
Examine security problems
Debug protocol implementations
Import and export packet data
Filter packets based on criteria.
Basic IOS Commands
Cisco IOS (originally Internetwork Operating System) is software used on most Cisco
Systems routers and current Cisco network switches. IOS is a package of routing,
switching internetworking and telecommunications functions integrated into a multitasking
operating system. Common commands include:
? - View available commands
Enable – Privileged EXEC Mode
Configure terminal – Global Configuration Mode
Enable Password – Set privileged password
Show – View information about specific things on router
Exit – Back up one level
End – exit back to global command line
Write memory – save your configurations
logout
Switching 101
Layer 2 switching uses the media access control address (MAC
address) from the host's network interface cards (NICs) to decide
where to forward frames. Layer 2 switching is hardware based,
which means switches use special chips called application specific
integrated circuits (ASICs) to build and maintain filter tables (also
known as MAC address tables or Content Addressable Memory or
CAM tables).
The symbol for switch is:
An example of a switch in packet tracer:
VLANs 101
A single layer-2 network which is partitioned to create multiple
distinct broadcast domains, which are mutually isolated so that
packets can only pass between them via one or more routers; such
a domain is referred to as a virtual local area network, virtual LAN
or VLAN.
VLANs 101
Common Reasons to Create VLANS:
To create more flexible designs that group users by department, or
by groups that work together, instead of by physical location
To segment devices into smaller LANs (broadcast domains) to
reduce overhead caused to each host in the VLAN
To reduce the workload for the Spanning Tree Protocol (STP) by
limiting a VLAN to a single access switch
To enforce better security by keeping hosts that work with sensitive
data on a separate VLAN
To separate traffic sent by an IP phone from traffic sent by PCs
connected to the phones.
Routing 101
A router is a device that forwards data packets between computer
networks. It is connected to two or more data lines from different
networks and when a data packet comes in one of the lines, the router
reads the address information in the packet to determine its ultimate
destination. Then, using information from its routing table, it directs the
packet to the next network on its journey. Routers perform the “traffic
directing functions on the Internet.
Routing 101
The symbol for router is:
An example of routing in Packet Tracer:
In the above network topology: Router 1 is in IP range 192.168.1.0/24
and router 3 is in IP range 10.0.0.0/8. Router 2 routes the data
packets to and from Router 1 and Router 3
Routing 101
Some of the common commands that would be required for configuring the
router and switches are given below:
Enable: Puts you into privileged mode
Configure Terminal: Puts you in global configuration mode and changes the
running configuration
Hostname: Sets the name of a router or a switch
Interface: Puts you in interface configuration mode, also used with show
commands
Ip address: Sets an IP address on an interface or a switch
No shutdown – turns on an interface
More Routing Commands
Show run: short for show running configuration; shows the configuration
currently running on the router
Show start: short for show startup-configuration; shows the backup
configuration stored in NVRAM
Copy run start: short for copy running-configuration startup-configuration;
places a configuration into NVRAM
Interface fastethernet 0/0: puts you in interface configuration mode for a fast
Ethernet port; also used with show commands
Show access-list: Shows all the access lists configured on the router
Show vlan: Shows all configured VLANs App.