Download Computer Networks Basics and more Summaries Computer Networks in PDF only on Docsity! COMPUTER NETWORKS NOTE What is a Host? A host is a computer, connected to other computers for which it provides data or services over a network. In theory, every computer connected to a network acts as a host to other peers on the network. In essence, a host reflects the logical relationship of two or more computers on a network. To simplify this, suppose you want to download an image from another computer on your network. That computer is “hosting” the image and therefore, it is the host computer. On the other hand, if that same computer downloads an image from your computer, your computer becomes the host computer. Your computer can be a host to other computers. Likewise, your router can be a host to other routers. But a host must have an assigned IP address. Therefore, modems, hubs, and switches are not considered hosts because they do not have assigned IP addresses. What is network bandwidth? Network bandwidth is a measurement indicating the maximum capacity of a wired or wireless communications link to transmit data over a network connection in a given amount of time. Typically, bandwidth is represented in the number of bits, kilobits, megabits or gigabits that can be transmitted in 1 second. Synonymous with capacity, bandwidth describes data transfer rate. Bandwidth is not a measure of network speed -- a common misconception. How does bandwidth work? The more bandwidth a data connection has, the more data it can send and receive at one time. In concept, bandwidth can be compared to the volume of water that can flow through a pipe. The wider the pipe's diameter, the more water can flow through it at one time. Bandwidth works on the same principle. The higher the capacity of the communication link, the more data can flow through it per second. What is a Client? A client is a computer hardware device or software that accesses a service made available by a server. The server is often (but not always) located on a separate physical computer. What is a Server? A server is a physical computer dedicated to run services to serve the needs of other computers. Depending on the service that is running, it could be a file server, database server, home media server, print server, or web server. What is a packet? In networking, a packet is a small segment of a larger message. Data sent over computer networks*, such as the Internet, is divided into packets. These packets are then recombined by the computer or device that receives them. Suppose Alice is writing a letter to Bob, but Bob's mail slot is only wide enough to accept envelopes the size of a small index card. Instead of writing her letter on normal paper and then trying to stuff it through the mail slot, Alice divides her letter into much shorter sections, each a few words long, and writes these sections out on index cards. She delivers the group of cards to Bob, who puts them in order to read the whole message. What Does Frame Mean? In networking, a frame is a unit of data. A frame works to help identify data packets used in networking and telecommunications structures. Frames also help to determine how data receivers interpret a stream of data from a source. Advertisements Techopedia Explains Frame One way to define frames in networking is that the frame is a primary data unit within Level 2, or the data link layer of the OSI model. By contrast, Level 3, or the networking layer of the OSI model uses the packet as a primary data unit. Frames and packets may have different terminology attached to their use depending on the context or industry in question. In general, the frame is a formatting resource for data that needs to be split up into recognizable pieces in order to be interpreted by a receiver. What is Local Host? When you call an IP address on your computer, you try to contact another computer on the internet, but when you call the IP address 127.0.0.1, you are communicating with the local host. Localhost is always your computer. Your computer is talking to itself when you call the local host. Your computer does not always directly identify the local host. Within your network, localhost has a separate IP address like 192.168.0.1. (for most cases) which is different from the one you use on the internet. This is usually dynamically assigned by the internet service provider (ISP). Localhost can be seen as a server that is used on your computer. This term is generally used in the context of networks. Localhost is not just the name for the virtual server but it is also its domain name. Just like .example, .test, or .invalid, ., .localhost is a top-level domain reserved for documentation and testing purposes. While accessing the domain, a loopback is triggered. If you access “http://localhost” in the browser, the request will not be forwarded to the internet through the router. It will instead remain in your system. Localhost has the IP address 127.0.0.1. This refers back to your server. What is Computer Networking? Computer networking refers to connected computing devices (such as laptops, desktops, servers, smartphones, and tablets) and an ever-expanding array of IoT devices (such as cameras, door locks, doorbells, refrigerators, audio/visual systems, thermostats, and various sensors) that communicate with one another. Please visit- https://www.cisco.com/c/en_in/solutions/enterprise-networks/what-is- computer-networking.html#~q-a What Does Web Mean? The Web is the common name for the World Wide Web, a subset of the Internet consisting of the pages that can be accessed by a Web browser. Many people assume that the Web is the same as the Internet, and use these terms interchangeably. However, the term Internet actually refers to the global network of servers that makes the information sharing that happens over the Web possible. So, although the Web does make up a large portion of the Internet, but they are not one and same. What’s difference between The Internet and The Web ? The Internet is a global network of networks while the Web, also referred to formally as World Wide Web (www) is a collection of information that is accessed via the Internet. Another way to look at this difference is that the Internet is infrastructure while the Web is served on top of that infrastructure. Alternatively, the Internet can be viewed as a big Web that stores. At a high level, we can even think of the Internet as hardware and the Web as software! Difference Between The Internet and The Web Feature Internet WWW Definition A global system of interconnected computer networks that use TCP/IP protocol to link devices worldwide. A system of interlinked hypertext documents and multimedia content accessible via the Internet.. Scope All types of digital communication such as gaming, chatting, file sharing, email, etc. Specifically refers to the collection of web pages and websites accessible via web browsers. Components Hardware(servers, routers, devices), protocols(TCP/IP, FTP, SMTP, etc) and various services. Websites, web pages, web servers and hyperlinks that are used to navigate between them. Feature Internet WWW Protocols used TCP/IP, FTS, SMTP, IMAP and many more. Mainly HTTP/HTTPS Invention Originated in the late 1960s and early 1970s as ARPANET 1989 by Tim Berners-Lee Examples Email services, VoIP, Online gaming, Cloud storage and more. Websites like Google, Wikipidea, Youtube, Amazon, Facebook Usage Used for all forms of digital communication and data exchange. Used mainly for accessing information and multimedia using web browsers. Types of Transmission Media Transmission media refer to the physical pathways through which data is transmitted from one device to another within a network. These pathways can be wired or wireless. The choice of medium depends on factors like distance, speed, and interference. In this article, we will discuss the transmission media. What is Transmission Media? A transmission medium is a physical path between the transmitter and the receiver i.e. it is the channel through which data is sent from one place to another. Transmission Media is broadly classified into the following types: 1. Guided Media Guided Media is also referred to as Wired or Bounded transmission media. Signals being transmitted are directed and confined in a narrow pathway by using physical links. Features: High Speed Secure Used for comparatively shorter distances There are 3 major types of Guided Media: Twisted Pair Cable It consists of 2 separately insulated conductor wires wound about each other. Generally, several such pairs are bundled together in a protective sheath. They are the most widely used Transmission Media. Twisted Pair is of two types: Unshielded Twisted Pair (UTP): UTP consists of two insulated copper wires twisted around one another. This type of cable has the ability to block interference and does not depend on a physical shield for this purpose. It is used for telephonic applications. Shielded Twisted Pair (STP): This type of cable consists of a special jacket (a copper braid covering or a foil shield) to block external interference. It is used in fast-data-rate Ethernet and in voice and data channels of telephone lines. Coaxial Cable It has an outer plastic covering containing an insulation layer made of PVC or Teflon and 2 parallel conductors each having a separate insulated protection cover. The coaxial cable transmits information in two modes: Baseband mode(dedicated cable bandwidth) and Broadband mode(cable bandwidth is split into separate ranges). Cable TVs and analog television networks widely use Coaxial cables. Optical Fiber Cable Optical Fibre Cable uses the concept of refraction of light through a core made up of glass or plastic. The core is surrounded by a less dense glass or plastic covering called the cladding. It is used for the transmission of large volumes of data. The cable can be unidirectional or bidirectional. The WDM (Wavelength Division Multiplexer) supports two modes, namely unidirectional and bidirectional mode. Stripline Stripline is a transverse electromagnetic (TEM) transmission line medium invented by Robert M. Barrett of the Air Force Cambridge Research Centre in the 1950s. Stripline is the earliest form of the planar transmission line. It uses a conducting material to transmit high- frequency waves it is also called a waveguide. This conducting material is sandwiched between two layers of the ground plane which are usually shorted to provide EMI immunity. Microstripline In this, the conducting material is separated from the ground plane by a layer of dielectric. Stripline Stripline is a transverse electromagnetic (TEM) transmission line medium invented by Robert M. Barrett of the Air Force Cambridge Research Centre in the 1950s. Stripline is the earliest form of the planar transmission line. It uses a conducting material to transmit high- card is a layer 2 device which means that it works on both the physical and data link layers of the network model. Difference between Unicast, Broadcast and Multicast in Computer Network The cast term here signifies some data(stream of packets) is being transmitted to the recipient(s) from the client(s) side over the communication channel that helps them to communicate. Let’s see some of the “cast” concepts that are prevailing in the computer networks field. What is Unicast? This type of information transfer is useful when there is a participation of a single sender and a single recipient. So, in short, you can term it a one-to-one transmission. For example, if a device having IP address 10.1.2.0 in a network wants to send the traffic stream(data packets) to the device with IP address 20.12.4.2 in the other network, then unicast comes into the picture. This is the most common form of data transfer over networks. What is Broadcast? Broadcasting transfer (one-to-all) techniques can be classified into two types: Limited Broadcasting: Suppose you have to send a stream of packets to all the devices over the network that your reside, this broadcasting comes in handy. For this to achieve, it will append 255.255.255.255 (all the 32 bits of IP address set to 1) called Limited Broadcast Address in the destination address of the datagram (packet) header which is reserved for information transfer to all the recipients from a single client (sender) over the network. Direct Broadcasting: This is useful when a device in one network wants to transfer packet stream to all the devices over the other network. This is achieved by translating all the Host ID part bits of the destination address to 1, referred to as Direct Broadcast Address in the datagram header for information transfer. What is Multicast? In multicasting, one/more senders and one/more recipients participate in data transfer traffic. In this method traffic recline between the boundaries of unicast (one-to-one) and broadcast (one-to-all). Multicast lets servers direct single copies of data streams that are then simulated and routed to hosts that request it. IP multicast requires the support of some other protocols like IGMP (Internet Group Management Protocol), Multicast routing for its work. Also in Classful IP addressing Class D is reserved for multicast groups. Types of Network Topology: Bus, Ring, Star, Mesh, Tree Diagram Network topologies describe the methods in which all the elements of a network are mapped. The topology term refers to both the physical and logical layout of a network. Types of Networking Topologies Two main types of network topologies in computer networks are 1) Physical topology 2) Logical topology Physical topology This type of network is an actual layout of the computer cables and other network devices Logical topology Logical topology gives insight’s about network’s physical design. Different types of Physical Topologies are: P2P Topology Bus Topology Ring Topology Star Topology Tree Topology Mesh Topology Hybrid Topology ¢ Full Mesh Topology: In this topology, every nodes or device are directly connected with each
other.
© guru99.com
Tree Topology
© guruss.com
Tree Topology
Tree topologies have a root node, and all other nodes are connected which form a hierarchy. So it is
also known as hierarchical topology. This topology integrates various star topologies together in a
single bus, so it is known as a Star Bus topology. Tree topology is a very common network which is.
similar to a bus and star topology.
Hybrid Topology
Hybrid Topology
Hybrid topology combines two or more topelogies. You can see in the above architecture in such a
manner that the resulting network does not ext one of the standard topolo;
Difference between LAN, MAN and WAN LAN stands for local area network. It is a group of network devices that allow communication between various connected devices. Private ownership has control over the local area network rather than the public. LAN has a short propagation delay than MAN as well as WAN. It covers smaller areas such as colleges, schools, hospitals, and so on. MAN stands for metropolitan area network. It covers a larger area than LAN such as small towns, cities, etc. MAN connects two or more computers that reside within the same or completely different cities. MAN is expensive and should or might not be owned by one organization. WAN stands for wide area network. It covers a large area than LAN as well as a MAN such as country/continent etc. WAN is expensive and should or might not be owned by one organization. PSTN or satellite medium is used for wide area networks. Basis LAN MAN WAN Full-Form LAN stands for local area network. MAN stands for metropolitan area network. WAN stands for wide area network. Geographic Span Operates in small areas such as the same building or campus. Operates in large areas such as a city. Operates in larger areas such as country or continent. Ownership LAN’s ownership is private. MAN’s ownership can be private or public. While WAN also might not be owned by one organization. Transmission Speed The transmission speed of a LAN is high. While the transmission speed of a MAN is average. Whereas the transmission speed of a WAN is low. Propagation delay The propagation delay is short in a LAN. There is a moderate propagation delay in a MAN. Whereas, there is a long propagation delay in a WAN. Congestion There is less While there is more Whereas there is more Basis LAN MAN WAN congestion in LAN. congestion in MAN. congestion than MAN in WAN. Design & Maintenance LAN’s design and maintenance are easy. While MAN’s design and maintenance are difficult than LAN. Whereas WAN’s design and maintenance are also difficult than LAN as well MAN. Fault tolerance There is more fault tolerance in LAN. While there is less fault tolerance. In WAN, there is also less fault tolerance. Medium CN What is the OSI Model? OSI stands for Open Systems Interconnection, where open stands to say non-proprietary. It is a 7-layer architecture with each layer having specific functionality to perform. All these 7 layers work collaboratively to transmit the data from one person to another across the globe. The OSI reference model was developed by ISO – ‘International Organization for Standardization‘, in the year 1984. The OSI model provides a theoretical foundation for understanding network communication. However, it is usually not directly implemented in its entirety in real-world networking hardware or software. Instead, specific protocols and technologies are often designed based on the principles outlined in the OSI model to facilitate efficient data transmission and networking operations Data Flow In OSI Model When we transfer information from one device to another, it travels through 7 layers of OSI model. First data travels down through 7 layers from the sender’s end and then climbs back 7 layers on the receiver’s end. Data flows through the OSI model in a step-by-step process: Application Layer: Applications create the data. Presentation Layer: Data is formatted and encrypted. Session Layer: Connections are established and managed. This PDU format basically contains 4 different fields given below – 1. Destination Service Access Point (DSAP) Field – DSAP is generally an 8-bit long field that is used to represent the logical addresses of the network layer entity meant to receive the message. It indicates whether this is an individual or group address. 2. Source Service Access Point (SSAP) Field – SSAP is also an 8-bit long field that is used to represent the logical addresses of the network layer entity meant to create a message. It indicates whether this is a command or response PDU. It simply identifies the SAP that has started the PDU. 3. Information Field – This field generally includes data or information. 4. Control Field – This field identifies and determines the specific PDU and also specifies various control functions. It is an 8 or 16-bit long field, usually depending on the identity of the PDU. It is used for flow and error control. There are basically three types of PDU. Each PDU has a different control field format. These are given below – Information (I) – It generally includes 7-bit sequence number (N(S)) and also a piggybacked sequence number (N(R)). It is used to carry data or information. Supervisory (S) – It generally includes an acknowledgment sequence number (N(R)) and also a 2-bit S field for three different PDU formats i.e. RNR (Receive Not Ready), RR (Receive Ready), and REJ (Reject). It is generally used for flow and error control. Unnumbered (U) – It is generally a 5-bit M bit that is used to indicate the type of PDU. It is used for various protocol PDUs. Some functions of LLC Sublayer are – It is responsible to manage and to ensure the integrity of data transmissions. They provide the logic for the data link MAC address - https://www.geeksforgeeks.org/mac-address-in-computer-network/ What is Ethernet? local Area Network (LAN) is a data communication network connecting various terminals or computers within a building or limited geographical area. The connection between the devices could be wired or wireless. Ethernet generally uses a bus topology. Ethernet operates in two layers of the OSI model, the physical layer and the data link layer. For Ethernet, the protocol data unit is a frame since we mainly deal with DLLs. In order to handle collisions, the Access control mechanism used in Ethernet is CSMA/CD. Difference between Internet, Intranet and Extranet Networks are crucial in today’s globalized world because they allow the acquisition, exchange, and organization of knowledge. Of all the first order networks the Internet, Intranet, and Extranet are commonly utilized for various applications. Every network type meets specific roles that are required in connecting the global population, and internal organization, and secure communication with external subjects. What is the Internet? The Internet is a huge network of millions of computers and related devices from all corners of the globe through which users are able to communicate, exchange information, and partake in general resources. Its mechanism is more decentralized and does not have a specific owner; it works only as a common idea shared by various institutions, governments, and users. The Internet is the tool that links people, companies, and organizations, offering various opportunities for cooperation and development, as well as offering various possibilities to find the necessary information, using Internet resources, such as websites and services, research data, and social networks. What is the Internet? The Internet is a huge network of millions of computers and related devices from all corners of the globe through which users are able to communicate, exchange information, and partake in general resources. Its mechanism is more decentralized and does not have a specific owner; it works only as a common idea shared by various institutions, governments, and users. The Internet is the tool that links people, companies, and organizations, offering various opportunities for cooperation and development, as well as offering various possibilities to find the necessary information, using Internet resources, such as websites and services, research data, and social networks. What is an Intranet? An Intranet is a local area network that has been designed for use within an organization by its employees to share information as well as work together. An Intranet is also constructed from the technologies of the Internet from TCP/IP, HTTP, and web browsers but exist behind a security firewall and has only a limited number of authorized users. Its use is to enhance the cooperation internally, control the distribution of facilities and to work more effectively. These include company news that include the latest updates posted internally to and including personnel directories, project management applications and access to databases all of which assist the organization in enhancing its efficiency. What is Extranet ? An Extranet is an extended form of an Intranet that enables secure communication and collaboration between an organization and external entities, such as suppliers, partners, or clients. While it uses Internet protocols to facilitate connectivity, an Extranet is controlled and accessible only to authorized users with login credentials. The primary purpose of an Extranet is to extend the reach of internal resources to trusted external users while maintaining security through firewalls, encryption, and access control measures. Differences Between Virtual Circuits and Datagram Networks Computer networks that provide connection-oriented services are called Virtual Circuits while those providing connection-less services are called Datagram networks. For prior knowledge, the Internet that we use is based on a Datagram network (connection-less) at the network level as all packets from a source to a destination do not follow the same path. Virtual Circuits It is connection-oriented, meaning that there is a reservation of resources like buffers, CPU, bandwidth, etc. for the time in which the newly set VC is going to be used by a data transfer session. The first sent packet reserves resources at each server along the path. Subsequent packets will follow the same path as the first sent packet for the connection time. Since all the packets are going to follow the same path, a global header is required. Only the first packet of the connection requires a global header, the remaining packets generally don’t require global headers. Since all packets follow a specific path, packets are received in order at the destination. Virtual Circuit Switching ensures that all packets successfully reach the Destination. No packet will be discarded due to the unavailability of resources. The below topology depicts a network having all hosts inside the same virtual LAN: Without VLANs, a broadcast sent from a host can easily reach all network devices. Each and every device will process broadcast received frames. It can increase the CPU overhead on each device and reduce the overall network security. In case if you place interfaces on both switches into separate VLAN, a broadcast from host A can reach only devices available inside the same VLAN. Hosts of VLANs will not even be aware that the communication took place. VLAN in networking is a virtual extension of LAN. A LAN is a group of computer and peripheral devices which are connected in a limited area such as school, laboratory, home, and office building. It is a widely useful network for sharing resources like files, printers, games, and other applications. How VLAN works Here is step by step details of how VLAN works: VLANs in networking are identified by a number. A Valid range is 1-4094. On a VLAN switch, you assign ports with the proper VLAN number. The switch then allows data which needs to be sent between various ports having the same VLAN. Since almost all networks are larger than a single switch, there should be a way to send traffic between two switches. One simple and easy way to do this is to assign a port on each network switch with a VLAN and run a cable between them. Types of VLANs Here are the important types of VLANs Types of VLAN Port-Based VLAN Port-based VLANs groups virtual local area network by port. In this type of virtual LAN, a switch port can be configured manually to a member of VLAN. Devices that are connected to this port will belong to the same broadcast domain that is because all other ports are configured with a similar VLAN number. The challenge of this type of network is to know which ports are appropriate to each VLAN. The VLAN membership can’t be known just by looking at the physical port of a switch. You can determine it by checking the configuration information. Protocol Based VLAN This type of VLAN processes traffic based on a protocol that can be used to define filtering criteria for tags, which are untagged packets. In this Virtual Local Area Network, the layer-3 protocol is carried by the frame to determine VLAN membership. It works in multi-protocol environments. This method is not practical in a predominately IP based network. MAC Based VLAN MAC Based VLAN allows incoming untagged packets to be assigned virtual LAN and, thereby, classify traffic depending on the packet source address. You define a Mac address to VLAN mapping by configuring mapping the entry in MAC to the VLAN table. Basics of Wi-Fi We’ve been studying a lot about the Wired Network. Ethernet is the most common example. Wired networks differ from wireless which uses radio waves rather than transmitting electrical signals over the cables. Wi-Fi stands for Wireless Fidelity. It is a technology for wireless local area networking with devices based on IEEE 802.11 standards. Wi-Fi compatible devices can connect to the internet via WLAN network and a wireless access point abbreviated as AP. Every WLAN has an access point which is responsible for receiving and transmitting data from/to users. IEEE has defined certain specifications for wireless LAN, called IEEE 802.11 which covers physical and data link layers. Access Point(AP) is a wireless LAN base station that can connect one or many wireless devices simultaneously to internet. The architecture of this standard has 2 kinds of services: 1. BSS (Basic Service Set) 2. ESS (Extended Service Set) BSS is the basic building block of WLAN. It is made of wireless mobile stations and an optional central base station called Access Point. Stations can form a network without an AP and can agree to be a part of a BSS. A BSS without an AP cannot send data to other BSSs and defines a standalone network. It is called Ad-hoc network or Independent BSS(IBSS).i.e A BSS without AP is an ad-hoc network. A BSS with AP is infrastructure network. The figure below depicts an IBSS, BSS with the green coloured box depicting an AP. ESS is made up of 2 or more BSSs with APs. BSSs are connected to the distribution system via their APs. The distribution system can be any IEEE LAN such as Ethernet. ESS has 2 kinds of stations: 1. Mobile – stations inside the BSS 2. Stationary – AP stations that are part of wired LAN. The topmost green box represents the distribution system and the other 2 green boxes represent the APs of 2 BSSs. What is the Network Layer? any flow control. The datagrams are sent by the sender when they are ready, without any attention to the readiness of the receiver. 3. Congestion Control Congestion occurs when the number of datagrams sent by the source is beyond the capacity of the network or routers. This is another issue in the network layer protocol. If congestion continues, sometimes a situation may arrive where the system collapses and no datagrams are delivered. Although congestion control is indirectly implemented in the network layer, still there is a lack of congestion control in the network layer. What is an IP Address? All the computers of the world on the Internet network communicate with each other with underground or underwater cables or wirelessly. If I want to download a file from the internet or load a web page or literally do anything related to the internet, my computer must have an address so that other computers can find and locate mine in order to deliver that particular file or webpage that I am requesting. In technical terms, that address is called IP Address or Internet Protocol Address. Working of IP addresses The working of IP addresses is similar to other languages. It can also use some set of rules to send information. Using these protocols we can easily send, and receive data or files to the connected devices. There are several steps behind the scenes. Let us look at them Your device directly requests your Internet Service Provider which then grants your device access to the web. And an IP Address is assigned to your device from the given range available. Your internet activity goes through your service provider, and they route it back to you, using your IP address. Your IP address can change. For example, turning your router on or off can change your IP Address. When you are out from your home location your home IP address doesn’t accompany you. It changes as you change the network of your device. Classification of IP Address An IP address is classified into the following types: 1. Public IP Address: This address is available publicly and it is assigned by your network provider to your router, which further divides it to your devices. Public IP Addresses are of two types, Dynamic IP Address: When you connect a smartphone or computer to the internet, your Internet Service Provider provides you an IP Address from the range of available IP Addresses. Now, your device has an IP Address and you can simply connect your device to the Internet and send and receive data to and from your device. The very next time when you try to connect to the internet with the same device, your provider provides you with different IP Addresses to the same device and also from the same available range. Since IP Address keeps on changing every time when you connect to the internet, it is called a Dynamic IP Address. Static IP Address: Static address never changes. They serve as a permanent internet address. These are used by DNS servers. What are DNS servers? Actually, these are computers that help you to open a website on your computer. Static IP Address provides information such as device is located on which continent, which country, which city, and which Internet Service Provider provides internet connection to that particular device. Once, we know who is the ISP, we can trace the location of the device connected to the internet. Static IP Addresses provide less security than Dynamic IP Addresses because they are easier to track. 2. Private IP Address: This is an internal address of your device which are not routed to the internet and no exchange of data can take place between a private address and the internet. 3. Shared IP addresses: Many websites use shared IP addresses where the traffic is not huge and very much controllable, they decide to rent it to other similar websites so to make it cost-friendly. Several companies and email sending servers use the same IP address (within a single mail server) to cut down the cost so that they could save for the time the server is idle. 4. Dedicated IP addresses: A dedicated IP Address is an address used by a single company or an individual which gives them certain benefits using a private Secure Sockets Layer (SSL) certificate which is not in the case of a shared IP address. It allows to access the website or log in via File Transfer Protocol (FTP) by IP address instead of its domain name. It increases the performance of the website when the traffic is high. It also protects from a shared IP address that is black-listed due to spam. Lookup IP addresses To know your public IP, you can simply search “What is my IP?” on google. Other websites will show you equivalent information: they will see your public IP address because, by visiting the location, your router has made an invitation/request and thus revealed the information. the location IP location goes further by showing the name of your Internet Service Provider and your current city. Finding your device’s private IP Address depends on the OS or platform you are using. On Windows: Click Start and type “cmd” in the search box and run the command prompt. In the black command prompt dialog box type “ipconfig” and press enter. You will be able to see your IP Address there. On Mac: Go to system preferences and select Network, you will be able to see the information regarding your network which includes your IP Address. Types of IP Address IP Address is of two types: 1. IPv4: Internet Protocol version 4. It consists of 4 numbers separated by the dots. Each number can be from 0-255 in decimal numbers. But computers do not understand decimal numbers, they instead change them to binary numbers which are only 0 and 1. Therefore, in binary, this (0-255) range can be written as (00000000 – 11111111). Since each number N can be represented by a group of 8-digit binary digits. So, a whole IPv4 binary address can be represented by 32-bits of binary digits. In IPv4, a unique sequence of bits is assigned to a computer, so a total of (2^32) devices approximately = 4,294,967,296 can be assigned with IPv4. IPv4 can be written as: 189.123.123.90 Classes of IPv4 Address: There are around 4.3 billion IPv4 addresses and managing all those addresses without any scheme is next to impossible. Let’s understand it with a simple example. If you have to find a word from a language dictionary, how long will it take? Usually, you will take less than 5 minutes to find that word. You are able to do this because words in the dictionary are organized in alphabetical order. If you have to find out the same word from a dictionary that doesn’t use any sequence or order to organize the words, it will take an eternity to find the word. If a dictionary with one billion words without order can be so disastrous, then you can imagine the pain behind finding an address from 4.3 billion addresses. For easier management and assignment IP addresses are organized in numeric order and divided into the following 5 classes : IP Class Address Range Maximum number of networks Class A 1-126 126 (27-2) Class B 128-191 16384 Class C 192-223 2097152 4. Subnetting is used in increasing network security. The network can be divided into two parts: To divide a network into two parts, you need to choose one bit for each Subnet from the host ID part. Types of Routing Routing is the process of determining paths through a network for sending data packets. Routing ensures that data moves effectively from source to destination, making the best use of network resources and ensuring consistent communication. Routing is classified into Static Routing, Default Routing, and Dynamic Routing. In this article, we will discover types of routing. 1. Static Routing Static routing is also called as “non-adaptive routing”. In this, routing configuration is done manually by the network administrator. Let’s say for example, we have 5 different routes to transmit data from one node to another, so the network administrator will have to manually enter the routing information by assessing all the routes. 2. Default Routing This is the method where the router is configured to send all packets toward a single router (next hop). It doesn’t matter to which network the packet belongs, it is forwarded out to the router which is configured for default routing. It is generally used with stub routers. A stub router is a router that has only one route to reach all other networks. 3. Dynamic Routing Dynamic routing makes automatic adjustments of the routes according to the current state of the route in the routing table. Dynamic routing uses protocols to discover network destinations and the routes to reach them. RIP and OSPF are the best examples of dynamic routing protocols. Automatic adjustments will be made to reach the network destination if one route goes down. A dynamic protocol has the following features: The routers should have the same dynamic protocol running in order to exchange routes. When a router finds a change in the topology then the router advertises it to all other routers. WPS stands for wifi protected setup. wifi devices usually require a bit of tweaking before they can be set up. You need to configure an SSID, take care of the security of the network by assigning it a password and then you need to connect it with your client, where the steps are repeated. Although this method is usually required only once still it was considered to be a bit of a hassle. Comparatively in Bluetooth, for example, you simply turn on the BT device and it can be paired in a quite straightforward manner with other BT compatible devices. WPS was wifi’s attempt to make setup of a new network easy and secure. With a WPS device you can connect to a network by simply pushing a WPS button or by entering a PIN code. All the hassle of setting up an SSID and passphrase is taken care of for you automatically by the device itself. Note that while as a user you don’t have to create an SSID/password they are still generated. Only its all automatic. It is also considered insecure by most security researchers [1] . While the PIN method of accessing the network is considered to be susceptible to brute force attacks the security of push button depends upon whether the device is itself secure. One of the greatest disadvantages of WPS is that all of the devices, both client and AP must be WPS compatible. In other words before you set up a WPS you have to check whether your AP supports it. Then you have to check whether you client devices like mobile phone supports it. And then you have to figure out a plan for all the unsupported devices. Frankly this is even more of a hassle than the one WPS seeks to eliminate. Nevertheless WPS still offers some significant advantages. Considering that WIFI is a short range radio device, it means the range of the network is limited to a very small area. Meaning having access to a network is not trivial for an outsider . As such the convenience of a quick set up might in some cases be useful. Especially where no sensitive data is exchanged on the network. Or when the network has to provide access to public read only content but wants to limit its access to people who have the PIN. WPA stands for wireless protected access. WPA had many vulnerabilities, and it was supposed to only be an interim standard, so it was superseded for good by WPA 2. WPA 2 itself has many variants. WPA 2 psk is a variant of WPA where the key is shared between connected devices. PSK here stands for pre shared key. WPA 2 psk is designed for a small office and home network where all the people who'll be connecting to wifi can be trusted. Although WPA 2 is secure sharing the password with other people means that any one who has access to it can snoop on the network. For a home use case a WPA-2 psk is secure enough. And you can always change the password if you have any doubts that some one else is using it. ACL features – 1. The set of rules defined are matched serial wise i.e matching starts with the first line, then 2nd, then 3rd, and so on. 2. The packets are matched only until it matches the rule. Once a rule is matched then no further comparison takes place and that rule will be performed. 3. There is an implicit denial at the end of every ACL, i.e., if no condition or rule matches then the packet will be discarded. Once the access-list is built, then it should be applied to inbound or outbound of the interface: Inbound access lists – When an access list is applied on inbound packets of the interface then first the packets will be processed according to the access list and then routed to the outbound interface. Outbound access lists – When an access list is applied on outbound packets of the interface then first the packet will be routed and then processed at the outbound interface. Types of ACL – There are two main different types of Access-list namely: 1. Standard Access-list – These are the Access-list that are made using the source IP address only. These ACLs permit or deny the entire protocol suite. They don’t distinguish between the IP traffic such as TCP, UDP, HTTPS, etc. By using numbers 1-99 or 1300-1999, the router will understand it as a standard ACL and the specified address as the source IP address. 2. Extended Access-list – These are the ACL that uses source IP, Destination IP, source port, and Destination port. These types of ACL, we can also mention which IP traffic should be allowed or denied. These use range 100-199 and 2000-2699. Also, there are two categories of access-list: 1. Numbered access-list – These are the access list that cannot be deleted specifically once created i.e if we want to remove any rule from an Access-list then this is not permitted in the case of the numbered access list. If we try to delete a rule from the access list then the whole access list will be deleted. The numbered access-list can be used with both standard and extended access lists. 2. Named access list – In this type of access list, a name is assigned to identify an access list. It is allowed to delete a named access list, unlike numbered access list. Like numbered access lists, these can be used with both standards and extended access lists. Rules for ACL – 1. The standard Access-list is generally applied close to the destination (but not always). 2. The extended Access-list is generally applied close to the source (but not always). 3. We can assign only one ACL per interface per protocol per direction, i.e., only one inbound and outbound ACL is permitted per interface. 4. We can’t remove a rule from an Access-list if we are using numbered Access-list. If we try to remove a rule then the whole ACL will be removed. If we are using named access lists then we can delete a specific rule. 5. Every new rule which is added to the access list will be placed at the bottom of the access list therefore before implementing the access lists, analyses the whole scenario carefully. 6. As there is an implicit deny at the end of every access list, we should have at least a permit statement in our Access-list otherwise all traffic will be denied. 7. Standard access lists and extended access lists cannot have the same name Computer Network | AAA (Authentication, Authorization and Accounting) The administrator can take access to a router or a device through a console but it is very inconvenient if he is sitting far from the place of that device. So, eventually, he has to take remote access to that device. But as remote access will be available by using an IP address, therefore, it is possible that an unauthorized user can take access using that same IP address therefore for security measures, we have to put authentication. Also, the packets exchanged between the device should be encrypted so that any other person should not be able to capture that sensitive information. Therefore, a framework called AAA is used to provide that extra level of security. AAA (Authentication, Authorization, Accounting) – AAA is a standard-based framework used to control who is permitted to use network resources (through authentication), what they are authorized to do (through authorization), and capture the actions performed while accessing the network (through accounting). 1. Authentication – The process by which it can be identified that the user, which wants to access the network resources, valid or not by asking some credentials such as username and password. Common methods are to put authentication on console port, AUX port, or vty lines. As network administrators, we can control how a user is authenticated if someone wants to access the network. Some of these methods include using the local database of that device (router) or sending authentication requests to an external server like the ACS server. To specify the method to be used for authentication, a default or customized authentication method list is used. 2. Authorization – It provides capabilities to enforce policies on network resources after the user has gained access to the network resources through authentication. After the authentication is successful, authorization can be used to determine what resources is the user allowed to access and the operations that can be performed. For example, if a junior network engineer (who should not access all the resources) wants to access the device then the administrator can create a view that will allow particular commands only to be executed by the user (the commands that are allowed in the method list). The administrator can use the authorization method list to specify how the user is authorized to network resources i.e through a local database or ACS server. 3. Accounting – It provides means of monitoring and capturing the events done by the user while accessing the network resources. It even monitors how long the user has access to the network. The administrator can create an accounting method list to specify what should be accounted for and to whom the accounting records should be sent. What is SONET? SONET is a standardized digital communication protocol developed by Bellcore. Using optical fiber, SONET is used to transmit a large volume of data over relatively long distances. It allows multiple digital data streams to be transferred simultaneously over the same optical fiber using LEDs and laser beams. Transport Layer in OSI Model The transport layer, or layer 4 of the OSI model, controls network traffic between hosts and end systems to guarantee full data flows. Data volume, destination, and rate are all controlled by transport-layer protocols including TCP, UDP, DCCP, and SCTP. and server exchange initial sequence numbers and confirm the connection establishment. In this article, we will discuss the TCP 3-Way Handshake Process. What is the TCP 3-Way Handshake? The TCP 3-Way Handshake is a fundamental process used in the Transmission Control Protocol (TCP) to establish a reliable connection between a client and a server before data transmission begins. This handshake ensures that both parties are synchronized and ready for communication. TCP Segment Structure A TCP segment consists of data bytes to be sent and a header that is added to the data by TCP as shown: The header of a TCP segment can range from 20-60 bytes. 40 bytes are for options. If there are no options, a header is 20 bytes else it can be of upmost 60 bytes. Header fields: Source Port Address: A 16-bit field that holds the port address of the application that is sending the data segment. Destination Port Address: A 16-bit field that holds the port address of the application in the host that is receiving the data segment. Sequence Number: A 32-bit field that holds the sequence number , i.e, the byte number of the first byte that is sent in that particular segment. It is used to reassemble the message at the receiving end of the segments that are received out of order. Acknowledgement Number: A 32-bit field that holds the acknowledgement number, i.e, the byte number that the receiver expects to receive next. It is an acknowledgement for the previous bytes being received successfully. Header Length (HLEN): This is a 4-bit field that indicates the length of the TCP header by a number of 4-byte words in the header, i.e if the header is 20 bytes(min length of TCP header ), then this field will hold 5 (because 5 x 4 = 20) and the maximum length: 60 bytes, then it’ll hold the value 15(because 15 x 4 = 60). Hence, the value of this field is always between 5 and 15. Control flags: These are 6 1-bit control bits that control connection establishment, connection termination, connection abortion, flow control, mode of transfer etc. Their function is: o URG: Urgent pointer is valid o ACK: Acknowledgement number is valid( used in case of cumulative acknowledgement) o PSH: Request for push o RST: Reset the connection o SYN: Synchronize sequence numbers o FIN: Terminate the connection Window size: This field tells the window size of the sending TCP in bytes. Checksum: This field holds the checksum for error control . It is mandatory in TCP as opposed to UDP. Urgent pointer: This field (valid only if the URG control flag is set) is used to point to data that is urgently required that needs to reach the receiving process at the earliest. The value of this field is added to the sequence number to get the byte number of the last urgent byte. To master concepts like the TCP 3-Way Handshake and other critical networking principles, consider enrolling in the GATE CS Self-Paced course . This course offers a thorough understanding of key topics essential for GATE preparation and a successful career in computer science. Get the knowledge and skills you need with expert-led instruction. TCP 3-way Handshake Process The process of communication between devices over the internet happens according to the current TCP/IP suite model(stripped-out version of OSI reference model). The Application layer is a top pile of a stack of TCP/IP models from where network-referenced applications like web browsers on the client side establish a connection with the server. From the application layer, the information is transferred to the transport layer where our topic comes into the picture. The two important protocols of this layer are – TCP, and UDP(User Datagram Protocol) out of which TCP is prevalent(since it provides reliability for the connection established). However, you can find an application of UDP in querying the DNS server to get the binary equivalent of the Domain Name used for the website. TCP provides reliable communication with something called Positive Acknowledgement with Re-transmission(PAR) . The Protocol Data Unit(PDU) of the transport layer is called a segment. Now a device using PAR resend the data unit until it receives an acknowledgement. If the data unit received at the receiver’s end is damaged(It checks the data with checksum functionality of the transport layer that is used for Error Detection ), the receiver discards the segment. So the sender has to resend the data unit for which positive acknowledgement is not received. You can realize from the above mechanism that three segments are exchanged between sender(client) and receiver(server) for a reliable TCP connection to get established. Let us delve into how this mechanism works Destination Port: It is a 2 Byte long field, used to identify the port of the destined packet. Length: Length is the length of UDP including the header and the data. It is a 16-bits field. Checksum: Checksum is 2 Bytes long field. It is the 16-bit one’s complement of the one’s complement sum of the UDP header, the pseudo-header of information from the IP header, and the data, padded with zero octets at the end (if necessary) to make a multiple of two octets. TCP vs UDP Basis Transmission Control Protocol (TCP) User Datagram Protocol (UDP) Type of Service TCP is a connection- oriented protocol. Connection orientation means that the communicating devices should establish a connection before transmitting data and should close the connection after transmitting the data. UDP is the Datagram- oriented protocol. This is because ther e is no overhead for opening a connection, maintaining a connection, or terminating a connection. UDP is efficient for broadcast and multicast types of network transmission. Reliability TCP is reliable as it guarantees the delivery of data to the destination router. The delivery of data to the destination cannot be Basis Transmission Control Protocol (TCP) User Datagram Protocol (UDP) guaranteed in UDP. Error checking mechanism TCP provides extensive error-checking mechanisms. It is because it provides flow control and acknowledgment of data. UDP has only the basic error- checking mechanism using checksums. Acknowledgme nt An acknowledgment segment is present. No acknowledgm ent segment. Sequence Sequencing of data is a feature of Transmission Control Protocol (TCP). this means that packets arrive in order at the receiver. There is no sequencing of data in UDP. If the order is required, it has to be managed by the application layer. Speed TCP is comparatively slower than UDP. UDP is faster, simpler, and more efficient than TCP. Basis Transmission Control Protocol (TCP) User Datagram Protocol (UDP) Retransmission Retransmission of lost packets is possible in TCP, but not in UDP. There is no retransmissio n of lost packets in the User Datagram Protocol (UDP). Header Length TCP has a (20-60) bytes variable length header. UDP has an 8 bytes fixed- length header. Weight TCP is heavy-weight. UDP is lightweight. Handshaking Techniques Uses handshakes such as SYN, ACK, SYN-ACK It’s a connectionles s protocol i.e. No handshake Broadcasting TCP doesn’t support Broadcasting. UDP supports Broadcasting. Protocols TCP is used by HTTP, HTTPs , FTP , SMTP and T elnet . UDP is used by DNS, DHC P, TFTP, SNMP , RIP, and VoIP. There are two congestion control algorithms which are as follows: Leaky Bucket Algorithm The leaky bucket algorithm discovers its use in the context of network traffic shaping or rate-limiting. A leaky bucket execution and a token bucket execution are predominantly used for traffic shaping algorithms. This algorithm is used to control the rate at which traffic is sent to the network and shape the burst traffic to a steady traffic stream. The disadvantages compared with the leaky-bucket algorithm are the inefficient use of available network resources. The large area of network resources such as bandwidth is not being used effectively. Let us consider an example to understand Imagine a bucket with a small hole in the bottom. No matter at what rate water enters the bucket, the outflow is at constant rate. When the bucket is full with water additional water entering spills over the sides and is lost. Similarly, each network interface contains a leaky bucket and the following steps are involved in leaky bucket algorithm: When host wants to send packet, packet is thrown into the bucket. The bucket leaks at a constant rate, meaning the network interface transmits packets at a constant rate. Bursty traffic is converted to a uniform traffic by the leaky bucket. In practice the bucket is a finite queue that outputs at a finite rate. Token Bucket Algorithm The leaky bucket algorithm has a rigid output design at an average rate independent of the bursty traffic. In some applications, when large bursts arrive, the output is allowed to speed up. This calls for a more flexible algorithm, preferably one that never loses information. Therefore, a token bucket algorithm finds its uses in network traffic shaping or rate- limiting. It is a control algorithm that indicates when traffic should be sent. This order comes based on the display of tokens in the bucket. The bucket contains tokens. Each of the tokens defines a packet of predetermined size. Tokens in the bucket are deleted for the ability to share a packet. When tokens are shown, a flow to transmit traffic appears in the display of tokens. No token means no flow sends its packets. Hence, a flow transfers traffic up to its peak burst rate in good tokens in the bucket. Token Bucket vs Leaky Bucket The leaky bucket algorithm controls the rate at which the packets are introduced in the network, but it is very conservative in nature. Some flexibility is introduced in the token bucket algorithm. In the token bucket algorithm , tokens are generated at each tick (up to a certain limit). For an incoming packet to be transmitted, it must capture a token and the transmission takes place at the same rate. Hence some of the busty packets are transmitted at the same rate if tokens are available and thus introduces some amount of flexibility in the system. Formula: M * s = C + ? * s where S – is time taken M – Maximum output rate ? – Token arrival rate C – Capacity of the token bucket in byte Let’s understand with an example, Error Control in TCP Last Updated : 13 Jun, 2022 Prerequisite – TCP/IP Model TCP protocol has methods for finding out corrupted segments, missing segments, out-of- order segments and duplicated segments. Error control in TCP is mainly done through the use of three simple techniques : 1. Checksum – Every segment contains a checksum field which is used to find corrupted segments. If the segment is corrupted, then that segment is discarded by the destination TCP and is considered lost. 2. Acknowledgement – TCP has another mechanism called acknowledgement to affirm that the data segments have been delivered. Control segments that contain no data but have sequence numbers will be acknowledged as well but ACK segments are not acknowledged. 3. Retransmission – When a segment is missing, delayed to deliver to a receiver, corrupted when it is checked by the receiver then that segment is retransmitted again. Segments are retransmitted only during two events: when the sender receives three duplicate acknowledgements (ACK) or when a retransmission timer expires. Retransmission after RTO: TCP always preserves one retransmission time-out (RTO) timer for all sent but not acknowledged segments. When the timer runs out of time, the earliest segment is retransmitted. Here no timer is set for acknowledgement. In TCP, the RTO value is dynamic in nature and it is Protocol) packets This protocol provides security levels and remote access levels comparable with typical VPN (Virtual Private Network) products. Password Authentication Protocol (PAP): Password Authentication Protocol is a password-based authentication protocol used by Point to Point Protocol (PPP) to validate users. Almost all network operating systems, remote servers support PAP. PAP authentication is done at the time of the initial link establishment and verifies the identity of the client using a two-way handshake (Client-sends data and server in return sends Authentication-ACK (Acknowledgement) after the data sent by client is verified completely). Remote Procedure Call Protocol (RPCP): Remote Procedure Call Protocol (RPCP) is a protocol that is used when a computer program causes a procedure (or a sub- routine) to execute in a different address space without the programmer explicitly coding the details for the remote interaction. This is basically the form of client- server interaction, typically implemented via a request-response message-passing system. Sockets Direct Protocol (SDP): Sockets Direct Protocol (SDP) is a protocol that supports streams of sockets over Remote Direct Memory Access (RDMA) network fabrics. The purpose of SDP is to provide an RDMA-accelerated alternative to the TCP protocol. The primary goal is to perform one particular thing in such a manner which is transparent to the application. Presentation Layer in OSI model Introduction : Presentation Layer is the 6th layer in the Open System Interconnection (OSI) model. This layer is also known as Translation layer, as this layer serves as a data translator for the network. The data which this layer receives from the Application Layer is extracted and manipulated here as per the required format to transmit over the network. The main responsibility of this layer is to provide or define the data format and encryption. The presentation layer is also called as Syntax layer since it is responsible for maintaining the proper syntax of the data which it either receives or transmits to other layer(s). Working of Presentation Layer in the OSI model : Presentation layer in the OSI model, as a translator, converts the data sent by the application layer of the transmitting node into an acceptable and compatible data format based on the applicable network protocol and architecture. Upon arrival at the receiving computer, the presentation layer translates data into an acceptable format usable by the application layer. Basically, in other words, this layer takes care of any issues occurring when transmitted data must be viewed in a format different from the original format. Being the functional part of the OSI mode, the presentation layer performs a multitude (large number of) data conversion algorithms and character translation functions. Mainly, this layer is responsible for managing two network characteristics: protocol (set of rules) and architecture. Presentation Layer Protocols : Presentation layer being the 6th layer, but the most important layer in the OSI model performs several types of functionalities, which makes sure that data which is being transferred or received should be accurate or clear to all the devices which are there in a closed network. Presentation Layer, for performing translations or other specified functions, needs to use certain protocols which are defined below – Apple Filing Protocol (AFP): Apple Filing Protocol is the proprietary network protocol (communications protocol) that offers services to macOS or the classic macOS. This is basically the network file control protocol specifically designed for Mac-based platforms. Lightweight Presentation Protocol (LPP): Lightweight Presentation Protocol is that protocol which is used to provide ISO presentation services on the top of TCP/IP based protocol stacks. NetWare Core Protocol (NCP): NetWare Core Protocol is the network protocol which is used to access file, print, directory, clock synchronization, messaging, remote command execution and other network service functions. Network Data Representation (NDR): Network Data Representation is basically the implementation of the presentation layer in the OSI model, which provides or defines various primitive data types, constructed data types and also several types of data representations. External Data Representation (XDR): External Data Representation (XDR) is the standard for the description and encoding of data. It is useful for transferring data between computer architectures and has been used to communicate data between very diverse machines. Converting from local representation to XDR is called encoding, whereas converting XDR into local representation is called decoding. Secure Socket Layer (SSL): The Secure Socket Layer protocol provides security to the data that is being transferred between the web browser and the server. SSL encrypts the link between a web server and a browser, which ensures that all data passed between them remains private and free from attacks. Functions of Presentation Layer : Presentation layer format and encrypts data to be sent across the network. This layer takes care that the data is sent in such a way that the receiver will understand the information (data) and will be able to use the data efficiently and effectively. This layer manages the abstract data structures and allows high-level data structures (example- banking records), which are to be defined or exchanged. This layer carries out the encryption at the transmitter and decryption at the receiver. This layer carries out data compression to reduce the bandwidth of the data to be transmitted (the primary goal of data compression is to reduce the number of bits which is to be transmitted). This layer is responsible for interoperability (ability of computers to exchange and make use of information) between encoding methods as different computers use different encoding methods. This layer basically deals with the presentation part of the data. Presentation layer, carries out the data compression (number of bits reduction while transmission), which in return improves the data throughput. This layer also deals with the issues of string representation. The presentation layer is also responsible for integrating all the formats into a standardized format for efficient and effective communication. This layer encodes the message from the user-dependent format to the common format and vice-versa for communication between dissimilar systems. This layer deals with the syntax and semantics of the messages. This layer also ensures that the messages which are to be presented to the upper as well as the lower layer should be standardized as well as in an accurate format too. Presentation layer is also responsible for translation, formatting, and delivery of information for processing or display. This layer also performs serialization (process of translating a data structure or an object into a format that can be stored or transmitted easily). Application Layer in OSI Model The Application Layer of OSI (Open System Interconnection) model, is the top layer in this model and takes care of network communication. The application layer provides the functionality to send and receive data from users. It acts as the interface between the user and the application. The application provides services like file transmission, mail service, and many more. In this article we will explore the application layer in the OSI model, application layer functions, the working of the application layer, and services provided by the application layer. Functions of Application Layer Application Layer provides a facility by which users can forward several emails and it also provides a storage facility. This layer allows users to access, retrieve and manage files in a remote computer. It allows users to log on as a remote host. It stands for a Network File System. It allows remote hosts to mount file systems over a network and interact with those file systems as though they are mounted locally. This enables system administrators to consolidate resources onto centralized servers on the network. The Port number for NFS is 2049. Command service nfs start 5. SMTP It stands for Simple Mail Transfer Protocol. It is a part of the TCP/IP protocol. Using a process called “store and forward,” SMTP moves your email on and across networks. It works closely with something called the Mail Transfer Agent (MTA) to send your communication to the right computer and email inbox. The Port number for SMTP is 25. Command MAIL FROM:<
[email protected]? 6. LPD It stands for Line Printer Daemon. It is designed for printer sharing. It is the part that receives and processes the request. A “daemon” is a server or agent. The Port number for LPD is 515. Command lpd [ -d ] [ -l ] [ -D DebugOutputFile] 7. X window It defines a protocol for the writing of graphical user interface–based client/server applications. The idea is to allow a program, called a client, to run on one computer. It is primarily used in networks of interconnected mainframes. Port number for X window starts from 6000 and increases by 1 for each server. Command Run xdm in runlevel 5 8. SNMP It stands for Simple Network Management Protocol. It gathers data by polling the devices on the network from a management station at fixed or random intervals, requiring them to disclose certain information. It is a way that servers can share information about their current state, and also a channel through which an administrate can modify pre-defined values. The Port number of SNMP is 161(TCP) and 162(UDP). Command snmpget -mALL -v1 -cpublic snmp_agent_Ip_address sysName.0 9. DNS It stands for Domain Name System. Every time you use a domain name, therefore, a DNS service must translate the name into the corresponding IP address. For example, the domain name www.abc.com might translate to 198.105.232.4. The Port number for DNS is 53. Command ipconfig /flushdns 10. DHCP It stands for Dynamic Host Configuration Protocol (DHCP). It gives IP addresses to hosts. There is a lot of information a DHCP server can provide to a host when the host is registering for an IP address with the DHCP server. Port number for DHCP is 67, 68. Command clear ip dhcp binding {address | * } 11. HTTP/HTTPS HTTP stands for Hypertext Transfer Protocol and HTTPS is the more secured version of HTTP, that’s why HTTPS stands for Hypertext Transfer Protocol Secure. This protocol is used to access data from the World Wide Web. The Hypertext is the well-organized documentation system that is used to link pages in the text document. HTTP is based on the client-server model. It uses TCP for establishing connections. HTTP is a stateless protocol, which means the server doesn’t maintain any information about the previous request from the client. HTTP uses port number 80 for establishing the connection. 12. POP POP stands for Post Office Protocol and the latest version is known as POP3 (Post Office Protocol version 3). This is a simple protocol used by User agents for message retrieval from mail servers. POP protocol work with Port number 110. It uses TCP for establishing connections. POP works in dual mode- Delete mode, Keep Mode. In Delete mode, it deletes the message from the mail server once they are downloaded to the local system. In Keep mode, it doesn’t delete the message from the mail server and also facilitates the users to access the mails later from the mail server. 13. IRC IRC stands for Internet Relay Chat. It is a text-based instant messaging/chatting system. IRC is used for group or one-to-one communication. It also supports file, media, data sharing within the chat. It works upon the client-server model. Where users connect to IRC server or IRC network via some web/ standalone application program. It uses TCP or TLS for connection establishment. It makes use of port number 6667. 14. MIME MIME stands for Multipurpose Internet Mail Extension. This protocol is designed to extend the capabilities of the existing Internet email protocol like SMTP. MIME allows non-ASCII data to be sent via SMTP. It allows users to send/receive various kinds of files over the Internet like audio, video, programs, etc. MIME is not a standalone protocol it works in collaboration with other protocols to extend their capabilities. Domain Name System (DNS) in Application Layer The Domain Name System (DNS) is like the internet’s phone book. It helps you find websites by translating easy-to-remember names (like www.example.com) into the numerical IP addresses (like 192.0.2.1) that computers use to locate each other on the internet. Without DNS, you would have to remember long strings of numbers to visit your favorite websites. Domain Name System (DNS) is a hostname used for IP address translation services. DNS is a distributed database implemented in a hierarchy of name servers. It is an application layer protocol for message exchange between clients and servers. It is required for the functioning of the Internet. What is the Need for DNS? Every host is identified by the IP address but remembering numbers is very difficult for people also the IP addresses are not static therefore a mapping is required to change the domain name to the IP address. So DNS is used to convert the domain name of the websites to their numerical IP address. Types of Domain There are various kinds of domains: Generic Domains: .com(commercial), .edu(educational), .mil(military), .org(nonprofit organization), .net(similar to commercial) all these are generic domains. Country Domain: .in (India) .us .uk Inverse Domain: if we want to know what is the domain name of the website. IP to domain name mapping. So DNS can provide both the mapping for example to find the IP addresses of geeksforgeeks.org then we have to type nslookup www.geeksforgeeks.org Domain Name Server How Does DNS Work? The working of DNS starts with converting a hostname into an IP Address. A domain name serves as a distinctive identification for a website. It is used in place of an IP address to make it simpler for consumers to visit websites. Domain Name System works by executing the database whose work is to store the name of hosts which are available on the Internet. The top-level domain server stores address information for top-level domains such as .com and .net, .org, and so on. If the Client sends the request, then the DNS resolver sends a request to DNS Server to fetch the IP Address. In case, when it does not contain that particular IP Address with a hostname, it forwards the request to another DNS Server. When IP Address has arrived at the resolver, it completes the request over Internet Protocol. For more, you can refer to Working of DNS Server. How Does DNS Works? Authoritative DNS Server Vs Recursive DNS Resolver Parameters Authoritative DNS Server Recursive DNS Resolver Function Holds the official DNS records for a domain Resolves DNS queries on behalf of clients Role Provides answers to specific DNS queries Actively looks up information for clients Parameters Authoritative DNS Server Recursive DNS Resolver Query Handling Responds with authoritative DNS data Queries other DNS servers for DNS data Client Interaction Doesn’t directly interact with end-users Serves end-users or client applications Data Source Stores the DNS records for specific domains Looks up data from other DNS servers Caching Generally, doesn’t perform caching Caches DNS responses for faster lookups Hierarchical Resolution Does not participate in the recursive resolution Actively performs recursive name resolution IP Address Has a fixed, known IP address IP address may vary depending on ISP Zone Authority Manages a specific DNS zone (domain) Does not manage any specific DNS zone What is DNS Lookup? DNS Lookup or DNS Resolution can be simply termed as the process that helps in allowing devices and applications that translate readable domain names to the corresponding IP Addresses used by the computers for communicating over the web. What Are The Steps in a DNS Lookup? Often, DNS lookup information is stored temporarily either on your own computer or within the DNS system itself. There are usually 8 steps involved in a DNS lookup. If the information is already stored (cached), some of these steps can be skipped, making the process faster. Here is an example of all 8 steps when nothing is cached: 1. A user types “example.com” into a web browser. 2. The request goes to a DNS resolver. 3) UDP is not reliable, but reliability can be added to the application layer. An application can use UDP and can be reliable by using a timeout and resend at the application layer. Additionally, because DNS is a widely used protocol, there is a significant amount of traffic that needs to be handled by DNS servers. UDP is more scalable and efficient than TCP for handling large amounts of traffic, as it does not require the overhead of connection management. Address Resolution in DNS (Domain Name Server) Mapping a domain name to an IP Address is known as Name-Address Resolution. The Domain Name Server (DNS) Resolver performs this operation by consulting name servers. Mapping name to an address or an address to a name is called name-address resolution. RESOLVER DNS is designed as a client -server application. A host that needs to map an address to a name or a name to an address calls a DNS client called a resolver. The resolver accesses the closest DNS server with a mapping request. If the server has the information it satisfies the resolver ;otherwise, it either refers the resolver to other servers or asks other servers to provide the information. After the resolver receives the mapping, it interprets the response to see if it is a real resolution or an error, and finally delivers the result to the process that requested it. Mapping Names to Addresses In this case, the server checks the generic domains or the country domains to find the mapping. If the domain name is from the generic section, the resolver receives a domain name such as “chal .atc: fhda.edu”. The query is sent by the resolver to the local DNS server for resolution. If the local server cannot resolve the query, it either refers the resolver to other servers or asks other servers directly. If the domain name is from the country domain section, the resolver receives a domain name such as “ch .fhda.cu.ca.us”. The procedure is the same https://www.geeksforgeeks.org/address-resolution-in-dns-domain-name-server/ for more and mapping Address in the DNS DNS Spoofing or DNS Cache poisoning A Domain Name System (DNS) converts a human-readable name (such as www.geeksforgeeks.org) to a numeric IP address. The DNS system responds to one or more IP-address by which your computer connects to a website (such as geeksforgeeks.org) by using one of the IP-address. There is not only one DNS server. There are series of DNS servers used to resolve the domain name. DNS uses cache to work efficiently so that it can quickly refer to DNS lookups it’s already performed rather than performing a DNS lookup over and over again. Although DNS caching increase the speed of the domain name resolution process But the major change in the domain then takes a day to reflect worldwide. DNS Spoofing means getting a wrong entry or IP address of the requested site from the DNS server. Attackers find out the flaws in the DNS system and take control and will redirect to a malicious website. In above image – 1. Request to Real Website: User hits a request for a particular website it goes to the DNS server to resolve the IP address of that website. 2. Inject Fake DNS entry: Hackers already take control over the DNS server by detecting the flaws and now they add false entries to the DNS server. 3. Resolve to Fake Website: Since the fake entry in the DNS server redirect the user to the wrong website. To Prevent From DNS Spoofing – 1. DNS Security Extensions (DNSSEC) is used to add an additional layer of security in the DNS resolution process to prevent security threats such as DNS Spoofing or DNS cache poisoning. 2. DNSSEC protects against such attacks by digitally ‘signing’ data so you can be assured it is valid. 3. Implement Source Authentication: Source authentication can be used to verify that the source of the DNS request is legitimate. This can be achieved using techniques such as IPsec or TLS to authenticate the requestor and ensure that the request has not been tampered with in transit. 4. Use Response Rate Limiting: Response Rate Limiting (RRL) is a technique that limits the rate at which a DNS server responds to queries. This can help prevent DNS amplification attacks by reducing the number of responses that can be generated by a single query. 5. Implement DNS Filtering: DNS filtering can be used to block traffic to known malicious domains or IP addresses. This can be done using DNS blacklists or whitelists that are regularly updated with known malicious or legitimate domains. 6. Use DNS Monitoring and Analysis: DNS monitoring and analysis can be used to detect anomalies in DNS traffic that may indicate a DNS spoofing attack. This can be achieved using techniques such as packet capture and analysis, log analysis, or real- time monitoring of DNS traffic. 7. Regularly Update DNS Software and Patches: Regularly updating DNS software and patches can help prevent known vulnerabilities from being exploited by attackers. This can be achieved by regularly checking for updates and patches from the vendor or using automated patch management tools. Types of DNS Attacks and Tactics for Security Types of DNS Attacks and Tactics for Security Domain Name Server is a prominent building block of the Internet. It’s developed as a system to convert alphabetical names into IP addresses, allowing users to access websites and exchange e-mails. DNS is organized into a tree-like infrastructure where the first level contains topmost domains, such as .com and .org. The second-level nodes contain general, traditional domain names. The ‘leaf’ nodes on this tree are known as hosts. DNS works similarly to a database that is accessed by millions of computer systems in trying to identify which address is most likely to solve a user’s query. In DNS attacks, hackers will sometimes target the servers which contain the domain names. In other cases, these attackers will try to determine vulnerabilities within the system itself and exploit them for their own good. Types of Attacks: 1. Denial of service (DoS): An attack where the attacker renders a computer useless (inaccessible) to the user by making a resource unavailable or by flooding the system with traffic. encrypted communication and secure distinguishing proof of an arranged web server. HTTPS is more secure than HTTP because HTTPS is certified by the SSL(Secure Socket Layer). Whatever website you are visiting on the internet, if its URL is HTTP, then that website is not secure. HTTPS Characteristics of HTTPS HTTPS encrypts all message substance, including the HTTP headers and the request/response data. The verification perspective of HTTPS requires a trusted third party to sign server-side digital certificates. HTTPS is presently utilized more frequently by web clients than the first non-secure HTTP, fundamentally to ensure page genuineness on all sorts of websites, secure accounts and to keep client communications. In short, both of these are protocols using which the information of a particular website is exchanged between the Web Server and Web Browser. But there are some differences between these two. A concise difference between HTTP and HTTPS is that HTTPS is much more secure compared to HTTP. What is an HTTP Request? HTTP request is a kind of message a client (in most cases, a web browser) sends to the server demanding some specific resources. It comprises of several elements like the request method (GET, POST and etc. ), the headers and occasionally the body carrying the data. This is the request part where the client outlines a request to the server and what they want. What is an HTTP Response? Http response is a message sent by the server to the client in response to an Http request. In simple terms, it has status code that describes the result of a request; header, which is information about the response; and the body, which is the actual response or an error message. How Does the HTTP Protocol Work? This means that the HTTP protocol uses a forms of a request and response operational mode. When a client wants to retrieve information, it uses http request to the servers as shown in the following stages. The request is received by the server and in the form of an HTTP response the server returns the data which the client requested or an error message. This takes place over the internet using port 80 by default, to assist in the identification of this protocol it is often referred to as the http or the hip protocol. How Does the HTTPS Protocol Work? HTTPS can be said to be similar to the HTTP only that it also provides a level of security. It first creates a connection between the client and server over SSL/TLS, which enhances security by encrypting the Client and server communication. When a client makes a request for a resource using the https then the server and the client agree on the encryption keys that will be used in encrypting the data that will be transmitted in that particular session. This makes sure that data being exchanged between them is encrypted and coded hence cannot be intercepted. How Does HTTPS Help Authenticate Web Servers? HTTPS assists in qualifying web servers by means of digital certificates provided by CAs – Certificate Authorities. When a client established an SSL connection to a particular server using HTTPS the server sends the certificate to the client as the proof of its identity. In this case, client will validate this certificate with the list of trusted CAs to confirm that the server is authentic. This process broke man-in-the-middle attack and guarantees that end users are accessing the correct server. Difference Between HTTP and HTTPS Hypertext Transfer Protocol (HTTP) is a protocol using which hypertext is transferred over the Web. Due to its simplicity, HTTP has been the most widely used protocol for data transfer over the Web but the data (i.e. hypertext) exchanged using HTTP isn’t as secure as we would like it to be. Cryptographic protocols such as SSL and/or TLS turn HTTP into HTTPS i.e. HTTPS = HTTP + Cryptographic Protocols. HTTP vs HTTPS HTTP HTTPS HTTP stands for HyperText Transfer Protocol. In HTTP, the URL begins with “http://”. HTTPS stands for HyperText Transfer Protocol Secure. In HTTPS, the URL starts with “https://”. HTTP uses port number 80 for communication. HTTPS uses port number 443 for communication. Hyper-text exchanged using HTTP goes as plain text i.e. anyone between the browser and server can read it relatively easily if one intercepts this exchange of data and due to which it is Insecure. HTTPS is considered to be secure but at the cost of processing time because Web Server and Web Browser need to exchange encryption keys using Certificates before actual data can be transferred. HTTP Works at the Application Layer. HTTPS works at Transport Layer. HTTP does not use encryption, which results in low HTTPS uses Encryption which address sent by the host checks whether the address to be assigned to the node is available in the data storage. 4. DHCPACK: If the address is assigned, it marks the IP address in the storage as unavailable to ensure consistency. Now, the server sends a DHCPACK packet to the requested host which contains network information(IP address, subnet mask, gateway address). In case, if the address is assigned to another machine meanwhile, then the server sends the packet DHCPNAK to the requested host indicating that the IP address is assigned to some other machine. 5. DHCPRELEASE: And finally, If the host wants to move to another network or if it has finished its work, it sends the DHCPRELEASE packet to the server indicating that it wants to disconnect. Then the server marks the IP address as available in the storage so that it can be assigned to other machines. If you’re reading this blog, then you are no doubt already familiar with the wondrous creation that is the Internet. The Internet allows computers from all over the world to speak to each other. When data leaves your computer, it is grouped into small chunks called Packets. These packets are essentially little envelopes that carry data across the Internet. This article series is going to explain everything that happens to get one of these Packets from one side of the Internet to the other. We will look at each device and every step involved with a packet traveling across the Internet. https://www.practicalnetworking.net/series/packet-traveling/osi-model/ Key-Players The Internet is a fascinating blend of many different elements that all work together to create a world wide network of networks which allow billions of different devices to communicate. In this article, we will look at some of the key players of the Internet and the role each fulfills in order to achieve network communication. This list is far from exhaustive, but will cover the main “cast and crew” you will need to be familiar with in order to understand how a packet travels through the Internet. Host The term host is a generic term that implies any sort of end-device on the Internet. Any device which might be the original initiation of traffic or the final destination of traffic can be considered a host. The traditional example would be your computer or laptop. But in these modern times, there are so many more: mobile phones, smart TVs, smart watches, certain cars, and even some refrigerators! Hosts run software and applications for the end user to interact with, and they also at some point need to put bits on a wire. As such, it is said that Hosts operate across all seven layers of the OSI model. In typical internet communication or network traffic, the two hosts in communication are often labeled as the Client or the Server. The Client is the entity initiating the request and is looking to acquire a piece of information or data or a service. While the Server is the entity receiving the request and has the information, data, or service that the Client wants. It should be noted that these terms are relative to specific types of communication. For example, when your laptop is browsing through a web page, your laptop is acting as the Client and the Web Server is acting as the Server. But when that same Web Server is then downloading software updates, it is now acting as a Client and communicating with an Update Server. Network A Network is simply two or more connected devices — typically grouped together by similar purposes or physical location. A network can take many different forms, for example: A group of PCs in a classroom are all in the same physical space and would all belong to one network. Any typical home network will include multiple laptops, mobile phones, or printers that are all tied to the same physical address. Therefore, all belonging to the same network. A coffee shop which has WiFi will allow each of their customers to connect to the same WiFi Network. A large company might use multiple networks, often separating them by job role. For instance, one network for all its accountants and another network for all its engineers. Depending on the purpose of each network, the devices within them will then communicate with other devices in the same network or other devices in different networks. Any time any of the Key Players discussed in this rest of this article series are connected to each other, you have a network. In fact, the whole Internet is nothing more than a series of Inter-connected networks. Switch A Switch is a network device whose primary purpose is to facilitate communication within networks. Switches operate at Layer 2 of the OSI model, which means they only look into each data- gram up to the Layer 2 header. The Layer 2 header contains information that enables hop to hop delivery , such as the Source and Destination MAC address. A Switch operates by maintaining what is known as a MAC Address table. This is a table that maps MAC addresses of devices plugged into each switch port. A typical switch has many ports, from 24 to 48, up to 96, or more. The MAC Address Table is populated by looking at the Source MAC address field of any received frames. In order to forward the frame, the Switch will lookup the Destination MAC address in their MAC Address Table to determine what port to use. If a Switch encounters a frame for which it does not know the location of the Destination MAC address, it simply duplicates and floods the frame out each switch port (except the The Client is generally already configured with a Default Gateway — which we can tell from the image will be the R1. When a Client is attempting to speak to a host in a foreign network, the Client will issue an ARP request for the Default Gateway’s MAC address. This will allow the Client to populate the Layer 3 and Layer 2 headers as follows: To summarize ARP’s operation: When a Client is speaking to a host in the same network, it will ARP for the MAC address of the host When a Client is speaking to a host in a different network, it will ARP for the MAC address of the Default Gateway Remember, packet delivery is always the job of Layer 2, and Layer 2’s primary goal is getting a packet from hop to hop. Conversely, Layer 3, which is concerned with end to end delivery is unable to put a packet on a wire and send it to another host’s NIC. ARP’s role is to help the client create the proper L2 header, based on the L3 header, in order to get the packet from one hop to the next. It should also be noted that any device that intends to forward a packet based upon the IP address (L3), must also have the ability to deliver the packet to the next hop (L2). As such, any device that uses IP addresses must also use ARP to deliver the packet using MAC addresses. Consequently, all Layer 3 devices must maintain an ARP Table. Host to Host Communication After discussing the makeup of the OSI Model and some of the Key Players involved in moving a packet from one host to another, we can finally discuss the specific functions which occur in allowing Host to Host communication. At the very core of the Internet is this idea that two computers can communicate with each other. Although it is rare to find situations where two hosts are connected directly to each other, understanding what happens if they were is crucial to understanding everything else that happens when multiple hosts are communicating through a switch or router. As such, this article will focus on host to host communication, and each individual step involved in the process. Host to Host Communication Since there are no Routers in this illustration, we know all the communication is happening within the same network — therefore, Host A and Host B are both configured with IP addresses that belong to the same network. Each host has a unique IP address and MAC address. Since each host is also a L3 device, they each also have an ARP Table. At the moment, their ARP Tables are empty. Host A starts by generating some Data for Host B. Host A knows the final destination for this data will be the IP address 10.10.10.20 (Host B). Host A also knows its own address (10.10.10.10), and as such is able to create a L3 header with the required Source and Destination IP Address. But as we learned earlier, packet delivery is the job of Layer 2, so despite these hosts being directly connected to one another, a L2 header must be created. The Source of the L2 header will be Host A’s MAC address (aaaa.aaaa.aaaa). The Destination of the L2 header should be Host B’s MAC address, but at the moment, Host A doesn’t have an entry in its ARP Table for Host B’s IP address, and therefore, does not know Host B’s MAC address. As a result, Host A is unable to create the proper L2 header to deliver the packet to Host B’s NIC at this time. Host A will have to initiate an ARP Request in order to acquire the missing information: The ARP Request is a single packet which essentially asks: “If there is someone out there with the IP 10.10.10.20, please send me your MAC address.“ Remember, at this point Host A does not know if Host B exists. In fact, Host A does not know that it is directly connected to Host B. Hence, the question is addressed to everyone on the link. The ARP Request is sent as a Broadcast, and had there been other hosts connected to this link, they too would have received the ARP Request. Also note that Host A includes its own MAC address in the ARP Request itself. This allows Host B (if it exists) to easily respond directly back to Host A with the requested information. Receiving the ARP Request allows Host B to learn something. Namely, that Host A’s IP address is 10.10.10.10 and the correlating MAC address is aaaa.aaaa.aaaa. Notice this entry is now added to Host B’s ARP Table. Host B can use this new information to respond directly to Host A. The ARP Response is sent as a Unicast message, directly addressed to Host A. Had there been other hosts on this link, they would not have seen the ARP Response. The ARP Response will include the information Host A requested: The IP Address 10.10.10.20 is being served by the NIC with the MAC address bbbb.bbbb.bbbb. Host A will use this information to populate its ARP Table: With Host A’s ARP Table populated, Host A can now successfully put together the proper L2 header to get the packet to Host B. When Host B gets the data, it will be able to respond without further ado, since it already has a mapping in its ARP Table for Host A. Host to Host through a Switch the last article, we looked at everything that happens for two hosts to communicate directly with one another. In this article, we will add a common network device: a switch. We will take a look at what happens for communication from Host to Host through a Switch. This article will be the practical application of everything that was discussed when we looked at a Switch as a key player in packet traveling. It might be worth reviewing that section before proceeding. We will start by looking at the individual switch functions, and then take a look at an animation which shows their collaborative operation. Switch Functions A Switch primarily has four functions: Learning, Flooding, Forwarding, and Filtering: Learning Being a Layer 2 device, a Switch will make all its decisions based upon information found in the L2 Header. Specifically, a Switch will use the Source MAC address and Destination MAC address to make its forwarding decisions. One of the goals of the Switch is to create a MAC Address Table, mapping each of its switchports to the MAC address of the connected devices. The MAC address table starts out empty, and every time a Switch receives anything, it takes a look at the Source MAC address field of the incoming frame. It uses the Source MAC and the switchport the frame was received on to build an entry in the MAC Address Table. When Host A sends the frame to the switch, it includes a Source MAC address of aaaa.aaaa.aaaa. This prompts the Switch to learn a MAC Address Table entry mapping Port 1 to MAC Address aaaa.aaaa.aaaa. Then, when deciding how to forward the frame, the Switch realizes there is no entry for bbbb.bbbb.bbbb. This leaves the Switch only one option: duplicate and flood the frame out all ports. Notice the frame was duplicated out all ports, except Port 1 (the port it came in on) – this is an example of the Switch performing its filtering function. This frame will then be received by Host C and Host B. Host C, when inspecting the L2 header will realize the frame is not intended for them and will simply discard it. Conversely, when Host B receives the frame and realizes they indeed are the intended recipient, they will accept the frame and generate a response. When the response arrives on the Switch, another MAC Address Table mapping can be learned: Port 2 contains the MAC address bbbb.bbbb.bbbb. Then the Switch looks up the Destination MAC address (aaaa.aaaa.aaaa) and realizes this address exists out Port 1. The Switch can then simply forward the frame, since it knows the location of the Destination MAC address. The animation above illustrate the four switch functions on a single switch. To see how the process scales to multiple switches, check out this article. Broadcasts There is often some confusion about a switch in regards to a Broadcast and a Switch’s flooding behavior. The confusion is understandable, because the end result is the same, but it is also important to understand the distinction. A Broadcast frame is a frame which is addressed to everyone on the local network. This is done using the same Ethernet header we’ve been discussing, except the Destination MAC address field is populated with a special address: ffff.ffff.ffff. The “all F’s” address is specially reserved for the purpose of broadcasting. By definition, if the Switch ever encounters a packet with a destination MAC of ffff.ffff.ffff, it will always flood the frame (after learning the Source MAC, of course). Another way of looking at it, is since the address ffff.ffff.ffff is reserved, the switch is unable to learn a MAC Address Table mapping for it. As such, any frame destined to this MAC address will always be flooded. In summary, a Broadcast is a frame addressed to everyone on the local network (ffff.ffff.ffff), and Flooding is an action a switch can take. A broadcast frame, by definition, will always be flooded by a switch. But a switch will never broadcast a frame (since broadcasting is not a function of a switch). We’ve looked at what it takes for two hosts directly connected to each other to communicate. And we’ve looked at what it takes for a host to speak to another host through a switch. Now we add another network device as we look at what it takes for traffic to pass from host to host through a Router. This article will be the practical application of everything that was discussed when we looked at a Router as a key player in Packet Traveling. It might be worth reviewing that section before proceeding. We will start by looking at the two major Router Functions, then see them in action as we look at Router Operation. To discuss our way through these concepts, we will use the following image. We will focus on R1, and what is required for it to forward packets from Host A, to Host B and Host C. For simplicity, the MAC addresses of each NIC will be abbreviated to just four hex digits. Router Functions Earlier we mentioned that a Router’s primary purpose is to facilitate communication between networks. As such, every router creates a boundary between two networks, and their main role is to forward packets from one network to the next. Notice in the image above, we have R1 creating a boundary between the 11.11.11.x network and the 22.22.22.x network. And we have R2 creating a boundary between the 22.22.22.x and 33.33.33.x networks. Both of the routers have an interface in the 22.22.22.x network. In order to forward packets between networks, a router must perform two functions: populate and maintain a Routing Table, and populate and maintain an ARP Table. Populating a Routing Table From the perspective of each Router, the Routing Table is the map of all networks in existence. The Routing Table starts empty, and is populated as the Router learns of new routes to each network. There are multiple ways a Router can learn the routes to each network. We will discuss two of them in this section. The simplest method is what is known as a Directly Connected route. Essentially, when a Router interface is configured with a particular IP address, the Router will know the Network to which it is directly attached. For example, in the image above, R1’s left interface is configured with the IP address 11.11.11.1. This tells R1 the location of the 11.11.11.x network exists out its left interface. In the same way, R1 learns that the 22.22.22.x network is located on its right interface. Of course, a Router can not be directly connected to every network. Notice in the image above, R1 is not connected to 33.33.33.x, but it is very likely it might have to one day forward a packet to that network. Therefore, there must exist another way of learning networks, beyond simply what the router is directly connected to. That other way is known as a Static Route. A Static Route is a route which is manually configured by an administrator. It would be as if you explicitly told R1 that the 33.33.33.x network exists behind R2, and to get to it, R1 has to send packets to R2’s interface (configured with the IP address 22.22.22.2). In the end, after R1 learned of the two Directly Connected routes, and after R1 was configured with the one Static Route, R1 would have a Routing Table that looked like this image. The Routing Table is populated with many Routes. Each Route contains a mapping of Networks to Interfaces or Next-Hop addresses. Every time a Router receives a packet, it will consult its Routing Table to determine how to forward the packet. Again, the Routing Table is a map of every network that exists (from the perspective of each router). If a router receives a packet destined to a network it does not have a route for, then as far as that router is concerned, that network must not exist. Therefore, a router will discard a packet if its destination is in a network not in the Routing Table. Finally, there is a third method for learning routes known as Dynamic Routing. This involves the routers detecting and speaking to one another automatically to inform each other of their known routes. There are various protocols that can be used for Dynamic Routing, each representing different strategies, but alas their intricacies fall outside the scope of this article series. They will undoubtedly become a subject for future articles. That said, the Routing Table will tell the router which IP address to forward the packet to next. But as we learned earlier, packet delivery is always the job of Layer 2. And in order for the Router to create the L2 Header which will get the packet to the next L3 address, the Router must maintain an ARP Table. Populating an ARP Table