Networking

avatar
Created by
EarlyHorse17571

Cards (37)

  • Packets and frames
    • Are small pieces of data that, when forming together, make a larger piece of information or message. However, they are two different things in the OSI model. A frame is at layer 2 - the data link layer, meaning there is no such information as IP addresses. Think of this as putting an envelope within an envelope and sending it away. The first envelope will be the packet that you mail, but once it is opened, the envelope within still exists and contains data (this is a frame).
    • This process is called encapsulation 
    • When we are talking about anything IP addresses, we are talking about packets. When the encapsulating information is stripped away, we're talking about the frame itself.
    • Packets are an efficient way of communicating data across networked devices. Because this data is exchanged in small pieces, there is less chance of bottlenecking occurring across a network than large messages being sent at once.
  • Packets:
  • Packet Headers:
    • Time to Live: This field sets an expiry timer for the packet to not clog up your network if it never manages to reach a host or escape!
    • Checksum: This field provides integrity checking for protocols such as TCP/IP. If any data is changed, this value will be different from what was expected and therefore corrupt.
    • Source Address: The IP address of the device that the packet is being sent from so that data knows where to return to.
    • Destination Address: The device's IP address the packet is being sent to so that data knows where to travel next.
  • The TCP/IP protocol consists of four layers and is arguably just a summarised version of the OSI model. These layers are:
    • Application
    • Transport
    • Internet
    • Network Interface
  • One defining feature of TCP is that it is connection-based, which means that TCP must establish a connection between both a client and a device acting as a server before data is sent.
    • Because of this, TCP guarantees that any data sent will be received on the other end. This process is named the Three-way handshake.
  • Advantages of TCP:
    • Guarantees the integrity of data.
    • Capable of synchronising two devices to prevent each other from being flooded with data in the wrong order.
    • Performs a lot more processes for reliability
  • Disadvantages of TCP:
    • Requires a reliable connection between the two devices. If one small chunk of data is not received, then the entire chunk of data cannot be used and must be re-sent.
    • A slow connection can bottleneck another device as the connection will be reserved on the other device the whole time.
    • TCP is significantly slower than UDP because more work (computing) has to be done by the devices using this protocol.
  • TCP Headers:
    • Source Port: This value is the port opened by the sender to send the TCP packet from. This value is chosen randomly (out of the ports from 0-65535 that aren't already in use at the time).
    • Destination Port: This value is the port number that an application or service is running on the remote host (the one receiving data); for example, a webserver running on port 80. Unlike the source port, this value is not chosen at random.
  • TCP Headers:
    • Source IP: This is the IP address of the device that is sending the packet.
    • Destination IP: This is the IP address of the device that the packet is destined for.
    • Sequence Number: When a connection occurs, the first piece of data transmitted is given a random number.
    • Acknowledgement Number: After a piece of data has been given a sequence number, the number for the next piece of data will have the sequence number + 1.
  • TCP Headers:
    • Checksum: This value is what gives TCP integrity. A mathematical calculation is made where the output is remembered. When the receiving device performs the mathematical calculation, the data must be corrupt if the output is different from what was sent.
    • Data: This header is where the data, i.e. bytes of a file that is being transmitted, is stored.
    • Flag: This header determines how the packet should be handled by either device during the handshake process. Specific flags will determine specific behaviours, which is what we'll come on to explain below.
  • TCP Handshake:
    1. SYN: A SYN message is the initial packet sent by a client during the handshake. This packet is used to initiate a connection and synchronise the two devices together.2. SYN/ACK: This packet is sent by the receiving device (server) to acknowledge the synchronisation attempt from the client.
    3. ACK: The acknowledgement packet can be used by either the client or server to acknowledge that a series of messages/packets have been successfully received.
  • TCP Handshake:
    • 4. DATA: Once a connection has been established, data (such as bytes of a file) is sent via the "DATA" message.
    • 5. FIN: This packet is used to cleanly (properly) close the connection after it has been complete.
    • 6. RST: This packet abruptly ends all communication. This is the last resort and indicates there was some problem during the process. For example, if the service or application is not working correctly, or the system has faults such as low resources. 
  • TCP Handshake:
  • Any sent data is given a random number sequence and is reconstructed using this number sequence and incrementing by 1. Both computers must agree on the same number sequence for data to be sent in the correct order. This order is agreed upon during three steps:
    1. SYN - Client: Here's my Initial Sequence Number(ISN) to SYNchronise with (0)
    2. SYN/ACK - Server: Here's my Initial Sequence Number (ISN) to SYNchronise with (5,000), and I ACKnowledge your initial number sequence (0)
    3. ACK - Client: I ACKnowledge your Initial Sequence Number (ISN) of (5,000), here is some data that is my ISN+1 (0 + 1)
  • TCP Closing a Connection:
    • First, TCP will close a connection once a device has determined that the other device has successfully received all of the data.
    • Because TCP reserves system resources on a device, it is best practice to close TCP connections as soon as possible.
    • To initiate the closure of a TCP connection, the device will send a "FIN" packet to the other device. Of course, with TCP, the other device will also have to acknowledge this packet.
  • UDP
    • The User Datagram Protocol (UDP) is another protocol that is used to communicate data between devices.
    • Unlike its brother TCP, UDP is a stateless protocol that doesn't require a constant connection between the two devices for data to be sent. For example, the Three-way handshake does not occur, nor is there any synchronisation between the two devices.
  • UDP Advantages and Disadvantages:
  • UDP Headers:
    • Time to Live (TTL): This field sets an expiry timer for the packet, so it doesn't clog up your network if it never manages to reach a host or escape!
    • Source Address: The IP address of the device that the packet is being sent from, so that data knows where to return to.
    • Destination Address: The device's IP address the packet is being sent to so that data knows where to travel next.
  • UDP Headers:
    • Source Port: This value is the port that is opened by the sender to send the UDP packet from. This value is randomly chosen (out of the ports from 0-65535 that aren't already in use at the time).
    • Destination Port: This value is the port number that an application or service is running on the remote host (the one receiving the data); for example, a webserver running on port 80. Unlike the source port, this value is not chosen at random.
    • Data: This header is where data, i.e. bytes of a file that is being transmitted, is stored.
  • UDP Connection Flow:
  • Port Fowarding:
    • Port forwarding is an essential component in connecting applications and services to the Internet. Without port forwarding, applications and services such as web servers are only available to devices within the same direct network.
    • Take the network below as an example. Within this network, the server with an IP address of "192.168.1.10" runs a webserver on port 80. Only the two other computers on this network will be able to access it (this is known as an intranet).
  • Port Fowarding:
    • If the administrator wanted the website to be accessible to the public (using the Internet), they would have to implement port forwarding, like in the diagram below:
    • Understand that port forwarding opens specific ports
    • Port forwarding is configured at the router of a network.
  • A firewall is a device within a network responsible for determining what traffic is allowed to enter and exit. Think of a firewall as border security for a network. An administrator can configure a firewall to permit or deny traffic from entering or exiting a network based on numerous factors
  • Firewall Factors:
    • Where the traffic is coming from? (has the firewall been told to accept/deny traffic from a specific network?)
    • Where is the traffic going to? (has the firewall been told to accept/deny traffic destined for a specific network?)
    • What port is the traffic for? (has the firewall been told to accept/deny traffic destined for port 80 only?)
    • What protocol is the traffic using? (has the firewall been told to accept/deny traffic that is UDP, TCP or both?)
  • Stateful Firewalls:
    • This type of firewall uses the entire information from a connection; rather than inspecting an individual packet, this firewall determines the behaviour of a device based upon the entire connection.
    • This firewall type consumes many resources in comparison to stateless firewalls as the decision making is dynamic. For example, a firewall could allow the first parts of a TCP handshake that would later fail.
    • If a connection from a host is bad, it will block the entire device.
  • Stateless Firewalls:
    • This firewall type uses a static set of rules to determine whether or not individual packets are acceptable or not. For example, a device sending a bad packet will not necessarily mean that the entire device is then blocked.
    • They use less resources but they are much dumber. For example, these firewalls are only effective as the rules that are defined within them. If a rule is not exactly matched, it is effectively useless.
    • However, these firewalls are great when receiving large amounts of traffic from a set of hosts (such as a Distributed Denial-of-Service attack)
  • VPN Benefits:
    Allows networks in different geographical locations to be connected:
    • For example, a business with multiple offices will find VPNs beneficial, as it means that resources like servers/infrastructure can be accessed from another office.
  • VPN Benefits:
    Offers privacy:
    • VPN technology uses encryption to protect data. This means that it can only be understood between the devices it was being sent from and is destined for, meaning the data isn't vulnerable to sniffing.
    • This encryption is useful in places with public WiFi, where no encryption is provided by the network. You can use a VPN to protect your traffic from being viewed by other people.
  • VPN Benefits:
    Offers anonymity:
    • Journalists and activists depend upon VPNs to safely report on global issues in countries where freedom of speech is controlled.
    • Usually, your traffic can be viewed by your ISP and other intermediaries and, therefore, tracked. 
    • The level of anonymity a VPN provides is only as much as how other devices on the network respect privacy. For example, a VPN that logs all of your data/history is essentially the same as not using a VPN in this regard.
  • VPNs: PPP:
    • This technology is used by PPTP (explained below) to allow for authentication and provide encryption of data. VPNs work by using a private key and public certificate (similar to SSH). A private key & certificate must match for you to connect.
    This technology is not capable of leaving a network by itself (non-routable).
  • VPN: PPTP:
    • The Point-to-Point Tunneling Protocol (PPTP) is the technology that allows the data from PPP to travel and leave a network. 
    PPTP is very easy to set up and is supported by most devices. It is, however, weakly encrypted in comparison to alternatives.
    • IPSecInternet Protocol Security (IPsec) encrypts data using the existing Internet Protocol (IP) framework.
    IPSec is difficult to set up in comparison to alternatives; however, if successful, it boasts strong encryption and is also supported on many devices.
  • What is a Router?
    • It's a router's job to connect networks and pass data between them. It does this by using routing (hence the name router!).
    • Routing is the label given to the process of data travelling across networks. Routing involves creating a path between networks so that this data can be successfully delivered. Routers operate at Layer 3 of the OSI model. They often feature an interactive interface (such as a website or a console) that allows an administrator to configure various rules such as port forwarding or firewalling.
  • What is a Switch?
    • A switch is a dedicated networking device responsible for providing a means of connecting to multiple devices. Switches can facilitate many devices (from 3 to 63) using Ethernet cables.
    • Switches can operate at both layer 2 and layer 3 of the OSI model. However, these are exclusive in the sense that Layer 2 switches cannot operate at layer 3.
    • Take, for example, a layer 2 switch in the diagram below. These switches will forward frames (remember these are no longer packets as the IP protocol has been stripped) onto the connected devices using their MAC address.
  • These switches are solely responsible for sending frames to the correct device.
    • Now, let's move onto layer 3 switches. These switches are more sophisticated than layer 2, as they can perform some of the responsibilities of a router. Namely, these switches will send frames to devices (as layer 2 does) and route packets to other devices using the IP protocol. 
    Let's take a look at the diagram below of a layer 3 switch in action. We can see that there are two IP addresses: 
    • 192.168.1.1
    • 192.168.2.1
    • A technology called VLAN (Virtual Local Area Network) allows specific devices within a network to be virtually split up. This split means they can all benefit from things such as an Internet connection but are treated separately. This network separation provides security because it means that rules in place determine how specific devices communicate with each other. This segregation is illustrated in the diagram below: