Networking - Part II

1. TCP/IP Model
2. TCP (connection oriented protocol)
3. UDP (connectionless protocol)
4. TCP/UDP Datagram
5. IP - IPv4 and IPv6, ports and mac addresses
6. DNS Resolution
7. ARP and Types of Casting
8. Classful vs Classless IP Addressing
9. Firewall and Its Types
10. Encryption and Its Types
 TCP/IP Model
1. Host to network layer -
a. Top layer.
b. This layer is responsible for the transmission
of the data between two devices on the same
network.
c. This layer defines how the data should be
sent physically through the network.
2. Network or the Internet layer -
a. This layer helps send the packets from any
network to the destination irrespective of the
route they take. 4. Application -
b. Sends data from one node to another with a. The application layer allows users to
the help of various network hops. interact with other software applications.
3. Transport - b. It interacts with software applications to
a. It provides data flow from source to implement a communicating segment.
destination. c. Examples of the application layer is an
b. It determines how much data should be sent application such as file transfer, email,
where and at what rate. login, etc.
c. Ensures error free and sequential data
delivery
TCP - CONNECTION ORIENTED
PROTOCOL
1. It stands for transmission control protocol.
2. In this protocol, a secure connection is established before
sending data.
3. We get to know whether the data has been delivered or not.
4. It happens using a process called three way handshake.
a. SYN -> SYN-ACK -> ACK
5. After successful data transmission, the connection is closed.
a. FIN -> ACK -> FIN -> ACK
TCP DATAGRAM
1. Source and destination port contains the port number used
for sending and receiving requests and responses by devices
2. The sequence number refers to the stream flowing in the
same direction as the segment, while the acknowledgment
number refers to the stream flowing in the opposite direction
from the segment.
3. Data Offset - It tells how many 32-bit words are contained in
the TCP header.
4. Reserved field is set to 0 by default and used for any future
uses.
5. Flags field (6 bits) contains the various flags like URG, ACK,
PSH, SYN, RST, and FIN.
6. Checksum field (16 bits) indicates whether the header was
damaged in transit and it is a mathematical calculation.
7. Urgent pointer field (16 bits) points to the first urgent data
byte in the packet.
8. Data is the actual data we are sending.
9. Padding is used proper fitting of options field.
UDP - CONNECTIONLESS
PROTOCOL
1. It stands for user datagram protocol
2. In this protocol, no connection is established before sending
data.
3. We do not get to know whether the data has been successfully
delivered or not.
4. The source keeps on sending data packets to the destination.
5. Many data packets may loss and couldn’t reach the
destination.
6. It is used in mostly streaming services and broadcast.
UDP DATAGRAM

1. Source and destination port contains the port number used for
sending and receiving requests and responses by devices
2. The length field (16 bits) specifies the length of the header and
data.
3. Checksum field (16 bits) allows packet integrity checking.
IP Addresses - IPv4 & IPv6
1. IP Address (Internet Protocol Address) also, known as the Logical Address, is the
network address of the system across the network.
2. To identify each device in the world-wide-web, Internet Assigned Numbers
Authority (IANA) assigns IPV4 address as a unique identifier for each device on
the Internet.
3. There are two types of IP addresses, Private and Public IP addresses. Public IP
address concept has been introduced to increase the efficiency of IP distribution.
4. The length of the IPv4 address is 32-bits consisting of 4 octets. (Hence we have
2^32 IP addresses available.)
5. It was still little short for over 8 billion population and 25 billion devices
connected to internet, so IPv6 was introduced. It is 128 bit long and written in
hexadecimal.
Ports & MAC Addresses
PORTS -
1. Port can be referred to as a logical channel through which data can be sent/received to an
application.
2. Any host may have multiple applications running, and each of these applications is identified
using the port number on which they are running.
3. Port number is a 16-bit integer, hence we have 2^16(65535) ports available.
MAC Addresses -
1. MAC Address (Media Access Control address) is also known as physical address, is the unique
identifier of each host and is associated with the NIC (Network Interface Card).
2. MAC address is assigned to the NIC at the time of manufacturing.
3. Length of the MAC address is : 48 bits
58:6D:8F:CA:A7:CB -> 8x6 = 48 bits
 DNS Resolution
1. DNS resolution stands for domain name server
resolution.
2. Every domain name is mapped with one or more
IP addresses.
3. DNS resolution works in below mentioned steps -
Client Machine -> Resolver -> Root Servers -> TLD
(Top Level Domain) -> ANS (Authoritative Name
Server)
4. It can be done using TCP and UDP. Mostly UDP is
used because it requires less number of requests
and responses.
ARP & CASTING
ARP -
1. It stands for Address Resolution Protocol
2. It is used to convert the IP address to its corresponding Physical
Address (i.e.MAC Address).
3. ARP is used by the Data Link Layer to identify the MAC address of the
Receiver’s machine.
Casting -
1. Casting means transferring some data packets over a network from a
source to a destination over any communication channel.
2. There are 3 types of casting -
a. Unicast
b. Multicast
c. Broadcast
Classful IP Addressing
1. The 32 bit IP address is divided into five subclasses. These
are Class A, B, C, D, E.
2. Each of these classes has a valid range of IP addresses.
Classes D and E are reserved for multicast and experimental
or military purposes respectively. The order of bits in the first
octet determine the classes of IP address.
3. IPv4 address is divided into two parts:
● Network ID
● Host ID
Class A - IP address belonging to class A are assigned to the
networks that contain a large number of hosts. The higher order bit Class C - Assigned to small-sized
of the first octet in class A is always set to 0. The remaining 7 bits networks.
in first octet are used to determine network ID. The 24 bits of host Range - 192.0.0.x – 223.255.255.x.
ID are used to determine the host in any network.
Range - 1.x.x.x - 126.x.x.x Class D - Reserved for multicasting.
Range - 224.0.0.0 – 239.255.255.255.
Class B - Used for medium sized networks.
Range - 128.0.x.x – 191.255.x.x. Class E - Reserved for experimental and
research purposes.
Range - 240.0.0.0 – 255.255.255.254.
Classless IP Addressing
1. It is done using Network Address and mask.
Example:
2. Network address – It identifies a network on internet. Using
Given an IP Address – 172.16.0.0/25,
this, we can find range of addresses in the network and total
find the number of subnets and the
possible number of hosts in the network.
number of hosts per subnet. Also, for
3. Mask – It is a 32-bit binary number that gives the network
the first subnet block, find the subnet
address in the address block when AND operation is bitwise
address, first host ID, last host ID, and
applied on the mask and any IP address of the block.
broadcast address.
4. The default mask in different classes are :
Class A – 255.0.0.0
Solution : This is a class B address. So,
Class B – 255.255.0.0
no. of subnets = 2^(25-16) = 2^9 = 512.
Class C – 255.255.255.0
5. We give the IP address and define the number of bits for
No. of hosts per subnet = 2^(32-25) – 2
mask along with it (usually followed by a ‘/’ symbol), like,
= 2^7 – 2 = 128 – 2 = 126
192.168.1.1/28.
FIREWALL
1. A firewall is a device installed between the internal network of an organization and the
rest of the network. It is designed to forward some packets and filter others
2. Firewalls are a set of tools that monitors the flow of traffic between networks. It filters all
network packets to determine whether or not to forward them towards their destinations.
3. A firewall is often installed away from the rest of the network so that no incoming
requests get directly to the private network resource. If it is configured properly, systems
on one side of the firewall are protected from systems on the other side.
4. Firewalls generally filter traffic based on -
a. Behaviour Based - increased traffic, policy violation, etc
b. Signature Based - attack or virus signatures
c. Anomaly Based - Learning normal and seeing a deviation
d. Heuristic Based - Algorithm
5. There are two components of firewall -
a. IDS - Intrusion Detection System (Monitors Passively)
b. IPS - Intrusion Prevention System (Monitors Actively)
Advantages
1. A firewall is an intrusion detection mechanism. Firewalls are specific to an
organization’s security policy. The settings of firewalls can be altered to make
appropriate modifications to the firewall functionality.
2. Firewalls can be configured to bar incoming traffic to POP and SNMP and to enable
email access.
3. Firewalls can also block email services to secure against spam.
4. Firewalls can be used to restrict access to specific services. For example, the
firewall can grant public access to the web server but prevent access to the telnet
and the other non-public daemons.
5. The firewall verifies the incoming and outgoing traffic against firewall rules. It acts
as a router in moving data between networks.
6. Firewalls are excellent auditors. Given plenty of disk or remote logging capabilities,
they can log any and all traffic that passes through.
Disadvantages
1. A firewall can’t prevent revealing sensitive information through social
engineering.
2. Firewall can’t protect against what has been authorized. Firewalls
permit normal communications of approved applications, but if those
applications themselves have flaws, a firewall will not stop the attack
because to the firewall, the communication is authorized.
3. Firewalls are only as effective as the rules they are configured to
enforce.
4. Firewalls can’t stop attacks if the traffic does not pass through them.
5. Firewalls also can’t secure against tunneling attempts. Applications
that are secure can be Trojaned. Tunneling bad things over HTTP,
SMTP and other protocols are quite simple and easily demonstrated.
ENCRYPTION
1. Hiding a plaintext data as a cipher text using a key is called
encryption.
2. Types -
a. Symmetric Encryption - It uses same key for encryption and
decryption.
b. Asymmetric Encryption - Requires different keys for
encryption and decryption.
c. Hybrid Encryption - Uses both symmetric and asymmetric
encryption
SESSION ENDS, THANK YOU!!