NETWOKING

1. OSI Model Overview

 Concept: Divides network communication into seven abstraction layers to
standardize interactions and troubleshooting.
 Purpose: Helps understand, design, and troubleshoot network communication
systems.
Layers and Key Functions:
1. Physical Layer (Layer 1):
o Function: Manages the physical connection between devices.
o Data Form: Bits.
o Key Responsibilities: Bit synchronization, bit rate control, defining physical
topologies (bus, star, mesh), and transmission modes (simplex, half-duplex,
full-duplex).
o Devices: Hub, repeater, modem, cables.
2. Data Link Layer (Layer 2):
o Function: Ensures error-free transmission between nodes over the physical
layer.
o Data Form: Frames.
o Sublayers: Logical Link Control (LLC) and Media Access Control (MAC).
o Key Responsibilities: Framing, physical addressing (MAC addresses), error
control, flow control, and access control.
o Devices: Switch, bridge.
3. Network Layer (Layer 3):
o Function: Manages data transfer between different networks.
o Data Form: Packets.
o Key Responsibilities: Routing and logical addressing (IP addresses).
o Devices: Router.
4. Transport Layer (Layer 4):
o Function: Ensures end-to-end communication and error recovery.
o Data Form: Segments.
 o Key Responsibilities: Segmentation and reassembly, service point addressing
(port numbers), connection-oriented and connectionless service.
o Protocols: TCP, UDP.
5. Session Layer (Layer 5):
o Function: Manages sessions between applications.
o Key Responsibilities: Session establishment, maintenance, termination,
synchronization, and dialog control.
o Protocols: NetBIOS, PPTP.
6. Presentation Layer (Layer 6):
o Function: Translates, encrypts, and compresses data.
o Key Responsibilities: Translation (e.g., ASCII to EBCDIC),
encryption/decryption, compression.
o Formats: JPEG, MPEG, GIF.
7. Application Layer (Layer 7):
o Function: Interfaces directly with end-user applications.
o Key Responsibilities: Network virtual terminal, file transfer access and
management, mail services, directory services.
o Protocols: SMTP, HTTP, FTP.

2.TCP/IP Model Overview

 Concept: Core framework for computer networking, crucial for the Internet.
 Purpose: Defines data transmission across networks, ensuring reliable
communication.
 Layers: Four layers – Link Layer, Internet Layer, Transport Layer, Application Layer.
Functions of Each Layer:
1. Link Layer:
o Function: Manages physical and logical device connections.
o Responsibilities: Error prevention, framing, physical addressing.
o Protocols: Ethernet, PPP.
2. Internet Layer:
o Function: Handles logical data transmission across networks.
 o Responsibilities: Routing packets, IP addressing.
o Protocols: IP (IPv4, IPv6), ICMP, ARP.
3. Transport Layer:
o Function: Ensures reliable, end-to-end communication.
o Responsibilities: Error checking, flow control, data segmentation.
o Protocols: TCP (reliable), UDP (unreliable).
4. Application Layer:
o Function: Interfaces with end-user applications.
o Responsibilities: Manages high-level protocols for web browsing, email, file
transfer.
o Protocols: HTTP/HTTPS, FTP, SMTP, SSH, NTP.
Key Functions and Characteristics:
 Data Transmission: Ensures reliable, accurate data transfer.
 Packet Division: Divides data into packets, recombines at the receiver’s end.
 Addressing and Routing: Uses IP addresses to route packets.
Difference Between TCP and IP:
 TCP:
o Reliable, ordered, error-checked delivery.
o Connection-oriented, includes error handling, flow control, congestion
control.
o Larger header size, provides data segmentation and transmission
acknowledgment.
 IP:
o Provides addressing and routing.
o Connectionless, does not handle errors, flow control, or congestion control.
o Smaller header size, does not guarantee delivery or order.
Advantages of TCP/IP Model:
 Interoperability: Compatible across various systems.
 Scalability: Suitable for networks of all sizes.
 Standardization: Based on open standards.
 Flexibility: Supports diverse protocols and data types.
 Reliability: Ensures data integrity and retransmission.
Disadvantages of TCP/IP Model:
 Complex Configuration: Difficult to manage in large networks.
 Security Concerns: Originally not designed for security, leading to potential
vulnerabilities.
 Inefficiency for Small Networks: Overhead may be excessive for small setups.
 Address Space Limitation: IPv4 address space is limited; IPv6 solves this issue.
 Data Overhead: TCP’s reliability features add overhead, reducing efficiency.

3.Address Resolution in DNS (Domain

Name Server)

Name-Address Resolution: Mapping a domain name to an IP address or vice

versa, performed by the DNS Resolver.

Resolver:
 Role: Acts as a DNS client, sending mapping requests to DNS servers.
 Process:
o Queries the local DNS server.
o If the local server cannot resolve the query, it refers the resolver to other
servers.
o The resolver checks the response and delivers the result to the requesting
process.
Mapping Names to Addresses:
 Process:
o For generic domains: The resolver sends a query to the local DNS server. If
unresolved locally, the query is referred to other servers.
o For country domains: The process is similar.
Mapping Addresses to Names:
PTR Query:
 Client sends an IP address to be mapped to a domain name.
 DNS uses the inverse domain, reversing the IP address and appending "in-addr.arpa".
 Local DNS resolves the query.

Resolution Types:
1. Recursive Resolution:
o Process:
 Client requires the local server to provide the requested mapping or
an error message.
 Query forwarded from local DNS to root name server, then to top-
level domain server, and so on until resolved.
 Response travels back through the chain to the client.
2. Iterative Resolution:
o Process:
 Each server that cannot resolve the query sends the IP address of the
next server.
 The client repeats the query to each referred server until the mapping
is resolved.
Caching Mechanism:
 Function: Speeds up resolution by storing mapping information in cache memory.
 Issue: Cached mappings can become outdated; servers must periodically purge
expired entries.
Comparison of Iterative and Recursive Resolution:

Property Iterative Resolution Recursive Resolution

Returns the requested

Server Returns the best match or
mapping or an error
Response a referral
message

Query Each server sends the IP Only the local server sends
Propagation address of the next server the query to the next server

Lower load on servers as

Higher load on servers
Server Load only the local server is
due to multiple queries
queried

Response Time Longer response time Shorter response time

Cache Usage Lower cache hit rate Higher cache hit rate
 Property Iterative Resolution Recursive Resolution

Security Lower security Higher security

4. Dynamic Host Configuration Protocol (DHCP)

Overview:
 DHCP (Dynamic Host Configuration Protocol) automates IP address assignment and
other network configurations to devices.
 Simplifies network management by avoiding manual IP configuration for each device.
 Essential for efficiently managing large networks and avoiding conflicts.

Key Components:
1.DHCP Server: Manages IP addresses and configuration information.
2.DHCP Client: Device receiving configuration from the server.
3. DHCP Relay: Communicates between clients and server.
4.IP Address Pool: Range of IP addresses managed by the server.
5. Subnets: Smaller network segments for traffic management.
6. Lease: Duration for which an IP address is assigned to a device.
7.DNS Servers and Default Gateway: Additional configurations provided by DHCP.
8.Options: Additional settings like subnet mask, domain name, and time server
information.
DHCP Operation (DORA Process):
1. DHCP Discover: Client broadcasts to find DHCP servers.
2. DHCP Offer: Server responds with an available IP address.
3. DHCP Request: Client requests to lease the offered IP address.
4. DHCP Acknowledgment (ACK): Server confirms and assigns the IP address.
Additional DHCP Messages:
 DHCP Negative Acknowledgment (NAK): Sent when the server cannot assign an IP
address.
 DHCP Decline: Sent by the client if the offered IP address is already in use.
 DHCP Release: Client releases the IP address back to the server.
 DHCP Inform: Client requests additional configuration parameters without a new IP
address.
 Security Considerations:
 Limited IP Addresses: Prevent IP exhaustion from attacks.
 Fake DHCP Servers: Protect against unauthorized servers providing incorrect IP
information.
 DNS Access: Ensure proper network restrictions to prevent data access issues.
Advantages of DHCP:
 Centralized management and automation of IP address assignment.
 Simplifies adding new devices to the network.
 Efficient IP address reuse and management.
 Supports dynamic updates and failover for redundancy.
Disadvantages of DHCP:
 Potential IP conflicts.
 Clients may accept configurations from unauthorized servers.
 Network access depends on the availability of a DHCP server.

5. Differences between TCP and UDP

 TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are transport layer
protocols.
 TCP is connection-oriented, ensuring reliable data transfer.
 UDP is connectionless, ideal for low-latency, loss-tolerant communication.
Transmission Control Protocol (TCP):
 Purpose: Provides reliable, ordered, and error-checked delivery of data.
 Features:
o Tracks segments using sequence numbers.
o Implements flow control to manage data transfer rates.
o Uses error control mechanisms.
o Considers network congestion.
 Applications:
o Web Browsing (WWW): Reliable data transfer between browsers and servers.
o Email: Supports protocols like SMTP for email delivery.
 o File Transfer Protocol (FTP): Ensures secure file transfers.
o Secure Shell (SSH): Provides encrypted remote administration.
o Streaming Media: Ensures smooth playback of videos and music.
Advantages:
 Reliable connection maintenance.
 Sends data in a specific sequence.
 OS-independent operations.
 Supports various routing protocols.
 Adjusts data speed based on the receiver's capacity.
Disadvantages:
 Slower than UDP.
 Higher bandwidth usage.
 Not suitable for LAN and PAN networks.
 No multicast or broadcast support.
 Fails to load a page if any data is missing.
User Datagram Protocol (UDP):
 Purpose: Enables low-latency and loss-tolerant communication without establishing
a connection.
 Features:
o Suitable for simple request-response communication.
o Supports packet switching for multicasting.
o Used in some routing protocols like RIP.
o Ideal for real-time applications with minimal delay tolerance.
 Applications:
o Real-Time Multimedia Streaming: Low-latency streaming of audio and video.
o Online Gaming: Fast communication between players.
o DNS Queries: Efficient domain name lookups.
o Network Monitoring: Rapid data exchange for monitoring tools.
o Multicasting: Sends data to multiple recipients simultaneously.
o Routing Update Protocols: Used by protocols like RIP.
 Advantages:
 No connection required for data transfer.
 Supports broadcast and multicast.
 Operates across various network types.
 Suitable for live and real-time data.
 Delivers data even if incomplete.
Disadvantages:
 No acknowledgment of successful data transfer.
 Cannot track data sequence.
 Unreliable due to its connectionless nature.
 Packets may be dropped during collisions or errors.

o DIFFERENCE BETWEEN TCP & UDP

TCP (Transmission Control Protocol):
 Type: Connection-oriented
 Reliability: Reliable, guarantees data delivery
 Error Checking: Extensive, with flow control and acknowledgments
 Sequencing: Ensures packets arrive in order
 Speed: Slower, due to overhead
 Retransmission: Retransmits lost packets
 Header Length: Variable (20-60 bytes)
 Weight: Heavy-weight
 Handshaking: Requires handshakes (SYN, ACK, SYN-ACK)
 Broadcasting: Does not support
 Protocols: HTTP, HTTPS, FTP, SMTP, Telnet
 Stream Type: Byte stream
 Overhead: Low but higher than UDP
 Applications: Reliable communication (e.g., email, web browsing)
UDP (User Datagram Protocol):
 Type: Datagram-oriented
  Reliability: Unreliable, no guarantee of delivery
 Error Checking: Basic, with checksums
 Sequencing: No inherent sequencing
 Speed: Faster, more efficient
 Retransmission: No retransmission of lost packets
 Header Length: Fixed (8 bytes)
 Weight: Lightweight
 Handshaking: No handshake
 Broadcasting: Supports
 Protocols: DNS, DHCP, TFTP, SNMP, VoIP
 Stream Type: Message stream
 Overhead: Very low
 Applications: Fast communication, acceptable data loss (e.g., VoIP, gaming,
streaming)
Example Analogy:
 TCP: Like sending a letter with a bridge ensuring reliable delivery.
 UDP: Like sending a letter by pigeon, faster but less reliable.

6.Types of Virtual Private Network (VPN) and

its Protocols
VPN Types:
1. Remote Access VPN:
o Purpose: Connects users to a private network over the Internet securely.
o Uses: Remote work, bypassing regional restrictions, enhancing privacy.
2. Site-to-Site VPN:
o Purpose: Connects multiple office locations' networks.
o Intranet-based: Connects offices of the same company.
o Extranet-based: Connects with other companies' networks.
3. Cloud VPN:
o Purpose: Connects users to cloud-based resources securely.
o Uses: Connecting on-premises resources to cloud services.
 4.Mobile VPN:
o Purpose: Secures connections from mobile devices.
o Uses: Access corporate resources, secure public Wi-Fi, often integrated into device
management.
5. SSL VPN:
o Purpose: Uses SSL/TLS protocols for secure web browser-based access.
o Uses: Access internal resources easily without extra software.

6.PPTP VPN:
o Purpose: Uses Point-to-Point tunnelling Protocol for simple and
fast VPN connection.
o Security: Less secure due to weaker encryption.

7. L2TP VPN:
o Purpose: Uses Layer 2 tunnelling Protocol, often with IPSec for added
security.
o Security: More secure than PPTP but still has vulnerabilities.

OpenVPN:
o Purpose: Open-source, highly configurable, uses SSL/TLS for secure
connections.
o Security: Considered very secure with advanced features.

VPN Protocols:
1. IPSec (Internet Protocol Security):
 Modes: Transport Mode (encrypts data packets) and tunnelling Mode (encrypts
entire packets).
2. L2TP (Layer 2 tunnelling Protocol):
 Purpose: Often combined with IPSec for secure tunnelling.
3. PPTP (Point-to-Point tunnelling Protocol):
 Purpose: Uses PPP for encryption; less secure compared to others.
4.SSL/TLS (Secure Sockets Layer / Transport Layer Security):
 Purpose: Secures connections through web browsers; used for online transactions.
5.SSH (Secure Shell):

 Purpose: Creates an encrypted tunnel for secure data transfer.

6.SSTP (Secure Socket tunnelling Protocol):
  Purpose: Uses SSL for secure connections; available for Windows only.
7.IKEv2 (Internet Key Exchange version 2):

 Purpose: Provides fast and secure connections; less widely supported.

8.WireGuard:

 Purpose: New, lightweight protocol aiming to be faster and more secure.

Important Points:
 Remote Access VPN is for individual secure connections.
 Site-to-Site VPN connects multiple office networks.
 Cloud VPN secures connections to cloud resources.
 Mobile VPN secures mobile connections.
 SSL VPN is easy to use with web browsers.
 PPTP is simple but less secure.
 L2TP is more secure, often with IPSec.
 OpenVPN is highly secure and flexible.
 VPN Protocols vary in security, ease of use, and compatibility.

7.HTTP/HTTPS
Hypertext Transfer Protocol Secure (HTTPS):
 Definition: HTTPS is a secure variant of HTTP, used for secure communication and
data transfer between a web browser and a website.
 Purpose: Ensures the encryption of sensitive information like passwords and contact
details during transmission.
Differences between HTTP and HTTPS:
 HTTP:
o Stands for Hypertext Transfer Protocol.
o URL begins with "http://".
o Works at the Application Layer.
o Faster speed.
 HTTPS:
o Stands for Hypertext Transfer Protocol Secure.
 o URL begins with "https://".
o Works at the Transport Layer.
o Slower speed due to encryption.
How HTTPS Works:
 Communication: Establishes secure communication using SSL (Secure Socket Layer)
and TLS (Transport Layer Security).
 Encryption: Adds a layer of SSL/TLS over the conventional HTTP protocol, ensuring
data is encrypted during transmission.
Secure Socket Layer (SSL):
 Role: Ensures secure and reliable data transfer between communicating systems.
 SSL Certificate: Uses a digital certificate to establish a secure communication link.
Encryption in HTTPS:
 Private Key: Used for decryption, resides on the server-side, controlled by the
website owner.
 Public Key: Used for encryption, accessible to all users communicating with the
server.
Advantages of HTTPS:
 Secure Communication: Provides encryption during transmission.
 Data Integrity: Ensures data cannot be read or modified if compromised.
 Privacy and Security: Prevents attackers from passively accessing exchanged data.
 Faster Performance: Encrypts data and reduces its size for faster transmission.

8 .NAT(Network Address Translation)

Network Address Translation (NAT) translates IP addresses to enable traffic from one host to appear
as if it's coming from another, solving various network issues with straightforward configuration.
Key Concepts:
1. Uses of NAT:
o Translation of Non-Unique to Unique Addresses: Common in household
routers for converting private internal addresses to public Internet addresses.
o Address Range Transition: Useful during company IP address reorganization
or mergers to handle overlapping addresses.
 o TCP Load Sharing: Distributes traffic among multiple servers using a single
public address translated to several internal addresses in a round-robin
fashion.
2. Inside and Outside Addresses:
 Inside Local Address: Address within the organizational network.
 Inside Global Address: Internal address as seen from outside the network.
 Outside Local Address: External address as seen within the organizational network.
 Outside Global Address: External address as seen from outside the organizational
network.
3. NAT Types:
 Static NAT: Maps a single internal address to a single external address.
 Dynamic NAT: Maps an internal address (or addresses) to a pool of external
addresses.
 Overloading (PAT): Multiple internal hosts share a single external address using
different port numbers.
Configuration Steps:
1. Static NAT Configuration:
o Enter global configuration mode.
o Configure static NAT translation.
o Configure the inside and outside NAT interfaces.
2. Dynamic NAT Configuration:
o Enter global configuration mode.
o Configure a dynamic NAT address pool.
o Define addresses to be translated using an access list.
o Configure the dynamic NAT translation.
o Configure the inside and outside NAT interfaces.
3. TCP Load Balancing Configuration:
o Enter global configuration mode.
o Configure the NAT address pool for load balancing.
o Define the virtual address using an access list.
o Configure TCP server load balancing.
o Configure the inside and outside NAT interfaces.
 9.Firewall in Computer Network
What is a Firewall?
 A network security device (hardware or software) that monitors and controls
incoming and outgoing traffic.
 Acts as a barrier between a trusted internal network and untrusted external
networks.
 Actions:
o Accept: Allows traffic.
o Reject: Blocks traffic and sends an “unreachable error” response.
o Drop: Blocks traffic with no response.

History and Need for Firewalls:

 Before firewalls, Access Control Lists (ACLs) on routers were used, but they were
insufficient for detailed threat management.
 Firewalls provide robust protection, essential for organizations connected to the
internet.
How Firewalls Work:
 Firewalls match network traffic against predefined rules and apply actions based on
these rules.
 Maintain separate rules for incoming and outgoing traffic.
 Commonly handle TCP, UDP, and ICMP protocols.
Types of Firewalls:
1. Packet Filtering Firewall: Monitors and filters traffic based on IP addresses,
protocols, and ports.
2. Stateful Inspection Firewall: Tracks the state of network connections and makes
filtering decisions based on connection states.
3. Software Firewall: Installed on individual devices or cloud servers; controls data
packet flow.
4. Hardware Firewall: Physical devices that filter traffic before it reaches network
endpoints.
5. Application Layer Firewall: Inspects and filters packets at any OSI layer, especially
useful for blocking specific content.
 6. Next Generation Firewall (NGFW): Includes deep packet inspection, application
inspection, SSL/SSH inspection, and more.
7. Proxy Service Firewall: Filters communications at the application layer, acting as a
gateway between networks.
8. Circuit Level Gateway Firewall: Operates at the session layer, allowing or blocking
data based on TCP connections.
Functions of Firewalls:
 Filters all incoming and outgoing data.
 Logs network activity.
 Inspects data packets to ensure data integrity.
 Examines and blocks unwanted traffic.
 Provides a secure barrier, reducing the attack surface to a single-entry point.
Importance and Benefits:
 Protects against unauthorized access, malware, and other threats.
 Controls network access and monitors network activity.
 Helps organizations comply with regulatory requirements.
 Enhances security by segmenting networks and regulating traffic.
Disadvantages:
 Can be complex to set up and maintain.
 Limited visibility into threats at the application or endpoint level.
 May provide a false sense of security.
 Can impact network performance and scalability.
 May be costly, especially for advanced features or multiple deployments.

10 .3-way handshake
Explanation of the three-way handshake via TCP/IP:
Overview:
 Audience: Individuals familiar with TCP/IP.
 Topic: Process of TCP three-way handshake during connection establishment and
termination.
TCP Control Bits:
  URG: Urgent Pointer field significant
 ACK: Acknowledgment field significant
 PSH: Push Function
 RST: Reset the connection
 SYN: Synchronize sequence numbers
 FIN: No more data from sender
Scenarios for Three-Way Handshake:
1. Establishing a connection (active open).
2. Ending a connection (active close).
Connection Establishment (Three-Way Handshake):
1. Frame 1 (Client to Server):
o Client sends a SYN segment to the server.
o Details:
 Sequence Number: Client's Initial Sequence Number (ISN) + 1.
 Flags: SYN
 Acknowledgment: 0
 Option: Maximum Segment Size (MSS).
2.Frame 2 (Server to Client):

 Server responds with SYN-ACK.

 Details:
o Acknowledgment Number: Client's Sequence Number + 1.
o Sequence Number: Server's ISN.
o Flags: SYN, ACK.

3. Frame 3 (Client to Server):

 Client acknowledges the server's SYN with ACK.
 Details:
o Acknowledgment Number: Server's Sequence Number + 1.
o Flags: ACK.

Connection Termination (Four-Way Handshake):

1. Frame 4 (Client to Server):
o Client sends a FIN-ACK segment.
 o Details:
 Sequence Number: Current sequence number.
 Acknowledgment Number: Current acknowledgment number.
 Flags: FIN, ACK.
2. Frame 5 (Server to Client):
o Server acknowledges the client's FIN.
o Details:
 Sequence Number: Current sequence number.
 Acknowledgment Number: Client's sequence number + 1.
 Flags: ACK.
3. Frame 6 (Server to Client):
o Server sends a FIN-ACK segment.
o Details:
 Sequence Number: Current sequence number.
 Acknowledgment Number: Client's acknowledgment number.
 Flags: FIN, ACK.
4. Frame 7 (Client to Server):
o Client acknowledges the server's FIN.
o Details:
 Sequence Number: Current sequence number.
 Acknowledgment Number: Server's sequence number + 1.
 Flags: ACK.