Network_Fundamentals.md

Notes

Internet Standard organizations

IETF - https://www.ietf.org/standards/
IANA - https://www.iana.org/
IEEE - https://www.ieee.org/

Message formatting

1. Header

• contain formation about the type of data being passed

2. Data

• The payload being trasmitted which may include higher level protocols

3. Footer/Trailer

• may holds error-checking but not always required depending on protocol

OSI Model

Physical Layer (OSI layer one)

The most basic layer which is measured by bits over a network

Data Link Layer (OSI Layer Two)

The layer where two host are trying to communicate inbetween

1. MAC

• Act as a sublayer governing protocol access to the physical medium, physical addressing, and acts as an interface between the LLC and physical layer

2. Logical Link Control

• Manages communication between devices over a single link of the network that includes error checking and data flow

Ethernet

the most common layer 2 protocol

ARP

Protocal to link IP addresses to MAC addresses

Network Layer (OSI Layer Three)

The layer responsable for the Internet

IPv4

• When The payload is too large it may be fragmented

IPv6

ICMP

\

Zero Confiuration

Enables layer 3 networking with out configuation and administration

Transport Layer (OSI Layer four)

responsible for error free data transfer

TCP

UDP

Session Layer (OSI Layer 5)

maintains the state of ongoing connections

Socks

initaiates coonections through a proxy

PPTP

obsolete method to create VPN tunnels

L2TP

allows for Tunneling without native encryption

SMB/CIFS

establish connections for share files, printers, extra

RPC

requests for a response protocol

Presentation Layer (OSI Layer 6)

deals with the Translating, Formatting, Encryption, and Compression of data

Application Layer (OSI Layer 7)

FTP active

FTP Passive

ssh

Traffic Sniffing

Libpcap -- pull all traffic from the nic, must have elevated privilege C/C++ portable used on with Wireshark and TCPDump, installed on Linux by default TCPDump -- a Command line packet sniffer tool
Berkeley Packet Filter -- TCPDump active monotoring
Bitwise Masking -- filters down to the bit

• Example
  ip[0] & 0x0F > 0x05
  

Layer 2 Switching Technologies

• Switches contain a CAM table which holds mac addr, vlan and port information
• Spanning Tree protocol prevents endless frames circualtion by setting a root
• The Dynamic Trunking Protocol (DTP) is a Cisco proprietary Layer 2 protocol. Its purpose is to dynamically negotiate trunking on a link between two switches running VLANS. It can also negotiate the type of trunking protocol to be used on the link (802.1q or ISL). DTP works by exchanging small DTP frames between two supporting devices to negotiate the link parameters.
• Cisco Discovery Protocol (CDP) is a Layer 2, Cisco proprietary protocol used to share information with other directly connected Cisco devices. CDP is protocol and media independent and runs on all Cisco routers, switches, and other devices.

Layer 3 Routing Techologies

• The table includes routes to what it determines is the "best route" to the destination network. When a packet enters a router it will be decapsulated
  
• Best Route = Longest Match

Interior Gateway Protocols (IGP): Routing protocols that are used within an AS. Referred to as intra-AS routing. Organizations and service providers IGPs on their internal networks. IGPs include RIP, EIGRP, OSPF, and IS-IS.

Exterior Gateway Protocols (EGP): Used primarily for routing between autonomous systems. Referred to as inter-AS routing. Service providers and large companies will interconnect their AS using an EGP. The Border Gateway Protocol (BGP) is the only currently viable EGP and is the official routing protocol used by the Internet.