This contains the notes from about a month's worth of research to try to understand networking. It was strange being at Cisco because at first I didn't understand any of the technical lingo, and so it felt like how it must feel to nontechnical people when programming is being discussed, which was kind of a cool feeling. I watched a ton of videos to compile this information. One funny anectdote is that I told Tara that I was watching networking videos, and she thought I meant business networking and started to judge me. Eventually it came out that I was talking about computer networking, which was a pretty funny moment.
read morePacket switching is the process of actually converting data into packets that can be sent via nodes. Normally you have to manually configure nodes in a network in order to change how it operates, and you everything at once because different machines may need to be configured differently. (technique) Software-Defined Network (SDN): controlling traffic via software which is completely separate from the hardware. “Each flow through the network must first get permission from the controller, which verifies that the communication is permissible by the network policy. If the controller allows a flow, it computes a route for the flow to take, and adds an entry for that flow in each of the switches along the path.” (implementation) OpenFlow: what is becoming the standard implementation of SDN. Okay so apparently it’s the protocol used by a switch/router to communicate to a controlling unit, which will be physically distinct from that switch/router. This is highlighting the separation between the data and control layer. (open source software) OpenStack: This is an open source cloud platform. So I guess you create the infrastructure (the servers, switches, what have you) and then you can use OpenStack to just essentially get it all to work as a cloud for your service? (application MATE) Cariden Modeling: Cariden was a company that was acquired by Cisco, they have an application called “MATE” which seems to be what is modeling here. It will create a Plan file that represents the network. It takes snapshots of the network topology and puts them in a text file. BGP (border gateway protocol): a way to choose what’s the best path to a destination IP, so this is essentially how the internet works. QoS: Quality of service which means giving certain types of traffic (maybe SMTP, or SSH, or whatever) priority over others. So Cisco is rolling out a whole line of things which are supposed to eat up the customers interested in SDN. onePK: one of the things Cisco offers for its implementation of SDN. So using onePK might be for making the network more efficient in response to spikes of SMTP traffic by giving priority to that traffic? Backbone: biggest/longest connection in nation/region (heard it referred to with regard to company as well). The spine of the company with a bunch of smaller networks all branching off of/connecting to it. Broadcast domain: the area with which a given node transmits data with zero steps? So domain would be all of the nodes connected to the same access point? VLAN: A virtualized local area network. Normally, anything connected to a given access point is in the same LAN, which essentially means that when you put stuff on the wire it’ll go to everything in its LAN and each machine is instructed to ignore what’s not addressed to its own MAC address. Abstracting this to software is to allow the definition of VLANs where a packet can be transmitted to a larger area network, perhaps across multiple switches, but then that data is only actually transmitted to the nodes (by the switches/routers) that are within its VLAN?? Don’t get why not just not split up, transmit to everything, and then just make sure MAC address is correct? Is that inefficient? Revised: VLAN is the collection of all nodes that would receive a give broadcast? You define on a switch, which ports are on what VLAN. They all connect to the same switch, but you’re virtualizing multiple different LANs. You could break up your entire network into VLANs based on what makes sense, like you could have VLANs for each department in your company. You could have a VLAN for your printer network, etc. This helps by reducing collision domains to the min of what they need to be for everything to function, and you can apply ACL (access control lists), which define rules on which devices can access the other networks, so maybe the IT department VLAN can access all the other VLANs but no other device on any other VLAN can access the IT department’s VLAN. Types of VLAN: Default VLAN is “VLAN1”. Data VLAN - PC’s, servers, etc (most common). Voice VLAN - VoIP phones. Say you have a computer connected to a VoIP phone that in turn is connected to an ethernet jack, well you would likely have two VLAN’s on that wire between the phone and the port, one for Voice and one for Data, and between the phone and the computer you’d only have one VLAN there (the data one). You may want to define QoS policies on the VLAN. When you have connections between switches that have multiple VLANs on it, that link is called a “trunk”. Hackers can spoof being a switch in a VLAN, which would turn a link into a trunk and allow them to see all of the data? Double tagging is a way hackers may be able to access a VLAN that they’re not supposed to access, by putting two VLAN tags in the header of a packet. ACL (access control lists): similar to firewall rules (but lower level, because it’s layer 3). They block (that is, control) access in some way. Works on layer 3 level. They all have an implied deny all. You can have standard and extended, standard only looks at the source IP and extended looks at source, destination, as well as ports. These could slow down the network because every packet will be checked against it. So keep the number of rules checked to a minimum. Layer 3 Switching: Apparently better for routing traffic between VLANs as it’s much faster than using normal routing. Virtual Machine: A single physical server can be split up to be multiple virtual machines. Each of these machines can seem like it itself is a server. The resources of the physical machine are split up between the virtual ones. SRLG stands for (shared risk link group), which is a group of objects that would likely fail due to a common cause. That is, if one goes down they’re all going to be going down. NAT (Network Address Translation,port forwarding): This is just a hack for getting around having only 255^4 different unique IP addresses with IPv4. So what you’re doing is, on a router, setting up a way for devices outside the LAN to specify a device within the LAN using a port. So you’re creating an association between a port on that router’s WAN address (10.10.10.10:550) with a device on the LAN (say 192.168.1.105). That way any time someone types in 10.10.10.10:550, it’ll go exactly to that device on your LAN that has the end address 105. Is it also or maybe only: the process of translating private IP’s on an internal LAN into a single public, internet-facing IP. There’s one-to-one - single IP to single IP, many-to-one - Network to single IP, many-to-many - network to range of IP’s. You’ll most commonly see many to one (like in your home network). There’s also PAT (port address translation) which occurs when, say, two computers on a LAN are trying to use the same port to request web traffic, but the router can’t let that happen because if it did it wouldn’t know which response traffic to give to which computer, so the router will do PAT to change the outgoing port of the second request to something else. It’s also called NAT overloading. But it can also be used for changing the incoming port too, like say you’re hosting a web server behind a LAN that’s using local private IPs, well they’ll try to access your server on port 80, but you can use PAT to have that 80 translated to 8080 if you want 80 open for something else. Spanning Tree: prevents loops on layer 2 (because the max hops only applies to packets on layer 3, if you had a loop in your network then layer 2 traffic would loop around infinitely). Hub: you can think of it as only thinking about layer 1 material, because it will just broadcast all and any of the information it receives to everything it’s connected to. Switch: Smarter than a hub, it’ll keep tables that have the MAC addresses of everything that’s connected to it and what physical port they’re connected to, and then when it receives a packet that has a given MAC address as its destination, it’ll know to only send that packet on to physical port whatever. Flooding: when a switch receives a packet destined for a MAC address that’s not in its ARP table, it’ll flood which is send the packet out to all connected devices and wait for a reply from the device. When the device responds, it’ll learn the MAC address of the router and jot that down it it’s ARP table along with the port that it’s connected to. To show this table on a Mac, you do “arp -a” in terminal. ARP (address resolution protocol): a host can use ARP to discover MAC address of any host on local network. ARP security/hacks: You can “poison” ARP tables by spoofing ARP replies, so essentially claiming that you’re an IP that you’re not actually. By the same token, you could claim that you’re the default gateway for a network and then sniff everyone’s traffic. Could you do a broadcast and tell everyone that you’re the new default gateway without them requesting it? I think so. If a router doesn’t know the Mac address of an IP in its route table, it too will do an ARP request to get the MAC address of the IP. Fixed switch: Basic but cheap, you can’t really configure it much. Can’t do custom switching. Modular switch: Bigger, expensive (chassis based, because it’s just a chassis that you put stuff into), you can put in racks of differing ports coming into it so some copper, some fiber, of different speeds. So the 1/1, 2/1, 2/2 notation is board/port. So the first number is which of the boards you’re on in a Modular switch, and the second is the port. You have manage boards which you can use to control how the rest of the boards operate. You could control using SSH or HTTP (web GUI). They have “uplink ports” on each board, which can be used to link boards together. They’ll transfer traffic between boards, and all the boards would share an IP for management. Port-based and Shared queue for switch: pretty self-explanatory, each port could have it’s on packet queue, or the entire switch could have a queue that’s shared among all of the devices connected to it. Apparently the shared queue is more popular now. IOS (Internetwork Operating System). Stored in nonvolatile RAM. Loaded to RAM on boot. Typing “configure terminal” when you’re in enabled mode (type “enable”), will allow you to edit a bunch of stuff. Give an IP address, change hostname, etc. You can do “show ip interface brief” to get a list of all the interfaces, and what IP is on them. “Show version” will show you information you want to know about the router. Reverse ARP: get layer 3 information from layer 2 (that is, request the IP given that you know the MAC address). Note: IP packet contains a destination and source MAC address as well as destination and source IP. Note: A host will determine if a packet has a destination in its LAN (using subnet mask I guess). Router: Even smarter than switches, they will make routing decisions to all of the networks they’re connected to. Deal with layer 3 (IP addresses). It uses what’s called a routing table to do this, which is similar to how the switch worked, except instead of an association of MAC addresses with physical ports, it’s an association of networks with interfaces (another word for physical port, but just up a level to L3). Every router contains table of locally connected networks and which interface (physical port) connects to them. This is a routing table. It can also include entries about what paths to take for networks that are not locally attached. If router can’t figure out where to forward a packet, it will drop it, but most people build in a default route which it’ll be sent if all else fails. Organizing a router’s table from best routes to worst routes is directly connected, remote networks (best static routes, then dynamic routes (EIGRP routes, then OSPF routes, then RIP routes)), default gateway. If two routes have the same weight, then you can load balance the data sent (split half and half?). Each of these is given a number, direct is 0, static is 1, EIGRP is 90, OSPF is 110, RIP is 120. Lower is better. You organize the routes by subnets, I guess. so like you’ll have level I parent routes which will be something like 192.168.1.0 and then for that header you’ll have a bunch of level II children like 192.168.1.5 and 192.168.1.8, etc. So when a packet is trying to get routed, the router will look at the table headers to see if it matches those (from top to bottom where the default gateway is the last one in there) and if it matches a header, it’ll look at all of that header’s children to see if there’s an exact match. Apparently, once you drill into a parent route and if you’d on’t find any exact IP matches in its level II children, you won’t even fallback on the default gateway. You’ll just drop that traffic. Static Routing: Can be bad because the routes aren’t advertised automatically to linked routers, which is bad because in a network of a bunch of routers, you have to go to every one and configure that static route in. If a link goes down, you can’t change the static routes very quickly. Essentially, not scalable. You have multiple types of Static routes: Standard -normal subnet, mentioned above so I think 192.168.1.0 (which would have children Level II?), default - 0.0.0.0, and summary - essentially just grouping standard routes, so networks that are actually stemming from the same source (so 192.168.1.0 and 192.168.2.0 and 192.168.3.0, etc), floating - routes that have the same destination but go through different routes, and you would give these each different numbers which indicate which one you would prefer (lower is better, as mentioned above). Dynamic Routing (interior type): One of the oldest is RIP v1 and v2, classful and classless respectively. OSPF (open shortest path first): very old. All of the routers in the network know of every link in the network and they build an entire topology, and it uses that topology to calculate the shortest past, called a link state routing protocol. IS-IS, also old, (intermediate system to intermediate system): ADD STUFF HERE. IGRP (interior gateway routing protocol): depreciated to be replaced by EIGRP (cisco proprietary): is a distance vector. It gives discovery of new networks, auto route updating, best path determination, Failover - load balancing. RIP (interior type dynamic routing protocol distance vector): very basic, essentially all it does is have each router share its own routing table with its neighbors at a certain rate (like every 30 seconds or something, which is determined by the configuration file), but the problem is that when you have a bunch of routers, say n of them, in a line, and one link goes down, it’s going to have to take n*shareWaitTime to get to the last link. Apparently this is called convergence? So this has a high (which is bad) convergence time. As for the versions, v1 (classful) and v2 (classless). with v2, every router will send its routing table (?) to a multicast address that is specific for RIP (so other routers running RIP will be listening for this address) every 30 seconds. IGRP+EIGRP: Use diffusing update algorithm (DUAL), which is used to figure out what paths to take and always have backup paths ready. Bounded triggered updates, which is like OSPF in that when a change happens to a router, it’ll notify immediately who needs to know and the advantage over RIP is it’ll notify ONLY who needs to know. Makes topology table, that is it’ll save the backup paths and not only keep the best path. Fast convergence. It’s Layer 3 independent, so you can use IPv4, v6, etc. OSPF (interior type dynamic routing protocol link-state): More complicated, widely used, what it does is every router collects information about links in the ENTIRE (?) network, and it does so in an immediate basis because as soon as a link goes down that a router is connected to, that router will tell all of its neighbors immediately who in turn will tell theirs etc. That way, every router is capable of calculating the shortest path because it knows about all links in the network. Uses SPF algorithm. Linked State. more complex than just comparing number of hops. Figures out best route by calculating link cost using bandwidth and link usage and latency etc. There are different versions. Is Classless, efficient, authentication. It has an adjacency database - store neighbors, link-state database - entire topology of network, and forwarding database - this is created based on going through the link-state database, and this is used to create the routing table. It sends “hello” packet to its neighbors, every 10 seconds. Link state request: this packet asks for details on a given link. Link -state update (LSA, linked state advertisement): the packet that replies to request or announces an update. First learns about directly connected networks. Then it’ll send hello packets to its neighbors, and build Linked-state packets for its surrounding networks (so essentially construct requests to find out about farther networks), then it’ll flood its neighbors with those packets. Then it’ll collect the LSP’s and then run the SPF algorithm and then create the routing table. After a link goes down or really any change occurs, the SPF will rerun to try to figure out what might need to change in the routing table. You can split the entire network into groups or areas, and disallow communication between those groups with the exception of one router connecting them. And that router will prevent those requests from going through but will allow traffic routing through it? Multi-area: reduces use of calculation with SPF because there will be fewer updates to any given router, reduces traffic, reduces routing table size. In this setup, you’ll have area 0 which will be your backbone, which is in charge of essentially transmitting packets between areas. ABR’s (Area-Border routers) are routers that connect areas within your network, and ASBR’s (Autonomous system border routers) are routers that connect AS’ (that is, entire networks/companies, etc) to the rest of the internet. You may be running multiple protocols in your network, but because they have different weights for each path (pretty much depending on how trusted that path should be compared to the others), what will happen is that, if the new protocol is weighted better, the routes will start to become replaced by the newer routes without manual intervention. So essentially it’ll happen naturally, you don’t have to reboot everything. SO ALL OF THESE PROTOCOLS, EIGRP, OSPF, RIP, ETC ARE JUST IMPLEMENTATIONS OF THE TCP/IP PROTOCOL. So each of them have to have ACKs, and the other things that TCP/IP would have like EIGRP: Cisco proprietary. Uses DUAL (diffusing update algorithm) to create paths. Which are loopfree and create backup paths too. Does neighbor adjacencies (sends packets to connected neighbors to learn about them). It has its own protocol (RTP - reliable transport protocol) to do this communication. It doesn’t do every 30 second updates like RIP, it does partial bounded so essentially on demand. Still makes decisions based on number of hops. Does load balancing: you can force it to take two paths to the same destination even if one is worse so that you’re not overwhelming one route. Uses k-values in DUAL to determine best path, one k value is bandwidth (K1), another is delay (K3), another is reliability (K4/K5), another is Load (K2). You can do “show ip protocols” to get info on your current routing setup. a So for all of the internal dynamic protocols, do they all see everything in their area network? Like do they know all of the links? Even the distance vector protocols? IS-IS and OSPF are linked-state protocols. Distance vector protocol: Bases everything on hops. Linked State protocol: AS (autonomous systems): groups of network, each of which use the an interior type protocol. Dynamic Routing (external): BGP (border gateway protocol). Connects autonomous Systems. DHCP (Dynamic Host Configuration Protocol): protocol for handing out IPs. A DHCP server will do this. Note: he router in a home network acts as a DHCP client and server, because it deals out IP addresses to devices on the network and it also is receiving an dynamic IP from the ISP. “A client that needs an IP address will send a DHCP Discover message which is a broadcast with a destination IP address of 255.255.255.255 (32 ones) and a destination MAC address of FF-FF-FF-FF-FF-FF (48 ones). All hosts on the network will receive this broadcast DHCP frame, but only a DHCP server will reply. The server will respond with a DHCP Offer, suggesting an IP address for the client. The host then sends a DHCP Request to that server asking to use the suggested IP address. The server responds with a DHCP Acknowledgment.” Saw something conflicting about this: Said that the broadcast address would be just the host portion of 255’s. Not sure. So there’s manual (reservation) which is reserving certain MAC addresses for a given IP address on the network. So any time that MAC connects, it’ll be given the same IP address. There’s also automatic, which is where a computer connects it gets assigned a IP address from a pool, but then that IP is permanently that computer’s. Then there’s dynamic, or “leases”, which is the most common. It gets that IP for a certain amount of time set by the admin. It will do a renewal at 50% of the time left. So it’ll ask “hey can I keep this address?” every 1/2 time the lease is good for. So for connecting, this happens: the hosts can send out a “discover” which is essentially a “who’s my server?” The server responds with an offer “here’s an IP” and then the host will request that IP “hey I’ll take that” and then the server will do an acknowledgement. In this process, DNS servers, gateway, etc could all be provided in this conversation. 127.0.0.1 - Loopback. This refers to your own computer. So if you send something out to this, you’ll receive it. If you turn on your computer and you’re connected to a network but it’s not quite working correctly, then you’ll get a Link-Local address or Self-Assigned IP. Which is in the range 169.254.0.0-169.254.255.255. This happens if you are trying to get an IP address through DHCP or BootP (?) and it doesn’t get an address. The self-assigned IP will be unique out of all the other devices on the LAN and it’s called self-assigned because the device assigned it itself. Broadcast: a device can send a broadcast which is essentially just a packet that should go out to every single device in its VLAN. Blade Server: a stripped down server with many things removed (such as hard drive). Hard drives may be removed from the servers and put in another location, so that the servers are just for computing or whatever. Rack Mount Server: more likely to only require a power cord and network cable to function (more self contained than blade server). These would be put in racks. POP: point of presence for a Service provider. . IP packet size is between 64 to 1500 bytes for Ethernet networks, and contains mostly user data Each fiber optic circuit is actually two fiber cables. One is used to transmit data; the other is used to receive data. Fiber: multimode vs single mode, single mode is more expensive and is one ray of light going straight and multi is many rays bouncing around. NIC (network interface card): don’t know much, a card in a device that deals with IP addresses. Subnet Mask: This is assigned to every host, and it tells you what part of that host’s IP address is the network portion and what portion is the host portion. So on a LAN, you would almost certainly have 255.255.255.0 which says that the first three sets indicate the network portion (1’s when converted to binary) and the last octet is for the host. So this is useful because when sending a packet because you can compare the destination IP with your subnet mask to figure out if you just need to transfer that packet within a LAN or if it needs to be sent up (or down, depending on that comparison). You can use the subnet mask of a given network to figure out how many hosts can be on that network, pretty easy, say you have the last section open, well that’s 255 hosts (but you have to subtract 2 because reasons). Unicast is a message to one recipient. Multicast is to many. And broadcast is to all. There are 5 IP address classes, ABCDE. E is for experimental use, D is reserved for “multicast”. Class C is 255.255.255.0, and it continues up like that for B 255.255.0.0 and A 255.0.0.0. Class A is only for really large organizations. So your class is dependent on the first octet, 1-127 is class A, 128-191 is B, 192-223 is C, 224-239 is D and the rest is E. Some addresses are reserved for internal usage. For class A only 10.0.0.0 is reservers. For B 172.16-172.31. And class C is 192.168.0-192.168.255. ISP’s will block any packets going to them that have private IP addresses because they are meaningless on the internet. Destination IP with all 1’s (255) in the host portion is a broadcast, so every host on the network will open it. Things that are varied by QoS (quality of service): Bandwidth, Latency, Jitter, and Reliability. They are respectively rate at which traffic is being carried, the delay in data transmission from source, the VARIANCE in latency, the percent of packets discarded by a router. Can be used to control UDP traffic. PAN - personal area network (like bluetooth devices). Access layer: anything in same LAN is in access layer. Distribution layer: nearby LANs. Core Layer: backbone. TCP: TCP formats the HTTP messages into segments to be sent to the destination host. It also provides flow control and acknowledgement of packets (ACK) exchanged between hosts. TCP will break up a message into segments (this is different from packets) and then pass it to IP. It keeps track of how many segments are sent, and if the sender does not acknowledge receipt of one of them then the sender will retransmit whichever segments were not acknowledged. On receiving end, TCP is responsible for reassembling the message from the segments and then passing them to the application. FTP and HTTP use TCP (because you want 100% transmission). Ports: When a message is sent via TCP or UDP, a destination port and source port are included in the packet (?). Destination port is what we’re familiar with, and it indicates to the server what service is being requested (21: FTP, 22: SSH, 80: HTTP). Source port is randomly generated by a host (probably out of a very large data pool). Socket: combination of the destination and source port on a packet. Essentially, a socket is a unique connection between a given server and a client for a given service because the destination port should indicate what service is used and the source port should indicate what unique client out of all the ones who are also requesting that service are doing (I mean I guess the source IP should uniquely identify too idk, but I guess if two hosts are in the same LAN then the source IP would be of their router and so you wouldn’t have unique source IP, so this is where you would need ports to uniquely identify?). The area of the network where a host can receive a garbled message resulting from a collision is known as a collision domain. Broadcast messaging: so a host will only recognize a message if the destination has its MAC address, but what you can do is send a broadcast by sending a packet with the destination FFFF.FFFF.FFFF, which all computers recognize. Default gateway: a host is given an address called a default gateway which is essentially just what IP address it should send to if it wants to get something out. Certain areas of the RF bands have been set aside for use by unlicensed devices such as wireless LANs, cordless phones and computer peripherals. This includes the 900 MHz, 2.4 GHz, and the 5 GHz frequency ranges. You can use “nslookup” to get the IP address of a specified domain name. You can use “netstat” to show all connections. Use “ifconfig” to get a bunch of info on your host. Layer 1 (Physical): Fast Ethernet port Layer 2 (Data Link): Ethernet Mac addresses Layer 3 (Network): IP addresses Layer 4 (Transport): TCP port numbers (this should identify the application that should receive the data). Layer 5 (Session): Creates and tears down connections. Layer 6 (Presentation): compresses data if needed, encryption/decryption, file formats? MX records: DNS essentially for mail, so it uses this to figure out what IP to send a piece of mail to (based on the @gmail.com). CName: is apparently like an alias? To flush your local DNS cache you can do: sudo killall -HUP mDNSResponder You organize the domains in a DNS by the top level domain, so .com, .org, etc. So when you go to x.com, it’ll take you to a .com DNS and then that’ll send you to the right IP for x.com? Ports are split up into well known (0-1023), registered (for big company software 1024-49151), and then private/dynamic which is 49152-65535. In TCP/UDP communication, there’s a three way handshake. First you have SYN from source to destination which starts the conversation, then SYN/ACK comes back (acknowledgement), then the source will send an ACK. Then there will be data. Then, 4 way handshake for finishing. Source sends FIN, destination sends ACK, then destination sends FIN, and source sends ACK. These aren’t packets, but flags that are turned on in the header of packets. TCP Window size: how much data should be sent from destination back to host before the host sends an ACK that it got everything. So you need to find a balance for this because if this is too small then you’re going to be sending a lot of ACK’s saying that you got everything, but if it’s too big and you lose one of those packets, then it’s going to resend that entire window size. So it depends on the network you’re communicating over and how stable it is. Window size may change dynamically. Time to live: how many hops a packet is allowed to go before getting dropped. Fragment flag: indicates whether a packet can be fragmented (related to MTU). Differentiated Services Field: (DSCP) isn’t exactly quality of service apparently, but does give an indication of priority. In a route table, you’ll have the network destination and a net mask which is like 255.255.255.0, the latter is used to figure out which destination IP’s should this route apply to, so for the 255.255.255.0 example, say we have a destination IP of 174.159.3.5, well this would go out the specified router’s interface if the destination IP matched 174.159.3.anything because of the net mask. You also have a metric which gives an indication for how trusted the route is. Your default gateway will have the net mask 0.0.0.0 and network destination 0.0.0.0 (so it can match anything), but it’ll have a low metric because you want it to be last resort. You’ll see /24 or /16 notation pretty often, and that just indicates how many bits are being used for the network portion of the IP vs the hosts. So /24 means that you have 255.255.255.0. /25 would be where you have 255.255.255.x where one of the bits in the last octet is reserved for the network. Broadcast Running “netstat” shows what connections are opened on your computer. Integrated router: a router that can do routing and switching Cisco ISR: integrated services router This claims that WLAN’s can interfere with each other. But it doesn’t emphasize it. So undecided. Layer protocols: You have application layer (top), transport layer (middle), and internetwork layer (bottom). These are but not limited to HTTP/FTP/DNS/SMTP, TCP/UDP, IP. IP only cares about structure/addressing/routing, Transport is how transfer actually happens between hosts. 802.11: is a standard that governs the WLANs, and there are amendments made to this standard each of which change or could change spectrum used, data rates, how information is transmitted and more. Examples of amendments are 802.11a, 802.11b, 802.11n. Note that (and this makes sense), pretty much they back them backwards compatible. SSID: unique identifier for a given WLAN. All frames sent for that WLAN have the SSID in the header of the packets. Ad-Hoc WLAN: a connection between peers essentially without an access point (router). Infrastructure mode WLAN: an access point delegates all conversations on the WLAN. This requires an access point. Within this there is BSS (basic service set) which is 1 AP and everything connecting to it an ESS (extended service set), which is multiple APs all broadcasting the same network, same SSID. You’re going to want to make sure that each of the access points are on a different channel so that you don’t interfere. Higher frequencies have faster speeds, but you have less penetration between walls and the range is generally less. When setting up multiple access points for a given network, their range should overlap by around 10% to allow movement between areas without loss of signal. Channels (wireless): you can think about television channels because it’s the same concept. You break up a given region of EM used by a WLAN into different regions called “channels”. You can have multiple access points running near each other without interference so long as they are on different channels. It is possible to have some interference between channels, though. Combining use of multiple channels can increase data rate (because you’re literally increasing the bandwidth). When a device on a wireless channel wants to communicate with the AP, it will send the AP a RTS (request to send) message and then the AP will respond to all devices (a broadcast) with a CTS, which essentially says I’m busy so nobody send me anything now otherwise there will be interference. Once the host is done it sends a ACK (acknowledgement) which is a broadcast so that everyone knows they can send now. “Mixed mode” on a router supports all of the standards (11g, 11n, etc), but at a decrease in performance. PSK (pre-shared keys) authentication: The AP sends a random string of bytes to the client. The client accepts the string, encrypts it (or scrambles it) based on the key, and sends it back to the AP. The AP gets the encrypted string and uses its key to decrypt (or unscramble) it. If the decrypted string received from the client matches the original string sent to the client, the client is allowed to connect. WEP (wired equivalency protocol): encrypts network traffic. Uses pro configured keys to encrypt and decrypt. The key is 64, 128, or 256 bits long (of numbers and letters). But, as we know, WEP is vulnerable if you don’t change the key often. WPA: Similar to WEP, but generates a new, dynamic key each time client establishes connection with AP. You can use 802.1X on WPA2 (but you don’t have to use 802.1x) which essentially requires a database of users and passwords. Passive WPA will broadcast the SSID so that everyone can see it, and they’ll send that SSID every so many seconds. Active means that client needs to know the hidden SSID. Traffic filtering: can be done by MAC address or IP, or block certain port numbers. Duplex levels: half and full. This has to do with download and upload rates. In half duplex, you take turns uploading/downloading. So only one side can speak, and then when it’s done, the other side speaks. Full duplex, you can download and upload at the same time. Ways to handle the possibility of collisions: CSMA/CD: wait after a collision is detected. CSMA/CA: wait longer for transmission? MAC address structure: As we know, it’s burned into your NIC. The first 24bits identify the device creator (Apple, etc), and the last 24 bits identify your device ID. Ethernet: max packet size is 1518 bytes, smallest is 64 bytes. If smaller than 64 bytes, it’ll get tossed. According to the FBI, internal access and misuse of computers systems account for approximately 70% of reported incidents of security breaches. Worm: is similar to a virus, but unlike a virus does not need to attach itself to an existing program. A worm uses the network to send copies of itself to any connected hosts. Worms can run independently and spread quickly. They do not necessarily require activation or human intervention. Self-spreading network worms can have a much greater impact than a single virus and can infect large parts of the Internet quickly. Common DoS attacks methods: SYN (synchronous) Flooding - a flood of packets are sent to a server requesting a client connection. The packets contain invalid source IP addresses. The server becomes occupied trying to respond to these fake requests and therefore cannot respond to legitimate ones. Ping of death: a packet that is greater in size than the maximum allowed by IP (65,535 bytes) is sent to a device. This can cause the receiving system to crash. Firewall: controls traffic between networks (so it could be protecting your internal network). It can filter by IP or MAC (packet filtering), Site filtering (by URL), or SPI (stageful packet inspection) which makes sure that the request being made is in response to something that came from inside, so essentially that unsolicited requests get blocked. This is higher level than ACL. Acts on a higher layer, but does similar things. Redundancy (protocols): put a high speed link between two redundant devices at the chokepoint of your network (that is, where functioning relies on just one or maybe two devices, like the ACL). You have a polling mechanism between the two devices that constantly checks “are you up?”. This is what heartbeats are. Just checking to make sure the other devices is up. Link aggregation: actually connecting a computer to a switch using multiple ports (multiple cables) for not only increased bandwidth but also backups in case one link fails. Wireless (802.11) is inherently slower than ethernet. This is because it’s easy to see if two devices are talking over each other because you have a higher voltage on the router or in fiber you’d have the wrong wavelengths or something. But on Wifi it’s harder to tell if two devices are talking over each other, so what happens is there’s more waiting to make sure that two devices aren’t talking at the same time. So if someone is talking, each device will wait a random amount of time before trying to talk itself. WAP (wireless access point): You could have a set of autonomous APs, where each configuration is local. Or you could have Controller AP where it’s more centralized (good for bigger places). So you would have a controller server that deals with configuring all the routers, or you could have a setup where one of the routers is automatically chosen by the others to be the controller (but it could get overwhelmed). The majority of the routers, especially those designed for business, are designed to be mounted on the ceiling. When it has a backing plate, then it’s meant to be mounted to ceiling. Then there’s directional antennas, which will have the little antennas in them. When connecting, you have these management frames: Discover, Authenticate, Associate (which has SSID, Password, 802.11a/b/g/n, channel). So essentially channels nearby (2 to 3 or 6 to 7) overlap some, but as you get farther apart they overlap less. So channels 1, 6, and 11 don’t overlap at all. You can buy something that will not only check channel usage but also frequency usage that will give you an idea of interference from random rogue waves out there. Channel Management Methods: DSSS (direct sequence spread spectrum): spreads signal over larger frequency, the signal is multiplied by a known code, and the receiver knows the code so it can reconstruct. Used by 802.11b, cordless phones, cellular, and even GPS. You also have FHSS (Frequency hoping spread spectrum): this just rapidly changes the frequency, but the receiving node will have o know what channel to listen on. Walkie talkies, 900MHz phones, Bluetooth use this. Then there’s OFDM (Orthogonal frequency division multiplexing): creates sub channels that are orthogonal, very efficient, very popular now 802.11 a/g/n/ac (so the current stuff). Channel size is usually 20MHz. The newer things bond the channels together to use multiple ones, to allow 40MHz, so you get more bandwidth. How do all of the following fit together????: Ways to connect: DialUp Modem: -Legacy -phone lined Broadband modem -DSL, Cable, Fiber (modern) Ways to communicate over WAN (you would lease these from a ISP? So these are private connectivity?): Frame Relay: Uses virtual circuit (VC). Creates a DLCI (data link connection identifier). It imitates having a dedicated circuit. So when data is traveling, it’s addressed to a DLCI address and every network (?) will have its own DLCI? ATM (asynchronous transfer mode): Flexible, can transfer any data transfers via “cells”, which are 53 bytes large. But because it’s such a small size, there’s a lot of overhead so needs 20% more bandwidth than others. MPLS (multi protocol label switching): Can carry any traffic, it can cary ATM, Frame Relay? Serial communication is just the bits being sent one after another rather than at the same time on multiple wires which was parallel transmission. Some credit card terminals in a small business may run over IP, and if they have an open network, then you could snatch their credit card information. Yogi Antennas are often used to connect to satellites, often TV antennas. When resending a packet, how do you evade the broken part of the network? How do you know where that is? Tier 1, 2, 3 ISP: Tier 1 is the highest level, they connect to other T1’s and create the backbone. They give access to Tier 2, who in turn give access to T3 (or “Local ISP”). Queuing packets/dropping: When a device gets a packet and it notices congestion on the interface it would send that packet on, it will wait and “queue” the packet by storing it in memory. Queuing packets causes delay. If the number of packets to be queued continues to increase, the memory queues fill up and packets are dropped. QoS Classification: this is putting the types of packets into a class. So maybe video streaming and VoIP would get put in the same class (a high priority class) because they need to be fast and consistent. Segmentation: the act of splitting a data stream into segments (packets). Multiplexing: the act of interweaving packets on the wire so that connections can happen simultaneously. OSI model (layers essentially): 7. Application 6. Presentation 5. Session 4. Transport. 3. Network 2. Data Link 1. Physical. Passing down this stack splits up the data, and adds on headers as it goes down so you’ll add ports for transport layer then you’ll add IP addresses for network layer and then Mac Address for the data link layer etc. So you go down the stack, and then you go back up when you’re decoding. Things from first meeting with Adam Burke and Matt Lewis: PSS EIGRP BGP IGP IWAN PFR Things to read up on: Interfaces (network layer equivalent of physical ports?): BGP SNMP/MIBS Dote one Q? Should probably look over this: http://en.wikipedia.org/wiki/OSI_model A good video that summarizes a lot of this stuff: https://www.youtube.com/watch?v=34EReLmQjkk&feature=youtu.be Was watching: https://www.youtube.com/playlist?list=PLmdYg02XJt6QRQfYjyQcMPfS3mrSnFbRC Episodes skipped: 1-5, 22-24, 25-27, 33-36, 38-39, 44, 49, 51, 53, 55, 57, 59, 60, 62, 64 ,65, 66, Go back to 70-71. 73, 74,