data transmission basics for digital investigations
TRANSCRIPT
Data Transmission Basics for Digital Investigations
2
Objectives
Understand the OSI and TCP models Understand the basics of how data is
transmitted on networks
3
OSI Model
Standard was needed for companies to communicate with each other via their computer systems
OSI model released in 1984 Created by the International Organization for
Standardization (ISO) OSI model breaks down complexity of data
communications into a simple layered approach
4
OSI Model (Cont.)
Advantages of layered approach: Different hardware/software vendors have a
standard to follow for designing products Collaboration between companies to develop
network components is easier Changes in one layer are not carried over into
other layers Network design is broken down into smaller, more
manageable parts Problem resolution is easier because problems
are usually confined to a single layer
5
OSI Model (Cont.)
Layer 7: Application layer provides services to applications such as email or Internet browsers Allows access to network services that support applications Handles network access, flow control, and error recovery
Layer 6: Presentation layer ensures the data formats from the application layer of one computer can be read by the application layer of another computer Converts all formats into a common uniform format Protocol conversion Encryption/decryption
6
OSI Model (Cont.)
Layer 5: Session layer provides services to the presentation layer by creating a communication link between two hosts Establishes identification to exclude non-communicating
hosts Establishes checkpoints Manages data transmit times and length
Layer 4: Transport layer segments data and prepare these segments for transport across a network. Also reassembles those segments on the receiving side. Regulates flow control Uses acknowledgements Enables error handling
7
OSI Model (Cont.)
Layer 3: Network layer functions (Connectivity and path selection between two hosts on a network) Logical addressing (IP addressing) Translating logical addresses to physical
addressing Packet switching Routing
8
OSI Model (Cont.)
Layer 2: Data link layer functions (physical addressing across a network) Conversion of packets into raw bits Error correction Flow control
Layer 1: Physical layer functions (physical connectivity issue in a network) Defines hardware standards Transmits raw data over different mediums Defines protocols on how to transmit raw data over
different mediums
9
OSI Model (Cont.)
Data flow in the OSI model Protocols that function at each layer on Host A
communicate with the corresponding layer on Host B
Protocol data units (PDUs) are used to include header information on the packet being sent from host to host
Each layer depends on the layer below it for services, and each layer above adds PDUs via encapsulation
10
higherlevel
protocols
lowerlevel
protocolsor
networkservices
higherlevel
protocols
lowerlevel
protocolsor
networkservicesPhysical Layer
Data Link Layer
Network Layer
Transport Layer
Session Layer
Presentation Layer
Application Layer
END USER A END USER B
Physical Layer
Data Link Layer
Network Layer
Transport Layer
Session Layer
Presentation Layer
Application Layer
PHYSICAL MEDIUM
Enduser
functions
Networkfunctions
OSI Reference Model
11
TCP/IP Model
Also called the Internet Protocol Suite Set the communications protocols for the Internet and
other similar networks. TCP – Transmission Control Protocol IP – Internet Protocol
De facto standard for communications Direct result of the Department of Defense efforts to
require a protocol that could survive wartime situations and still communicate with other hosts via different communication mediums
Has only four (five) layers as compared to seven layers of OSI model
TCP/IP vs. OSI Model
13
TCP/IP Model (Cont.)
How data transports in the network Switching networks
Packet switching Circuit switching
Typical Scenario
We have a source machine A We have a destination machine B A has some application specific data stored as a
file. An example might be a web page stored as an html file on a web server.
The user on machine B launches a web browser (Application layer) and types in the URL to the web page on machine A and hits GO!
Typical Scenario cont.
(APPLICATION LAYER) An http request (Application Layer) with URL is
generated by the browser and sent down the stack to the Transport layer.
(TCP LAYER) The transport layer “wraps” the application layer data
with TCP headers. TCP header provides information for end-to-end
service, such as end host port numbers, Sequence number and Acknowledgement Number for tracking and delivery confirmation.
Typical Scenario cont.
(IP LAYER) Once the Transport layer has added its headers, it transfers the growing set of data to the IP Layer.
The Network layer wraps the TCP segment with IP headers.
IP headers give the receiving counterpart information on source and destination IP addresses, next layer protocol, fragmentation information, etc.
Typical Scenario cont.
(DATA LINK LAYER) Once the IP Layer has added its headers, it transfers the
still growing set of data to the Data Link layer. The Data Link Layer wraps the IP packet with frame
header. The frame header is just more bytes of data that specifies
source and destination physical MAC addresses of the current hop (the whole path may contain multiple hops). Run “tracert” in Windows.
Typical Scenario cont.
(PHYSICAL LAYER) A completed Frame ready to be placed on the wire
and sent to its destination. The wire is the physical layer and it accommodates
the physical transfer of the frame to its destination.
Network Devices
21
Network Interface Card
Network Interface Card
Also known as NIC, network card or network adapter
Works in OSI Layers 1 and 2 Has a unique MAC (Media Access Control) or
physical address (12-digit hexadecimal) ipconfig/all in Windows Command Prompt
Connects to other network devices, e.g. routers or switches, via network cables or wireless connections
Network Cables
Network Cables
Category 5 cable CAT-5 twisted pair cables are mostly used for 100
mbps 4 pairs (8)of twisted wires are connected to the 8 pins
of a RJ-45 plug Each pair of wires has specific functions, such as
sending and receiving data signal Crossover cables are good for direct
communication between two computers or same type of devices. Needs n(n-1)/2 cables for n computers (too many
cables!)
Network Hubs
Network Hubs
Work in Layer 1 (Physical Layer) Not capable of making use of MAC or IP addresses
Same as connecting all wires together Broadcast every single bit onto all the links Have NO Media Access Control
Can cause traffic conflicts from different computers; performance degrades when more computers are connected
Not very fast speed, e.g. 10mbps ~ 100mbps
Network Switches
Network Switches
Mainly work in Layer 2 (Data Link Layer) Make use of MAC addresses Have Media Access Control
Do not look into traffic type or other details like routers do Not capable of making use of IP addresses
Support high data rate, e.g. 100 mbps or 1 Gbps Good for high speed communications among
computers in a LAN
Routers
Routers
Also called Layer 3 switches Work in Layer 3 (Network Layer)
Make use of IP addresses Decide a path in the networks for data Interconnect separate logical networks, often different
types of networks Not as fast as switches, e.g., 100mbps
32
Data Network Types
Local Area Network A network configuration designed for a limited space or
geographic area such as a series of offices in the same building
Two common types of LANs are the campus area network (CAN) and the metropolitan area network (MAN)
Wide Area Network A group of smaller LANs connected logically or physically WANs can combine other subnetworks such as intranets,
extranets, and virtual private networks (VPNs) to provide enhanced network capabilities
33
Data Network Types cont.
Internet The Internet is an interconnection of different-sized
networks (LANs) around the world Intranet
An intranet is a local or wide area network based on TCP/IP, but with firewalls that limit the network’s access to the Internet
An intranet is more secure than the Internet because it has a restricted user community and local control
Extranet An extranet is an intranet that allows select users outside of
the firewalls to access the site
34
Firewalls
Firewalls typically run monitoring software to detect and thwart external attacks on the site and protect the internal corporate network
Firewalls are an essential device for network security
Many of the architectures needed for security rely on one or more firewalls within an intelligent design
35
Firewalls cont. Application-Level Gateway Firewall
Allows the network administrator to implement stricter security policies than packet-filtering routers can manage
Requires special-purpose code (a proxy service) for each desired application
The proxy code can be configured to support only acceptable features of an application
Users are permitted access to the proxy services, but may not log in to the application-level gateway itself
Application-level gateways allow information to flow between systems but do not allow the direct exchange of data
36
Firewalls cont.
Benefits of Application-Level Gateways The network manager has complete control over
each service and permitted services It has the ability to support strong user
authentication and provide detailed logging information
The filtering rules are much easier to configure and test
37
Firewalls cont.
Limitations of Application-Level Gateways It requires either that users modify their behavior
or that specialized software be installed on each system that accesses proxy services
38
Summary
OSI model standardized the method of transmitting data on a network using a seven-layer approach Application, presentation, session, transport,
network, data link, and physical
39
Summary (Cont.)
TCP/IP model consists of four layers: Application, transport, Internet, network interface De facto standard on the Internet
Two address schemes are used to transmit data across networks Logical addressing Physical addressing