networking – pt i 14 november 2015 cyberpatriot – ut dallas

42
Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

Upload: sylvia-ball

Post on 20-Jan-2016

219 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

Networking – Pt I14 November 2015

CyberPatriot – UT Dallas

Page 2: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

Objectives

Network devices

Network protocols

TCP: 3 way handshake

UDP

IP address and sub-netting

OSI Layers

Networking tools

nslookup, whois, netstat, traceroute, Wireshark

Basic IOS Commands

Switches, VLANs and Routers 101

Page 3: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

What Are Computer Networks?

A computer network or data network is a telecommunications network that allows computers to exchange data. In computer networks, networked computing devices pass data to each other along data connections.

The connections (network links) between nodes are established using either cable media or wireless media. The best-known computer network is the Internet. Network computer devices that originate, route and terminate the data are called network nodes. Nodes can include hosts such as personal computers, phones, servers, as well as networking hardware.

Page 4: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

Network Devices

Typically, networking devices includes gateways, routers, network bridges, switches, hubs and repeaters. The most common kind of networking hardware today is a copper-based Ethernet adapter because of its standard inclusion on most modern computer systems.

Wireless networking has however, become increasingly popular, especially for portable and handhelp devices. Other hardware prevalent in computer networking includes data center equipment (such as file servers, database servers and storage areas), network services (such as DNS, DHCP, email, etc.) as well as devices which ensure content delivery.

Page 5: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

Network Devices

NIC – A Network Interface Controller is a computer hardware component that connects a computer to a computer network.

Hubs – An Ethernet hub, active hub, network hub, repeater hub, multiport repeater or hub, is a device for connecting multiple Ethernet devices together and making them act as a single network segment. It has multiple input/output (IO) ports, in which a signal introduced at the input of any port appears at the output of every port except the original incoming. When a hub receives a data packet, it sends it to all the network devices connected to the hub.

Switches – A network switch is a computer networking device that is used to connect devices together on a computer network. A switch is considered more advanced than a hub because a switch will only send a message to the device that needs or requests it, rather than broadcasting the same message out of each of its ports.

Page 6: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

Network Devices

Routers – A router is a device that forwards data packets between computer networks. This creates an overlay internetwork, as a router is connected to two or more data lines from different networks. When a data packet comes in one of the lines, the router reads the address information in the packet to determine its ultimate destination. Then, using information in its routing table or routing policy, it directs the packet to the next network on its journey.

Routers perform the “traffic directing” functions on the Internet. A data packet is typically forwarded from one router to another through the networks that constitute the internetwork until it reaches its destination node.

Page 7: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

Gateways

Bridging – Network bridging is the action taken by network equipment to create an aggregate network from either two or more communication networks, or two or more network segments. Bridging is distinct from routing, which allows the networks to communicate independently as separate networks.

Modem – A modem (modulator-demodulator) is a device that modulates an analog carrier signal to encode digital information and demodulates the signal to decode the transmitted information.

The goal is to produce a signal that can be transmitted easily and decoded to reproduce the original signals, from light emitting diodes to radio. The most familiar type is a voice band modem that turns the digital data of a computer into modulated electrical signals in the voice frequency range of a telephone channel. These signals can be transmitted over telephone lines and demodulated by another modem at the receiver side to recover the digital data.

Page 8: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

Network Protocols

What is a protocol? A protocol is nothing but a set of rules that the network devices follow to ensure that data packets reach the correct destination from the source.

TCP/IP – The Internet Protocol (IP) is the principal communications protocol in the Internet protocol suite for relaying data packets across network boundaries. Its routing functions enables internetworking, and essentially establishes the Internet. A set of related network protocols like TCP, UDP, HTTP, FTP, ARP, and ICMP are used to move data around the Internet and other networks.

This is the most commonly used protocol for Internet communication. This is a state-full protocol.

IP Addressing – The IP address uniquely identifies computers on a TCP/IP network. Every node, whether it is a client, server or other networking device has a unique IP address. (e.g. 192.168.1.15)

Page 9: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

Network Protocols

UDP – User Datagram Protocol, a state-less service. This is a main alternative to TCP/IP.

DNS – Domain Name System, this translates network address (i.e. IP addresses) into terms understood by humans and vice-versa. For example IP address 74.125.21.99 is converted to human understandable “www.google.com”

DHCP – Dynamic Host Configuration Protocol, this is used to automatically assign Internet addresses to computers and users.

FTP – File Transfer Protocol, this is a protocol that is used to transfer and manipulate files over the network.

HTTP – HyperText Transfer Protocol, this is an Internet-based protocol for sending and receiving web pages over the network.

Page 10: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

Network Protocols

HTTPS – HyperText Transfer Protocol, this is an Internet-based protocol for sending and receiving WebPages securely over the network.

IRC – Internet Relay Chat, this is a protocol used for Internet chat and other communications

The three protocols used for sending and receiving email are:

IMAP – Internet Message Access Protocol

POP3 – Post Office Protocol Version 3

SMTP – Simple Mail Transfer Protocol

ARP – Address Resolution Protocol, converts an IP address to its corresponding physical network address.

Page 11: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

Network Protocols

SNMP – Simple Network Management Protocol, this is a standard TCP/IP protocol used to monitor and map network availability, performance, and error rates

Telnet – This is a remote terminal access protocol

SSH – Secure Shell, this is a secure remote terminal access protocol

SSL – Secure Sockets Layer, this is a security protocol to enable Web sites to pass sensitive information securely in an encrypted format.

LDAP – Lightweight Directory Access Protocol, this is a network protocol and a standard architecture for organizing the directory data.

Page 12: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

TCP/IP Details

The Transmission Control Protocol (TCP) is one of the core protocols of the Internet Protocol suite (IP), and is so common that the entire suite is often called TCP/IP. TCP provides reliable, ordered and error-checked delivery of a stream of octets between programs running on computers connected to a local area network, intranet or the public internet.

Why is TCP/IP considered reliable?

Acknowledgments indicate delivery of data

Checksums are used to detect corrupted data

Sequence numbers detect missing, or mis-sequenced data

Corrupted data is retransmitted after a timeout

Mis-sequenced data is re-sequenced

Flow control prevents over-run of receiver

Uses congestion control to share network capacity among users

Page 13: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

TCP/IP Details

Applications requiring reliability use the TCP/IP protocol for communication. Some applications that depend on TCP/IP are:

WWW

E-mail

File Transfer

Page 14: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

TCP 3-Way Handshake

The TCP three-way handshake is the method used by TCP to set up a TCP/IP connection over an IP based network. TCP's three-way handshaking technique is often referred to as “SYN-SYN-ACK” because there are three messages transmitted by TCP to negotiate and start a TCP session between two computers.

The TCP handshaking mechanism is designed so that two computers attempting to communicate can negotiate the parameters of the network TCP socket connections before transmitting data such as SSH and HTTP web browser requests.

Page 15: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

User Datagram Protocol

The User Datagram Protocol (UDP) is one of the core members of the Internet Protocol suite. With UDP, computer applications can send messages, in this case referred to as datagrams, to other hosts on an Internet Protocol (IP) network without prior communications to set up special transmission channels or data paths.

UDP uses a simple transmission model with a minimum of protocol mechanism. It has no handshaking dialogues, and thus exposes any unreliability of the underlying network protocol to the user's program. As this is normally IP over unreliable media, there is no guarantee of delivery, ordering or duplicate protection.

Page 16: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

Why Isn't UDP Reliable?

There is no guarantee that packets will be received

There are no acknowledgments to indicate delivery of data

Data may be received out of sequence.

Data may be duplicated or go missing

Congestion of data is common

UDP is commonly used by applications that prefer speed of transmission over reliability. VoIP, games, DNS and streaming media typically will use UDP.

Page 17: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

IP Addressing and Sub-netting

An IP address is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network that uses IP for communication. An IP address serves two principal functions: host or network interface, identification and location addressing.

The designers of the Internet Protocol defined an IP address as a 32-bit number consisting of 4 octets, this system is now known as Internet Protocol Version 4 (IPv4). However, due to the enormous growth of the Internet and the predicted depletion of available addresses, a new version of IP (IPv6), that uses 128 bits for the address, has been in the process of being deployed since the mid-2000's.

Page 18: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

IPv4 Addresses

An IPv4 address consists of 32 bits, which limits the number of possible unique addresses to 232 (4,294,967,296). IPv4 reserves some addresses for special purposes like private networks (~18 million addresses) or multicast addresses (~270 million addresses).

IPv4 addresses are canonically represented in dot-decimal notation, which consists of four decimal numbers, each ranging from 0 to 255, separated by dots, (e.g. 172.16.254.1). Each part represents a group of 8 bits (one octet) of the address. In some cases of technical writing, IPv4 addresses my be presented in various hexadecimal, octal, or binary representations.

Page 19: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

Sub-netting

A sub-network, or subnet, is a logically visible subdivision of an IP network. The practice of dividing a network into two or more networks is called sub-netting.

All computers that belong to a subnet are addressed with a common, identical, most-significant bit-group in their IP address. This results in the logical division of an IP address into two fields, a network or routing prefix and the rest field or host identifier. The rest field is an identifier for a specific host or network interface.

Page 20: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

OSI Layer

The Open Systems Interconnection model (OSI) is a conceptual model that characterizes and standardizes the internal functions of a communication system by partitioning it into abstraction layers. The model is a product of the Open Systems Interconnection project at the International Organization for Standardization (ISO).

The model groups communication functions into seven logical layers. A layer serves the layer above it and is served by the layer below it. For example, a layer that provides error-free communications across a network provides the path needed by applications above it, while it calls the next lower layer to send and receive packets that make up the contents of that path. Two instances at one layer are connected by a horizontal connection on that layer.

Page 21: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

OSI Layer

Page 22: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

Layer 1: Physical Layer

The physical layer has the following major functions:

It defines the electrical and physical specifications of the data connection. It defines the relationship between a device and a physical transmission medium (e.g. a copper or fiber optical cable.) This includes the layout of pins, voltages, line, impedance, cable specifications, signal timing, hubs, repeaters, network adapters, host bus adapters, and more.

It defines the protocol to establish and terminate a connection between two directly connected nodes over a communications medium.

Page 23: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

Layer 2: Data Link Layer

The data link layer provides a reliable link between two directly connected nodes, by detecting and possibly connecting errors that may occur in the physical layer. The data link layer is divided into two sublayers:

Media Access Control (MAC) layer – responsible for controlling how computers in the network gain access to data and permission to transmit it.

Logical Link Control (LLC) layer – control error checking and packet synchronization.

Page 24: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

Layer 3: Network Layer

The network layer provides the functional and procedural means of transferring variable length data sequences (called datagrams) from one node to another connected to the same network.

In addition to message routing, the network may implement message delivery by splitting the message into several fragments, delivering each fragment by a separate route and reassembling the fragments, report delivery errors, etc.

Page 25: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

Layer 4: Transport Layer

The transport layer provides the functional and procedural means of transferring variable length data sequences from a source to a destination host via one or more networks, while maintaining the quality of service functions.

An example of a transport-layer protocol in the standard Internet Protocol stack is TCP, usually built on top of the IP protocol.

Page 26: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

Layer 5: Session Layer

The  session layer  controls the dialogues (connections) between computers. It establishes, manages and terminates the connections between the local and remote application. It provides for  full-duplex,  half-duplex, or  simplex  operation, and establishes check pointing, adjournment, termination, and restart procedures.

The OSI model made this layer responsible for graceful close of sessions, which is a property of the  Transmission Control Protocol, and also for session check pointing and recovery, which is not usually used in the Internet Protocol Suite. The session layer is commonly implemented explicitly in application environments that use  remote procedure calls.

Page 27: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

Layer 6: Presentation Layer

The  presentation layer  establishes context between application-layer entities, in which the application-layer entities may use different syntax and semantics if the presentation service provides a mapping between them. If a mapping is available, presentation service data units are encapsulated into session protocol data units, and passed down the TCP/IP stack.

This layer provides independence from data representation (e.g.,  encryption) by translating between application and network formats. The presentation layer transforms data into the form that the application accepts. This layer formats and encrypts data to be sent across a network. It is sometimes called the syntax layer.

Page 28: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

Layer 7: Application Layer

The application layer is the OSI layer closest to the end user, which means both the OSI application layer and the user interact directly with the software application. This layer interacts with software applications that implement a communicating component. Such application programs fall outside the scope of the OSI model. Application-layer functions typically include identifying communication partners, determining resource availability, and synchronizing communication.

When identifying communication partners, the application layer determines the identity and availability of communication partners for an application with data to transmit. When determining resource availability, the application layer must decide whether sufficient network or the requested communication exists. In synchronizing communication, all communication between applications requires cooperation that is managed by the application layer.

Page 29: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

Common Networking Tools

Nslookup – A network administration command-line tool available for many computer operating systems for querying the Domain Name System (DNS) to obtain the domain name, or IP address mapping for any specific DNS record.

Syntax: nslookup <hostname>

In Windows:

In Linux:

Page 30: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

Common Networking Tools

Nslookup – A network administration command-line tool available for many computer operating systems for querying the Domain Name System (DNS) to obtain the domain name, or IP address mapping for any specific DNS record.

Syntax: nslookup <hostname>

Whois – A query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block or an autonomous system by searching for the object in a WHOIS database.

Most modern versions of whois try to guess the right server to ask for the specified object. If no guess can be made, whois will connect to whois.networksolutions.com for NIC handles or whois.arin.net for Ipv4 addresses and network names.

Syntax: whois [-h HOST] [-p PORT] [-a CFHILMmrRSVx] [-g SOURCE:FIRST=LAST] [-i ATTR] [-S SOURCE] [-T TYPE] object, -verbose tells whois to operate verbosely.

Page 31: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

Common Networking Tools

Ping – A computer network administration utility used to test the reachability of a host on an IP network and to measure the round-trip time for messages sent from the originating host to a destination computer. Ping operates by sending Internet Control Message Protocol (ICMP) echo request packets to the target host and waiting for an ICMP response. In the process, it measures the time from transmission to reception (round-trip time) and records and packet loss.

The various applications of ping are as follows:

Helps to verify IP-level connectivity.

When troubleshooting, you can use ping to send an ICMP echo request to a target host name or IP adress.

Use ping whenever you need to verify that a host computer can connect to the TCP/IP network and use network resources.

You can also use ping to isolate network hardware problems and incompatible configurations.

Syntax: ping [-n Count] [-l Size] [-R] <hostname>

Page 32: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

Common Networking Tools

Traceroute – A computer network diagnostic tool for displaying the route and measuring the transit delays of packets across and IP network. The history of the route is recorded as the round-trip times of the packets received from each successive host in the route; the sum of the mean times in each hop indicates the total time spent to establish the connection. Traceroute proceeds unless all (three) sent packets are lost more than twice, then the connection is lost and the route cannot be evaluate.

Syntax: traceroute <parameters> <hostname>

Parameters

-d : Specifies to not resolve addresses to host names.

-h [maximum-hops] : Specifies the maximum number of hops to search for target

-j [host-list] : Specifies loose source route along the host-list

-w [timeout] : Waits the number of milliseconds specified by timeout for each reply.

Page 33: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

Common Networking Tools

Netstat (network statistics) – A command-line tool that displays network connections, both incoming and outgoing, routing tables, and a number of network interface and network protocol statistics. It is used for finding problems in the network and to determine the amount of traffic on the network as a performance measurement.

Syntax: netstat [-a] [-e] [-n] [-o] [-p Protocol] [-r] [-s] [Interval]

Wireshark – A free, open-source packet analyzer that captures packets and displays them for easier examination. Wireshark is very similar to tcpdump, but has a graphical front-end, plus some integrated sorting and filtering options.

Wireshark allows the user to put network interface controllers that support promiscuous mode, into that mode, making all traffic visible on that interface, not just traffic addressed to one of the interface's configured addresses and broadcast/multicast network.

Page 34: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

Wireshark

Common uses for Wireshark:

Troubleshot network issues

Examine security problems

Debug protocol implementations

Import and export packet data

Filter packets based on criteria.

Page 35: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

Basic IOS Commands

Cisco IOS (originally Internetwork Operating System) is software used on most Cisco Systems routers and current Cisco network switches. IOS is a package of routing, switching internetworking and telecommunications functions integrated into a multitasking operating system. Common commands include:

? - View available commands

Enable – Privileged EXEC Mode

Configure terminal – Global Configuration Mode

Enable Password – Set privileged password

Show – View information about specific things on router

Exit – Back up one level

End – exit back to global command line

Write memory – save your configurations

logout

Page 36: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

Switching 101

Layer 2 switching uses the media access control address (MAC address) from the host's network interface cards (NICs) to decide where to forward frames. Layer 2 switching is hardware based, which means switches use special chips called application specific integrated circuits (ASICs) to build and maintain filter tables (also known as MAC address tables or Content Addressable Memory or CAM tables).

The symbol for switch is:

An example of a switch in packet tracer:

Page 37: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

VLANs 101

A single layer-2 network which is partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them via one or more routers; such a domain is referred to as a virtual local area network, virtual LAN or VLAN.

Page 38: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

VLANs 101

Common Reasons to Create VLANS:

To create more flexible designs that group users by department, or by groups that work together, instead of by physical location

To segment devices into smaller LANs (broadcast domains) to reduce overhead caused to each host in the VLAN

To reduce the workload for the Spanning Tree Protocol (STP) by limiting a VLAN to a single access switch

To enforce better security by keeping hosts that work with sensitive data on a separate VLAN

To separate traffic sent by an IP phone from traffic sent by PCs connected to the phones.

Page 39: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

Routing 101

A router is a device that forwards data packets between computer networks. It is connected to two or more data lines from different networks and when a data packet comes in one of the lines, the router reads the address information in the packet to determine its ultimate destination. Then, using information from its routing table, it directs the packet to the next network on its journey. Routers perform the “traffic directing functions on the Internet.

Page 40: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

Routing 101

The symbol for router is:

An example of routing in Packet Tracer:

In the above network topology: Router 1 is in IP range 192.168.1.0/24 and router 3 is in IP range 10.0.0.0/8. Router 2 routes the data packets to and from Router 1 and Router 3

Page 41: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

Routing 101

Some of the common commands that would be required for configuring the router and switches are given below:

Enable: Puts you into privileged mode

Configure Terminal: Puts you in global configuration mode and changes the running configuration

Hostname: Sets the name of a router or a switch

Interface: Puts you in interface configuration mode, also used with show commands

Ip address: Sets an IP address on an interface or a switch

No shutdown – turns on an interface

Page 42: Networking – Pt I 14 November 2015 CyberPatriot – UT Dallas

More Routing Commands

Show run: short for show running configuration; shows the configuration currently running on the router

Show start: short for show startup-configuration; shows the backup configuration stored in NVRAM

Copy run start: short for copy running-configuration startup-configuration; places a configuration into NVRAM

Interface fastethernet 0/0: puts you in interface configuration mode for a fast Ethernet port; also used with show commands

Show access-list: Shows all the access lists configured on the router

Show vlan: Shows all configured VLANs App.