Sect1 Network Functionality

The Network Security Model
Section 1
(Filtering & Cryptology)

S
Confidentiality and Integrity

Bad Bits . . .
XX
modification
observation
A
J.D. Fulp CISSP, ISSEP, ISSAP, CSIH
Topics at a Glance
log/
alert
Denied
The OSI Stack
The OSI and TCP/IP stacks

Encapsulation & Inter-layer linkages
Hubs, switches, and routers
Collision and broadcast domains
Layer 2 and layer 3 addressing
IP space and net-mask calculations
DHCP, DNS, NAT/PAT, ARP, and VLANs
Fragmentation
Ports, TCP and byte accountability
Routing a packet (header and layer views)
Routing protocols (DV, LS, PV, IGP, EGP and AS)
Bad bits fail

authentication
or match a filter
deny rule... or
fail to match any
filter permit rule
Filtering
VPN
Network Functionality
How many layers? ____

Any real world implementations of
this specific 7-layer stack? ____
Most popular in-use stack based on
the OSI model? ________
Why stack at all... why not just
package it all in one product?
The OSI Stack
The OSI Stack
Can you name the 7 layers?

P________ D___ N____
T_______ S____________
P________ A________
7 Application
6 Presentation
5 Session
4 Transport
3
2
1
Try out this

mnemonic
memory aid
Network
Data Link
Physical
Match each layer to these overly

simplified functional descriptions
7 Application
6 Presentation
5 Session
4 Transport
3 Network
2 Data Link
1 Physical
___ routes packets between networks

___ host-to-host view of a connection
___ bit representation on the wire
___ OS link to protocol stack and network
___ hardware addressing done here
___ sequences packets to correct port
___ end-to-end encryption usually occurs
here
The OSI Stack
The OSI Stack
Match each layer to the units that

they work with
The generic term for any
Virtual comm channel

between each peer layer
7 Application
6 Presentation
5 Session
4 Transport
3 Network
2 Data Link
1 Physical
of these; however, is PDU,

which stands for
___ segments
_________________
___ bits
_________________
___ frames
___ packets/datagrams
___ , ___ and ___ messages (another generic term)
7 Application
6 Presentation
5 Session
4 Transport
3 Network
2 Datalink
1 Physical
7 Application
6 Presentation
5 Session
4 Transport
3 Network
2 Datalink
1 Physical
Of course the physical channel is real

En-/De-capsulation
The TCP/IP Stack
What is the relationship between

layer i and layer i+1?
Either of these answers is correct
layer i+1 rides on top of layer i
layer i+1 is encapsulated inside layer i
layer i carries layer i+1
layer i+1 is tunneled inside of layer i
layer i adds its headers (and possibly
trailers) to layer i+1
The TCP/IP Stack
Kbps = 103 ~= 210

Mbps = 106 ~= 220
Gbps = 109 ~= 230
Tbps = 1012 ~= 240
Transport
Internet
2 NW Intface
1 Physical
10
Metric abbreviations:
5 Application
4
3
Measure of data throughput capacity

For digital data, measured in _______
per second (bps or b/s)
TCP/IP
7 Application
6 Presentation
5 Session
4 Transport
3 Network
2 Datalink
1 Physical
TCP/IP runs the Internet!

TCP = ? _______________________
IP = ? _______________
What layer is TCP? ___
What layer is IP? ___
Which gets encapsulated inside
which?
______________________________
Bandwidth (KNOW these!)
How do they stack up against each other

OSI
11
a thousand bps
a million bps
a billion bps
a trillion bps
12
Bandwidth in Perspective
LAN Topologies
Only three basic (practical) types
________: Data travels through every NIC
OC-1 (52Mbps)
T-3 (45Mbps)
PC
NIC
OC-24
(~1.25Gbps)
T-1 & DSL Lite

(1.5Mbps)
PC
NIC
Each NIC can

inspect &
manipulate a token
for access control
_________: Data travels to every NIC
V.90 56K
modem
(~50Kbps)
NIC
NIC
PC
PC
NIC
NIC
Simply does not

scale well and is
not used in
practice,
particularly at the
LAN level
We see some
degree of meshiness at the core
level of the
internet however
NIC
NIC
NIC
NIC
PC
PC
PC
PC
14
________: A direct link is provided

between every two NICs
Each NIC will

only see the
traffic addressed
to it
Switch
Each NIC will see

the same traffic
as all others
LAN Topologies
________: Data travels between two

NICs at a time (unless it is a broadcast message)
PC
PC
NIC
13
LAN Topologies
PC
PC
NIC
15
16
LAN Topologies
LAN Topologies
Which topology is this?

PC
Physically... it looks like a star

But what happens when I move the
PCs to sit on one long table?
PC
PC
PC
PC
PC
PC
PC
PC
PC
PC
PC
Is this no longer a star topology?
Answer: ______________________
17
18
LAN Topologies
LAN Topologies
The point is... physical layout is

inconsequential
What matters is the electrical
behavior of the data pathways
To know this, we need to inspect the
device at the center of the star
If it is a MAU (or MSAU) then we have

a ring
To PC
Ring in
a box
19
20
LAN Topologies
LAN Topologies
If it is a switch then we have a star
If it is a hub then we have a bus
To PC
To PC
Think big blob

of solder
21
LAN Topologies
At what OSI layer do each of these

work at?
PC
Repeater? ___
Hub
or
Switch
PC
22
Basic Network Components
Most popular LAN topology today...

PC
PC
Router? ___
Hub? ___
PC
PC
Switch? ___
Physical star into a logical star (switch)

23
Bridge? ___ (most similar to switch)

24
Hub aka Concentrator
Collision Domain
Hubs are considered brainless

Basically a convenient, centralized,
plug-in device to electrically connect
all hosts on the network
Have no fear of hubs... theyre easy!
Because hubs flood everything they

receive, they form collision domains
You have a collision domain if, when
one device transmits, all other
devices on that network segment
hear (or see if you prefer) it
This results in collisions and congestion, but also means that a network
eavesdropper can see others traffic
C
C
H
C
These two
networks
behave the
same way
C
C
C
C
25
Repeater
Precursor to the switch

Typically only has two ports
Traditionally used to convert
between two different topologies or
protocols
The term is used mostly in the wireless world these days
Lets jump ahead to the switch...
011001001
H
26
Bridge
Repeaters are also brainless

Simply amplify digital signals and
pass them along, un-inspected and
unmodified
Provides a means for extending the
length of a segment
011001001
27
28
Switch
Switch
Switches, like hubs, form networks

by connecting hosts
Unlike hubs, switches have some
intelligence built into them in that
they understand layer 2 addressing
Switches can learn which hosts live
off of each port
Switches will either: block, forward,
or _________ incoming frames
Host Port
H
CD
Event: Switch is turned on

Switch Action: None
Switchs Table
29
CA
H
CD
CB
CC
Host Port
A
1
C
3
CB
Event: CA sends to CD
Event: CC sends to CB
Switch Action: _______ ?
30
Switch
CC
The switch is learning...
CC
CB
Host Port
A
1
CD
Switch
CA
CA
Switchs Table
Switchs Table
31
32
Switch
S
CA
H
CD
CC
Switch
Host Port
A
1
C
3
D
1
CA
H
CD
CB
Event: CB sends to CD

Switchs Table
Hub Action: ___________ ?
33
Switch
H
S
1
CC
CB
Event: CD sends to CA
CA
Host Port
A
1
C
3
D
1
B
2
CD
CC
34
Switch
Table entries will eventually age
out unless more traffic is received
What if...
Host Port
A
1
C
3
D
1
B
2
very short age-out period?

very long age-out period?
CB
Notice how much more efficient the

switch is at managing bandwidth
than the hub... once it has learned
where every host lives
Event: CC sends to CB
Switchs Table
Switchs Table
35
36
Switch
S
CA
H
CC
CD
CB
A Mini Cyber-Security Case Study

Host
Host Port
A
1
C
3
D
1
B
2
A
2?
CA
H
CD
Think through
this attack-chain
using CIA
Event: CB spoofs CA and sends

some traffic... somewhere
Switch Action: __________________
_______________________________ Switchs Table
CB
CC
E,F,G,H,I,ZZZ
B is an attacker who
spoofs ~thousands (or
however many are
necessary) of MACs.
E
F
G
H
I
.
.
.
ZZZ
Port
2
2
2
2
2
.
.
.
2
Switch Table
____________________________ ?
37
Broadcast Domain
38
Gateway
Unlike hubs, switches can intelligently block or forward based upon layer
2 (hardware) addresses
The result, is that each port on a
switch is a separate collision domain
However if a device on a switch sends
a limited __________________ packet,
this will be flooded out every port
39
Precursor to the router

The term is now used quite liberally
to indicate just about any network
connection or translation device
Default Gateway (a router)
Security Gateway (VPN server, authentication server, etc.)
Protocol Translation Gateway (converts
between say TCP/IP and SPX/IPX
etc.
40
10
Router
Router
Speaks at layer 3, which for the

TCP/IP protocol stack is? ____ (protocol?)
Like switches, routers perform block,
forward, and broadcast (flood)
decisions based upon information in
their routing table
Unlike switches, routers map
__________ to interfaces, rather than
______ to ports as the switch does
Routers basically do this

Read the destination IP address in
every packet that arrives, then
Determine if destination is local or not
If local then deliver to that local device
Else, search the __________________
to find the proper outbound interface
to get the packet one hop closer to its
ultimate destination
41
Router(R) vs Switch(S)
I connect hosts at
layer 2, thus I
create networks
I connect networks at
layer 3, thus I create
internetworks
Router
Routers are multi-lingual when it comes to
protocols. They make Internetworking possible!
NW1
Ethernet LAN
running IP
FDDI LAN
S
H1
H2
NW3
...
R
Frame Relay
WAN
Hn
Ethernet LAN
running IPX
NW2
Switches are generally NOT multi-lingual;
however translational switches do exist
And remember... a cloud may consist of only a single host

42
43
44
11
Broadcast Domain (again)
Layer 3 Switch (??)
Unlike switches, if a router sees a

limited broadcast packet it will block it
To summarize hub, switch and router
behavior with respect to domains
Aka IP Switch
Aka Router Switch
Aka Switch Router... you get the idea
Its actually a ____________
But is built using _________ technology
Basically, this means that routing
decision are made in ______________
rather than_______________
A _________ cannot partition anything

A ___________can partition a collision
domain, but not a broadcast domain
A _______________ can partition both a
collision domain and a broadcast domain
45
46
ASIC
Layer 2 Addressing
An industry trend !
ASIC = _________________________
Idea is to move functionality from
software into hardware
Hardware runs at ________ speed
and will always beat software since it
does not incur the penalty of all those
memory lookups & inst. decodings
Market demand justifies development
Each NIC (not necessarily each computer) has a factory built-in hardware
address
The hardware address is the layer 2
address
It is also called the _____ address
MAC addresses are ___ bits in length
which is ___ hex digits in length
47
48
12
Layer 2 Addressing
Ethernet Header (& Trailer)

Src MAC
Preamble
Anatomy of a MAC address

First 24 of 48 bits represent the mfr.
Last 24 of 48 bits represent a unique
mfr. assigned number
12 hex
Example: 02 60 8C 26 B5 A2
digits
Every NIC in the world should thus

have a unique MAC address !
49
Ans: Application payload (aka user

data) plus ______________________
________________________________
46-1500
46-1500
4
CRC
50
Ethernet Frame
Whats actually in the payload field?
Numbers indicate # of bytes

Preamble is not considered p/o header
Header 14 bytes, trailer is 4 bytes
Note min/max size of an entire Ethernet
frame ( 64 1518 bytes )
Ethernet Frame
Preamble
synchronizes
hardware for
transmission
of frame... we
can think of it
as the layer 1
header
Dest MAC Frame Type
3COM Corp.
payload
The two byte frame type field indicates the type

of PDU header that is in the data field
0x0800 IPv4
0x809B AppleTalk
0x8137 IPX
0x86DD IPv6
0x8038 DECNet
8
Just a few of
the more
popular L-3
protocols
46-1500
Preamble is 64 alternating 1s and 0s

51
52
13
Layer 3 Addressing
Layer 3 Addressing
IP is the language spoken at layer 3

IP addresses are ____ bits in length
32 bits are broken into ____ octets
IP addresses are typically formatted
in ___________________ format
E.g., 130.109.45.217
The largest number an octet can be
is _____ (28-1)
IP addresses are controlled, deconflicted, and assigned via several

agencies, prominant are:
IANA: Internet Assigned Numbers
Authority
ICANN: Internet Corporation for
Assigned Names & Numbers
ARIN: American Registry for Internet
Numbers
53
Layer 3 Addressing
Layer 3 Addressing
IP address scheme is hierarchical
IP Address classes A-E
A network part
Possibly a subnet part
A host part
N = a network address octet

H = a host address octet
In _________ mode, the network/host

boundary falls on an octet boundary
In _________ mode, the network/host
boundary is determined by the
subnet mask
54
55
Class A:
Class B:
Class C:
Class D:
Class E:
N.H.H.H
More networks...
N.N.H.H
less hosts per
network
N.N.N.H
Reserved for Multicasting
Reserved for Future Use
56
14
Layer 3 Classes
Layer 3 Classes
How do you know what class a given

IP address belongs to?
Two methods for answering this
(2) Convert 1st octet to binary and look

at # of consecutive leading 1s
0xxxxxxx class A
10xxxxxx class B
Build
110xxxxx class C
18610 in
1110xxxx class D
binary
1111xxxx class E
So what class is 186.56.209.32
(1) Memorize the first octet cutoffs

class A 0..127
class B 128..191
class C 192..223
class D 224..239
class E 240..255
128
57
Layer 3 Classes
64
32
16
Layer 3 Classes
18610 = 1 0 1 1 1 0 1 0 2
So its a class B address
What is the network address in this
class B IP address example
How many hosts can a class B IP

address specify? (Hint: N.N.H.H)
Ans: 186.56.0.0
What is the host address in this
example?
The 2 comes from the fact that...
Ans: ______
an all zero octet means _____________

an all one octet means _____________,
or all hosts on this network
Ans: 186.56.209.32
58
59
60
15
Layer 3 Addressing
Layer 3 Addressing
Hosts and routers often need to

figure out what network an IP is on
This is the role/function of network
masks (aka subnet masks)
Masking utilizes the logical AND
operation (below X is a binary variable)
What would a class C mask look like

in dotted-decimal notation?
class C address
200.100.50.25
class C mask
Result (network address)
X and 0 = __ (i.e., mask-out X)

X and 1 = __ (i.e., keep X)
61
Layer 3 Addressing
11001000.01100100.00110010.00011001
Mask?
NW addr
In bit-count notation, the class C

mask is written as ______
This is also called CIDR
62
Layer 3 Addressing
What would a Class C mask look like

in binary?
IP addr
Write the class B dotted-decimal

mask: _____._____._____._____
Write the class B mask in bit-count
notation: _____
What network does the host IP
address 117.216.89.46 /8 belong to?
Ans: _____._____._____._____
Write the /8 mask in dotted-decimal

notation: _____._____._____._____
63
64
16
Layer 3 Addressing
Layer 3 Addressing
IP space is a finite resource, just like

SSNs and telephone numbers
The classful A, B, C system imposes
rigid, fixed-size networks
Results in wasted IPs
CIDR to the rescue
CIDR = __________________________
__________________________________
With CIDR we allow the network-host

cut to be placed anywhere
Example, assume you only need 18 IP
addresses for your small network
Your ISP gives you 200.200.200.96/27
Note this is an appropriately-sized
(smaller) chunk of IP space than the
smallest (Class C) available under the
classful system
65
Layer 3 Addressing
66
Layer 3 Addressing
Lets take this 200.200.200.96/27

example and review the typical IP-type
questions that arise
How many hosts can you address?
Viewing in binary is helpful

200
200
200
96
IP addr
11001000.11001000.11001000.01100000
Mask?
11111111.11111111.11111111.11100000
What is your host address range?

What is your broadcast address?
What is your mask in dotted-decimal (if
bit-count was given) or bit-count (if dotted-decimal was given)
67
The slash-27 cut

Network bits to the left
Host bits to the right
68
17
Layer 3 Addressing
Layer 3 Addressing
How many hosts can you provide an

address for now? Ans: 25 - 2 = 30 (plenty)
What will your host addresses be?

11001000.11001000.11001000.011*****
5 bits of host space left
11111111.11111111.11111111.11100000
11001000.11001000.11001000.011*****
200
200
200
.011 * * * * *
11111111.11111111.11111111.11100000
So...valid IPs are:

Network bits (27)
200.200.200.97 through
200.200.200.126
Host bits (5)
69
Layer 3 Addressing
96+00001 = 97
through
96+11110 = 126
70
Layer 3 Addressing
What is the broadcast address for

our 200.200.200.96 /27 network ?
Just set all the host bits to 1
What is you network mask in dotteddecimal?

Set all the network bits to 1 and all
the host bits to zero and convert
11001000.11001000.11001000.01111111
11001000.11001000.11001000.01100000
11111111.11111111.11111111.11100000
11111111.11111111.11111111.11100000
Ans: 200.200.200._____
Ans: _____._____._____._____
71
72
18
Layer 3 Addressing
Tips for IP/Network Questions

First establish the cut between network and host bits as set by the mask
Set all host bits to 0 to get network
address
Set all host bits to 1 to get broadcast
address
All addresses between network and
broadcast are valid (assignable) IPs
Set all network bits to 1 and all host bits
to 0 to get the mask
A summary of the last octet masks:

X.Y.Z.100000002
X.Y.Z.110000002
X.Y.Z.111000002
X.Y.Z.111100002
X.Y.Z.111110002
X.Y.Z.111111002
X.Y.Z.111111102
= 12810 = /25
= 19210 = /26
= 22410 = /27
= 24010 = /28
= 24810 = /29
= 25210 = /30
= 25410 = /31
73
Some Special
IP Addresses
Seven you should know about:
1. The network address: e.g., N.N.0.0
2. Directed broadcast: e.g., N.N.N.255
3. Limited broadcast: 255.255.255.255
Sent to all hosts on this network, i.e.,
the network of origin. Example of
usage? ________
4. The this host or the I dont have an IP
IP address: 0.0.0.0. Example of
usage? ________
75
74
Some Special
IP Addresses
5. The loopback address: 127.*.*.* For debugging purposes allows a single machine
to test its protocol stack by talking to itself
6. The IPv4 Link-Local address space:
169.254.*.* for hosts that fail to get an IP
from DHCP server. (RFC 3927)
7. The private address space (RFC 1918)
- Class A: 10.*.*.*
- Class B: 172.16.*.* 172.31.*.*
- Class C: 192.168.*.*
76
19
Layer 3 Private Addresses
Private addresses can be used by

anyone without having to register
through an authority
Great idea! Allows unlimited reuse of
these addresses
Intended to be used on your own
isolated intranet
Cannot connect to Internet though...
why?___________________________
So... if youre NOT going to connect

to the public network, could you
choose whatever IP addresses you
wanted? Ans: ______
But what happens if you DO want to
connect to the public network using
network address translation (NAT)?
Next slide illustrates potential problem
77
131.120.0.1
Router
Private addresses are an excellent

solution for isolated intranets
However, the inability to connect to
the Internet is very constrictive
Two mechanisms provide a solution
Server on
Internet
212.74.206.47
Registered IPs
Host in
intranet
212.74.206.28
Un-registered IP
78
NAT & PAT
Do you see the problem here?
The Internet
79
NAT: Network Address Translation

(a pool of available public IPs)
PAT: Port Address Translation
(a pool of port #s using a single
public IP)
80
20
NAT
Pool of
Public IPs
210.46.10.5
210.46.10.6
210.46.10.7
210.46.10.8
NAT
Private IPs
10.3.X.X /16
10.3.6.19
10.3.5.26
Local Router
(running NAT)
210.46.10.6
210.46.10.5
Data
Data
Data
Router
keeps a
table of
public-toprivate IP
mappings
No
No
Yes
Yes
210.46.10.5
210.46.10.6
210.46.10.7
210.46.10.8
10.3.5.26
10.3.6.19
---.---.---.-----.---.---.---
Data
Public
Internet
Local Router
(running NAT)
81
NAT
82
PAT
There are two types of NAT:
Private IPs
10.3.X.X /16
Dynamic: Router can map & un-map

public IPs to private IPs as necessary
Static: One public IP is permanently
mapped to one private IP
Always configure for dynamic unless?
_________________________________
Pool of Avbl Public IP Addresses

Avbl Public IP
mapped to
Public IP
210.46.10.5
10.3.6.19 4912 Data

10.3.5.26 3705 Data
Local Router
(running PAT)
210.46.10.5 2611 Data

210.46.10.5 2610 Data
Public
Internet
83
source port
number
84
21
PAT
Router
keeps a
table of
externalport-tointernalIP:port
mappings
From: 1.2.3.25
To:
1.2.5.17
Pool of Avbl Port Numbers

Avbl Port# mapped to
No
No
Yes
Yes
2610
2611
2612
2613
Unicast
10.3.5.26 : 3705
10.3.6.19 : 4912
---.---.---.-----.---.---.---
Switch
Router
Switch
Hub
1.2.5.0 /24
1.2.3.0 /24
Local Router
(running PAT)
1.2.4.0 /24
From: 1.2.3.25
To:
224.4.8.6
85
Multicast
From: 1.2.3.25
To:
1.2.5.255
86
Broadcast
What kind of
broadcast is
this?
Switch
Router
Hub
Switch
Switch
Hub
1.2.5.0 /24
1.2.3.0 /24
Router
Switch
1.2.5.0 /24
1.2.3.0 /24
1.2.4.0 /24
1.2.4.0 /24
87
88
22
From: 1.2.3.25
To: 255.255.255.255
_?
Broadcast
What kind of
broadcast is
this?
Switch
Router
Collision/Broadcast
Domains
How many collision domains
here? _______
Switch
How many broadcast domains

here? _______
hub
Hub
1.2.5.0 /24
1.2.3.0 /24
This is a
a) LAN?
b) segment?
c) network?
d) internetwork?
1.2.4.0 /24
89
Collision/Broadcast
Domains
Collision/Broadcast
Domains
How many collision domains

here? _______
hub
switch
router
How many broadcast domains

here? _______
hub
This is a
a) LAN?
b) segment?
c) network?
d) internetwork?
switch
90
91
router
hub
92
23
Collision/Broadcast
Domains
Layer 4 (Transport)
Layer 3 (IP) provides no guarantee of
message delivery
Layer 3 simply provides an address
infrastructure for best-effort
delivery by routers
If a message is lost, IP wont tell
you... because it wont know
The responsibility of tracking
message delivery is pushed up to
layer 4, the TCP part of TCP/IP
How many collision domains on the

previous slide? _______
How many broadcast domains on the
previous slide? _______
The previous slide shows a
a) LAN?
b) segment?
c) network?
d) internetwork?
93
Layer 4 (Transport)
94
Packet vs Circuit Switching
The TCP/IP protocol stack defines

two layer 4 protocols
TCP provides reliable delivery
UDP (User Datagram Protocol) provides
unreliable delivery
Another way of stating this

TCP is connection-oriented
UDP is connectionless
95
Packet-Switching
Message divided into packets
Packets need not travel the
same node-to-node path
through the network
Circuit-Switching
Message may or may not get
divided into separate packets
Path will be established
before transmission
All data will travel the same path
96
24
Packet Switching
Packet Switching
Host 1 sends HELLO! to Host 2

Assume packet data payload limited to 2 chars
As load/congestion changes occur within the

comm infrastructure, switching/routing
decisions may result in different paths
C
1of3
H1
2of3
HE
C
H2
97
Packet Switching
H1
LL
C
C
3of3
H2
O!
LL
C
H2
98
Packet Switching
Its even possible for packets to arrive out of

order
2of3
H1
99
Packets could arrive out of order, no

big deal, thats why packets are
numbered with a __________ number
No circuit setup and tear-down
overhead with packet-switching
But, a good deal of overhead in the
___________________
Similar model to postal system
100
25
Circuit Switching
Circuit Switching
A set path is established prior to any

data being sent
Much like the telephone system, so
good circuit-switch technology
examples include
xDSL (various versions of Digital Subscriber Line)
Dial-up (modem connection via the
POTS Plain Old Telephone System)
Host 1 sends HELLO! to Host 2
HELLO!
C
H1
101
H2
Virtual Circuit Switching
102
Virtual Circuit Switching

Note how the header no longer requires a sequence
number to ensure packet re-build order
Hybrid of packet & circuit switching

Data gets divided into packets
(like packet switching)
All data travels the same predetermined
path (like circuit switching)
Frame Relay and ATM (Asynchronous Transfer Mode) are two such
technologies that works this way
Fm:H1
C
Fm:H1
H1
O!
Fm:H1 HE
C
103
LL
H2
104
26
Connection vs Connectionless
Meet me at
12:30
TCP/IP
Connection-oriented
The sending TCP host numbers the
packets and sets timer at time of packet
transmission
The receiving TCP host reorders and
accounts for packets
Receiving TCP acks received packets
If timer expires before ack is received,
sending TCP re-trasmits that packet
UDP
Aye sir... meet

you at 12:30
TCP
105
Layer 4 (Transport)
106
TCP Header (Ports)
UDP/IP
UDP is Connectionless
Packets are not numbered
No accounting of packets
Send and assume reception
If not received . . . UDP doesnt care, let
the higher layers figure it out order a retransmission if its important enough
Layer 4 (Transport)
107
How many port #s are there? ______

A semi-formal segregation exists
Port #s < 1024
The well known ports
Reserved for specific services
1024 <= Port #s <= 49151
The registered ports
Also for services, but lesser known
services
108
27
Some Well-Known
Ports
TCP Header (Ports)

Port #s > 49151
The upper or ephemeral ports
Client-side of connection uses these
though there are a few exceptions
Assigned on-the-fly by client
system, thus also referred to as the
_______________ ports
In THIS class, we will consider all ports
above 1023 to be clients
109
TCP Header (Ports)

Ports
>1024
Ports
>1024
2340
8045
3992
Ports
<1024
1.2.3.1
Ports
<1024
Ports
>1024
Ports
>1024
4807
Ports
<1024
25
23
80
1.2.3.2
1.2.3.3
21
22
23
25
53
67/68
69
80
110
123
137139
143
161
443
110
TCP 3-way Handshake

1167
Client
Server
20
Ports
<1024
1.2.3.4
111
Even the TCP session setup is

acknowledged
Initiator sends an empty (no data)
packet with the TCP Syn flag set (= 1)
Recipient responds
withTCP flags Syn
and Ack set
Initiator responds
with TCP flag Ack
set
112
28
TCP 3-way Handshake

Host A
Host B
Seq#: 327
Ack#: 0
Flag: Syn
Win:
Initial
Sequence
Numbers
are sent in the
Syn
packets
Seq#: 477
Ack#: 328
Flag: Syn/Ack
Win: 1000
Seq#: 328
Ack#: 478
Flag: Ack
Win: 600
time
time
113
TCP Packet Accountability

Host A
Seq#: 328
Ack#: 478
Flag: Ack
Win: 600
Seq#: 328
Ack#: 478
Flag: Ack
Win: 600
time
As timer
expires, so A
resends the
packet
time
Hosts sending packets start a timer

at time of transmission
If timer expires prior to the reception
of an ack for that packet, the packet
is resent
Hosts dynamically adjust this timer
to account for distance, congestion,
etc. lots of cool statistical
mathematical optimization analysis
114
TCP Sliding Window

Hosts advertise their window size in
the TCP header
Host B
TCP Packet Accountability
115
Initially tells other host the maximum

buffer space (ito # bytes) available
Once data transfer begins, keeps other
host updated as to available space
Mechanism for recipient to keep from
getting overwhelmed, for example:
Window = big # send, send, send
Window = 0 stop... Im full
116
29
TCP Sliding Window (cont)
TCP Sliding Window

Host A
Host B
Seq#: 328
Ack#: 478
Flag: Ack
Win: 600
Track the Seq &

Ack numbers
Seq#: 478
Ack#: 428
Flag: Ack
Win: 900
Seq#: 428
Ack#: 478
Flag: Ack
Win: 600
time
What should
A ack now?
___________
117
TCP Sliding Window (cont)

Host A
Ack# ______
time
time
time
time
Seq#: 720
Ack#: 1228
Flag: Ack
Win: 1000
118
Can proceed in three ways

Reset
Something wrong happens (protocol violation/confusion)
Confused host send packet with TCP Reset flag set
Seq#: 620
Ack#: 1228
Flag:Ack
Win: 1000
Now what will A Ack

back to B once the
segment is finally
received?
Seq#: 620
Ack#: 1228
Flag: Ack
Win: 1000
TCP Session Termination
Host B
Seq#: 1228
Ack#: 620
Flag:Ack
Win: 700
Host B Seq#: 520

Ack#: _____ ?
Flag:Ack
Win: 50
Host A
Seq#: 1028
Ack#: 520
Flag:Ack
Win: 800
Seq#: 478
Ack#: _____ ?
Flag: Ack
Win: 700
time
Seq#: 628
Ack#: 520
Flag:Ack
Win: 558
3-way handshake
Client sends Fin-Ack (client finished sending)
Server sends Fin-Ack (server finished sending too)
Client sends Ack
B will keep
receiving Ack
620 from A, and
will realize that that
segment mustve
been lost.
119
4-way handshake
Client sends Fin-Ack

Server sends Ack (server not finished sending)
Server sends Fin-Ack (server finished sending)
Client sends Ack
120
30
ICMP
ICMP
ICMP = Internet Control Message Prot.

Is it a layer 3 or 4 protocol? _______
Used to send ____________ &
_____________ mesages
Some common ICMP messages:
Ping provides a great connectivity

test utility
Ping <hostname> or <IP address>
Traceroute (or tracert) is ping wrapped inside a loop that increments the
TTL value until the target is reached
Traceroute provides more detailed
path information
Tracert <hostname> or <IP address>
echo request/reply (ping & traceroute)

address & subnet-mask requests
time exceeded
destination un-reachable
121
ICMP (tracert 1.2.3.4)
122
ICMP Tracert Example

H:\>tracert usna.edu
ping
(ttl=1)
Tracing route to usna.edu [131.122.220.30]
over a maximum of 30 hops:

1 <10 ms <10 ms <10 ms 131.120.8.1
2 <10 ms <10 ms <10 ms 131.120.0.1
ping
(ttl=2)
ping
(ttl=3)
3 <10 ms
10 ms <10 ms 131.120.248.3
4 <10 ms <10 ms <10 ms 131.120.105.1
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
10
70 ms
70 ms
70 ms webster.usna.edu [131.122.220.30]
Trace complete.
1.2.3.4
123
124
31
TCP/IP Inter-layer Linkages
Application
Example:
_______ # 25
SMTP
How does each lower

layer know which
higher layer to pass
its payload up to?
All hosts need to

be told which way
to go to get out of
the local network
and toward the
larger Internet.
That is... get one
hop closer to the
highway
TCP
?
IP
Example:
______# 0x0800
IPv4
The Default Gateway
Example:
___________ # 6
TCP
Ethernet
125
126
The Default Gateway
ARP
People often get confused regarding

what device/IP should be configured
as the default gateway
Basically, imagine that a network full
of devices is a room full of people.
Setting the default gateway is equivalent to pointing out the (default) exit
door to everyone in the room
Point all devices to the exit
routers inside IP address
ARP stands for __________________

Resolution is network-speak for a
mapping... or a binding
Specifically: ARP = map ( IP MAC)
And while were at it . . .
RARP stands for _____________ ARP
RARP = map ( _____ ____ )
Wanna keep them straight?
127
ARP starts with a vowel... so does IP

128
32
ARP
ARP
ARP is necessry whenever a host has

an _____ address, but does not have
the corresponding _____ address
Device needing the MAC will send a
limited broadcast (255.255.255.255) to
the local network asking whomever
has this IP, please tell me your MAC
The reply (if any) is sent directly to the
requestor (unicast) which will then
store this in its ARP cache
Any device receiving an ARP will . . .
Read the IP address in the ARP request

Compare the IP to its own IP
unicast or
If the same, reply via __________ ( broadcast?
)
to the sender with its MAC address
With MAC address now in hand, the

sender can complete the layer 2
header (it now has the destination
MAC address it needed)
129
Routing a Packet
Bob
Bob
IP
Various
Layer 2
Routing a Packet
Pass data
down to
layer 3
App/Data
TCP
Determine
local subnet
address
Compare local
subnet addr to
destination IP
Action by the sending host
Sam
Error
Internet
Is there a
default route
No
entry
Yes
Send to DGW router
(ARP if necessary)
130
131
Route
entry for dest
network?
No
No
Yes
Check ARP cache or
ARP for the appropriate
GW router
Are
they the
same?
Yes
Check ARP
cache or ARP
for dest MAC
132
33
Data Goes Down the Stack

Data
Bob
Default
Gateway
Router
Internet
Data
switch
Fm: MAC-BobTo: MAC-DGW
Switch Action
Port #s
Data
Fm: IP-Bob To: IP-Sam
Port #s
Data
Port #s
Data
. . . 10010101000101101001001011111101010 . . .
...
on Port
7
3
2
Fm: MAC-Bob To: MAC-DGW
134
Switches in the Core Also

But theyre not talking Ethernet . . . probably ATM
or Frame Relay using virtual circuit switching
Dest MAC .
MAC-ISPRtr
Layer 3
Fm: MAC-DGW To: MAC-ISPRtr
Switches only know layer 2 . . . the rest is a mystery
133
Router Action
Dest Network
Interface#
NW-Prefix IP-Sam ethernet 1
. . . other entries . . .
MAC
Rob
Alice
DGW
Layer 3
Layer 2
Layer 2
Layer 2
S D
P o w er
C IS C O
S YST EM S
C is c o A S 5 8 0 0
Fm: MAC-Bob To: MAC-DGW
S E R IE S
Router reads layer 3 then re-writes layer 2 for next hop

135
136
34
ARP (if necessary) for Last Hop

Fm: MAC-RtrB To: MAC-Sam
Fm: MAC-RtrZ To: MAC-RtrB
IPC sends e-mail (SMTP) to a mail server at IPM

Internet
Legend
Thats me,
my MAC is
MAC-Sam
Sam
Listen up... if
any of you owns
IP address
IP-Sam ? Tell
me your MAC
5 App
SMTP
SMTP
4 Src
4 Dest
3567
25
3567
25
3 Src
3 Dest
IPC
IPM
2 Src
2 Dest
MACC
MACR
MACC
MACR
IPC
IPM
IPC
IPM
MACR
MACM
MACR
MACM
1 Media
137
The Big (Stack) Picture

R
138
DNS
IPC downloads (POP3) mail from the mail server
The Big (Stack) Picture
Legend
5 App
POP3
POP3
4 Src
4 Dest
110
29034
110
29034
3 Src
3 Dest
IPM
IPC
IPM
IPC
IPM
IPC
2 Src
2 Dest
MACM
MACR
MACR
MACC
MACR
MACC
DNS = _________________________
Related to ARP in that it is also a
resolution protocol
ARP = _________ resolution
DNS = _________ resolution
Specifically: DNS = map (Name IP)
Why do we have such a mechanism?
1 Media
139
140
35
DNS Summary
vulcan.cs.nps.navy.mil.
individual
machine
name
DNS Summary
root
domain fixed top

level
owners
discretion domain
(arbitrary)
(tld)
{ Name space }
With exception
of top level
domain, fully
flexible
fully qualified
domain name
(fqdn)
141
DNS Servers & Domains
DNS... a
hierarchically
distributed
database
of fqdn:IP
mappings
W.X.Y.Z
{ IP space }
Fixed 4 octet
number space,
but flexible via
variable length
masks
142
Every domain must have at least one

server configured to provide
name IP resolution
More than one name server will
Enhance performance
Protect against single-point-of-failure
Typically a primary (P) and

secondary (S) name server are
specified
DNS
System
fqdn
Here is the minimum knowledge needed by

the various DNS players to get it going
Root Server
We know the
address of
all the root
DNS servers
and all DNS
servers one
level below
us
Non-Root
Server
Non-Root
Server
I know the address of

all DNS servers one
level below me
I know the address of

my DNS server
Client
143
144
36
DNS Resolution
Each
networked
machine must
be told where
to find its DNS
server.
Note this IP
address does
not have to be
local
145
Pure Recursive Resolution

Root Server
.mil
3
4
Domain Server
.usma
Root Server
.mil
Domain Server
.usma
Domain Server
.navy
Domain Server
.nps
Client
Herrmann
Client
.Patton
This is NOT the way it is done. Why not?

3
Domain Server
.army
Domain Server
.nps
147
146
Iterative Resolution
Domain Server
.navy
8
Client
Patton
6
Domain Server
.army
DNS clients request ______________

look-ups from their DNS servers
Basically client is saying you do all
the work... Ill wait on the answer
DNS servers utilize ______________
look-ups to other servers in the
hierarchy
Basically server is saying if you
dont know the answer tell me who
might
9
Client
.Herrmann
148
37
Authoritative or Not?
Split DNS
Name servers provide two different

types of answers
Split DNS is a DNS security option
Authoritative: Means the answering

server is the original source of information for the IP address in the request
Non-authoritative: Means the answering
server has a cached entry for the IP
name binding that was obtained from a
previous lookup
149
150
DHCP
DHCP
DHCP = ________________________
Requires a DHCP server to lease out
available IP addresses
Allows a host to join a network and
obtain an IP address w/o administrator involvement
Permits Plug-and-Play Networking
DHCP is an improved implementation
of RARP and bootp
Some names are resolved

Servers intended for public
Some names are not resolved
Servers with private IP addresses
intended only for local users
Perhaps for security reasons... we
dont want anyone connecting to them
Bottom line: A means to limit name
resolution for select systems
151
DHCP server can be configured to

hand out . . .
Permanent IP addresses to __________
Dynamic addresses from a pool of
available addresses to clients
The address is held for some set lease

period, then either . . .
Its given up and goes back into the pool
Client negotiates for an extension
Try ipconfig /all from command line
152
38
DHCP
Frag-men-ta-tion
When you configure a DHCP server,

you will want it to provide the following
information, at a minimum
An IP address
The networks subnet mask
The IP of its ___________________(router)
The IP address of a _____ server
153
Some MTU Sizes (bytes)

7,981
1,500
4,464
Why does it occur?

Heterogeneous nature of internetworks
Different h/w for different transmission
technologies specify different maximum
frame (layer 2) sizes
This maximum frame size is referred to
as the ______________________ or MTU
E.g., the MTU for Ethernet is ____ bytes
Frag-men-ta-tion
IEEE 802.11
IEEE 802.5
So what must happen when a

frame travels to a network with a
smaller MTU
Router
MTU = 1500
1,500
1,500
154
MTU = 500
IEEE 802.3
The connecting router has to break

up the IP packet into smaller packets
296
PPP
155
156
39
Frag-men-ta-tion
The IP Header
IP Header Layer 4 and 5 (payload)
Ver
IP Hdr 1
data 1
IP Hdr 2
IP Hdr 3
data 3
data 2
16
HLen Svc Type

Identification
TTL
157
The IP Header
Identification
Flags
31
Flags
Fragment Offset
32 bits
158
The IP Header
Fragment Offset
Identification field is the link that

unifies all fragments of an original
single IP packet, thus it is duplicated
Flags field: 3 bits R-DF-MF where
R is Reserved (must be zero)
DF = 1 means Dont Fragment
MF = 1 means More Fragments... i.e.,
this is not the last fragment
24
Total Length
Protocol
Header Checksum
Source IP Address
Destination IP Address
IP Options
Padding
New IP headers are almost identical to the original IP

header, but some modifications are necessary
19
159
Identification
Flags
Fragment Offset
Fragment Offset indicates the position of the fragments data relative to

the beginning of the data in the original packet, in units of 8 bytes
Combination of these three fields +
the total length field allows the destination host to rebuild the original
packet
160
40
Assume
each letter is
8 bytes in
size
Frag-men-ta-tion
Where should fragments get
reassembled . . .
Frag Offset = ____ Flags = ____
Router reassembly is not a good idea
MTU
8
Router
MTU
5
Router
Assume
each letter is
8 bytes in
size
ntere
Frag Offset = 2
er
e
Frag Offset = 6
Monterey
0 1 2 34 567
Mo
Frag Offset = 0
Mo
y
Packets can arrive out of order
nt
Frag Offset = 2
Frag Offset = 4
MTU
2
Mo
162
Frag-men-ta-tion
MTU
2
MTU
2
er
MTU
5
re
Monte
Monterey
161
nt
ntere
MTU
8
Frag-men-ta-tion
Monterey
nt
rey
Routers would have to maintain state

information for all packets processed
Fragments may travel different routes!
Mo
By other downstream routers when the

MTU gets larger?
By the destination host?
Assume
each letter is
8 bytes in
size
Frag-men-ta-tion
163
Frag Offset = 7
Mo
Frag Offset = 0
y
Frag Offset = 7
164
41
Re-assembly Exercise (1)
Frag-men-ta-tion
Oh great, I never
received
fragment offset 6
Mo
Now what do I
do?
er
Monterey
Assume the following fragments (next slide)

are from the same original IP packet
How would we know? ___________________
______________________________________
Using only the 3 IP header fields provided,
answer the questions that follow
FO = Fragment Offset value
MF = More Fragments flag
TL = Total Length (IP header + payload)
Assume all IP headers are exactly 20 bytes
nt
ey
Router
MTU
8
MTU
2
(note they could be larger if any IP options are being employed)

165

FO
20
MF TL
1 180
FO
0
MF TL
1 180
FO
80
MF
0
TL
95
FO
40
166
MF TL
1 180
FO
0
MF PL
1 160
FO
20
MF PL
1 160
FO
40
MF PL
1 160
FO
80
MF
0
PL
75
Here is what you should have from bottom of previous slide

Here are the received fragments in the order they arrived
0-159
FO
MF
TL
FO
MF
TL
FO
MF
TL
FO
MF
TL
Fill in the values on 2nd row to indicate correct ordering of fragments

20x 8b
FO
MF
PL
20x 8b
FO
MF
PL
MF
PL
320-479
Question #1: Do you have the last fragment? ________
FO
MF
PL
Question #3: Assuming that only one fragment is missing, what would be
the correct values for its FO, MF, and PL fields?
FO
Now subtract 20 (IP header size) from each of the TL values to get
payload lengths (PL), remember that FO is in 8-byte units (slide #199)
640-714
Question #2: Are you missing any fragments? ________
20x 8b
FO
160-319
And here are implicit byte number ranges of each fragments payload
167
MF
PL
168
42

FO
0
MF PL
1 160
0-159
FO
20
MF PL
1 160
160-319
FO
40
FO
80
MF PL
1 160
320-479
VLANs
MF
0
PL
75
640-714
FO
60
MF PL
1 160
Missing fragment
480-639
Question #4: What was the total length (TL) of the original
(unfragmented) packet? ________________
VLANs
Ports 1-5
assigned to
VLAN 36
VLAN = ____________ LAN

Switches that support the creation of
VLANs allow themselves to be split
(partitioned) into >1 ________ domain
VLANs are isolated from each other
Ports on a single switch can be
assigned to different VLANs
Ports on multiple switches can be
aggregated to form a single VLAN
169
Ports 6-8
assigned to
VLAN 25
170
VLANs
2 separate VLANs (2 broadcast domains)
36
25
Trunk Line
25
Communications between the 2 VLANs would
require layer 3 service (e.g., a router)
171
25
36
36
172
43
Before . . .
After . . .
VLAN
2&3
LAN 3
Trunk Line
LAN 2
VLAN
1&3
LAN 1
VLAN
1, 2 & 3
173
174
Routing Protocols
Routing & Routing

Protocols
Routers learn about the location of

networks in one of three ways
Implicitly network(s) they are
homed in
Statically added to the routing table
Dynamically learned from other routers
by sharing routing table information
Dynamic route learning is made

possible by routing protocols
175
176
44
Routing Protocols
Routing Protocols
My route
info
My route
info
No individual router needs to know

the exact location of all networks
Each individual router need only
know the next hop to get a packet
one step closer to its destination
In effect, the collective route information of all routers superimposes
trees onto what is otherwise a rather
meshy internetwork.
My route
info
177
Routing Protocols
Routing protocol
updates from
neighbor routers
e1
I can reach
A.B.F.0 in ___ hops
A.C.0.0 in ___ hops
B.0.0.0 in ___ hops
A.B.E.0 in ___ hops
What would this

router then
advertise to any
other router in the
A.B.C.0 network?
s0
A.B.E.0
178
Routing Protocols
I can reach
A.C.0.0 in 2 hops
B.0.0.0 in 3 hops
I can reach
A.B.F.0 in 1 hop
A.C.0.0 in 4 hops
s0
e0
A.B.C.0
A.B.E.0
179
e1
e0
A.B.C.0
180
45
Routing Table
s0
e0
e1
Code
C
C
R
R
R
S
To reach
A.B.C.0
A.B.E.0
A.B.F.0
A.C.0.0
B.0.0.0
default
Shortest-Path Spanning Tree
Code C = directly connected

Code S = static entry
Code R = routing protocol
Forward out
ethernet 0 interface
serial 0 interface
serial 0 interface
serial 0 interface
Graph theory from Discrete Mathematics gets heavy utilization in

networking
Each graph node (network router) is
not concerned with all edges . . . only
the minimum set of edges that will
provide the shortest possible path to
all other nodes (i.e., a shortest-path
spanning tree)
Superimposing trees on graphs also
removes loops !
181
182
Actual physical connections with some

dimensionless units of
relative conge10
stion
6
Result of Dijkstra shortest path algorithm

run from the leftmost
router
10
6
3
3
2
10
10
4
I wanna be the
root of a
shortest-path
spanning tree
8
13
Cool !
8
183
13
5
184
46

Same logical
topology physically
4
re-oriented to
look like a
classical
6
tree

Of course each router will create its own
shortest path spanning tree
10
6
3
10
Cool !
10
185
6
8
13
5
186
The trees can be broken . . .
Events that may call for routing table

(spanning tree) changes:
10
3
10
4
Uh oh!
8
13
5
187
New link is added

Existing link is broken
Server farm is added to a network
Bandwidth-eating WORM
BW-hungry mux-media mux-casting app
Other congestion causing events
Etc.
188
47
Convergence
Convergence
Notification of a topology (or congestion) change takes time to reach all

affected nodes of the network
_______________ = the process of all
routers tables arriving at the same
(correct) topological map of the
internetwork
___________ convergence is desired
During convergence, routers will for
a period have an inconsistent view
189
Routing Protocols
Bottom router has

computed a new
spanning
3
tree
10
but
others
may not
4
be aware of
the change yet
10
6
2
X
1
13
8
190
IGP, EGP, and AS
3 genl classes of routing protocols
Two autonomous systems

(ASs), which internally use
an IGP
Distance Vector (DV)

Link State (LS)
Path Vector (PV)
Another major classification is

Interior Gateway Protocols (IGP), for
intra-autonomous system (AS) routing
Exterior Gateway Protocols (EGP), for
inter-AS routing
AS = {routers} under common admin
AS border routers talk

to one another using
an EGP
Most common EGP is
the Border Gateway
Protocol (BGP)
191
192
48
Autonomous System
?
DV Routing Protocol
The definition of AS has been unclear and ambiguous for some

time.The classic definition of an Autonomous System is a set of
routers under a single technical administration, using an interior
gateway protocol and common metrics to route packets within
the AS, and using an exterior gateway protocol to route packets
to other ASes. Since this classic definition was developed, it has
become common for a single AS to use several interior gateway
protocols and sometimes several sets of metrics within an AS.
The use of the term Autonomous System here stresses the fact
that, even when multiple IGPs and metrics are used, the
administration of an AS appears to other ASes to have a single
coherent interior routing plan and presents a consistent picture
of what networks are reachable through it.
- From RFC 1930
193
DV Routing Protocol
Heres
what I
know
RIP (Routing Information Protocol)

IGRP (Interior Gateway Routing Prot.)
Aka Bellman-Ford-[Fulkerson] algo.

General characteristics:
Entire _______ is shared
Table shared with ________________ only
Table shared at scheduled intervals (~30 secs)
whether or not a change has occurred
194
LS Routing Protocol
Knowledge of network info >1 hop

away is merely inferred
Periodic
exchange of
DV routing also called
routing tables
______________________
Heres
what I
know
Examples:
Aka Shortest-Path-First (SPF) algo.

Examples:
OSPF (Open Shortest Path First)
NLSP (Novell Link State Protocol)
General characteristics:
Heres
what I
know
Only ___________ are shared (i.e., delta)

Deltas are shared with _____ routers in AS
Shared info is more detailed and provides
for construction of a global network view
195
196
49
LS Routing Protocol
LS Routing Protocol
All routers have global picture of entire

internetwork . . . not just the view from
the neighbors
As you should guess this entails a
relatively large amount of . . .
X
A
CPU processing (to build the initial map)

memory (to store map as a data structure)
Once built though, this global map

facilitates rapid ________________!
A
197
D
A
AB link
just went
down
C
198
Finished
199
50

Sect1 Network Functionality

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Sect1 Network Functionality

Încărcat de

Drepturi de autor:

Formate disponibile

The Network Security Model

(Filtering & Cryptology)

Confidentiality and Integrity

J.D. Fulp CISSP, ISSEP, ISSAP, CSIH

The OSI Stack

The OSI and TCP/IP stacks

Bad bits fail

How many layers? ____

J.D. Fulp CISSP, ISSEP, ISSAP, CSIH

The OSI Stack

The OSI Stack

Can you name the 7 layers?

Try out this

Match each layer to these overly

___ routes packets between networks

J.D. Fulp CISSP, ISSEP, ISSAP, CSIH

The OSI Stack

The OSI Stack

Match each layer to the units that

Virtual comm channel

of these; however, is PDU,

Of course the physical channel is real

J.D. Fulp CISSP, ISSEP, ISSAP, CSIH

The TCP/IP Stack

What is the relationship between

The TCP/IP Stack

Kbps = 103 ~= 210

J.D. Fulp CISSP, ISSEP, ISSAP, CSIH

J.D. Fulp CISSP, ISSEP, ISSAP, CSIH

Measure of data throughput capacity

TCP/IP runs the Internet!

Bandwidth (KNOW these!)

How do they stack up against each other

J.D. Fulp CISSP, ISSEP, ISSAP, CSIH

T-1 & DSL Lite

Each NIC can

_________: Data travels to every NIC

J.D. Fulp CISSP, ISSEP, ISSAP, CSIH

Simply does not

J.D. Fulp CISSP, ISSEP, ISSAP, CSIH

________: A direct link is provided

Each NIC will

Each NIC will see

________: Data travels between two

J.D. Fulp CISSP, ISSEP, ISSAP, CSIH

Which topology is this?

Physically... it looks like a star

Is this no longer a star topology?

J.D. Fulp CISSP, ISSEP, ISSAP, CSIH

The point is... physical layout is

If it is a MAU (or MSAU) then we have

J.D. Fulp CISSP, ISSEP, ISSAP, CSIH

If it is a hub then we have a bus

Think big blob

At what OSI layer do each of these

Basic Network Components

Most popular LAN topology today...

J.D. Fulp CISSP, ISSEP, ISSAP, CSIH

Physical star into a logical star (switch)

Bridge? ___ (most similar to switch)

Hub aka Concentrator

Hubs are considered brainless

Because hubs flood everything they

J.D. Fulp CISSP, ISSEP, ISSAP, CSIH