Networking 101. OSI Reference Model Data Header Header Header

Networking 101Networking 101

OSI Reference ModelOSI Reference Model

DataData

HeaderHeader

HeaderHeader

HeaderHeader

OSI Reference ModelOSI Reference Model

● We're only going to look at the Transport SetWe're only going to look at the Transport Set● Transport - various protocols; most common are Transport - various protocols; most common are

TCP, UDP, and ICMPTCP, UDP, and ICMP● Network - for us, this is IP (Internet Protocol)Network - for us, this is IP (Internet Protocol)● Data - for us, this is ethernetData - for us, this is ethernet● Physical - this is the actual hardware (cables, Physical - this is the actual hardware (cables,

hubs, switches, routers)hubs, switches, routers)

EthernetEthernet● Each unit is called Each unit is called an ean ethernet framethernet frame● Each computer has a Each computer has a Medium Access Code, Medium Access Code, or or

MAC addressMAC address● 3 parts of an ethernet frame that are important to 3 parts of an ethernet frame that are important to

us:us:– Source and Destination addressesSource and Destination addresses

● Each are 6 bytes; usually represented in hex Each are 6 bytes; usually represented in hex ● example: 00:B0:D0:D8:98:FDexample: 00:B0:D0:D8:98:FD

– Data payloadData payload● Each frame can carry 46-1500 bytes of dataEach frame can carry 46-1500 bytes of data

Internet Protocol (IP)Internet Protocol (IP)

● Each unit is called a packetEach unit is called a packet● Source and Destination addressSource and Destination address

– 4 byte number, typically represented like 172.1.68.594 byte number, typically represented like 172.1.68.59– Could be represented like ethernet addresses as well Could be represented like ethernet addresses as well

(172.1.68.59 would be AC:01:44:3B)(172.1.68.59 would be AC:01:44:3B)● ProtocolProtocol

– A number representing the protocol used by the A number representing the protocol used by the transport layer (ex. 1=ICMP, 6=TCP, 17=UDP)transport layer (ex. 1=ICMP, 6=TCP, 17=UDP)


● TTL (Time To Live)TTL (Time To Live)– This is the number of routers a packet can pass This is the number of routers a packet can pass

through before being droppedthrough before being dropped– Each time a packet passes through a router, the router Each time a packet passes through a router, the router

decrements the TTL by 1decrements the TTL by 1● Prevents router loopsPrevents router loops● By setting it to 1, you can keep anything from leaving your By setting it to 1, you can keep anything from leaving your

local networklocal network● Identification numberIdentification number

– 2 byte number used to identify the packet2 byte number used to identify the packet


● Packet lengthPacket length– Can be from 20 to 65,535 bytes (this includes the Can be from 20 to 65,535 bytes (this includes the

header length as well)header length as well)● Fragmentation informationFragmentation information

– Remember, an ethernet frame can only carry 1500 Remember, an ethernet frame can only carry 1500 bytes of databytes of data

– If the IP packet is more than 1500 bytes long, the data If the IP packet is more than 1500 bytes long, the data layer must chop the packet up in to layer must chop the packet up in to fragmentsfragments

● Each fragment has the same identification numberEach fragment has the same identification number

CountingCounting

(If you were asleep, you need to wake up now!)(If you were asleep, you need to wake up now!)

CountingCounting

● When we use numbers, we use them in a certain When we use numbers, we use them in a certain basebase

● Typically, we use base-10 without even Typically, we use base-10 without even specifying that is the base. It is just assumed.specifying that is the base. It is just assumed.

● Easiest for us because we have 10 fingersEasiest for us because we have 10 fingers● However, computers only have 2 "fingers", so However, computers only have 2 "fingers", so

they count much better in base-2 or they count much better in base-2 or binarybinary● Binary numbers get really long really fast, so we Binary numbers get really long really fast, so we

use base-16 or use base-16 or hexadecimalhexadecimal to simplify thingsto simplify things

CountingCounting

● Remember back to when you were a little kid. Remember back to when you were a little kid. When someone asked you your age, you held up When someone asked you your age, you held up your hand with a few fingers up and said "I'm this your hand with a few fingers up and said "I'm this many" – we're going to forget the names of many" – we're going to forget the names of numbers for a few minutesnumbers for a few minutes

● If you are counting with your fingers and you If you are counting with your fingers and you need to count to 11, what do you do?need to count to 11, what do you do?

● You count to 10, then start over, remembering You count to 10, then start over, remembering that you have already counted to 10 once.that you have already counted to 10 once.

CountingCounting

● Count to 21 in base-10Count to 21 in base-10● Count to 21 in base-8Count to 21 in base-8● Count to 21 in base-16Count to 21 in base-16● Count to 1111 in base-2Count to 1111 in base-2

CountingCounting● 0000 - 00000 - 0● 0001 - 10001 - 1● 0010 - 20010 - 2● 0011 - 30011 - 3● 0100 - 40100 - 4● 0101 - 50101 - 5● 0110 - 60110 - 6● 0111 - 70111 - 7

● 1000 - 81000 - 8● 1001 - 91001 - 9● 1010 - A1010 - A● 1011 - B1011 - B● 1100 - C1100 - C● 1101 - D1101 - D● 1110 - E1110 - E● 1111 – F1111 – F

LogicLogic

● Used when you want to make a decision based on Used when you want to make a decision based on some conditionssome conditions

● You might go buy lunch if you [are hungry] You might go buy lunch if you [are hungry] ANDAND [you have enough money to buy lunch][you have enough money to buy lunch]

● [not hungry][not hungry] AND AND [no money][no money] -> -> don't get lunchdon't get lunch● [not hungry][not hungry] AND AND [money][money] -> -> don't get lunchdon't get lunch● [hungry][hungry] AND AND [no money][no money] -> -> don't get lunchdon't get lunch● [hungry][hungry] AND AND [money][money] -> -> get lunchget lunch

LogicLogic

● You might take vacation time if you [need a break You might take vacation time if you [need a break from work] OR [for a special event] OR bothfrom work] OR [for a special event] OR both

● [no break][no break] OR OR [no event][no event] -> -> no vacationno vacation● [no break][no break] OR OR [event][event] -> -> vacationvacation● [break][break] OR OR [no event][no event] -> -> vacationvacation● [break][break] OR OR [event][event] -> -> vacationvacation● Now, let's change the Now, let's change the red red items to items to 00's and the 's and the green green

items to items to 11's...'s...

LogicLogic

Logical AND and ORLogical AND and OR

00 OR OR 00 = = 00

00 OR OR 11 = = 11

11 OR OR 00 = = 11

11 OR OR 11 = = 11

00 AND AND 00 = = 00

00 AND AND 11 = = 00

11 AND AND 00 = = 00

11 AND AND 11 = = 11

LogicLogic

● We just applied the AND and OR operators to a We just applied the AND and OR operators to a single bit, but they can also be applied to a whole single bit, but they can also be applied to a whole byte, or even multiple bytes. This is called a byte, or even multiple bytes. This is called a bitwise AND bitwise AND or or bitwise ORbitwise OR

● [1101 1001] AND [1111 1100] = ???? ????[1101 1001] AND [1111 1100] = ???? ????● You simply apply the operator to each column You simply apply the operator to each column

seperately...seperately...

LogicLogic

● [ [ 11 11 00 11 11 00 00 11 ] AND ] AND ● [ [ 11 11 11 11 11 11 00 00 ] = ] =● [ [ 11 11 00 11 11 00 00 00 ] ]

00 AND AND 00 = = 00

00 AND AND 11 = = 00

11 AND AND 00 = = 00

11 AND AND 11 = = 11

Counting and LogicCounting and Logic

Any questions on counting or logic?Any questions on counting or logic?

AddressingAddressing

● What is an IP address?What is an IP address?● Let's look at 172.1.68.107 as an exampleLet's look at 172.1.68.107 as an example● Part of this is the Part of this is the network addressnetwork address and part of it is and part of it is

the the host addresshost address● First, we'll sayFirst, we'll say

– The The network address network address is "172.1.68.0"is "172.1.68.0"– The The host address host address is "107"is "107"

MaskingMasking

● Have you ever used Have you ever used maskingmasking tape while painting? tape while painting?● Used as a cover to keep from seeing somethingUsed as a cover to keep from seeing something● There is such a thing as There is such a thing as maskingmasking with bits as well with bits as well● In some situations, you may need to look at In some situations, you may need to look at

certain bits in a binary numbercertain bits in a binary number● To look at only those bits, you create another To look at only those bits, you create another

binary number, called a binary number, called a maskmask and you perform a and you perform a bitwise AND bitwise AND of the number and the maskof the number and the mask

MaskingMasking

● Think back to our previous example of the Think back to our previous example of the bitwise ANDbitwise AND

● Our first binary number was 1101 1001Our first binary number was 1101 1001● Let's say that the first 6 digits are important to us Let's say that the first 6 digits are important to us

and we don't care about the last 2and we don't care about the last 2● If a digit is important, it means we want to know If a digit is important, it means we want to know

if that digit is a 1 or 0. If we don't care about it, it if that digit is a 1 or 0. If we don't care about it, it means it doesn't matter whether it is a 1 or 0 (we means it doesn't matter whether it is a 1 or 0 (we end up using a 0 as a placeholder for these digits)end up using a 0 as a placeholder for these digits)

MaskingMasking

● I realize it may seem silly to say we have to use a I realize it may seem silly to say we have to use a mask to determine if a digit is a 1 or 0 since we mask to determine if a digit is a 1 or 0 since we can simply tell by looking at it. But remember, can simply tell by looking at it. But remember, computers don't have eyes.computers don't have eyes.

● To create a To create a mask, mask, use a use a 1 1 for the digits that are for the digits that are important, and use a important, and use a 0 0 for the digits that are notfor the digits that are not

● So, since we consider the first 6 digits to be So, since we consider the first 6 digits to be important and don't care about the last 2, we important and don't care about the last 2, we would use 1111 1100would use 1111 1100

MaskingMasking

● Reviewing our example of the bitwise AND, we Reviewing our example of the bitwise AND, we havehave

● Our binary number: [Our binary number: [11110011 11000011] AND ] AND ● Our bitwise mask [Our bitwise mask [11111111 11110000] =] =● The answer! [The answer! [11110011 11000000]]● This leads us to the This leads us to the subnet mask subnet mask or or netmasknetmask● A subnet mask is used to separate the A subnet mask is used to separate the network network

address address from the from the host addresshost address

Some ReviewSome Review

● An IP address can also be represented like a MAC An IP address can also be represented like a MAC address -- 172.address -- 172.11..6868..107107 would be would be ACAC::0101::4444::6B6B

● 172.1172.1..6868.0 (or .0 (or ACAC::0101::4444:00) is the :00) is the network network addressaddress

● 107107 (or (or 6B6B) is the ) is the host addresshost address● We use We use hexadecimal hexadecimal numbers to represent numbers to represent binary binary

numbersnumbers● Let's review that representationLet's review that representation

CountingCounting● 0 - 00000 - 0000● 1 - 00011 - 0001● 2 - 00102 - 0010● 3 - 00113 - 0011● 4 - 01004 - 0100● 5 - 01015 - 0101● 6 - 01106 - 0110● 7 - 01117 - 0111

● 8 - 10008 - 1000● 9 - 10019 - 1001● A - 1010A - 1010● B - 1011B - 1011● C - 1100C - 1100● D - 1101D - 1101● E - 1110E - 1110● F - 1111F - 1111


● So, translating our hexadecimal IP address, So, translating our hexadecimal IP address, ACAC::0101::4444::6B6B, , to binary form, we get to binary form, we get

● [0111 11110111 1111]:[0000 00010000 0001]:[0100 01000100 0100]:[0110 10110110 1011]● So, if we are only interested in the So, if we are only interested in the network network

addressaddress, what would our , what would our subnet mask subnet mask be?be?● [1111 11111111 1111]:[1111 11111111 1111]:[1111 11111111 1111]:[0000 00000000 0000]● Performing a bitwise AND, we getPerforming a bitwise AND, we get● [0111 11110111 1111]:[0000 00010000 0001]:[0100 01000100 0100]:[0000 00000000 0000]


● [0111 11110111 1111]:[0000 00010000 0001]:[0100 01000100 0100]:[0000 00000000 0000]● Translating this to hexadecimal, we getTranslating this to hexadecimal, we get● ACAC::0101::4444::00 00 or in dotted decimal, or in dotted decimal, 172172..11..6868..00● If our subnet mask wasIf our subnet mask was[1111 11111111 1111]:[1111 11111111 1111]:[1111 11111111 1111]:[0000 00000000 0000]in binary, what would it be in hexadecimal?in binary, what would it be in hexadecimal?● FFFF::FFFF::FFFF::00 00 or, in dotted decimal, or, in dotted decimal, 255255..255255..255255..00


● However, what if we use 255.255.255.192 as the However, what if we use 255.255.255.192 as the subnet mask. What does that mean?subnet mask. What does that mean?

● First, convert it to hexadecimal: First, convert it to hexadecimal: FFFF::FFFF::FFFF::CC00● Then, to binary:Then, to binary:[1111 11111111 1111]:[1111 11111111 1111]:[1111 11111111 1111]:[111100 000000 0000]● If we use this as a subnet mask for our example IP If we use this as a subnet mask for our example IP

address, 172.1.68.107 (or address, 172.1.68.107 (or ACAC::0101::4444::66BB), we have), we have


● ACAC::0101::4444::66B B ==[0111 11110111 1111]:[0000 00010000 0001]:[0100 01000100 0100]:[010110 101110 1011]● Subnet mask: FFFF::FFFF::FFFF::CC00 = =[1111 11111111 1111]:[1111 11111111 1111]:[1111 11111111 1111]:[111100 000000 0000]● Performing a bitwise AND gives usPerforming a bitwise AND gives us[0111 11110111 1111]:[0000 00010000 0001]:[0100 01000100 0100]:[010100 000000 0000]● Converting this to hexadecimal: Converting this to hexadecimal: ACAC::0101::4444::4400● Now, in dotted decimal: Now, in dotted decimal: 172172..11..6868.64.64


● Now, we have the Now, we have the network addressnetwork address for for 172.1.68.107 when the 172.1.68.107 when the subnet masksubnet mask is is 255.255.255.192 -> 172.1.68.64255.255.255.192 -> 172.1.68.64

● So, what is a network address anyway?So, what is a network address anyway?● All computers that have the same network All computers that have the same network

address are considered address are considered local local to each otherto each other● Computers that are Computers that are local local to each other can send to each other can send

data to each other directly. If they are not local, data to each other directly. If they are not local, they must "talk" through a they must "talk" through a routerrouter


Any questions on addressing?Any questions on addressing?

Hubs, Switches, and RoutersHubs, Switches, and Routers

● These are the main devices we hear about that These are the main devices we hear about that connect computers togetherconnect computers together

● Each uses one more layer from the OSI reference Each uses one more layer from the OSI reference model than the previous onemodel than the previous one

● Hubs and switches perform a similar function; Hubs and switches perform a similar function; switches are just more intelligentswitches are just more intelligent

● Routers perform a different function than hubs Routers perform a different function than hubs and switchesand switches

HubsHubs

● Function at the Function at the physical layerphysical layer (layer 1) of the OSI (layer 1) of the OSI modelmodel

● No intelligence - doesn't look at any dataNo intelligence - doesn't look at any data● All traffic is sent to every portAll traffic is sent to every port

HubsHubs● The medium is shared by all the connected The medium is shared by all the connected

computerscomputers● Kind of like an intercom systemKind of like an intercom system

– Only one person can talk at a timeOnly one person can talk at a time– Everyone else hears what the person saidEveryone else hears what the person said– If the person speaking is not talking to you, you just If the person speaking is not talking to you, you just

ignore them (unless you want to eavesdrop on what is ignore them (unless you want to eavesdrop on what is said)said)

– When two people talk at the same time, the message When two people talk at the same time, the message is garbled and each of you has to try again is garbled and each of you has to try again

● This is called a This is called a collisioncollision

Hubs - ProsHubs - Pros

● Good for troubleshootingGood for troubleshooting– Remember the part about eavesdropping with an Remember the part about eavesdropping with an

intercom system?intercom system?– You can use a network traffic "sniffer" to "hear" what You can use a network traffic "sniffer" to "hear" what

the other computers on the hub are saying even if they the other computers on the hub are saying even if they are not talking specifically to youare not talking specifically to you

● tcpdump, etherealtcpdump, ethereal

Hubs - ConsHubs - Cons

● Don't scale wellDon't scale well– Remember only 1 computer can talk at a timeRemember only 1 computer can talk at a time

● If 100 computers are connected together, each one will If 100 computers are connected together, each one will have to wait a lot longer to talk than if only 10 computers have to wait a lot longer to talk than if only 10 computers were connected together were connected together

● Therefore, more computers mean more collisionsTherefore, more computers mean more collisions● No computer can talk and listen at the same timeNo computer can talk and listen at the same time

– This is called This is called half duplexhalf duplex– Duplex - the ability to communicate simultaneously Duplex - the ability to communicate simultaneously

in 2 directionsin 2 directions

SwitchesSwitches● Function at the Function at the data layer data layer (layer 2) of the OSI (layer 2) of the OSI

modelmodel● More like a telephone system than an intercom More like a telephone system than an intercom

systemsystem– Telephones allow you to talk directly to another Telephones allow you to talk directly to another

person without anyone else listeningperson without anyone else listening– Allows you to talk and listen at the same timeAllows you to talk and listen at the same time

● Full DuplexFull Duplex

SwitchesSwitches

● More secureMore secure– Only sends data to desired recipientOnly sends data to desired recipient

● Scale betterScale better– Because the medium is not shared by all computers, Because the medium is not shared by all computers,

more than one can talk at a timemore than one can talk at a time● IntelligentIntelligent

– Keeps a table of which MAC addresses are connected Keeps a table of which MAC addresses are connected to which ports (to which ports (lookup tablelookup table))

SwitchesSwitches● How do they keep track of who is on which port?How do they keep track of who is on which port?

– Each ethernet frame has a source and destination Each ethernet frame has a source and destination addressaddress

– When a computer sends some data, the switch looks When a computer sends some data, the switch looks at the source address and adds it to its list of at the source address and adds it to its list of computers on that portcomputers on that port

– If it doesn't have the destination port in its table If it doesn't have the destination port in its table anywhere, it sends the packet to all ports (except the anywhere, it sends the packet to all ports (except the one the packet come in on)one the packet come in on)

– Entries in the table expire (are erased) after some Entries in the table expire (are erased) after some amount of time (5 to 30 minutes)amount of time (5 to 30 minutes)

RoutersRouters

● A A router router is simply a computer (or network is simply a computer (or network device) that is part of multiple subnets that knows device) that is part of multiple subnets that knows how to relay data between the different subnetshow to relay data between the different subnets

● Normally, the router has a separate network Normally, the router has a separate network interface to each of the networksinterface to each of the networks

● It uses a It uses a routing tablerouting table to keep track of which to keep track of which subnet each interface is connected tosubnet each interface is connected to

RoutingRouting

● Here is a sample routing tableHere is a sample routing table

Destination Gateway Mask Interface172.1.68.0 0.0.0.0 255.255.255.192 Eth1172.1.68.64 0.0.0.0 255.255.255.192 Eth2172.1.68.128 0.0.0.0 255.255.255.192 Eth3172.1.68.192 0.0.0.0 255.255.255.192 Eth4172.1.15.39 0.0.0.0 255.255.255.0 Eth00.0.0.0 172.1.15.1 0.0.0.0 Eth0

0.0.0.0 is the 0.0.0.0 is the default routedefault route. Any traffic with a destination . Any traffic with a destination address not in the routing table gets sent out this interface.address not in the routing table gets sent out this interface.

Hubs, Switches, and RoutersHubs, Switches, and Routers

Any questions on hubs, switches or Any questions on hubs, switches or routers?routers?

Where IP and Ethernet MeetWhere IP and Ethernet Meet

● Remember that IP and ethernet are on different Remember that IP and ethernet are on different layers of the OSI Reference Modellayers of the OSI Reference Model

● Once a computer knows the IP address of another Once a computer knows the IP address of another computer with which it wants to communicate, it computer with which it wants to communicate, it needs to figure out the other computer's ethernet needs to figure out the other computer's ethernet (or MAC) address (if it is local)(or MAC) address (if it is local)

● It uses the It uses the address resolution protocoladdress resolution protocol to do this to do this

Address Resolution Protocol (ARP)Address Resolution Protocol (ARP)

● Computers use ARP to map MAC addresses to IP Computers use ARP to map MAC addresses to IP addressesaddresses

● If 172.1.68.107 wants to talk to 172.1.68.108, it If 172.1.68.107 wants to talk to 172.1.68.108, it knows the source and destination knows the source and destination IP IP addresses, addresses, but it only knows its own but it only knows its own MACMAC address address

● An An ARP RequestARP Request is sent to MAC address is sent to MAC address FF:FF:FF:FF:FF:FF, which is known as the FF:FF:FF:FF:FF:FF, which is known as the broadcast addressbroadcast address, asking for the computer , asking for the computer having 172.1.68.108 to respond with an having 172.1.68.108 to respond with an ARP ARP replyreply telling what its MAC address is telling what its MAC address is

Address Resolution Protocol (ARP)Address Resolution Protocol (ARP)

● It then adds the other computer's MAC address to It then adds the other computer's MAC address to its its ARP tableARP table, which is just a mapping of IP , which is just a mapping of IP addresses and MAC addressesaddresses and MAC addresses

● Each entry in the table expires after some amount Each entry in the table expires after some amount of time (4.5 min. on linux, 20.5 min. on solaris)of time (4.5 min. on linux, 20.5 min. on solaris)

Where IP and Ethernet MeetWhere IP and Ethernet Meet

● What happens if the other computer is not local?What happens if the other computer is not local?● We know it must communicate through a routerWe know it must communicate through a router● At the IP layer, we send data to the intended IP At the IP layer, we send data to the intended IP

address (172.1.68.108 from our example)address (172.1.68.108 from our example)● However, at the ethernet layer, we send data to the However, at the ethernet layer, we send data to the

routerrouter● The router then sends it to the right network or to The router then sends it to the right network or to

another router and, eventually, it will be sent to another router and, eventually, it will be sent to the other computerthe other computer

The Transport LayerThe Transport Layer

DataData

HeaderHeader

HeaderHeader

HeaderHeader


● There are many protocols at the There are many protocols at the transport layertransport layer● Some of the more common ones you may have Some of the more common ones you may have

heard are heard are – TCP - transmission control protocolTCP - transmission control protocol– UDP - user datagram protocolUDP - user datagram protocol– ICMP - internet control message protocolICMP - internet control message protocol


● TCP and UDP have what are called TCP and UDP have what are called portsports● To understand ports, lets look at how apartment To understand ports, lets look at how apartment

complexes generally numberedcomplexes generally numbered● Each building has an addressEach building has an address● Within the building, each apartment has an Within the building, each apartment has an

address as welladdress as well● My old address was 2921-33My old address was 2921-33● 2921 was the building number, 33 was the 2921 was the building number, 33 was the

apartment numberapartment number


● Think of the network as an apartment complexThink of the network as an apartment complex● Each computer has an address like each building Each computer has an address like each building

has an addresshas an address● Each program has an address like each apartment Each program has an address like each apartment

has an addresshas an address


● Some of the programs have standard addresses so Some of the programs have standard addresses so they can be found more easilythey can be found more easily– Web server programs use port 80Web server programs use port 80– FTP server programs use port 21FTP server programs use port 21– SSH server programs use port 22SSH server programs use port 22– Windows networking primarily uses ports 135-139 Windows networking primarily uses ports 135-139

and 445and 445● As with IP addresses, there are both a As with IP addresses, there are both a source source and and

destinationdestination port used when communicating port used when communicating


● The source and destination ports do not have to The source and destination ports do not have to be equalbe equal

● For example, if I am using a web browser, the For example, if I am using a web browser, the destination port is going to be 80, but the port my destination port is going to be 80, but the port my computer uses doesn't have to be 80 (and in fact computer uses doesn't have to be 80 (and in fact probably won't be)probably won't be)


Any questions on the transport layer?Any questions on the transport layer?

Domain Name ServersDomain Name Servers

● Computers only know how to communicate using Computers only know how to communicate using IP addressesIP addresses

● So, when you type www.ncsu.edu, your computer So, when you type www.ncsu.edu, your computer needs to figure out what IP address is associated needs to figure out what IP address is associated with www.ncsu.eduwith www.ncsu.edu

● To get this information, it asks a To get this information, it asks a domain name domain name serverserver

● A domain name server is a program that knows A domain name server is a program that knows what IP addresses belong to which names and vice what IP addresses belong to which names and vice versaversa

Unicast and BroadcastUnicast and Broadcast

● Computers can communicate in different waysComputers can communicate in different ways– Unicast - 1 computer to other 1 computerUnicast - 1 computer to other 1 computer– Broadcast - 1 computer to everyone else (that is local)Broadcast - 1 computer to everyone else (that is local)

● Unicast is how we typically think of computers Unicast is how we typically think of computers communicating - it is similar to 2 people having a communicating - it is similar to 2 people having a conversationconversation

● Broadcast is more like giving a presentation - one Broadcast is more like giving a presentation - one person talking to everyone else in the roomperson talking to everyone else in the room

Unicast and BroadcastUnicast and Broadcast

● For unicast, the other computer's IP address is For unicast, the other computer's IP address is used as the used as the destinationdestination addressaddress

● For broadcast, there are specific IP addresses For broadcast, there are specific IP addresses used that all computers know to be broadcast used that all computers know to be broadcast addressesaddresses

● Each subnet has its own broadcast address -- it is Each subnet has its own broadcast address -- it is the highest address in that subnetthe highest address in that subnet

● Additionally, there is a broadcast address that is Additionally, there is a broadcast address that is not specific to any subnet - 255.255.255.255not specific to any subnet - 255.255.255.255

FirewallsFirewalls

● In construction, a firewall is a structure built to In construction, a firewall is a structure built to protect against a fire spreading from one location protect against a fire spreading from one location to anotherto another

● A network firewall is a device that keeps network A network firewall is a device that keeps network traffic that we consider to be harmful (or that even traffic that we consider to be harmful (or that even might might be harmful) from coming into our networkbe harmful) from coming into our network

● There are 2 types of network firewallsThere are 2 types of network firewalls– Packet levelPacket level– Application levelApplication level

FirewallsFirewalls● Packet level firewalls filter data based on the Packet level firewalls filter data based on the

information in each packet.information in each packet.– Source and/or destination IP addressSource and/or destination IP address– Transport layer protocolsTransport layer protocols– Source and/or destination port (for TCP and UDP)Source and/or destination port (for TCP and UDP)

● Packet level firewalls can be on a computer or a Packet level firewalls can be on a computer or a routerrouter

● It is generally recommended to filter packets with It is generally recommended to filter packets with a source or destination port of 135-139 or 445 to a source or destination port of 135-139 or 445 to block attacks against Windowsblock attacks against Windows

FirewallsFirewalls

● An application level firewall runs on a computer An application level firewall runs on a computer and is more intelligent than a packet level and is more intelligent than a packet level firewallfirewall

● It can tell which packets are related to which It can tell which packets are related to which programs running on the computerprograms running on the computer

● These firewalls block traffic based on which These firewalls block traffic based on which programs the traffic is related toprograms the traffic is related to

● Example: ZoneAlarmExample: ZoneAlarm

Questions?Questions?

Documents

Networking 101. OSI Reference Model Data Header Header Header