Network Review

Review

Ethical Hacking and Penatration Tests require you to have strong knowledge of how networks operate. As it could have been a semester or two since you took ICS 184 let us do some quick review!

You should re-familiarize yourself with the OSI Model.

The OSI model divides the communication process into seven layers, each of which represents a specific function or task that must be performed in order to transmit data between networked devices. The layers are as follows:

Physical Layer: This layer deals with the physical aspects of data transmission, such as the electrical, mechanical, and functional properties of the network's hardware components.
Data Link Layer: This layer provides reliable transmission of data over a physical link by establishing and maintaining a link between two devices.
Network Layer: This layer is responsible for routing data packets from the source device to the destination device across multiple network nodes.
Transport Layer: This layer ensures that data is transmitted reliably and accurately between devices by providing mechanisms for error detection and correction, flow control, and congestion avoidance.
Session Layer: This layer establishes and manages communication sessions between devices, allowing multiple applications to use the same network connection.
Presentation Layer: This layer is responsible for the formatting and presentation of data to the application layer.
Application Layer: This layer provides services to applications that use the network, such as file transfer, email, and remote access.

TCP

TCP (Transmission Control Protocol) is a communication protocol used in computer networks to provide reliable, ordered, and error-checked delivery of data between applications. TCP is part of the Internet Protocol (IP) suite, which also includes IP, ICMP, and UDP.

TCP operates at the transport layer of the OSI model and is responsible for managing the connection between two devices, establishing a reliable data transfer channel, and ensuring that data is delivered in the correct order and without errors.

TCP uses a three-way handshake to establish a connection between devices. In this process, the initiating device sends a SYN (synchronize) message to the receiving device, which responds with a SYN-ACK (synchronize-acknowledgment) message. Finally, the initiating device sends an ACK (acknowledgment) message to confirm the connection.

Once a connection is established, TCP sends data packets in a stream and uses sequencing and acknowledgment mechanisms to ensure that data is received in the correct order and without errors. TCP also includes flow control and congestion control mechanisms to ensure that data is transmitted at a rate that does not overwhelm the network.

UDP

UDP (User Datagram Protocol) is a communication protocol used in computer networks that provides an unreliable, connectionless transmission of data between applications. UDP is also part of the Internet Protocol (IP) suite, which includes TCP, IP, ICMP, and other protocols.

Unlike TCP, which establishes a connection between devices and ensures reliable, ordered delivery of data, UDP simply sends data packets from the source device to the destination device without establishing a connection. UDP does not guarantee that all packets will be received by the destination device, nor does it ensure that packets will be received in the correct order or without errors.

Ports

A port is a communication endpoint that identifies a specific process or service running on a networked device. Ports are used to allow multiple applications to communicate with each other over a network by providing a specific address that identifies the application or service.

Ports are identified by numbers, known as port numbers, that range from 0 to 65535. Ports are categorized into three types: well-known ports (0-1023), registered ports (1024-49151), and dynamic or private ports (49152-65535).

View the PDF below for a list of common ports. Feel free to save a copy of this for your reference!

common_ports.pdf

MAC Address

A MAC (Media Access Control) address is a unique identifier assigned to a network interface controller (NIC) for use as a network address in communications within a network segment. Every device connected to a network has a MAC address, which is a permanent and hardware-based address assigned by the manufacturer of the NIC.

A MAC address is a 48-bit number, typically represented as a series of six pairs of hexadecimal digits (0-9 and A-F) separated by colons or dashes. The first three pairs of digits represent the organizationally unique identifier (OUI) assigned to the manufacturer of the NIC, while the remaining three pairs represent the unique identifier assigned to the specific NIC.

MAC addresses are used by the data link layer of the OSI model to control access to the network and to enable devices to communicate with each other. When a device wants to send data to another device on the same network segment, it uses the destination MAC address to address the data packets.

MAC addresses are used primarily within a local network, such as a home or office network, to identify devices and control access to the network. They are not routable outside of the local network, meaning that they cannot be used to identify devices on a different network segment or on the Internet.

ARP

ARP (Address Resolution Protocol) is a protocol used in computer networking to map a network address (such as an IP address) to a physical address (such as a MAC address).

Do you have any other protocols or topics that you'd like to review? If so, please let me know by completing the Google Form below. You must be signed into your UH Google account to access it.

Additional Review Requests

Below I will continue to add items that former or current students have requested to review.

IPv4 Address

An IPv4 Address is a 32-bit number. We break up this address into 4-byte segments and call it dotted decimal notation. With each value in an IPv4 address being 8 bits the highest value is 255. IPv4 also had a class-based system before going classless.

Class A: 1.0.0.0 to 127.0.0.0

Class B: 128.0.0.0 to 172.31.255.255

Class C: 192.0.0.0 to 223.255.255.0

Private Address Ranges:

10.0.0.0 to 10.255.255.255 (Class A)

172.16.0.0 to 172.31.255.255 (Class B)

192.168.0.0 to 192.268.255.255 (Class C)

Private IPv4 addresses are not routable on the Internet.

VLSM (Variable Length Subnet Mask)

IPv4 has gone to a variable length subnet mask due to providing a more efficient use of addresses. I have provided a demo of doing VLSM (this is actually from my ICS 273 course). Below, I have also provided a Google Sheet that I hope helps you understand VLSM.

VLSM

IPv6

IPv6 came about due to IPv4 exhaustion. IPv6 has 2^ 128 addresses or 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses (yes, that is a REALLY BIG NUMBER). We write the IPv6 address in hexadecimal (base-16) and have eight groups of 4 hex values. The groups are broken up using a : (colon).

group1:group2:group3:group4:group5:group6:group7:group8

Example: 2001:0DB8:AAAA:1111:0000:0000:0000:0100

We have two rules for writing IPv6 Addresses:

Rule 1: Leading zeros in any 16-bit segment must not be written.

Recall our address:

2001:0DB8:AAAA:1111:0000:0000:0000:0100

We can shorten this to:

2001:DB8:AAAA:1111:0:0:0:100

Rule 2: The double colon (::) equals a single, contiguous string of one or more 16-bit segments that is made up of all zeros.

Example:

FE80:0000:0000:0000:0000:0000:0000:0001

Rule 1: FE80:0:0:0:0:0:0:1

Rule 2: FE80::1

You can't do Rule 2 multiple times:

FE80::A:B::1

Could be:

FE80:0:0:0:A:B:0:1

FE80:0:0:A:B:0:0:1

FE80:0:A:B:0:0:0:1