Network Fundamentals — Part 2
This post is a continuation of a previous post I’ve made. This expands on the subject and touches on a little more concepts that should be known. If you haven’t read the previous post, you can find it here: https://medium.com/hackingmill/network-fundamentals-part-1-ec06fd83ac60
Now without further due let’s begin…
Last time I started the post explaining the OSI Model. This time I thought of doing something similar, so I’ll start by explaining a bit about the TCP/IP Model.
The TCP/IP model stands for Transmission Control Protocol/Internet Protocol. It was designed and developed by the Department of Defence and based on standard protocols. It contains only four layers unlike the seven of the OSI model, so you could say it is a more concise version. The model has the following essential characteristics:
- Support for a flexible TCP/IP architecture
- TCP is a connection-oriented protocol
- TCP offers high reliability and ensures that the data, which arrives out of sequence, can be put back together.
- TCP allows the implementation of flow control, so the sender never overpowers a receiver with data.
The next image shows a layer-to-layer comparison between both models and some services that run on those layers.
The application layer is the layer that interacts with software applications to implement a communication component. Unlike in the OSI model, this layer is also responsible for the interpretation of the data by the application. Some examples are file transfer, email, remote login, etc.
The transport layer builds on the network layer in order to provide data transport from a process on a source system to a process on a destination system. It helps you control the reliability of a link through flow control, error control, and segmentation/de-segmentation.
The internet layer is also known as the network layer. Its main job is sending packets from any network, and any computer to its destination irrespective of the route they take. It offers functional and procedural methods for transferring data sequences from one node to another with the help of various networks.
The network interface layer is also called the network access layer. It helps you to define the details of how the data should be sent physically through the network.
When you send data to another computer it goes through several devices, like routers and switches, but what are those (insert funny meme here…)?
Even before I start explaining about those devices, I’d like to introduce you to 4 simple concepts:
- LAN (Local Area Network) — a network of devices connected in one physical location, such as a school or an office. Can be just a home network with one user to an enterprise network with thousands.
- WAN (Wide Area Network) — a large network that is not tied to a single physical location. The Internet is the largest WAN in the world.
- ASN (Autonomous System Number) — an autonomous system is a large network (or group of networks) that has a unified routing policy. An ASN is just a number that identifies an AS.
- Routing — is the process of selecting a path across one or more networks. On the Internet, routing selects the paths that the IP packets take to travel from origin to destination.
These concepts will help you understand how to internet works and will be mentioned in the rest of this post. So, with these in mind let’s start explaining what are switches.
A network switch is a device that connects devices within a network (often called LAN) and forwards data packets to and from those devices. Unlike a router, a switch only sends the data to the single devices it is intended for, not to networks of multiple devices.
Switches can have multiple interfaces, and because of that, they have a forwarding table that maps one or more MAC addresses to an interface. This forwarding table is also called Content Addressable Memory (CAM).
The next image is an example of what a CAM can look like:
Here you can see that there is only one host connected to interfaces 1 and 3, but there are two hosts connected to interface 2. The TTL (time-to-live) defines how long an entry stays on the table, this is important because the table has a limited size. Switches learn new MACs dynamically by inspecting the header of the packets that pass through them.
When a packet that’s passing through the switch has its header inspected, there can be 3 possible actions:
1 — If the MAC is not on the table, it’s created a new entry MAC-interface
2 — If the MAC is on the table, the TTL of that entry is updated
3 — If the MAC is on the table but there is no interface connected, the switch updates the table.
Having talked about switches, it’s time to go to the other side of the coin, routers.
A router is a device that connects two or more packet-switched networks. It has two primary jobs, managing traffic between these networks and allowing multiple devices to use the same Internet connection. Most routers pass data between LANs and WANs.
When you send a packet, the only thing he knows is the destination, but not how to get there. It’s the router’s job to guide the packets to their destination as efficiently as possible. To do this the router has an internal routing table that is nothing more than a list of paths to various network destinations. Like in the switch, the router inspects the packet header to see the destination and then consults the routing table to see the right path.
The next table shows the differences between the router and the switch. All credit of this table goes to javatpoint.com which made an excellent article about this. You can find this article at: https://www.javatpoint.com/switch-vs-router
To finish this blog post there are only two more things I want to briefly introduce. I won’t go in-depth on these topics because they could be a blog post on their own.
The first thing is port forwarding.
Port forwarding allows remote servers and devices on the internet to access the devices that are on our LAN. As you can remember, your router gives you a private IP address (192.168.x.x) that stops users external to your network from making a connection directly to your devices. So without port forwarding, only devices that are part of the internal network could access each other, so your website on your webserver couldn’t be reached by others.
I still haven’t made a post talking about ports (probably gonna do a network fundamentals part 3) but essentially they are how computers distinguish between multiple services listening on one computer. You can think of them as doors to a house: your computer has 65000 doors, if door 80 that is used for websites is listening, you can say that door is unlocked. The next image does a better job explaining that I could ever due by writing.
The last bit of information I will touch on today is about VPNs.
A VPN (virtual private network) is a technology developed to allow devices of different networks to communicate in a secure way, by creating a secure dedicated channel between them. It encrypts your internet traffic and disguises your online identity by letting the network redirect it through a specially configured remote server run by a VPN host.
A VPN should have the following characteristics:
- Secure encryption — all data should be securely encrypted in a way that only with the right key can you understand it.
- Disguising whereabouts — the VPN servers act as a proxy on the internet, which means all traffic you send goes to the VPN and only then to the destination.
- Secure data transfer — VPN services connect to private servers and use encryption to reduce the risk of data leakage.
Well, this is all I have to write about today. While I was writing this I found that some concepts are still missing, but I will make a post about them someday. Also, I know some of this may be weirdly written, as if not actually planned (it isn’t), but keep in mind that I’m not a writer, and these posts are my attempt to understand better these concepts by trying to explain them. Thank you for reading and see you next time.
