Packets and Frames

frames

in the data link layer; doesn’t hold the IP

packets

hold the IP

IP headers (extra info in the packets)

1. time to live: expiration time for the packet if it doesn’t find the destination

2. checksum: when the expected value is different, data has been corrupted

3. source address: the sender’s address so the data can return

4. destination address: where the data is being sent

TCP/IP model

• connection must be sent before any data is moved

• layers: application, transport, internet, network interface

data is guaranteed to be fully received

• IP headers

  • source port: port number from where the packet was sent from

  • destination port: port number of the destination

  • source and destination IP

  • sequence number: after a connection, the first piece of data is given a sequence number

  • acknowledgement number: after being given a sequence number, the next piece has sequence number +1

  • checksum

  • data

  • flags: how pacjets should be handled

3-way handshake

1. syn: the initial packet sent to establish connection

2. syn/ack: signal sent by destination to acknowledge connection

3. ack: show the data has been received

4. data: once connection is made, data is sent

5. fin: sent to destination to finish session

6. ack AND fin: destination acknowledges the end and finishes

7. ack: sent to destination to confirm

8. rst: is problems happened, the whole connection is ended and reset

at syn, it’s given an initial number sequence and is incremented by 1 at each step

UDP/IP

• is stateless (doesn’t require constant connection)

• headers

  • time to live

  • source and destination address

  • source and destination port

  • data

• connection pathway

  • request data

  • all data is sent to destination

ports

each protocol has a unique port number

• FTP (port 21): shares files between client and servers

• SSH (port 22): used to securely login to systems thru a text-based interface

• HTTP (port 80): powers the WWW and is used to download text, images, and videos of web pages

• HTTPS (port 443): same as HTTP but secures with encryption

• SMB (port 445): similar to FTP but includes printers

• RDP (port 3389): same as SSH, but on a visual desktop interface

port forwarding

allows the public to access services and applications in a private network by mapping a public port to the private port

firewalls

• device in a network that checks who can come and go

• operates on OS layers 3 and 4

• considers where the traffic is coming from, going to, which port it’s for, which protocol it’s using, etc.

  • inspects separate packets

• stateful firewall: inspects the entire info

• stateless firewall: uses predetermined rules (case-sensitive) to inspect

• to block activity, specify the source’s IP and the destination you don’t want it to access

VPN (virtual private network)

connects separate networks into a private network

• allows 2 networks to communicate privately