New Networking

What is the OSI model, what does it stand for, and what does it provide?

The Open Systems Interconnection is a 7 layer conceptual framework that breaks down a network into 7 layers, describes how data is passed down between the layers, and how devices and protocols interact with each other on a network.

What are the layers of the OSI model?

Physical

Data Link

Network

Transport

Session

Presentation

Application

What is the first layer of the OSI model, and what is defined at this layer?

The first layer is the Physical layer.

The physical layer describes:

• The physical connection between devices.

• The transmission of raw binary data over physical mediums like copper, fiber, or radio signals.

• The protocols and technologies used like USB, 802.11 WiFi, and BASE-T

• The topology of networks

What are troubleshooting steps you could take at the first layer of the OSI model?

The first layer is physical:

• Verifying physical connections are properly seated with no damages to cables or connectors, and using tools like a cable tester to verify the wiring.

• Verify proper power delivery to devices

• Verify technologies used are compatible

• Verifying interfaces are enabled on devices like switches

• Checking for EMI

What is the second layer of the OSI model, and what does it define?

The second layer of the OSI model is the Data Link Layer and it defines:

• Two sublayers MAC and LLC.

• MAC completes hardware addressing through MAC addresses.

• LLC completes error checking using CRC.

• Communication in a LAN or VLAN using MAC addressing.

What is a MAC address?

A MAC address is a unique identifier assigned to NICs for communication at layer 2

What is a frame?

A frame is a unit of data used at the 2nd layer and is comprised of:

• A header with source and destination MAC addresses and VLAN IDs

• A payload with the data being transmitted

• A trailer with error checking information

What are some troubleshooting steps you can do at layer 2?

Layer 2 is the Data Link layer and troubleshooting includes:

• Running a loopback test to verify NIC functionality

• Ensure that devices are set to the same duplex mode.

• Ensure no duplicate MAC addresses on the network, and the device has the correct MAC address.

• Verifying the MAC / ARP table of a switch is correctly assigned

What is the 3rd layer of the OSI model and what is defined at this layer?

The 3rd layer of the OSI model is the Network Layer and it defines:

• The ability to route data between networks using IP addressing and protocols like OSPF, BGP, and RIP.

• The use of packets and fragmentation and reassembly

• Subnetting

What is a packet?

A packet is a unit of data for communication at layer 3 and it is comprised of:

• Header with source/destination IP addresses and routing information.

• Payload with the data being transmitted.

• An optional footer with error checking or data some protocols may add.

What is an MTU?

A Maximum Transmission Unit is the largest size a packet can be sent or received in a single network transaction.

What happens if an MTU is too big and too small?

A large MTU decreases performance because it must be fragmented.

A Small MTU increases latency because more packets must be sent for the same amount of data.

What is a subnet, and what layer does it operate at?

A subnet operates at layer 3 and logically divides a network into smaller subnets using IP addressing and a subnet mask to define the network ID.

What is the difference between a packet and a frame?

A packet is in layer 3 and is used for communication across different networks.

A frame is in layer 2 and is used for communication across the same network/VLAN.

What is a VLAN, and what layer does it operate at?

A VLAN operates at layer 2 and is a logical partition of a physical network using VLAN IDs to group devices into separate broadcast domains.

What is the difference between a VLAN and a subnet?

VLAN is layer 2, a subnet is layer 3

VLANs are used for seperating broadcast domains, subnets are used for IP address management and routing.

What is a broadcast domain?

Any broadcast packets sent by a device are received by all devices in the same broadcast domain.

What is a broadcast packet, and what are some examples?

A broadcast packet is a type of network packet used to communicate with all devices on a network segment simultaneously.

Examples include:

• ARP requests

• DHCP discover

• Network discovery (file/printer sharing)

• Wake on LAN

What is a broadcast address?

A broadcast address is the last IP address in a network ending in 255 for the host ID and is used to simultaneously send data to all devices on the network.

What is ARP?

Address Resolution Protocol is a network protocol that operates at layer 3 and is used to map an IP address to a MAC address.

How do ARP discovery/requests work?

Device A wants to communicate to Device B, but does not know its MAC address.

Device A sends out an ARP request to the broadcast domain, and Device B responds with its MAC address.

Additionally, a layer 3 switch holds its own ARP table so that switch could respond to Device A on behalf of device B.

If device B is on a different network, then device A uses its default gateway to attempt to reach device B.

What is NAT, what layer does it operate at, and what is its most common use?

Network Addressing Translation is a networking function that modifies network address information in IP packet headers while in transit.

NAT is most commonly used to allow multiple devices on a LAN to share a single public IP address.

What is layer 4 in the OSI model, and what is defined in this layer?

Layer 4 of the OSI model is the Transport layer and it defines:

• The mechanisms to transport data across systems and networks

• Port numbers to ensure data is passed to the right service.

• Segmentation and Reassembly of data streams to ensure reliable communication.

What is layer 4 segmentation and reassembly?

The transport layer is responsible for mechanisms of data transport across a network. Segmentation allows data streams to be broken down into segments that can be reliably sent across a network. Reassembly is done at the host.

What is a port?

A port is a logical endpoint used to identify specific processes or services on a device, allowing them to share the same IP address, and ensures data is directed to the correct service.

What is the difference between fragmentation and segmentation?

Fragmentation occurs at layer 3 and it breaks packets down smaller to ensure compatibility with devices with different MTUs.

Segmentation occurs at layer 4 and breaks down data streams into segments to ensure reliable communciations.

What is layer 5 of the OSI model and what is defined here?

Layer 5 is the Session layer and it defines:

• The protocols responsible for establishing, maintaining, and terminating sessions between devices or applications.

• The dialog control between devices, like half-duplex or full.

• Synchronization that provides checkpoints and recovery mechanisms during long sessions.

What is layer 6 of the OSI model, and what is defined here?

Layer 6 of the OSI model is the Presentation layer and it defines:

• The conversion of data into a format an application can understand like ASCII to EBCDIC

• Encryption and Decryption protocols like SSL and TLS

• Compression and Decompression to reduce the size of data for efficient transmission

Layer 6 of the OSI model involves the conversion of data into a format an application can understand. What exactly does this mean?

Everything sent between devices on a network is in binary. However, different applications require different formats. A string of binary in UTF-8 is going to be entirely different than the same string of binary in HTML.

What is layer 7 of the OSI model and what is defined here?

Layer 7 is the Application layer and it defines:

• The interface between the network and software.

• The submission of data by an end user, and passes it to lower layers of the OSI model.

• Protocols used by software like HTTP/S, SSH, SMTP, POP/3

What is a common misconception of the 7th layer of the OSI model?

A common misconception with the Application layer is that this layer IS the software that a user interacts with.

Rather, the application layer provides the software the functionality to use network services.

What is the TCP/IP model, and what are its layers?

The TCP/IP model is a 4 layer conceptual framework that organizes internet protocols into 4 layers:

• Physical

• Internet which handles logical addressing using IP addresses

• Transport which handles end to end communication like TCP or UDP

• Application which handles high level protocols for user services like HTTP/S, DNS, POP/3

What is the difference between the OSI model and the TCP/IP model?

They are two separate models.

The OSI model is meant to describe the transfer of data from devices step by step.

The TCP/IP model is meant to describe internet protocols and how they transfer data between devices or services.

What is a hub and what layer does it operate at?

A hub is a legacy networking device operating at layer 1 that connects devices to a network through a wired, half-duplex interface, and repeats network traffic to all connected devices.

What is a repeater, and what layer does it operate at?

A repeater is a networking device operating at layer 1 that takes an incoming signal, amplifies it, and retransmits it to extend the range of a network.

What is a NIC, and what layer does it operate at?

A Network Interface Card operates at layer 2 and is a hardware networking component that allows network connectivity and uniquely identifies a device through a MAC address.

What is an AP/WAP and what layer does it operate at?

A (Wireless) Access Point operates at layer 2 and is a networking device that connects devices to a network using radio waves.

What is a bridge and what layer does it operate at?

A bridge is a legacy networking device operating at layer 2 that connects multiple LAN segments by forwarding frames on a destination MAC address.

Give an example of a legacy network using bridges and hubs.

Building A has 5 devices connected to a hub, all within one collision domain.

Building B has another 5 devices connected to a different hub, all within another separate collision domain.

A bridge would connect both buildings, and would store the MAC addresses of all devices in building A and B.

The bridge would also separate the two collision domains instead of joining them.

What is a collision domain?

A collision domain is a network segment where frames can collide with each other, causing their signals to interfere with each other and leading to network slowdowns.

What solved collision domains?

Switches and routers solved collision domains because each port or interface had its own collision domain.

What is a switch and what layer does it operate at?

A switch is a modern networking device that connects devices to a network through an independent wired interface.

A switch can operate in layer 2 or 3.

A layer 2 switch makes forwarding decisions based on a destination MAC address.

A layer 3 switch makes forwarding decisions based on a destination IP address.

What is a router, and what layer does it operate at?

A router is a networking device operating at layer 3 that connects networks together and forwards data to a destination IP address.

What is a firewall and what layer does it operate at?

A firewall is a networking device or software that monitors and controls incoming and outgoing traffic based on predefined rules called an ACL between networks.

A firewall can operate at layer 3 to filter IP addresses

A firewall can operate at layer 4 to filter ports

A firewall can operate at layer 7 to files specific protocols like HTTP, Telnet, FTP, etc.

What is encapsulation in the OSI model?

Encapsulation is the process of wrapping data with protocol headers (and one trailer at layer 2) as it moves down the OSI model with each layer adding its own specific information.

What is decapsulation in the OSI model?

Decapsulation is removing protocol headers (and one trailer at layer 2) as it moves up the OSI model with each layer stripping information no longer needed.

What kind of information is added to headers during encapsulation?

Layer 7 - Application - Adds ONLY application specific data like DNS query or HTTP/S request, no headers

Layer 4 - Transport - Adds TCP or UDP headers with source/destination ports

Layer 3 - Network - Adds an IP header with source/destination IP addresses and TTL

Layer 2 - Data Link - Adds an ethernet frame with source/destination MAC addresses and error checking.

What is a PDU, and what does is it referred to at each layer?

Layers 5-7 is just the data

Layer 4 is Segment for TCP and Datagram for UDP

Layer 3 is Packets

Layer 2 is Frames

Layer 1 is bits

What is a protocol?

A method or set of rules that establish how devices can communicate for a certain purpose.

What is a connection orientated protocol and its characteristics?

A protocol where data delivery is guaranteed.

The sending device resends any packet that the destination device does not receive.

A lack of acknowledgement is sufficient reason to retransmit.

What is a connectionless orientated protocol and its characteristics?

A protocol where data is just sent with no guarantee of data delivery.

There are no mechanisms of retransmission of data.

What is TCP?

Transmission Control Protocol is a transport layer, connection orientated, communication protocol that provides standards and rules for how data is sent through a network.

What is IP?

Internet Protocol defines how packets are addressed and routed to their destination, and has each computer uniquely identify themselves on a network in the form of an IP address.

How does TCP establish and terminate a connection between devices?

TCP establishes and terminates a connection using the TCP 3 way handshake:

1. The host initiates a connection by sending an SYN (Synchronize) message.

2. The client receives the SYN message and acknowledges it by sending a SYN-ACK message

3. The host receives the SYN-ACK message and responds with an ACK message.

What is UDP?

User Datagram Protocol is a transport layer, connectionless communications protocol that does not guarantee data delivery.

What is ICMP, and what layer does it operate at?

Internet Control Message Protocol operates at layer 3 and provides error checking and reporting for network devices. Most commonly known as ping.

What is source quenching in networking?

Source quenching is an ICMP functionality that limits data from a sender as it is too much data for the source to handle.

What is IPSec, what layer does it operate at, and what are its features?

IP Security is a suite of protocols used to secure IP traffic at layer 3 through encryption, authentication, and integrity checks.

IPSec’s features include:

• AH (Authentication Header) provides authentication and integrity checking for packets, and ESP provides encryption.

• Transport mode - encrypts data only

• Tunnel Mode - found commonly in VPNs encrypts entire packets

• IKE for secure Key management.

What is GRE, what layer does it operate at, and what is the point?

Generic Routing Encapsulation is a layer 3 tunneling protocol used to encapsulate network traffic in order to send it across an IP network like the internet.

The point of GRE is to create a point-to-point tunnel useful for sending routing protocols that don’t normally work over public networks.

What is FTP, what ports does it traditionally use, and what layer does it operate at?

File Transfer Protocol provides insecure file transfers and management on ports 20 and 21 through TCP and operates at layer 7 the application layer.

What are the two modes of FTP?

Active mode uses port 21 for control commands and port 20 for data transfer.

Passive mode only uses port 21 for control commands and a random port on the server for data transfer.

What is SFTP, what ports does it traditionally use, and what layer does it operate at?

Secure File Transfer Protocol provides secure file transfers and management on port 22 over TCP and operates at layer 7 the application layer.

What is SSH, what ports does it traditionally use, and what layer does it operate at?

Secure Shell provides a secure method to remotely control or execute commands on other devices through a CLI on port 22 over TCP, operating at layer 7.

What is Telnet, what ports does it traditionally use, and what layer does it operate at?

Telnet provides an insecure method to remotely control or execute commands on other devices through a CLI on port 23 over TCP, operating at layer 7.

What is SMTP, what ports does it traditionally use, and what layer does it operate at?

Simple Mail Transfer Protocol insecurely defines how mail messages are formatted, addressed, and delivered over a network on port 25 over TCP, operating at layer 7.

What is SMTPS, what port does it traditionally use, and what layer does it operate at?

Simple Mail Transfer Protocol securely defines how mail messages are formatted, addressed, and delivered over a network by wrapping SMTP data in SSL or TLS on port 587 over TCP, operating at layer 7.

What is DNS, what port does it traditionally use, and what layer does it operate at?

Domain Name System provides resolution from human readable domain names into IP addresses devices can understand on port 53 over UDP or TCP, operating at layer 7.

What is DHCP, what ports does it traditionally use, and what layer does it operate at?

Dynamic Host Configuration Protocol provides automated IP configuration on devices on ports 67 and 68 over UDP, operating at layer 7.

What is TFTP, what ports does it traditionally use, what layer does it operate at, and what are its features and common use cases?

Trivial File Transfer Protocol provides insecure file transfer on port 69 over UDP, operating at layer 7.

TFTP does not provide any file management, only file transfer with no navigations.

TFTP is commonly used for PXE booting and networking device configs.

What is HTTP, what ports does it traditionally use, and what layer does it operate at?

Hyper Text Transfer Protocol provides stateless and insecure data transfers from an HTTP server, commonly for websites, on port 80 over TCP, operating at layer 7.

What is NTP, what ports does it traditionally use, and what layer does it operate at?

Network Time Protocol provides time synchronization on devices on port 123 over UDP, operating at layer 7.

What is SNMP, what ports does it traditionally use, and what layer does it operate at?

Simple Network Management allows networking devices to communicate their state to a central system on port 161 to receive data and port 162 to send data, both over UDP and on layer 7.

What is an MIB is SNMP?

Management Information Bases is a database that defines what data a device can share via SNMP.

What are the GET, GET NEXT, WALK, SET, and TRAP commands in SNMP?

GET is used by the SNMP manager to request data, ex: “What is your current CPU usage“

GET NEXT is used by the SNMP manager to request the next object in the MIB list

WALK is used by the SNMP manager to request a series of GET NEXT commands in the MIB list

SET is used by the SNMP manager to change the value of something, ex enabling a port or renaming a hostname

TRAP is sent by an agent to alert an SNMP manager of an event, ex “Temperatures are too high“ or “Interface 3 is down“

What are the differences between SNMPv1, SNMPv2, SNMPv2c, and SNMPv3?

SNMPv1 / 2 / 2c all use community strings as a “password“ for basic authentication and each version adds new commands and better performance.

SNMPv3 is the only version that supports full authentication and encryption features.

What is LDAP, what ports does it traditionally use, and what layer does it operate at?

Lightweight Directory Access Protocol provides insecure, vendor neutral access to directory services on port 389 over TCP operating at layer 7.

What is LADPS, what port does it traditionally use, and what layer does it operate at?

Lightweight Directory Access Protocol provides secure, vendor neutral access to directory services by enforcing a TLS session on port 636 over TCP operating at layer 7.

What is HTTPS, what port does it traditionally use, and what layer does it operate at?

Hyper Text Transfer Protocol Secure provides stateless and secure data transfers from an HTTPS server using SSL or TLS, commonly for websites, on port 443 over TCP, operating at layer 7.

What is SMB, what ports does it traditionally use, and what layer does it operate at?

Server Message Block is native to Windows based devices and provides access for file, printer, and port sharing on port 445 over TCP at layer 7.

What is syslog, what port does it traditionally use, and what layer does it operate at?

Syslog provides systems the capability to write log or event messages across a network to a central syslog server on port 514 over UDP or TCP at layer 7.

What is SQL Server, what port does it traditionally use, and what layer does it operate at?

SQL Server is used to store, manage, and retrieve data from databases using SQL on port 1433 by default over TCP.

Note that there are dozens of SQL server types, all using different proprietary ports, but traditional default is 1433.

What is RDP, what port does it traditionally use, and what layer does it operate at?

Remote Desktop Protocol is proprietary to Microsoft and provides access to remotely control windows devices through a GUI on port 3389 over TCP at layer 7.

What is VoIP?

Voice over Internet Protocol is a stack of technologies that provides voice communication transmissions over any IP network rather than POTS.