1.4: Intro to IP, Useful Protocols, & Network Communication

TCP

Layer 4 connection-oriented protocol that is a reliable way to transport segments across the network

Uses Three-Way Handshake of SYN, SYN-ACK, and ACK to begin transmission; if a segment is dropped and no acknowledgement is sent, protocol will resend the data

Flow control through Windowing; sequencing for segments to ensure data is received in order

UDP

Layer 4 connectionless protocol that is an unreliable but faster way to transport datagrams across the network

No retransmissions, no windowing, no sequencing, and no acknowledgements; if data is dropped, the sender is unaware

Fitting for audio/visual streaming, where dropped data is not a pressing issue

ICMP

IP protocol for determining if a device on your network is currently operating, among other administrative tasks

Ping uses this protocol to provide functionality

Has other uses, like informing you a network is not reacahble, or that your TTL has expired

GRE

Protocol for creating tunnels between two endpoints, and commonly used with VPNs

Encapsulate traffic inside of IP and decapsulate at recipient endpoint; no built-in encryption, so use VPN protocols

IPSec

Protocol that provides security for Layer 3, and is commonly used in site-to-site VPN connections

Authentication and encryption for every packet; also provides integrity, anti-replay, and digital signature mechanisms

Two core protocols, Authentication Header and Encapsulating Security Payload

AH

IPSec protocol that hashes the packet with a shared key, and adds this hash to the packet header

SHA-1 and SHA-2 are common; MD5 is no longer secure

Data is sent in the clear

ESP

IPSec protocol that encrypts the original packet and adds a new header, trailer, and integrity check value

SHA-1 and SHA-2 are common for hashing; MD5 is no longer secure

AES and 3DES are common for encryption

IKE

Protocol for agreeing on encryption keys without sending them over the network, which builds a Security Association

Phase I: commonly uses Diffie Hellman over UDP/500; known as ISAKMP

Phase II: coordinate ciphers and key sizes, negotiate inbound and outbound SA for IPSec

Transport Mode

IPSec mode where just the data is encrypted, and adds IPSec headers and trailers

The IP and IPSec headers are in the clear, so you can capture them to determine the true destination for the packet

Therefore, less secure than Tunnel Mode

Tunnel Mode

IPSec mode where original IP header and data are encrypted, and adds IPSec headers and trailers

Also adds a unique IP header, which outlines the VPN Concentrator destination

Cannot determine the true destination of the packet, so more secure than Transport Mode

Unicast

Network communication method where one station sends information to another station one-to-one

Web surfing, file transfers; works in IPv4 and IPv6

Does not scale well for real-time streaming media

Multicast

Network communication method where one station sends to multiple interested stations one-to-many

Multimedia delivery, stock exchanges, dynamic routing updates, etc.

Very specialized, difficult to scale across large networks

Used in IPv4, used extensively in IPv6

Anycast

Network communication method where single destination IP address has multiple paths to two or more endpoints

Configure the same method address on different devices; packets sent to the address are delivered to closest interface

Announce same route out of multiple data centers; clients use the data center closest to them

Used in IPv4 and IPv6

Broadcast

Network communication method where one station sends information to everyone at once

One packet received by everyone, limited scope; routing updates, ARP requests, etc.

Used in IPv4 only; IPv6 uses multicast