Networking
A broad intro to networking and everything I know about networking are great resources for networking.
Computer Networks: A System Approach and Computer Networks by Tanenbaum are great books for in depth study. Protohackers has nice nice real network servers challenges.
Trippy and Sniffnet are good ways to monitor your network traffic.
OSI Modelβ
The OSI Model breaks down network communication into seven layers. These layers are useful for identifying network issues and understanding how data travels through a network. Each layer serves a specific function, and they work together to enable communication between devices.
| Layer Name | Main Function | Example Protocols and Standards |
|---|---|---|
| 7. Application Layer | Human-computer interaction layer, where applications can access the network services | HTTP, FTP, SMTP, DNS, IMAP |
| 6. Presentation Layer | Ensures that data is in a usable format and is where data encryption occurs | JPEG, PNG, GIF, SSL/TLS, Unicode |
| 5. Session Layer | Maintains connections and is responsible for controlling ports and sessions | NFS, RPC, PPTP |
| 4. Transport Layer | Transmits data using transmissions protocols | TCP, UDP |
| 3. Network Layer | Decides which physical path the data will take | IP, ICMP, IPSec, ARP |
| 2. Data Link Layer | Defines the format of data on the network | Ethernet (802.3), WiFi (802.11) |
| 1. Physical Layer | Transmits raw bit streams over a physical medium | Ethernet cables, fiber optics, radio waves (wireless signals) |
IP Address and Subnetsβ
ifconfig
ip addr show
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.10 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::f816:3eff:fe21:57cf prefixlen 64 scopeid 0x20<link>
ether fa:16:3e:21:57:cf txqueuelen 1000 (Ethernet)
RX packets 234567 bytes 34567890 (34.5 MB)
TX packets 123456 bytes 12345678 (12.3 MB)
# IP address has four octets (total 32 bits). Being 8 bits, an octet
# allows us to represent a decimal number between 0 - 255.
Octet: #1 #2 #3 #4
+------+------+------+------+
IP: 192 . 168 . 1 . 1
Range: 0-255 0-255 0-255 0-255
There two types of IP address:
- Public Address
- Private Address
RFC 1918 defines the following three ranges of private IP addresses:
10.0.0.0 - 10.255.255.255 (10/8)
172.16.0.0 - 172.31.255.255 (172.16/12)
192.168.0.0 - 192.168.255.255 (192.168/16)
127.0.0.1 is localhost
ARPβ
Address Resolution Protocol (ARP) makes it possible to find the MAC address of another device on the Ethernet.
tshark -r arp.pcapng -Nn
# Device 02:1a:7c:3f:91:aa (IP 10.0.0.42) asking who has 10.0.0.1.
1 0.000000000 02:1a:7c:3f:91:aa β ff:ff:ff:ff:ff:ff ARP 42 Who has 10.0.0.1? Tell 10.0.0.42
# Device b8:27:eb:45:9c:10 responding that it owns 10.0.0.1.
2 0.001234567 b8:27:eb:45:9c:10 β 02:1a:7c:3f:91:aa ARP 42 10.0.0.1 is at b8:27:eb:45:9c:10
ICMPβ
Internet Control Message Protocol (ICMP) is mainly use for network diagnostics and error reporting. Two popular commands rely on ICMP:
ping: uses ICMP to test connectivity to a target system. It can be used to learn that the target is alive and its reply can reach that system.
Several things might prevent a reply. In addition to the target system being offline or shut down, a firewall along the path may also block packets required for ping to work.
ping -c 1 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=117 time=9.653 ms
--- 8.8.8.8 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 9.653/9.653/9.653/0.000 ms
traceroute: uses ICMP to discover every router between our system and a target system.
The Internet protocol has a field called Time-to-Live (TTL) that indicates the maximum number of routers a packet can travel through before it is dropped. The router decrements the packetβs TTL by one before it sends it across. When the TTL reaches zero, the router drops the packet and sends an ICMP Time Exceeded message (ICMP Type 11). (In this context, βtimeβ is measured in the number of routers, not seconds.)
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 192.168.1.1 (192.168.1.1) 1.123 ms 0.876 ms 0.765 ms
2 10.20.0.1 (10.20.0.1) 8.234 ms 8.121 ms 8.045 ms
3 172.16.12.1 (172.16.12.1) 12.543 ms 12.456 ms 12.389 ms
4 203.0.113.5 (203.0.113.5) 20.765 ms 20.612 ms 20.432 ms
5 8.8.8.8 (8.8.8.8) 25.874 ms 25.763 ms 25.643 ms
Routingβ
Routing algorithms that determine the best path to connect users and servers across networks:
- OSPF (Open Shortest Path First): A link-state protocol that finds the shortest path by building a full map of the network.
- EIGRP (Enhanced Interior Gateway Routing Protocol): A Cisco protocol that balances speed and efficiency by using multiple routing metrics.
- BGP (Border Gateway Protocol): The main Internet routing protocol that connects different networks (ASes) globally.
- RIP (Routing Information Protocol): A simple, distance-vector protocol that selects routes based on hop count.
NATβ
The idea behind Network Address Translation (NAT) lies in using one public IP address to provide Internet access to many private IP addresses.