Module 5

Information System
Dhanny Permatasari P, MT

CCNA Cyber Ops

Semester Genap
2020/2021
 Modul ini (modul sebelumnya dan sesudahnya)
sebenarnya hanya ringkasan dari LMS (Learning
Management System) modul di NetAcad.
 Jadi untuk lebih lengkap nya baca di NetAcad ya.
 Terkadang tidak semua materi disampaikan di modul, jadi
tetap harus baca NetAcad untuk lebih detail, karena quiz,
exam per chapter dan nanti ujian berasal dari situ.

 Jadi harap diperhatikan

 Tetap harus membaca modul di NetAcad

2
Chapter 4: Network
Protocols and Services

CCNA Cybersecurity Operations v1.1

4.1 Network Protocols

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Network Communications Process

Views of the Network

 Views of the network
 Small home network
 SOHO (Small Office/Home Office)
 Medium to large networks
 World-wide networks
 Network Communications Process

Client-Server Communications

 File Client and Server communications

 Server stores corporate and user files.
 Client devices access these files or
services with client software.

 Web Client Server

 Web Server runs web server software
and client uses browser software.

 Email Client-Server communications

 Email Server runs email server software.
Network Communications Process

A Typical Session: Student

 A Typical Session: Student
 Determine the origin of the traffic enter the network.
 For example, Terry’s data flows with the data of thousands of
other users along a fiber-optic network that connects Terry’s
ISP with the several other ISPs, including the ISP that is used by
the search engine company. Eventually, Terry’s search string
enters the search engine company’s website and is processed
by its powerful servers. The results are then encoded and
addressed to Terry’s school and her device.
Network Communications Process

A Typical Session: Gamer

 A Typical Session: Gamer
 Determine the origin of the traffic enter the network.
 Michelle’s network, like many home networks, connects to an
ISP using a router and modem. These devices allow Michelle’s
home network to connect to a cable TV network that belongs
to Michelle’s ISP. The cable wires for Michelle’s neighborhood
all connect to a central point on a telephone pole and then
connect to a fiber-optic network. This fiber-optic network
connects many neighborhoods that are served by Michelle’s
ISP.
Network Communications Process

A Typical Session: Surgeon

 A Typical Session: Surgeon
 Determine the origin of the traffic enter the network
 Dr. Ismael Awad is an oncologist who performs surgery on
cancer patients. He frequently needs to consult with
radiologists and other specialists on patient cases. The hospital
that Dr. Awad works for subscribes to a special service called a
cloud. The cloud allows medical data, including patient x-rays
and MRIs to be stored in a central location that is accessed
over the Internet.
 Network Communications Process

Tracing the Path

 Cybersecurity analysts must be able

to determine the origin of traffic
that enters the network, and the
destination of traffic that leaves it.
Understanding the path that
network traffic takes is essential to
this.
 Tier 1 Network and Tier 2 networks
usually connect through an Internet
Exchange Point (IXP).
 Larger networks connect to Tier 2
networks, usually through a Point of
Presence (POP).
 Tier 3 ISPs connect homes and
businesses to the Internet.
Network Communications Process

Lab – Tracing a Route

 Communications Protocols

What are Protocols?

 Protocol – The rules of

communications
 Network protocols provide
the means for computers to
communicate on networks.
 Network protocols dictate
the message encoding,
formatting, encapsulation,
size, timing, and delivery
options.
Communications Protocols

Network Protocol Suites

▪ Describe precise requirements and interactions.

▪ Define a common format and set of rules for exchanging messages
between devices.
▪ Some common networking protocols are Hypertext Transfer
Protocol (HTTP), Transmission Control Protocol (TCP), and
Internet Protocol (IP).
 Communications Protocols

TCP/IP Protocol Suite

 TCP/IP has standardized the

way the computers
communicate.
 TCP/IP protocols are
specific to the application,
transport, Internet, and
network access layers.
 TCP/IP protocol suite is
implemented on both the
sending and receiving hosts
to provide end-to-end
delivery of messages over a
network.
 Communications Protocols

Format, Size, and Timing

 Format
 Encapsulation - process of placing one message format inside
another message format.
 Decapsulation - the reverse process of encapsulation.
 Size – Message is broken up into many frames when sent, and
reconstructed into the original message when received.
 Timing – includes the access method, flow control, and
response timeout.
 Communications Protocols

Unicast, Multicast, and Broadcast

Unicast – one-to-one Multicast – one-to-many Broadcast – one-to-all

Communications Protocols

Reference Models
 Communications Protocols

Three Addresses

 Three important
addresses:
 Protocol address
 Network host address
 Physical address
Addressing is used by the
client to send requests and
other data to a server. The
server uses the client’s
address to return the
requested data to the
client that requested it.
 Communication Protocols

Encapsulation

 This division of data into smaller

pieces is called segmentation.
Segmenting messages has two
primary benefits:
 Segmentation
 Multiplexing
 The application data is encapsulated
with various protocol information as
it is passed down the protocol stack.
 The form that an encapsulated piece
of data takes at any layer is called a
protocol data unit (PDU).
Communication Protocols

Encapsulation (Cont.)
 This process is reversed
at the receiving host, and
is known as de-
encapsulation. The data is
de-encapsulated as it
moves up the stack
toward the end-user
application.
 Communications Protocols

Scenario: Sending and Receiving a Web

Page

 HTTP – This application protocol governs the way a

web server and a web client interact.
 TCP – This transport protocol manages individual
conversations. TCP divides the HTTP messages into
smaller pieces, called segments. TCP is also
responsible for controlling the size and rate at which
messages are exchanged between the server and the
client.
 IP – This is responsible for taking the formatted
segments from TCP, encapsulating them into packets,
assigning them the appropriate addresses, and
delivering them to the destination host.
 Ethernet – This network access protocol is
responsible for taking the packets from IP and
formatting them to be transmitted over the media.
Communication Protocols

Lab – Introduction to Wireshark

4.2 Ethernet and Internet
Protocol (IP)

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23
 Ethernet

The Ethernet Protocol

 Operates at Layer 1 and 2

 Defined by the IEEE 802.2 and
802.3 standards
 Ethernet Sublayers
 Logical Link Layer (LLC)
 Media Access Control Layer (MAC)

 Ethernet responsibilities
 Data encapsulation
 Media access control
 Ethernet

The Ethernet Frame

 Minimum Ethernet frame size 64 bytes

 Maximum Ethernet frame size 1518 bytes
 Two key identifiers
▪ Destination MAC address
▪ Source MAC address
 Uses hexadecimal
 Ethernet

MAC Address Format

 Ethernet MAC address is 48-bit binary expressed as 12

hexadecimal digits.
 Uses numbers 0 to 9 and letters A to F.
 All data that travels on the network is encapsulated in Ethernet
frames.
 IPv4

IPv4 Encapsulation

 IP encapsulates the transport layer segment by adding an IP

header.
IPv4

IPv4 Characteristics
IPv4 Characteristics
 Connectionless – no
dedicated end-to-end
connection is created before
data is sent.
 Unreliable (Best Effort) - IP
protocol does not guarantee
that all packets that are
delivered are, in fact, received.
 Media Independent - IP
operates independently of the
media that carry the data at
lower layers of the protocol
stack.
IPv4

IPv4 Packet
 Packet header consists of
fields containing important
information about the
packet.
 Fields contain binary
numbers examined by the
Layer 3 process.
 The binary values of each
field identify various
settings of the IP packet.
 Two most commonly
referenced fields are the
source and destination IP
addresses.
 IPv4

Video Demonstration – Sample IPv4 Headers

in Wireshark

 Network layer information can be seen and analyzed in

Wireshark packet captures.
 IPV4 Addressing Basics

IPv4 Address Notation

 IP address is a
series of 32
binary bits (ones
and zeros).
 When a host is
configured with
an IPv4 address, it
is entered as a
dotted decimal
number such as
192.168.10.10.
 The equivalent
address in binary
is
1100000.1010100
0.00001010.0000
1010
 IPV4 Addressing Basics

IPv4 Host Address Structure

▪ IPv4 address is a hierarchical address

that is made up of a network portion
and a host portion.
▪ The network portion of the address
must be identical for all devices that
reside in the same network.
▪ The bits within the host portion of the
address must be unique to identify a
specific host within a network.
 IPv4 Addressing Basics

IPv4 Subnet Mask and Network Address

 Subnetting takes a
network space and
divides it into smaller
spaces called subnets.
 Identifying network
address of an IPv4host:
 IP address is logically
ANDed, bit by bit with
subnet mask.
 ANDing between the
address and the subnet
mask yields the network
address.
 IPv4 Addressing Basics

Subnetting Broadcast Domains

 Subnetting takes a
network space and
divides it into smaller
spaces called subnets.
 Identifying network
address of an IPv4 host:
 IP address is logically
ANDed, bit by bit with
subnet mask.
 ANDing between the
address and the subnet
mask yields the network
address.
 IPv4 Addressing Basics

Video Demonstration – Network, Host, and

Broadcast Addresses
 Network Address - the first address in the network.
 Host Address – the first usable host address is after the
network address and last useable host address is the address
prior to the broadcast address.
 Broadcast Address - the last address in the network.
 The logical AND determines if an address is in the same
network.
 Types of IPv4 Addresses

IPv4 Address Classes and Default Subnet

Masks

Assigned Classes – A, B, C, D, and

E
 Class A - Designed to support
extremely large networks.
 Class B – Designed to support
moderate to large networks.
 Class C- Designed to support
small networks.
 Class D - Multicast block.
 Class E - Experimental
address block.
 Types of IPv4 Addresses

Reserved Private Addresses

 Blocks of addresses mostly

used by organizations to
assign IPv4 addresses to
internal hosts.
 Not unique to any
network.
 Not allowed on Internet
and are filtered by internal
router.
 Router usually connects
the internal network to the
ISP network.
 The Default Gateway

Host Forwarding Decision

 A host can send a packet to three types of destinations:
 Itself - A host can ping itself by sending a packet to a special IPv4
address
of 127.0.0.1. Pinging the loopback interface tests the TCP/IP
protocol stack.
 Local host - This is a host on the same local network.
 Remote host - This is a host on a remote network. The hosts do
not share
the same network address.
 The Default Gateway

Default Gateway

 Three dotted decimal IPv4 addresses

must be configured when assigning an
IPv4 configuration to host:
 IPv4 address – Unique IPv4 address of
the host.
 Subnet mask - Used to identify the
network/host portion of the IPv4
address.
 Default gateway – Identifies the local
gateway (i.e. local router interface IPv4
address) to reach remote networks.
 The default gateway is the network
device that can route traffic to other
networks. It is the router that can
route traffic out of the local network.
 The Default Gateway

Using the Default Gateway

A host's routing table will typically

include a default gateway.
 The host receives the IPv4
address of the default gateway.
 IP addressing information:
 Configured manually.
 Obtained
automatically/dynamically using
Dynamic Host Configuration
Protocol (DHCP).
 Placed in computer’s routing
table.
 IPv6

Need for IPv6

 The depletion of
IPv4 address
space has been
the motivating
factor for moving
to IPv6.128-bit
address space.
 Four out of the
five Regional
Internet
Registries (RIRs)
have run out of
IPv4 addresses.
 IPv6

IPv6 Size and Representation

 128-bit address
space.
 String of 32
hexadecimal
values.
 Every 4 bits
represented by
one hexadecimal
digit.
 Hextet is 16 bits
or 4 hexadecimal
digits.
 IPv6

IPv6 Address Formatting

 IPv6 Addresses:
 128 bit address
space.
 Can remove
leading zeros.
 Can leave out 1
“all zeros”
segment.
 Two sections:
Prefix and
Interface ID.
 IPv6

IPv6 Prefix Length

 IPv6 Prefix
length does
not use the
dotted
decimal
subnet mask
notation.
 The prefix
length can
range from 0
to 128.
 IPv6

Video Tutorial – Layer 2 and Layer 3

Addressing

 Layer 3 Address – IPv4 or IPv6 address

 Logical address assigned by the administrator.
 Layer 2 Address – MAC address
 Physical address or burned in address from the
manufacturer of the network adapter.
4.3 Connectivity Verification

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46
 ICMP

ICMPv4 Messages

 Used to provide feedback and troubleshoot

network problems.
 Message types:
 Host confirmation – echo request and echo
reply with the ping utility.
 Destination or service unreachable codes:
 0 – net unreachable
 1 – host unreachable
 2 – protocol unreachable
 3 – port unreachable

 Time exceeded – used by a router to indicate

that a packet cannot
be sent onward:
 IPv4 is due to the time to live (TTL) field having a value of 0.
 IPv6 does not have a TTL field, but has a hop limit field instead.
 ICMP

ICMPv6 RS and RA Messages

4 new protocols as part of

the Neighbor Discovery
Protocol (ND or NDP):
Messaging between IPv6
router and IPv6 device:
 Router Solicitation (RS) – used
between an IPv6 device and a router.
 Router Advertisement (RA) –
used between an IPv6 router and a
device to provide addressing info
using Stateless Address
Autoconfiguration (SLAAC).
Messaging between IPv6 devices:
 Neighbor Solicitation (NS)
message
 Neighbor Advertisement (NA)
message
 ICMP

ICMPv6 and RA Messages (Cont.)

 IPv6 Duplicate Address Detection (DAD)

 Not required, but recommended.
 If another device on the network has the same global unicast or link-local unicast address, the device will respond with an
NA message.
 Ping and Traceroute Utilities

Ping – Testing and Local Stack

 Ping is a testing utility that

uses ICMP echo request and
echo reply messages to test
connectivity between hosts.
 To test connectivity to
another host on a network,
an echo request is sent to the
host address using the ping
command.
 If the host at the specified
address receives the echo
request, it responds with an
echo reply.
 Ping and Traceroute Utilities

Ping – Testing Connectivity to Local LAN

 You can also use ping to test the

ability of a host to communicate on
the local network. This is generally
done by pinging the IP address of
the gateway of the host.
 A successful ping to the gateway
indicates that the host and the
router interface serving as the
gateway are both operational on the
local network.
 For this test, the gateway address is
most often used because the router
is normally always operational.
 Ping and Traceroute Utilities

Ping – Testing Connectivity to Remote Host

 Ping can also be used to test the ability

of a local host to communicate across
an internetwork.
 Successful ping across the internetwork
confirms communication on the local
network.
 It also confirms the operation of the
router serving as the gateway, and the
operation of all other routers that
might be in the path between the local
network and the network of the
remote host.
 Ping and Traceroute Utilities

Traceroute- Testing the Path

 Traceroute provides information about the

details of devices between the hosts.
 Generates a list of hops that were successfully
reached along the path:
 Round trip Time (RTT) – time for each hop
along path.
 IPv4 TTL and IPv6 Hop Limit - Traceroute
makes use of a function of the TTL field in IPv4 and
the Hop Limit field in IPv6 in the Layer 3 headers,
along with the ICMP time exceeded message.
 After the final destination is reached, the host
responds with either an ICMP port unreachable
message or an ICMP echo reply message instead
of the ICMP time exceeded message.
 Ping and Traceroute Utilities

ICMP Packet Format

 ICPM is considered to be a Layer 3

protocol.
 ICMP acts as a data payload within
the IP packet.
 It has a special header data field.
 These are some common message
codes:
 0 – Echo reply (response to a ping)
 3 – Destination Unreachable
 5 – Redirect (use another route to
your destination)
 8 – Echo request (for ping)
 11 – Time Exceeded (TTL became 0)