Networking basics

What is OSI Layers and TCP/IP?

The OSI (Open Systems Interconnection) model, created by ISO, is a conceptual framework
used to understand and standardize network communication between different systems. It
breaks down communication into seven layers, each with a specific function.
1. Application Layer:
• Purpose: Provides an interface for applications to access network services and interact
with the network.
• Key Protocols: HTTP, FTP, Telnet, SMTP.
2. Presentation Layer:
• Purpose: Prepares data for the Application Layer, handling tasks like data translation,
encryption, and compression.
• Key Functions: Data formatting, encryption/decryption, and compression.
• Key Protocols: JPEG, GIF, MPEG, and ASCII.
3. Session Layer:
• Purpose: Establishes, manages, and terminates sessions between two communicating
devices.
• Key Functions: Session setup, session maintenance, and session termination.
• Example: Managing a remote desktop connection.
4. Transport Layer:
• Purpose: Provides reliable or unreliable data transmission through segmentation, flow
control, and error correction.
• Key Protocols: TCP (reliable, connection-oriented) and UDP (unreliable,
connectionless).
• Key Functions: Segmentation, flow control, and retransmission of lost data.
5. Network Layer:
• Purpose: Handles logical addressing (IP addressing) and routing of data packets from
source to destination across multiple networks.
• Key Protocols: IP, ICMP, ARP, Routing Protocols (OSPF, EIGRP, RIP).
• Key Functions: Path determination, logical addressing, and routing.
6. Data Link Layer:
• Purpose: Provides node-to-node data transfer, error detection, and physical addressing
using MAC addresses.
• Key Functions: Framing, error detection, and MAC addressing.
• Key Protocols: Ethernet, PPP.
7. Physical Layer:
• Purpose: Manages the physical connection between devices, converting data into
electrical or optical signals for transmission.
• Key Functions: Transmission of bits over physical media (cables, fiber optics, wireless).
• Examples: Cables (COAX, fiber), hubs, repeaters.

1|Page
 Networking basics

TCP/IP Model:
The TCP/IP model is a simplified framework used in modern networking, consisting of four
layers. It is closely related to the OSI model but is more practical for real-world
implementation.
1. Application Layer:
• Combines the OSI Application, Presentation, and Session layers.
• Key Protocols: HTTP, FTP, DNS, SMTP.
2. Transport Layer:
• Corresponds to the OSI Transport Layer.
• Key Protocols: TCP (reliable) and UDP (unreliable).
• Key Functions: End-to-end data delivery, flow control, and error correction.
3. Internet Layer:
• Corresponds to the OSI Network Layer.
• Key Protocols: IP, ARP, ICMP.
• Key Functions: Routing, logical addressing, packet forwarding.
4. Network Access Layer:
• Combines the OSI Data Link and Physical layers.
• Key Functions: Physical transmission of data, error detection, and MAC addressing.

Summary:
• OSI Model: 7 layers, each performing specific functions for network
communication.
• TCP/IP Model: 4 layers, more practical for real-world applications, focusing on core
networking functions.
TCP/IP OSI Data name at every layer
Application Layer "Data"
Application Layer Presentation Layer "Data"
Session Layer "Data"
Transport Layer Transport Layer "Segment"
Internet Layer Network Layer "Packet"
Data Link Layer "Frame"
Network Access Layer
Physical Layer "bit"

2|Page
 Networking basics

Differences between TCP/UDP

Both TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) operate at
Layer 4 (Transport Layer) of the TCP/IP model and are responsible for the transportation of
data. To simplify, think of this layer as cars carrying data. The key difference between TCP
and UDP is how they ensure data reaches its destination.
TCP (Transmission Control Protocol) UDP (User Datagram Protocol)
Connection-oriented (requires a stable Connectionless (no need for an
connection) established connection).
Provides acknowledgements (ensures data No acknowledgements (does not confirm
is received) data reception).
Reliable communication (guarantees data Unreliable communication (no guarantee
is delivered in order and error-free) of data delivery or order).
Protocol number: 6 Protocol number: 17.
Used in applications requiring reliable Used in applications that prioritize speed
transmission, such as HTTP, FTP, and SMTP over reliability, like DNS, DHCP, and TFTP.

When to Use TCP or UDP:

The decision to use TCP or UDP depends on the type of service and the network requirements:
• TCP is used when reliable delivery is essential (e.g., web browsing, email).
• UDP is chosen when speed is more critical than reliability (e.g., streaming, DNS lookups)

Explain TCP Three-Way handshake process?

The TCP Three-Way Handshake is a process used to establish a connection between a
client and a server before data is transmitted. It involves three steps:
1. SYN (Synchronize): The client sends a SYN packet to the server to request a
connection.
2. SYN-ACK (Synchronize-Acknowledge): The server responds with a SYN-ACK
packet to acknowledge the client's request and signal readiness.
3. ACK (Acknowledge): The client sends an ACK packet back to the server, confirming
the connection is established.
This handshake ensures both parties are synchronized and ready for data transmission.

3|Page
 Networking basics

Why TCP more Reliable?

TCP is considered more reliable due to the following mechanisms:
1. Acknowledgement: Before data is sent, TCP ensures the receiver is ready and
acknowledges the receipt of data.
2. Sequencing: Data is divided into segments, and each segment is numbered. This
allows the receiver to detect missing data and request retransmission if needed.
3. Checksum: TCP calculates a checksum for each segment to detect any corruption
during transmission. If the receiver’s checksum matches the sender's, the data is
considered successfully transmitted.
Disadvantage: TCP is slower because of its need to establish a connection and its
retransmission mechanism, but this tradeoff ensures data reliability

Why UDP Unreliable?

UDP is unreliable because it does not confirm whether the data is received or if it is
received correctly. It simply sends data without establishing a connection or waiting for
acknowledgments.
• Advantage: UDP is much faster than TCP because it skips the overhead of
connection establishment and error-checking mechanisms.
UDP is suitable for real-time applications where speed is more important than perfect
accuracy, such as video streaming or online gaming.

Conclusion:
• TCP is used when data integrity and order are critical, providing reliable,
connection-oriented communication.
• UDP is preferred for applications where speed is more important, offering fast but
unreliable, connectionless communication.

4|Page
 Networking basics

What is DNS?
The Domain Name System (DNS) is a hierarchical and distributed naming system that
translates human-readable domain names (like hotmail.com) into numerical IP
addresses that computers use to identify each other on the network
This process allows users to access websites using familiar names rather than complex
IP addresses.

What is PING?
PING is a network utility that uses the Internet Control Message Protocol (ICMP) to test
the reachability of a host on an IP network.
It sends an echo request packet to the target host and waits for an echo reply,
measuring the time it takes for the round trip.
This helps determine the latency and availability of the host.

What is Address Resolution Protocol (ARP)?

The (ARP) is used to map a network device's IP address to its physical MAC address.
When a device wants to communicate with another device on the same local network, it
uses ARP to find the recipient's MAC address, which is essential for data transmission
at the Data Link layer.

Network Performance Metrics

Understanding the following metrics is crucial for evaluating network performance:
• Bandwidth: The maximum rate at which data can be transferred over a network
link, typically measured in bits per second (bps). It represents the capacity of the
connection.
• Delay (Latency): The time taken for a signal to travel from the source to the
destination across a network. High latency can result in slow network responses.
• Reliability: The consistency and dependability of a network path, indicating the
likelihood of successful data transmission without errors.
• Load: The amount of data being carried by a network path at any given time.
High load can lead to congestion and increased latency.
• MTU (Maximum Transmission Unit): The largest size of a packet that can be
transmitted over a network medium. Understanding MTU is important for
optimizing data transfer and avoiding fragmentation.
• Bandwidth refers to the amount of data that can be transferred over a network
connection in a given period. Higher bandwidth allows more data to be
transmitted, enabling faster downloads and uploads.
• Latency refers to the time taken for data to travel from the source to the
destination. Lower latency indicates faster transmission. Factors affecting latency
include network congestion, physical distance, and the type of transmission
medium.
5|Page
 Networking basics

What is Routing?
Routing is the process of determining the best path to forward packets between different
networks that are not locally attached. It involves making decisions on how to forward
packets toward their destination based on routing tables and network topology.

What is a Router?
A router is a Layer 3 (Network Layer) device that forwards data packets between
different logical networks. It enables communication between two or more networks and
determines the best path for data transmission based on the destination IP address.

What is a Protocol?
A protocol is a set of rules and procedures that define how data is transmitted and
received across a network. It governs communication between devices, ensuring proper
data exchange. Examples include TCP, UDP, HTTP, and ICMP.

What is a Port? A port can refer to:

• Physical Port: The physical interface on a network device (e.g., Ethernet port).
• Logical Port: A software-based endpoint used to identify specific services or
applications on a device (e.g., port 80 for HTTP, port 443 for HTTPS).

What is Round Trip Time (RTT)?

RTT is the time it takes for a packet to travel from the source to the destination and
back. It is a key metric used to measure network performance and latency.

What are Unicasting, Anycasting, Multicasting, and Broadcasting?

• Unicasting: One-to-one communication, where data is sent from a source to a
single recipient.
• Anycasting: One-to-nearest communication, where data is sent to the nearest
node in a group (supported only in IPv6).
• Multicasting: One-to-many communication, where data is sent to a specific
group of devices.
• Broadcasting: One-to-all communication, where data is sent to all devices on
the network (e.g., DHCP requests).

What is the MAC Format?

A MAC (Media Access Control) address is a unique physical address assigned to a
network device. It is 48 bits (6 bytes) in length and is usually written in hexadecimal
format (e.g., 00:1A:2B:3C:4D:5E).
• The first 3 bytes (24 bits) represent the manufacturer’s ID (assigned by an Internet
standards body).
• The last 3 bytes (24 bits) represent the serial number assigned by the manufacturer.

6|Page
 Networking basics

What is DHCP? Dynamic Host Configuration Protocol

What is role of DHCP Server?

DHCP stands for Dynamic Host Configuration
Protocol, and it is used to automatically assign
IP addresses and other network configuration
settings (such as subnet masks, gateways, and
DNS servers) to client devices on a network.
This helps avoid the need for manual
configuration and reduces the risk of human
errors, such as duplicate IP addresses or
incorrect settings.

What is the Role of a DHCP Server?

The DHCP Server plays a crucial role in
automating the process of assigning IP
addresses to devices (clients) on a network.
Instead of manually configuring each device,
the DHCP server handles this process automatically, saving time and preventing
configuration errors. It ensures that each device gets a unique IP address and other
necessary configuration settings.

DORA Process:
1. Discover: The client device, when connecting to the network, broadcasts a DHCP
Discover message. This message is sent to all DHCP servers on the network, searching
for available IP addresses.
2. Offer: A DHCP server responds with a DHCP Offer message, offering an available IP
address to client. message is sent directly (unicast) to the client that requested the IP.
3. Request: The client, upon receiving an offer, sends a DHCP Request message to the
server to formally accept the offered IP address.
4. Acknowledge: Finally, the DHCP server responds with a DHCP Acknowledge message,
confirming that the IP address has been assigned to the client. At this point, the client
can start using the assigned IP address to communicate on the network.

Why Use DHCP?

• Automation: Reduces the need for manual IP address assignment.
• Error Prevention: Avoids human errors such as duplicate IP addresses.
• Time-Saving: Provides faster network setup, especially in large environments.
• Central Management: Allows IT team to manage IP addresses from a central point.

7|Page
 Networking basics

What is version of IP? IPV4 & IPV6

Differences between IPV4 & IPV6?
Feature IPv4 IPv6
Address Length 32 bits (4 octets) 128 bits (8 octets)
Address Format Decimal, separated by Hexadecimal, separated by colons
dots (e.g., 192.168.0.1) (e.g.,
2001:0db8:85a3::8a2e:0370:7334)
Number of Addresses About 4.3 billion 2^128 (~340 undecillion addresses)
NAT (Network Requires NAT for No NAT needed due to the vast
Address Translation) expanding address space address space
Security Features No built-in security Built-in security with mandatory
(requires external IPsec support
solutions like IPsec)
Configuration Manual or DHCP Auto-configuration with stateless
address auto-configuration
(SLAAC) or DHCPv6
Header Complexity Complex header (contains Simplified header for faster
options) processing
Broadcast Supports broadcasting No broadcast, but supports
(sending to all devices) Anycast and Multicast
Anycast Not supported Supported (sending data to the
nearest node)
Transition No direct conversion to Dual-stack and tunneling methods
Mechanisms IPv6 are used to support IPv4
addresses

Key Advantages of IPv6 over IPv4:

1. Address Availability:
IPv6 offers a vastly larger address space compared to IPv4, which is limited to
approximately 4.3 billion addresses. With IPv6, there are 2^128 (about 340 undecillion)
unique addresses, ensuring there will be no shortage of IP addresses as more devices
connect to the internet.
2. 128-bit Addressing:
IPv6 uses 128-bit addresses (8 octets), while IPv4 uses 32-bit addresses (4 octets). This
expanded address length allows more devices to be connected globally without
address exhaustion.
3. No NAT (Network Address Translation):
IPv6 eliminates the need for NAT, a common technique used in IPv4 to extend the
number of devices that can use the limited IPv4 address space by reusing private
addresses behind a single public address.

8|Page
 Networking basics

4. Built-in Security Features:

IPv6 comes with built-in support for IPsec (Internet Protocol Security), which provides
authentication and encryption to ensure secure communication between devices.
5. Simplified Header Structure:
IPv6 uses a simplified header compared to IPv4, making packet processing faster and
more efficient. This reduces the load on routers and other network devices.
6. Anycast Support:
IPv6 introduces Anycast, which allows data to be sent to the nearest node in a group of
devices, improving efficiency in certain applications like content delivery networks.
7. Transition Compatibility with IPv4:
While IPv4 and IPv6 are not directly compatible, IPv6 provides various transition
mechanisms (like dual-stack and tunneling) to enable co-existence and smooth
transition between the two protocols.
8. No Broadcast:
IPv6 does not support Broadcasting (a common method in IPv4 for sending data to all
devices in a network). Instead, it uses Multicast (one-to-many) and Anycast (one-to-
nearest) communication methods for more efficient data distribution.

9|Page
 Networking basics

What is APIPA (Automatic Private IP Addressing)?

APIPA assigns a device a temporary IP address in the 169.254.0.0/16 range (not
192.254.0.0), when it fails to receive an IP address from a DHCP server. This allows the
device to communicate with other devices in the same local network with APIPA
addresses, but it won't have internet access or external network communication.

What is Switch and Switching? Which Layer Does It Work In?

• Switching is the process that a switch performs to connect devices within the same
network and manage how data is sent. Switches intelligently forward data based on
MAC addresses, helping divide the network into smaller segments for better efficiency.
• A Switch operates at Layer 2 (Data Link Layer) of the OSI model. It uses MAC
addresses to forward data frames to the intended device, avoiding unnecessary
broadcasts. It's more efficient than a hub because it reduces network congestion by
sending data directly to the destination.

Can We Replace a Router with a Switch and Vice Versa?

No, you cannot replace a router with a switch because they serve different purposes:
o A Router operates at Layer 3 (Network Layer), responsible for routing traffic
between different networks and handling IP-based forwarding.
o A Switch works at Layer 2 and forwards data within the same network based on
MAC addresses.
However, some Layer 3 switches can perform limited routing functions, but they still do
not replace the full functionality of a router.

Which Layer Does a Hub Work In?

A Hub operates at Layer 1 (Physical Layer) of the OSI model. It doesn't understand MAC or
IP addresses; it simply broadcasts all data it receives to all connected devices, functioning
like an electrical signal repeater.

What Are the Types of Errors?

1. Single-Bit Error: Only one bit in the data has changed.
2. Burst Error: Two or more consecutive bits in the data have changed.

What is CRC?
CRC (Cyclic Redundancy Check) is a robust error detection technique based on binary
division. A calculated remainder is appended to the data before transmission. The receiver
performs the same calculation to detect any discrepancies, ensuring the data integrity. If
the calculated value at the receiver matches, the data is deemed error-free.

10 | P a g e
 Networking basics

Different Types of Network Topology:

1. Bus Topology:
• All nodes are connected to a single central cable (the bus).
• Pros: Simple and cost-effective for small networks.
• Cons: If the central cable (bus) fails, the entire network is
disrupted. Performance decreases as more devices are
added.
• Use case: Small networks or temporary setups.
2. Star Topology:
• All devices are connected to a central hub or switch.
• Pros: Easy to manage and troubleshoot. A failure in one link
doesn’t affect other devices, as they are connected through
the central node.
• Cons: If the central hub fails, the entire network goes down.
• Use case: Commonly used in homes, offices, and
enterprise networks.
3. Ring Topology:
• Each node is connected to exactly two other nodes,
forming a circular (ring) structure.
• Pros: Simple data flow in one direction reduces the
chances of collisions.
• Cons: If any single node or connection fails, the
entire network can be disrupted. Requires
additional mechanisms for fault tolerance.
• Use case: Used in token ring networks, though less
common now due to its complexity and maintenance challenges.
4. Mesh Topology:
• Every node is connected to one or more other nodes,
providing multiple paths for data to travel.
• Pros: Highly robust and fault-tolerant. If one link
fails, the network can still function through alternate
paths.
• Cons: Expensive and complex to install and maintain
due to the number of connections required.
• Use case: Used in critical systems where high redundancy is needed, like
military networks and data centers.

11 | P a g e
 Networking basics

5. Tree Topology:
• A combination of star and bus topologies. Smaller star networks are connected
via a central bus.
• Pros: Scalable and easy to manage. Faults in star nodes do not affect the entire
network.
• Cons: If the main bus fails, all connected segments are impacted.
• Use case: Large networks requiring hierarchical structuring, such as in schools
or university campuses.

6. Hybrid Topology:
• Combines multiple topologies (e.g., star-bus or star-ring) to create a more
flexible and scalable network.
• Pros: Can be customized to suit specific network needs, utilizing the strengths
of various topologies while avoiding their weaknesses.
• Cons: Can be complex and expensive to design, implement, and maintain.
• Use case: Large, complex networks that need to meet diverse requirements, like
corporate and industrial networks.

12 | P a g e
 Networking basics

What is a VLAN, and why is it used?

• Improve security by isolating sensitive data and devices.
• Enhance scalability by logically grouping devices regardless of their physical location.
• Improve traffic management by reducing broadcast traffic to specific VLANs.
VLANs are applied on switches by assigning names or numbers to VLANs and then
associating specific ports with them.
Advantages:
o Performance Enhancement: Reduces unnecessary traffic by limiting broadcasts
within specific VLANs, improving network efficiency.
o Security: Devices in different VLANs cannot communicate directly, isolating
sensitive data.
o Organization: Helps logically structure the network into more manageable
segments.
Notes: To enable communication between VLANs, a Layer 3 switch or router is used to
apply inter-VLAN routing.

What is a VLAN and How does it reduce the broadcast traffic?

A VLAN reduces broadcast traffic by dividing the network into smaller broadcast domains.
Devices within the same VLAN can broadcast to each other, but that traffic doesn't reach
other VLANs, minimizing unnecessary traffic across the network.

What is VPN (Virtual Private Network)?

A VPN extends a private network over a public network (like the internet), allowing secure
communication between devices through a virtual tunnel. VPNs use:
• Encryption to protect data in transit.
• Authentication to verify identities.
• Tunneling protocols to securely transport data.
VPNs are often used to establish secure remote access to private networks.
Advantages:
1. Scalability: Can accommodate large networks over the internet.
2. Low Cost: Eliminates the need for dedicated leased lines for secure communication.
3. Security: Ensures confidentiality, integrity, and authentication through encryption
and tunneling.

13 | P a g e
 Networking basics

VPN - virtual private network VLAN - Virtual Local Area Network

A virtual private tunnel between source and Logical segmentation of a physical
destination over a public network (internet). network into multiple virtual networks.
Used for secure communication over Used to reduce broadcast traffic and
untrusted networks (like the internet). increase security within local networks.
Main advantages: Scalability, low cost, Main advantages: Better security, easy
security. network management, reduced traffic.

What is a firewall?
A Firewall is a network security device that filters traffic between trusted (internal) and
untrusted (external) networks. It permits or denies traffic based on predefined security
rules and policies. Firewalls help protect networks from unauthorized access, external
attacks, and malware.
Functions of a Firewall:
1. Traffic Filtering: Only allows legitimate traffic based on configured policies.
2. Network Segmentation: Can isolate certain parts of the network (e.g.,
management network from the user network).
3. Protection: Shields the internal network from external threats.
Example:
A firewall can be configured to block unauthorized access from the internet while allowing
trusted services like web browsing or email.

What is an Access Port?

An Access Port is a type of port on a switch that belongs to and carries traffic for only one
VLAN. Devices connected to an access port are unaware of VLAN configurations because
the switch removes VLAN tagging before forwarding the frame to the device. Key points:
• Assigned to one VLAN: Only carries traffic from a specific VLAN.
• Device unaware of VLAN: Any device connected to an access port does not
recognize the VLAN membership.
• No inter-VLAN communication: Devices on different VLANs cannot communicate
unless the traffic is routed between VLANs.

What is a Trunk Port?

A Trunk Port is a port configured on a switch to carry traffic for multiple VLANs
simultaneously, ranging from 1 to 4094 VLANs. Trunk ports are commonly used to connect
switches or routers, allowing VLAN information to travel across the network. Key points:
• Carries traffic for multiple VLANs.

14 | P a g e
 Networking basics

• Tagged and untagged traffic: Supports both tagged VLAN frames and untagged (native
VLAN) frames.
• Inter-switch communication: used to connect switches to other switches or routers.
What is NAT (Network Address Translation)?
NAT (Network Address Translation) is a protocol that allows devices in a private network
to access external networks (e.g., the internet) by converting private IP addresses to public
(real) IP addresses. NAT helps conserve public IP addresses and adds a layer of security by
masking internal IP addresses.
Types of NAT:
1. Static NAT: Maps one private IP address to one public IP address.
2. Dynamic NAT: Maps multiple private IP addresses to a pool of public IP addresses.
3. PAT (Port Address Translation): Maps multiple private IP addresses to a single
public IP address by using different ports (also called NAT overload).
What is PAT (Port Address Translation)?
PAT (Port Address Translation) is a type of NAT that allows multiple devices on a local area
network (LAN) to be mapped to a single public IP address by using unique port numbers.
This enables multiple devices to share one public IP for internet access.
Key points:
• Converts multiple private IPs to one public IP.
• Uses port numbers to differentiate between devices.
• Commonly used in home and office networks to conserve public IP addresses.
What is telnet?
Telnet is a network protocol used to remotely access and manage devices over a TCP/IP
network. It operates on port 23. Telnet allows an administrator to log into a device and
issue commands, but it transmits data in plain text, making it insecure.
Key points:
• Uses TCP on port 23.
• Insecure: Sends data, including credentials, in plain text.
What is SSH?
SSH (Secure Shell) is a protocol used to securely access and manage devices remotely
over a TCP/IP network. SSH encrypts data and protects against attacks like IP spoofing,
DNS spoofing, and IP source routing. It operates on port 22 and is commonly used for
secure remote administration.
Key points:
• Uses TCP on port 22.
• Secure: Provides encrypted communication and protects against various network attacks.
• Replacement for Telnet: SSH is preferred over Telnet due to its encryption and security.

15 | P a g e