Network+

Open System Interconnection

o 7 layer
 Physical (Bits)
 Consists of transmit bits between two system (with Ethernet
cables like RJ45 etc…)
 Data link (Frames)
 Consists of corresponding MAC Addresses with IP Addressee
 The network card knows MAC Addresses of the machine, so
the job of this layer is to look if the frames is for us or not
 MAC Addresses
o Unique physical address of NIC
 Logical Link Control (LLC)
o Provides connection services and allows
acknowledgment of receipt of messages
o Basic form of flow control
o Provides basic error control functions when data was
corrupted or if data frames didn’t receive
 Synchronization schemes
o Isochronous: Network devices use a common reference
clock source and create time slots for transmission
o Synchronous: Network devices agree on clocking
method to indicate beginning and end of frames and
can use control characters
o Asynchronous: Network devices reference internal
clocks and use start and stop bits for synchronization
 Components
o Switch
o Bridge
o Network Interface Cards
 Network (Packets)
 This layer consists of routing the packets thanks to IP Addresses
 Transport the packets between two IP Addresses on the
network
 Logical addressing
o IPv4
o IPv6
 Switching
o Packet switching (=routing): Data is divided into packets
and then forwarded  Most use
o Circuit Switching: Dedicated communication link is
established between two devices ; A dedicated and
constant communication path is maintained for the
duration of a conversation
 o Message Switching: Data is divided into messages which
may be stored and then forwarded
 Route discovery and selection
o Manually configured as a static route or dynamically
through a routing protocol
o Routing protocol is used to know how data is going to
flow across the network and how the routers are going
to communicate that information
 Internet Control Message Protocol (ICMP)
o Sends error messages and operational information to an
IP destination
 Connection services
o Augment Layer 2 connection services to improve
reliability
o Flow control
o Packet reordering ensure that all data reaches the
receiver correctly at the end destination
o Components
 Router
 Switch Layer 3 (multi-layer switch)

 Transport (Segment/ Datagram)

 The job of this layer is to assemble and disassemble the data.
 TCP (Segment)
o Connection-oriented protocol that is a reliable way to
transport segment across the network
o Three way handshake: (Client) SYN ; (Server) SYN-ACK ;
(Client) ACK + Data
 UDP (Datagram)
o Connectionless protocol that is an unreliable way to
transport datagram across the network
TCP UDP
Reliable Unreliable
Connection-oriented Connectionless
Segment retransmission and flow control No windowing or retransmission
through windowing
Segment sequencing (Ex : Packets 1 to No sequencing (Packet 25 ; Packet 3 … no
1000) order)
Acknowledges segments (Three-way No acknowledgment
handshake)

 Windowing: Allow the clients to adjust the amount of data in

each segment
o More data is being sent with a decrease in
retransmissions
o Less data is being sent with a increase in retransmission
  Components:
o WAN accelerator
o Load balancers and firewalls

 Session (Data)
 Open, maintains, close connections and is responsible for
controlling ports and session
 Layer 5 Examples
o H.323 : Used to set up, maintain and tear down voice
and video connections (FaceTime, Skype…)
o Real-time Transport protocol (RTP)
o NetBIOS : Used to shares files over a network

 Presentation (Data)
 Formats the date to be exchanged and secures that data with
proper encryption
 Data is formatted by to have computability between different
devices
o ASCII : Text based language to use
o GIF
o JPG/ PNG …
 Application (Data)
 Human-computer interaction layer, where applications can
access the network services (HTTP, DNS, FTP …)

o Encapsulation and Decapsulation

 7 to 1 : Encapsulation
 1 to 7 : Decapsulation
 Layer 4 : Header
 TCP Header (20-60 bytes in size)
o Source Port, Destination Port, Sequence Number,
Acknowledgement Number
o TCP flags : SYN (Synchronization), ACK
(Acknowledgement), FIN (Finished), RST (Reset), PSH
(Push = Ensure data is given priority and is processed at
the sending or receiving ends), URG (Urgent =Incoming
data as urgent ; like PSH)
 UDP Header (8 bytes in size)
o Source Port, Destination Port, Length, checksum (check
the level of integrity of data sent)
 Layer 3 : Header
 IP Header
o Source IP, destination IP, Protocol, ….
 Layer 2 : Header
 Ethernet header
o Destination MAC Address, Source MAC Address, …
 Winshark : Used to analyze packet (look troubleshooting course)
 - Meet the frames
o Devices on a network send and receive data in discreet chunks called frames
(or packets)
o Frames are a maximum of 1500 bytes in size
o Frames are created and destroyed inside the network interface car (NIC)
o Frames have destinations and source MAC addresses

Ports and Protocol:

- Definition:
o Ports : Virtual entry/ exit point for communications used by software
applications to exchange information
o Protocol : Set of rules and conventions for data exchange between network
devices

- Network Port Fundamentals

o Port : A logical opening in a computer that represents a service or application
o Numbered from 0 to 65 535
 Well known Ports : 0 to 1 023
 Registered Ports : 1 024 to 49 151
 Ephemeral Ports : 49 152 to 65 535
o Communication Example :
Client (Source IP : 192.1.1.1 ; Source Port : 49163 Ephemeral Ports ; Destination IP : 1.1.1.1 ;
Destination Port : 80 )
Website (Source IP : 1.1.1.1 ; Source Port : 80 http ; Destnation IP : 192.1.1.1 ; Destination
Port : 49163)
 When the communication is finished, the ephemeral port will be closed and in the next
session, the data transmit in a different ephemeral port

- Transmission Control Protocol (TCP)

o A fundamental protocol within the Internet Protocol suite that consists of set
of rules that govern the exchange of data
o Three-way handshake: SYN ; SYN/ ACK ; ACK
o Error checking: TCP uses sequence number and acknowledgement messages
to assure the data is being received correctly and in the correct order
o Windowing : Occurs by allowing the receiver to specify the amount of data it
can handle at a time (due to network conditions…)
o TCP will use ports to allow for the logical differentiation of services on a single
physical machine
- User Datagram Protocol (UDP)
o A communication protocol used across the internet for especially time-
sensitive transmissions (video, DNS lookup…)
o Know due to : Low latency and reduced processing overhead
o UDP does not maintain the state of the connection or keep track of the
packets (no acknowledgment) ; Stateless
o Checksum provide some minimal protection against data corruption during
transmission
o UDP uses ports to direct data to the correct application
- Internet Control Message Protocol (ICMP)
o Integral part of the Internet Protocol ; Suite which is a set of networking
protocols used on the Internet
o It’s a network diagnostic and error reporting tool (not a transport protocol like
TCP and UDP)
o ICMP is encapsulated within the IP packets and it’s essential for tasks like
network troubleshooting (ping and traceroute tools)
o Attack with ICMP (DDoS, Ping of Death…)
- Web Ports and Protocols
o Port 80 use to HTTP (Problem with security with HTTP because data isn’t
encrypted => Eavesdropping, On-path attacks)
o Port 443 use to HTTPS (Security with Secure Sockets Layer tunnel or Transport
Layer Security tunnel)
- Email Ports and Protocols
o Simple Mail Transfer Protocol (+S for secure version on port 465 or 587) :
Standard protocol used for sending (not receiving) emails across the internet
and operates over port 25
o Post Office Protocol version 3 : Used to retrieve email from a remote server to
a local client over port 110 (email is disponible only on the device that
received email)
o Internet Message Access Protocol (+S for secure version on port 993):
Operates over Port 143 and allows users to manage emails directly on the
email server
o SMTP/SMTPS  Sending emails
o POP3/IMAP  Receiving emails
- File Transfer Ports and Protocols
o Specialized rules and procedures that are utilized for the transmission of files
across network, operate on the designated ports, and act as doorways for
data transfer activities
o File transfer Protocol (FTP) : Used for transferring files between a client and a
server over a network ; Transmission are not encrypted
 Port 20 : Actual data transfer
 Port 21 : Sending control command
o Secure File Transfert Protocol (SFTP) : SFTP is tunneling an FTP protocol
through an SSH connection and operate on port 22
 o Trivial File Transfer Protocol (TFTP) : Simpler and more basic version of FTP
and operates over port 69 ; is designed for sending files when minimal
security is sufficient
o Server Message Block (SMB) : operates over port 445 and allows computer
apps to read and write to files and request services from the server programs
(File sharing between windows devices)  Is used inside LAN, and it’s not a
protocol to send data across the internet
- Remote Access Ports and Protocols
o Build and manage systems and network from across the network
o Secure Shell : Protocol used for secure remote login and other secure network
services over an unsecure network, operates over port 22
 SSH is creating a secure encrypted tunnel that can operates text-based
commands from a remote server
o Telnet : Allows a user on one computer to login remotely to another
computer, operate on port 23  No encryption …
o Remote Desktop Protocol (RDP) : Proprietary protocol that was developed by
Microsoft to provide users with a graphical user interface to connect to
another computer over a network connection, operate over port 3389
(encrypted for windows device) ; use TCP
- Network Service Ports and Protocols
o Different services that ensure that network devices cand discover each other,
communicate efficiently, and relay important system information to each
other
o Domain Name System (DNS) : operate on port 53 and use TCP for large
messages and UDP for small messages
o Dynamic Host Configuration Protocol (DHCP) : Used to automate the
assignment of IP addresses, subnets, mass gateways, and other networking
parameters to a client device, DHCP servers listen for client request over port
67, and the clients will received responses back over port 68 using UDP
o SQL services : Protocols used by database server to manage queries and
control operations from the client applications that are requesting them
(Microsoft SQL over port 1433, MySQL port 3306)
o Simple Network Management Protocol : Used for collecting information from
and configuring different network devices like servers, printers, hubs,
switches, and router over an IP network ; operates on port 161 used by SNMP
managers ; Port 162 used by agent
o System logging (Syslog) : Standard for message logging that allows devices to
send event messages across IP networks to an event message collector known
as a Syslog server ; operate on port 514 using UDP or TCP
 - Other network Service Ports and Protocols
o Network time Protocol (NTP) : Used to synchronize the clocks of a computer
over a given network ; operate over port 123 with UDP
o Session Initiation Protocol (SIP) : used for initiating, maintaining, and
terminating real-time sessions that involve voice, video messaging, and other
communication services ; operate over port 5060 and port 5061 (TCP for
encrypted signaling with TLS)
o Lightweight Directory Access Protocol (LDAP) : Protocol for accessing and
maintaining distributed directory information services over an IP network ;
operate on port 389
 LDAP over SSL (LDAPS) : Encrypted version of LDAP and operate on
port 636 using TCP

Hub = Network components that repeat the frames for all computer who are connected to
the hub

- Broadcast and unicast

o A unicast transmission is addressed to a single device on a network
o A broadcast transmission is sent to every device in a broadcast domain
 It’s when all PC demand on the broadcast domain for whom is the
frame (because we don’t know de MAC Address of destination)
o A broadcast address looks like this: FF-FF-FF-FF-FF-FF