Networking Fundimentals

OSI Reference Model

The OSI Model (Open Systems Interconnection Model) is a conceptual framework used to describe
the functions of a networking system. The OSI model characterizes computing functions into a
universal set of rules and requirements in order to support interoperability between different
products and software. In the OSI reference model, the communications between a computing
system are split into seven different abstraction layers: Physical, Data Link, Network, Transport,
Session, Presentation, and Application.

The 7 Layers of the OSI Model

Physical Layer

The lowest layer of the OSI Model is concerned with electrically or optically transmitting raw
unstructured data bits across the network from the physical layer of the sending device to the
physical layer of the receiving device. It can include specifications such as voltages, pin layout,
cabling, and radio frequencies. At the physical layer, one might find “physical” resources such as
network hubs, cabling, repeaters, network adapters or modems.

Data Link Layer

At the data link layer, directly connected nodes are used to perform node-to-node data transfer
where data is packaged into frames. The data link layer also corrects errors that may have occurred
at the physical layer.

The data link layer encompasses two sub-layers of its own. The first, media access control (MAC),
provides flow control and multiplexing for device transmissions over a network. The second, the
logical link control (LLC), provides flow and error control over the physical medium as well as
identifies line protocols.
Network Layer

The network layer is responsible for receiving frames from the data link layer, and delivering them to
their intended destinations based on the addresses contained inside the frame. The network layer
finds the destination by using logical addresses, such as IP (internet protocol). At this layer, routers
are a crucial component used to quite literally route information where it needs to go between
networks.

Transport Layer

The transport layer manages the delivery and error checking of data packets. It regulates the size,
sequencing, and ultimately the transfer of data between systems and hosts. One of the most
common examples of the transport layer is TCP or the Transmission Control Protocol.
Session Layer
The session layer controls the conversations between different computers. A session or connection
between machines is set up, managed, and determined at layer 5. Session layer services also include
authentication and reconnections.
Presentation Layer
The presentation layer formats or translates data for the application layer based on the syntax or
semantics that the application accepts. Because of this, it at times is also called the syntax layer. This
layer can also handle the encryption and decryption required by the application layer.
Application Layer
At this layer, both the end user and the application layer interact directly with the software
application. This layer sees network services provided to end-user applications such as a web
browser or Office 365. The application layer identifies communication partners, resource availability,
and synchronizes communication.

What is a Network

A computer network is two or more devices that are connected in order to share information
(computer, Printer, switch, Router)

This type of network is called the Lan network (Local Area Network) as it only communicates
internally and does not need the internet

The devices in a network are connected to each other via physical means such as ethernet cables
(Cat 5 or Cat 6) or Wi-Fi devices commonly known as APs (access points)

The devices on the network (Printer, Computer, APs, Switches) are normally in the same Lan IP range
(192.168.200.?)

What is an IP Address?

An IP address, or Internet Protocol address, is a series of numbers that identifies any device on a
network. Computers use IP addresses to communicate with each other

There are four different types of IP addresses: public, private, static, and dynamic. While the public
and private are indicative of the location of the network—private being used inside a network while
the public is used outside of a network—static and dynamic indicate permanency
To put it simply

- Private IP addresses can be thought the same way you see your house address in your town
(Centurion, Pretoria, Johannesburg)
- Public IP addresses can be thought of as the region your town is located in

For example

If I send a package from my home to my office the address is a local address

From: 21 Hofsanger Rd, Rooihuiskraal, Centurion Gauteng

To: 3 Bauhinia St, Highveld, Centurion Gauteng

The same is true when you are sending a document from your computer to the printer

From: 192.168.200.20 (Your Computer)

To: 192.168.200.21 (the Printer)

But if I send the same package to Teraco in Cape town the address would be Public

From: 3 Bauhinia St, Highveld, Centurion, Gauteng

To: 240 Main Rd, Rondebosch, Cape Town

This would then be from local (RED) over public (BLUE) to local again (RED)

Private IP Ranges

Private IPv4 addresses have the following class configurations:

 Class A IP addresses. Configurations range from 10.0.0.0 to 10.255.255.255. This class is for
large networks
 Class B IP addresses. Configurations range from 172.16.0.0 to 172.31.255.255. This class is
for medium networks
 Class C IP addresses. Configurations range from 192.168.0.0 to 192.168.255.255. This class is
for smaller networks

The range of private IP addresses seems relatively small because they can be reused on different
private networks without consequence

There is also a WAN Network (Wide Area Network)

The WAN network is also better known as the internet, that works with Public IPs

Public IP Ranges

The number of public IP addresses is far greater than the number of private ones because every
network on the Internet must have a unique public IP.

All public IP addresses belong to one of the following public IP address ranges:
  1.0.0.0-9.255.255.255
 11.0.0.0-100.63.255.255
 100.128.0.0-126.255.255.255
 128.0.0.0-169.253.255.255
 169.255.0.0-172.15.255.255
 172.32.0.0-191.255.255.255
 192.0.1.0/24
 192.0.3.0-192.88.98.255
 192.88.100.0-192.167.255.255
 192.169.0.0-198.17.255.255
 198.20.0.0-198.51.99.255
 198.51.101.0-203.0.112.255
 203.0.114.0-223.255.255.255

From here there are also 2 more categories for IP addresses

1. Static
2. Dynamic

Static IPs are manually configured on devices such as Printers, WiFi APs, Routers, servers

Dynamic IPs are given to devices via DHCP and will become available again for another device if that
device in not on the network

For Example

If you go camping in a caravan park, the parks main office will have a static location, but you will get
a dynamic spot to set up camp

Once you leave the park that location becomes available for the next camper

DNS (Domain Name System)

In basic terms, DNS is a naming database on the internet in which domain names are located and are
translated into IP addresses. A typical example of a domain name is dns.google that translates to
8.8.8.8.

To simplify it, DNS can be thought of as a phonebook of the internet. You need to know the person’s
name before you can locate their contact number. So, the Domain name would be the Person’s
name and the IP address would be their phone number. For normal internet access, there must be a
valid DNS server configured locally for the LAN. Without any DNS servers, there will be no internet
access.

If a user opens up their browser and types in www.fnb.com or www.netflix.com without any DNS
servers specified on their router, the router will not be able to understand what the domain names
fnb.com and netflix.com mean. In other words, which IP addresses do they resolve/translate to. DNS
does not work only for Web pages it is also used in emails as well as other applications. Another
example of the application of DNS is email. SMTP servers are used to move mail traffic on the
internet from one exchange server to another. The SMTP servers use publicly routable IP addresses
to point/translate Domain Names to public IPs. See the below command for checking if there is a
local DNS server configured. NS lookup shows the IP address of our local DNS servers or relays:

Networking basic tools

Ping

Can be thought of as a ping pong game

The ICMP (Internet Control Message Protocol) packet is sent from your router (Local Host) to the
Remote Host e.g. 8.8.8.8; Porta PING . The Remote Host then sends a ICMP reply PONG

-Ping is used to test Latency on a link and to confirm if a remote host IP is reachable or active
The Latency is the time between the Local Host sending the Packet and receiving the reply

Traceroute

Used to display the list of router (hops) a packet travels through to reach a remote host

While ping can tell you if there is a problem, traceroute can help you pinpoint where the problem
exists
The times displayed is the time it for the packet to reach that router and reply back to you

The host router sends an ICMP packet with a TTL of 1 to the first router witch takes 1 TTL and can’t
send the packet further, then replies to the Host router TTL exceeded, the Host then parks that as
hop 1 then sends another ICMP packet with TTL of 2, the first HOP router takes one and sends the
packet further to the next router witch also takes 1 TTL and replies to host TTL exceeded, host marks
that router as HOP2 and sends a 3rd ICMP packet with TTL of 3

This continues till you reach your desired remote host or reach your maximum HOP limit

Mikrotik Torch

Torch is real-time traffic monitoring tool that can be used to monitor the traffic flow through an
interface.

You can monitor traffic classified by protocol name, source address, destination address, port.

Torch shows the protocols you have chosen and tx/rx data rate for each of them
You can use the Torch to see what is using the link or maxing out the bandwidth if a client says they
aren’t getting their speed

Neighbors

MikroTik Neighbor Discovery protocol (MNDP) and Link Layer Discovery Protocol (LLDP) allows to
"find" other devices compatible with MNDP or CDP (Cisco Discovery Protocol) or LLDP in Layer2
broadcast domain.
Basically it will see all Cisco / Mikrotik devices and some makes of switches/printers and routers via
the Layer2 / MAC layer

The neighbor list will provide info relating to device Make and model, Firmware version, Mac
address, Identity (Device name), IP Address, and through what port it found the device

IP Scan

IP Scan tool allows a user to scan networks based on some network prefix or by setting an interface
to listen to.

Either way, the tool collects certain data from the network:

-address - IP address of network device;

-mac-address - MAC address of network device;

-time - response time of seen network device when found;

-DNS - DNS name of a network device;

-SNMP - SNMP name of the device;

-NET-BIOS - NET-BIOS name of device if advertised by the device;

When using IP scan tool user must choose what they want to scan for:

-certain IPv4 prefix

- the tool will attempt to scan all the IP addresses or addresses set; the interface of the
router

- the tool will attempt to listen to packets that are "passing by" and attempt to compile
results when something is found;
It is basically sending a broadcast MSG out over the entire IP range / port that is specified and
listening for all devices that reply

ARP

Even though IP packets are addressed using IP addresses, hardware addresses must be used to
actually transport data from one host to another.

Address Resolution Protocol is used to map OSI level 3 IP addresses to OSI level 2 MAC addresses.

Routers has a table of currently used ARP entries.