LAB PREPERATION

What is an IP Address?

An IP address (Internet Protocol address) is a unique numerical label assigned to each device connected
to a computer network that uses the Internet Protocol to communicate. It's used to identify and address
devices on a network.

Types of IP Addresses:

1. Public IP Address: A public IP address is an IP address that is accessible from the internet. It's assigned
to a device by an Internet Service Provider (ISP) and is unique to that device.

2. Private IP Address: A private IP address is an IP address that is not accessible from the internet. It's
used within a private network, such as a home or office network, to identify devices.

Types of IP Address Assignments:

1. Static IP Address: A static IP address is an IP address that is manually assigned to a device and remains
constant.

2. Dynamic IP Address: A dynamic IP address is an IP address that is assigned to a device automatically

and can change over time.

What is NAT?

NAT (Network Address Translation) is a technique used to allow multiple devices on a private network to
share a single public IP address when accessing the internet. NAT translates the private IP addresses of
devices on the network to the public IP address.

What is DHCP?

DHCP (Dynamic Host Configuration Protocol) is a protocol used to automatically assign IP addresses and
other network settings to devices on a network. DHCP allows devices to obtain an IP address
dynamically, rather than having a static IP address assigned manually.

| | Public IP Address | Private IP Address |

| Accessibility | Accessible from the internet | Not accessible from the internet |

| Assignment | Assigned by ISP | Assigned within a private network |

| | Static IP Address | Dynamic IP Address |

| Assignment | Manually assigned, remains constant | Automatically assigned, can change |

| NAT | Translates private IP addresses to a public IP address |

| DHCP | Automatically assigns IP addresses and network settings |

types of ip addresses satict and dynamic

Static IP Address

✔ Fixed: Remains constant and does not change.

✔ Best for Servers: Used for hosting websites, VPNs, and remote access.

✔ More Reliable: Better for VoIP and online gaming.

✔ More Expensive: Usually costs more from ISPs.

✔ Less Secure: Easier to track and target for cyberattacks.

Dynamic IP Address

✔ Changes Periodically: Assigned by DHCP and changes over time.

✔ More Common: Used by most home internet users.

✔ More Secure: Harder to track, reducing the risk of attacks.

✔ Cheaper: Provided automatically by ISPs at no extra cost.

✔ Less Reliable for Hosting: Not ideal for servers or remote access.

What is a Port?

A port is a virtual communication endpoint used to identify specific processes or services in a network.

It helps computers distinguish between different types of traffic, like web browsing, email, or file
transfers.

Ports work alongside IP addresses to ensure proper data transmission across the internet or networks.

Port:

A port is a logical endpoint for communication between devices on a network. Ports are identified by a
16-bit number, ranging from 0 to 65535.

What is a Protocol?

A protocol is a set of rules and standards that govern how devices communicate with each other over a
network. Protocols define the format, timing, and error detection and correction mechanisms for data
exchange. Examples of protocols include HTTP (Hypertext Transfer Protocol), FTP (File Transfer
Protocol), and TCP/IP (Transmission Control Protocol/Internet Protocol).

What are Packets?

A packet is a small unit of data that is transmitted over a network. Packets are the basic building blocks
of network communication. Each packet contains:

1. Header: Contains control information, such as source and destination IP addresses, packet sequence
number, and error-checking data.

2. Payload: Contains the actual data being transmitted.

3. Trailer: Contains error-checking data, such as checksums.

Advantages of Sending Data in Packets:

1. Efficient use of bandwidth: Packets allow multiple devices to share the same communication channel,
increasing bandwidth efficiency.

2. Error detection and correction: Packets contain error-checking data, which enables devices to detect
and correct errors that occur during transmission.

3. Flexibility and scalability: Packet switching allows networks to easily add or remove devices, making it
a scalable solution.

4. Reliability: Packets can be retransmitted if they are lost or corrupted during transmission, ensuring
reliable data transfer.

5. Improved network congestion control: Packet switching helps prevent network congestion by
allowing devices to transmit packets at different times.

In summary, protocols define the rules for network communication, while packets are the small units of
data that are transmitted over the network. Sending data in packets offers numerous advantages,
including efficient bandwidth use, error detection and correction, flexibility, reliability, and improved
network congestion control.

Wireshark:

Wireshark is a free and open-source network protocol analyzer that captures and displays network
traffic in real-time. It's used to troubleshoot network issues, analyze network security, and debug
network protocols.

Capturing:

Capturing refers to the process of collecting network traffic data using Wireshark. This can be done by:

- Selecting a network interface (e.g., Ethernet, Wi-Fi)

- Setting capture filters (e.g., IP address, port number)

- Starting the capture process

Analyzing:

Analyzing refers to the process of examining and interpreting the captured network traffic data using
Wireshark. This can involve:

- Examining packet details (e.g., headers, payloads)

- Applying display filters (e.g., protocol, port number)

- Identifying trends and patterns in network traffic

HTTP (Hypertext Transfer Protocol):

HTTP is a protocol used for transferring data over the web. It's typically used for:

- Requesting web pages from a server

- Sending data to a server for processing

- Receiving data from a server in response to a request

HTTPS (Hypertext Transfer Protocol Secure):

HTTPS is an extension of HTTP that adds an extra layer of security by encrypting data in transit. It's
typically used for:

- Secure online transactions (e.g., banking, e-commerce)

- Protecting sensitive data (e.g., passwords, personal info)

- Ensuring data integrity and authenticity

The main difference between HTTP and HTTPS is security:

HTTP (HyperText Transfer Protocol): Data is transferred in plain text, making it vulnerable to hacking.

HTTPS (HyperText Transfer Protocol Secure): Encrypts data using SSL/TLS, providing secure
communication and protecting sensitive information like passwords and credit card details.

Ensuring data integrity and authenticity

Websites with HTTPS are more secure, trusted by browsers, and improve SEO rankings.

(htttps is secure because its data is encrypted)

source is the laptop destination is the server and then vice versa

TCP Handshake:
A TCP handshake is a three-step process that establishes a connection between two devices on a
network, ensuring reliable and error-free communication.

SYN (Synchronize):

A SYN packet is the first packet sent by a client to initiate a connection with a server, containing the
client's IP address, port number, and sequence number.

SYN-ACK (Synchronize-Acknowledgment):

A SYN-ACK packet is the server's response to the client's SYN packet, acknowledging the client's request,
sending its own sequence number, and acknowledging the client's maximum segment size.

ACK (Acknowledgment):

An ACK packet is the client's response to the server's SYN-ACK packet, completing the handshake
process and establishing the connection.

Connection-Oriented:

A connection-oriented protocol establishes a dedicated connection between devices before data

transfer, ensuring reliable and error-free communication.

Reliable:

A reliable protocol ensures that data is delivered in the correct order, without errors or loss.

Error-Checked:

An error-checked protocol detects and corrects errors that occur during transmission, ensuring data
integrity.

LAB02 CONTENTS:

OSI LAYERS

Layer 1: Physical Layer

- Protocols:

- Ethernet (IEEE 802.3)

- Wi-Fi (IEEE 802.11)

- PPP (Point-to-Point Protocol)

- Functions: Defines physical means of data transmission (cable specifications, wireless transmission,
etc.)

Layer 2: Data Link Layer

- Protocols:
 - Ethernet (IEEE 802.3)

- Wi-Fi (IEEE 802.11)

- PPP (Point-to-Point Protocol)

- ATM (Asynchronous Transfer Mode)

- Functions: Provides error-free transfer of data frames between two devices on the same network.

Layer 3: Network Layer

- Protocols:

- IP (Internet Protocol)

- Functions: Routes data between different networks, and provides logical addressing (IP addresses).

Layer 4: Transport Layer

- Protocols:

- TCP (Transmission Control Protocol)

- UDP (User Datagram Protocol)

- Functions: Provides reliable data transfer between devices, and ensures data is delivered in the correct
order.

Layer 5: Session Layer

- Functions: Establishes, maintains, and terminates connections between applications running on

different devices.

Layer 6: Presentation Layer

- Protocols:

- SSL/TLS (Secure Sockets Layer/Transport Layer Security)

- ASCII (American Standard Code for Information Interchange)

- Functions: Converts data into a format that can be understood by the receiving device, and provides
data compression and encryption.

Layer 7: Application Layer

- Protocols:

- HTTP (Hypertext Transfer Protocol)

- FTP (File Transfer Protocol)

- SMTP (Simple Mail Transfer Protocol)

- DNS (Domain Name System)

 - DHCP (Dynamic Host Configuration Protocol)

- Functions: Provides services and interfaces for applications to communicate with each other, such as
email, file transfer, and web browsing.

HTTP (Hypertext Transfer Protocol)

- HTTP is a protocol used for transferring data over the web.

- It's a request-response protocol, where a client (e.g., web browser) sends a request to a server, and the
server responds with the requested data.

- HTTP uses TCP (Transmission Control Protocol) as its transport protocol.

- HTTP is a stateless protocol, meaning that each req

uest is independent of previous requests.

HTTPS (Hypertext Transfer Protocol Secure)

- HTTPS is an extension of HTTP that adds an extra layer of security by encrypting data in transit.

- HTTPS uses SSL/TLS (Secure Sockets Layer/Transport Layer Security) to encrypt data.

- HTTPS is used for secure online transactions, such as banking, e-commerce, and password-protected
websites.

SSL (Secure Sockets Layer)

- SSL is a cryptographic protocol used for secure online communication.

- SSL was developed by Netscape in the mid-1990s.

- SSL uses a combination of symmetric and asymmetric encryption to secure data.

- SSL has been largely replaced by TLS (Transport Layer Security).

TLS (Transport Layer Security)

- TLS is a cryptographic protocol used for secure online communication.

- TLS is an extension of SSL, and is designed to provide improved security and performance.

- TLS uses a combination of symmetric and asymmetric encryption to secure data.

- TLS is widely used for secure online transactions, including HTTPS, FTPS (File Transfer Protocol Secure),
and SFTP (Secure File Transfer Protocol).

Key Differences between SSL and TLS:

- Version: SSL is an older protocol, while TLS is a more modern and secure protocol.
- Encryption: TLS uses more secure encryption algorithms, such as AES (Advanced Encryption Standard),
while SSL uses weaker encryption algorithms, such as RC4.

- Authentication: TLS provides better authentication mechanisms, such as certificate-based

authentication, while SSL relies on password-based authentication.

In summary:

- HTTP is a protocol used for transferring data over the web.

- HTTPS is an extension of HTTP that adds an extra layer of security by encrypting data in transit using
SSL/TLS.

- SSL is an older cryptographic protocol that has been largely replaced by TLS.

- TLS is a more modern and secure cryptographic protocol used for secure online communication.

Persistence vs. Non-Persistence in Computer Networks

1. Persistent Connection

A single connection is kept open for multiple requests and responses between a client and a server.

Uses HTTP/1.1 and HTTP/2 by default.

Advantages:

✔ Reduces connection overhead (fewer TCP handshakes).

✔ Improves speed and performance.

✔ Minimizes latency.

Disadvantages:

✖ Requires more server resources to maintain open connections.

✖ Can lead to congestion if too many connections are open.

2. Non-Persistent Connection

A new connection is created for each request-response cycle.

Used in HTTP/1.0 by default.

Advantages:

✔ Frees up server resources after each request.

✔ Simple and easy to implement.

Disadvantages:

✖ Higher overhead due to multiple TCP handshakes.

✖ Increased latency slows down performance.

Key Differences

Feature Persistent Connection Non-Persistent Connection

Connection Stays open for multiple requests Closes after each request

Performance Faster, reduces latency Slower due to repeated handshakes

Overhead Low (fewer handshakes) High (multiple handshakes)

Protocol Default in HTTP/1.1, HTTP/2 Default in HTTP/1.0

Resource Use More server resource consumption Frees resources after each request

Conclusion: Persistent connections are preferred for modern web applications due to better
performance, while non-persistent connections are simpler but less efficient. both securely moves data
from client to server using some algorithms keep alive in persistence

http methods

status line

response header

response body

========

200 ok means the response was correct

300 not modified koi change nahi aya website par

after cache deletion 200 ok response

401 unauthorized

500 server has issues ap ka koi issue nahi ha

====http methods

get

post server ko kuch dana

put update hota ha

delete
components of http when we are analyzing packets(shown in 200 ok response)

status line -> through stautus code

response header -> content header 128 bytes

response body -> Line-based text data: text/html (4 lines)

state less request kia hoti ha?

HTTP Methods

- GET: Retrieves a resource from the server.

- POST: Creates a new resource on the server.

- PUT: Updates an existing resource on the server.

- DELETE: Deletes a resource from the server.

- HEAD: Retrieves metadata about a resource without retrieving the resource itself.

- OPTIONS: Returns the HTTP methods supported by the server for a particular resource.

- CONNECT: Establishes a tunnel to the server for proxying or other purposes.

- PATCH: Applies partial updates to an existing resource on the server.

HTTP Status Line

- The HTTP status line is the first line of an HTTP response.

- It consists of the HTTP version, a status code, and a reason phrase.

- Example: HTTP/1.1 200 OK

HTTP Status Codes

- 1xx: Informational responses

- 2xx: Successful responses

- 3xx: Redirection responses

- 4xx: Client error responses

- 5xx: Server error responses

HTTP Response Headers

- Content-Type: Specifies the format of the response body.

- Content-Length: Specifies the size of the response body in bytes.

- Set-Cookie: Sets a cookie on the client.

- Cache-Control: Specifies caching directives for the response.

- Expires: Specifies the date and time after which the response is considered stale.

HTTP Response Body

- The response body contains the actual data being returned by the server.

- The format of the response body is determined by the Content-Type header.

- Examples of response body formats include HTML, JSON, XML, and image data.

Here's an example of a complete HTTP response:

HTTP/1.1 200 OK

Content-Type: text/html

Content-Length: 1234

<html>

<head>

<title>Example Page</title>

</head>

<body>

<h1>Welcome to Example.com!</h1>

</body>

</html>

Stateless Responses

- A stateless response is a response from a server that does not retain any information about the client
or the client's previous requests.

- Each request from the client is treated as a new, independent request.

- The server does not maintain any session information or context between requests.
- Stateless responses are typically faster and more scalable, as the server does not need to maintain any
session state.

Stateful Responses

- A stateful response is a response from a server that retains information about the client or the client's
previous requests.

- The server maintains session information or context between requests, allowing it to remember the
client's previous interactions.

- Stateful responses are typically used for applications that require a user to log in or maintain a session,
such as online banking or e-commerce websites.

Key differences:

- Session management: Stateless responses do not maintain any session information, while stateful
responses maintain session information between requests.

- Scalability: Stateless responses are typically more scalable, as the server does not need to maintain any
session state.

- Security: Stateful responses can be more secure, as the server can maintain information about the
client's session and detect potential security threats.

Examples:

- Stateless example: A website that provides static information, such as a blog or a news website, can
use stateless responses.

- Stateful example: An online banking website that requires a user to log in and maintain a session can
use stateful responses.

Protocols:

- HTTP: HTTP is a stateless protocol, meaning that each request is treated as a new, independent
request.

- HTTPS: HTTPS is also a stateless protocol, but it can be used with stateful responses by maintaining
session information through cookies or other mechanisms.

LAB03 CONTENTS:

Type: which is ‘A‘ for IPv4(32 bits) and is ‘AAAA‘ for IPv6(128 bits).

CNAME cnonical name domain name is directly changed into cname rather then ipv4 or ipv6

nslookup pucit.edu.pk

if there are multiple addresses if we search for ip address in cmd so there permenent address will
be one and other are temporary

client-->os-client cache-->router-cache-->ISP(ptcl)-TTL(for how much time it remain in cache)(it is set

manually by isp-cache)-->local DNS

it will give recursive calls

local DNS-->Root DNS-->tlp(top level domain e.g .pk,.com,.org,.edu) there are only 13 DNS in whole
world wide

for pucit it will go to .edu it will go to Authorotative (if not this too then google will say that this site
does not exits)

hostinger--> dns-parking (dns),cloudfare

oxfford-->(nsoxford.com)

DNS Types:

- A Record (IPv4): Maps a domain name to an IPv4 address (32 bits).

- AAAA Record (IPv6): Maps a domain name to an IPv6 address (128 bits).

- CNAME Record: Maps an alias or subdomain to the canonical name of a server or another domain.

DNS Lookup Process:

1. Client: The client (e.g., web browser) sends a DNS query to the operating system's DNS cache.

2. OS Cache: The operating system's DNS cache checks if it has a valid IP address for the requested
domain.

3. Router Cache: If the OS cache doesn't have the IP address, the request is sent to the router's DNS
cache.

4. ISP Cache (PTCL): If the router cache doesn't have the IP address, the request is sent to the ISP's
(PTCL) DNS cache.

5. TTL (Time To Live): The ISP's DNS cache has a TTL value set, which determines how long the IP address
is cached.

6. Local DNS: If the ISP's cache doesn't have the IP address, the request is sent to a local DNS server.

7. Recursive Calls: The local DNS server makes recursive calls to the root DNS servers, TLD (top-level
domain) servers, and authoritative name servers to resolve the IP address.

DNS Server Hierarchy:

1. Root DNS Servers: The root DNS servers are the top-level servers that manage the DNS system. There
are only 13 root DNS servers worldwide.

2. TLD (Top-Level Domain) Servers: The TLD servers manage the top-level domains (e.g., .com, .org, .edu,
.pk).
3. Authoritative Name Servers: The authoritative name servers manage the DNS records for a specific
domain.

Example:

- nslookup pucit.edu.pk: This command performs a DNS lookup for the domain pucit.edu.pk.

- The DNS lookup process involves recursive calls to the root DNS servers, TLD servers, and authoritative
name servers to resolve the IP address.

Note:

- The DNS lookup process can involve multiple caches, including the OS cache, router cache, ISP cache,
and local DNS cache.

- The TTL value determines how long an IP address is cached in each cache.

- The DNS server hierarchy involves root DNS servers, TLD servers, and authoritative name servers
working together to resolve IP addresses

What is DNS?

- DNS (Domain Name System) is a decentralized system that translates human-readable domain names
into machine-readable IP addresses.

- DNS is often referred to as the "phonebook" of the internet, as it allows users to access websites and
online services using easy-to-remember domain names instead of difficult-to-remember IP addresses.

Importance of DNS:

- Accessibility: DNS makes it easy for users to access websites and online services using domain names
instead of IP addresses.

- Scalability: DNS allows the internet to scale to accommodate millions of devices and domain names.

- Flexibility: DNS enables website owners to change their IP addresses without affecting their domain
name.

IPv4 and IPv6:

- IPv4 (Internet Protocol version 4): IPv4 is the original protocol used for communicating over the
internet. It uses 32-bit IP addresses, which are limited in number.

- IPv6 (Internet Protocol version 6): IPv6 is the newer protocol designed to replace IPv4. It uses 128-bit IP
addresses, which provide a much larger address space.

DNS Hierarchy:

- Root DNS servers: The root DNS servers are the top-level servers that manage the DNS system. They
are responsible for directing queries to the correct top-level domain (TLD) servers.

- TLD servers: The TLD servers manage the top-level domains (such as .com, .org, etc.). They direct
queries to the correct name servers for a particular domain.
- Name servers: The name servers manage the DNS records for a particular domain. They provide the IP
address associated with a domain name.

CNAME (Canonical Name Record):

- A CNAME record is a type of DNS record that maps an alias or subdomain to the canonical name of a
server or another domain.

- CNAME records are often used to associate a subdomain with a server or another domain.

NSLOOKUP:

- NSLOOKUP is a command-line tool used to query DNS servers and retrieve DNS records.

- NSLOOKUP can be used to troubleshoot DNS issues, verify DNS records, and perform other DNS-related
tasks.

IPCONFIG/ALL:

- IPCONFIG is a command-line tool used to display and configure network settings on Windows
computers.

- The /all option displays detailed information about the computer's network settings, including the DNS
servers, IP address, subnet mask, and default gateway.

Here are some example commands:

- nslookup example.com: Queries the DNS server for the IP address associated with the domain name
example.com.

- ipconfig /all: Displays detailed information about the computer's network settings.

- dig example.com: Queries the DNS server for the IP address associated with the domain name
example.com (using the dig command)