Systems & Network Administration

CT106-3-2 (Version VE1)

Week 4, 5 & 6
Essential Services: Operation and Protocols
Networking & OSI Layers
 Lecturer Information

• Lecturer Name: Ts.Manimegalai

• Email: [email protected]
• Consultation Hours: Refer to iConsult

Module Code & Module Title Slide Title SLIDE 3

 Configuring for Network
Services

Networks are made of

• Hosts that act as clients and servers
– Servers share resources with AUTHORISED Clients
• Media and Equipment that interconnect hosts
• Protocols that govern connections
• Users

Networks allow cooperation

Cooperation leads to communities of users

Module Code & Module Title Slide Title SLIDE 4

 Network Components

Component Description

Any piece of hardware such as a computer, server,

Device
printer, or smartphone.
Connects devices to the network and carries data
Media
between devices.
Network Hardware that translates data between the
adapter network and a device.
Operating Software that controls network traffic and access
system to network resources.
Software that controls network communications
Protocol
using a set of rules.

Module Code & Module Title Slide Title Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org SLIDE55
 ISO OSI Reference Model

Understanding the abstract architecture is key

to understanding the concrete network

The ISO Seven “layer” OSI Model is a Conceptual model that

describes many types of network.
The Internet is a fairly unsophisticated example.

Each layer represents a higher level of abstraction in the process of

data communications
 Complexities of low level transmission of signals representing the
data are hidden from users at the application level (top layer)

Module Code & Module Title Slide Title SLIDE 6

 OSI Reference Model

• OSI Reference Model - internationally standardised

network architecture.
• OSI = Open Systems Interconnection: deals with open
systems, i.e. systems open for communications with
other systems.
• Specified in ISO 7498.
• Model has 7 layers.

Module Code & Module Title Slide Title SLIDE 7

 7-Layer OSI Model

Module Code & Module Title Slide Title SLIDE 8

 Layer 7: Application Layer

• Level at which applications access network services.

– Represents services that directly support software applications for file transfers, database
access, and electronic mail etc.

Module Code & Module Title Slide Title SLIDE 9

 Layer 6: Presentation Layer

• Related to representation of transmitted data

– Translates different data representations from the Application layer into
uniform standard format
• Providing services for secure efficient data transmission
– e.g. data encryption, and data compression.

Module Code & Module Title Slide Title SLIDE 10

 Layer 5: Session Layer

• Allows two applications on different computers to establish, use, and

end a session.
– e.g. file transfer, remote login
• Establishes dialog control
– Regulates which side transmits, plus when and how long it transmits.
• Performs token management and synchronization.

Module Code & Module Title Slide Title SLIDE 11

 Layer 4: Transport Layer

• Manages transmission packets

– Repackages long messages when necessary into small packets for transmission
– Reassembles packets in correct order to get the original message.
• Handles error recognition and recovery.
– Transport layer at receiving acknowledges packet delivery.
– Resends missing packets

Module Code & Module Title Slide Title SLIDE 12

 Layer 3: Network Layer

• Manages addressing/routing of data within the subnet

– Addresses messages and translates logical addresses and names into
physical addresses.
– Determines the route from the source to the destination computer
– Manages traffic problems, such as switching, routing, and controlling the
congestion of data packets.
• Routing can be:
– Based on static tables
– determined at start of each session
– Individually determined for each packet, reflecting the current network load.

Module Code & Module Title Slide Title SLIDE 13

 Layer 2: Data Link Layer

 Packages raw bits from the Physical layer into frames (logical, structured
packets for data).
 Provides reliable transmission of frames
 It waits for an acknowledgment from the receiving computer.
 Retransmits frames for which acknowledgement not received

Module Code & Module Title Slide Title SLIDE 14

 Layer 1: Physical Layer

• Transmits bits from one computer to another

• Regulates the transmission of a stream of bits over a physical
medium.
• Defines how the cable is attached to the network adapter and what
transmission technique is used to send data over the cable. Deals
with issues like
– The definition of 0 and 1, e.g. how many volts represents a 1, and how long a
bit lasts?
– Whether the channel is simplex or duplex?
– How many pins a connector has, and what the function of each pin is?

Module Code & Module Title Slide Title SLIDE 15

 Internet Protocols vs OSI

• Explicit Presentation and

session layers missing in
Internet Protocols
• Data Link and Network Layers
redesigned

Module Code & Module Title Slide Title SLIDE 16

 Services in the OSI Model

• In OSI model, each layer provide services to layer above, and ‘consumes’
services provided by layer below.
• Active elements in a layer called entities.
• Entities in same layer in different machines called peer entities.

Module Code & Module Title Slide Title SLIDE 17

 Layering Principles
N+1
PDU

(N+1) Entity Layer N+1 protocol (N+1) Entity

Service User Service User
Layer N Service
SDU
Access Point (SAP)
(N) Entity Layer N protocol (N) Entity
Service Provider Service Provider

N N
PDU PDU
PDU - Protocol Data Unit
SDU - Service Data Unit

 Layer N provides service to layer N+1

Module Code & Module Title Slide Title SLIDE 18

 Connections

• Layers can offer connection-oriented or connectionless services.

• Connection-oriented like telephone system.
• Connectionless like postal system.
• Each service has an associated Quality-of-service (e.g. reliable or unreliable).

The Complete Guide to Linux System Administration 19

Module Code & Module Title Slide Title SLIDE 19
 Reliability

• Reliable services never lose/corrupt data.

• Reliable service costs more.
• Typical application for reliable service is file transfer.
• Typical application not needing reliable service is voice traffic.
• Not all applications need connections.

The Complete Guide to Linux System Administration 20

Module Code & Module Title Slide Title SLIDE 20
 Topics

• Service = set of primitives provided by one layer to layer above.

• Service defines what layer can do (but not how it does it).
• Protocol = set of rules governing data communication between peer entities,
i.e. format and meaning of frames/packets.
• Service/protocol decoupling very important.

The Complete Guide to Linux System Administration 21

Module Code & Module Title Slide Title SLIDE 21
 OSI Model: Information Flow
Provides network services to user

“Please Do Not Throw Snow Peas Away”

7. Application 7. Application
applications

Coding and conversion to ensure

6. Presentation both ends use a common data format 6. Presentation

Establish, maintain, & terminate the

5. Session “conversation” between endpoint 5. Session
processes

4. Transport Process ID, Error detection, Flow 4. Transport

control

3. Network Network Addressing & Routing 3. Network

2. Data-Link Interface Address, Error detection, 2. Data-Link

Flow control

Voltage levels, Maximum transmission

1. Physical 1. Physical
distances, Physical connectors

Module Code & Module Title Slide Title SLIDE 22

 OSI TCP/IP Understanding the abstract architecture
7. Application
is key to understanding the concrete
network
5. Application For this class the
6. Presentation concrete network is
TCP/IP over Ethernet
5. Session
Secure Sockets Layer (SSL)
4. Transport
4. Transport TCP: Handshake, Port, Sequence

IP: Source & Destination Address,

3. Internet Subnets, Routing
3. Network

2. Network Ethernet: CSMA/CD - Broadcast

2. Data-Link Access
Link Layer Control (LLC)
Media Access Control (MAC) Address
1. Physical 1. Physical

Module Code & Module Title Slide Title SLIDE 23

 7 Layers to 5
Presentation Layer
• The Presentation Layer is
for providing a standard
way of encoding data,
including encryption and
character encoding
(unicode).
• MIME (Multipurpose
Internet Mail Extensions)
is a Presentation Layer
protocol that defines the
formatting of e-mail
messages
Module Code & Module Title Slide Title
Session Layer
• The session layer creates
and terminates unique
connections.
• TCP implements some
session layer functionality
(since it maintains
connection states using
sequence number).
• Session layer services
are most commonly
implemented as part of
the Application layer. For
24 SLIDE 24
 Packets and Encapsulation

Packets: Header and payload

– Header tells where the packet came from and where it’s
going
– Payload is the data

 TCP layer it’s called a segment

 IP layer it’s called a packet
 Link layer it’s called a frame

Cultural
Sensitivity

Module Code & Module Title Slide Title SLIDE 25

 Encapsulation

• A packet is a structured message.

• The control information of a given protocol must
be treated strictly as data by the next "lower"
protocol.
• As a packet moves down the protocol stack, it
gets bigger as information relevant to the layer is
added to the beginning and the end.
• Any given layer is allowed to work only with the
data relevant to that layer, and nobody else's.
• As a packet moves up the stack it gets smaller,
as the information from the current level is
Module Code & Module Title removed. Slide Title SLIDE 26
 Ethernet, IP, and TCP

TCP Segment
Data
Header

IP Datagram Complete TCP Segment

Header Treated as Data

Frame Complete IP Datagram

CRC
Header Treated as Data

Remember, this is really just a stream of bits

0011110101010101110000101010101010001010110101001001010100101110010100
Module Code & Module Title Slide Title SLIDE 27
 Ethernet Frame Format
Preamble (64 bits)
Destination Address (48 bits)
Source Address (48 bits)
Packet type (16 bits)
Data (368-12,000 bits)
CRC (32 bits)
Key Fields
•Preamble: Alternating 1's and 0's to
help receiving nodes synchronise
•Address: Unique identifier assigned
by the hardware manufacturer (MAC
Address)
•Packet Type: identifies this as an
Ethernet frame (allows mutiple
protocols and versions)
•CRC: Error detection (Cyclic
Redundancy Check)

Remember, this is really just a stream of bits

0011110101010101110000101010101010001010110101001001010100101110010100
Module Code & Module Title Slide Title SLIDE 28
 Datagram Format
Each row represents 4 octets (32 bits) Key Fields
• IP is version 4 or 6
Version - Length - QOS - Total Length • QOS requests priority
Unique ID - Flags - Fragment Offset • Second Row controls
Fragmentation (e.g., "2 of 4")
Time to Live - Protocol - Checksum
• Gateways decrement TTL and
Source IP Address discard the datagram if zero
Destination IP Address • Protocol is analogous to
Ethernet Type, Header
Options - Padding Checksum to CRC
Data • Options are included for
(up to 4416 bits) network testing (not required)

Remember, this is really just a stream of bits

0011110101010101110000101010101010001010110101001001010100101110010100
Module Code & Module Title Slide Title SLIDE 29
 TCP Segment Format
Each row represents 4 octets (32 bits) Key Fields
• Port number specifies service
Source Port - Destination Port • Sequence is position in
sender's byte stream
Sequence Number
• Acknowledgement of position in
Acknowledgement Number sender's byte stream
Offset - Code - Window • Some segments carry only ACK,
Checksum - Urgent others carry data, and others a
request to establish or close a
Options - Padding connection (Code)
Data • Window and Options negotiate
(up to 4224 bits) maximum segment size

Remember, this is really just a stream of bits

0011110101010101110000101010101010001010110101001001010100101110010100
Module Code & Module Title Slide Title SLIDE 30
 Ethernet, IP, and TCP
Is there a service on this port? Yes: Pass up the DATA part No: discard it

TCP Segment
Data
Header

Is this my IP address? Yes: Pass up the DATA part No: discard it

Am I a Router? Yes: Pass the whole packet to all interfaces No: ~

IP Datagram Complete TCP Segment

Header Treated as Data

Is this my MAC address? Yes: Pass up the DATA part No: discard it

Frame Complete IP Datagram

CRC
Header Treated as Data
Is this an ethernet frame? Yes: Pass it up No: discard it
Data Link Layer: stream of bits
0011110101010101110000101010101010001010110101001001010100101110010100
Module Code & Module Title Slide Title SLIDE 31
Module Code & Module Title Slide Title SLIDE 32
 Beyond a broadcast domain, communication is typically
through a network of intermediate switching nodes.

Switching is the process of taking an incoming frame from one

interface and delivering it out through another interface.
– At Layer 2 frames are switched based on MAC address
– At Layer 3 packets are switched based on IP address
Host A Host B

HTTP Identical Message (end-to-end) HTTP

TCP Identical Segments (end-to-end) TCP

Identical Intermediate Identical

IP IP
Datagram Router (Layer 3) Datagram
or Switch (Layer 2)
Proper Proper
Ethernet Ethernet
Frame Frame
Network Network Network Network
Wiring Wiring
Interface Interface Interface Interface

Module Code & Module Title Slide Title SLIDE 33

 Virtual Networking

VirtualBox provides Layer

Ubuntu
2 (Network Access) Layer 2
interconnection
• A hub broadcasts
every message to
every interface
• We can watch this with
a packet sniffer when
we put the interface
into promiscuous mode

Module Code & Module Title Slide Title SLIDE 34

 Virtual Networking

Layer 3 (Internet)
interconnection is more Ubuntu
Layer 3
useful
1. Assign an IP address to
each interface
2. Configure a default or
static route to the
gateway
3. Gateway interconnects
subnets

Module Code & Module Title Slide Title SLIDE 35

 IP Addressing & Subnet
Masks

• Subnet Mask is like an IPv4 Address: 32 bits long

• Specifies which part of an IP address is the network/subnet
field and which part is the host field

• The prefix portion of the mask is all 1s in binary.

• The host portion of the mask is all 0s in binary.

Module Code & Module Title Slide Title SLIDE 36

 Classless Addressing (VLSM)

• Extend the network prefix by borrowing bits from host address range
– a Variable Length Subnet Mask (VLSM)
• An IP address is accompanied by an indication of the prefix length
192.168.11.0 255.255.255.0
Convert the binary expression to dotted-decimal notation
192.168.11.0/24
/ specifies the number of ones “up front”

• Contiguous subnet mask: no 1 bit appears to the right of any 0 bit

Module Code & Module Title Slide Title SLIDE 37

 This network has 3 subnets
The routing table actually has
both the IP address and the
netmask 172.16.30.1 172.16.30.2
172.16.30.0
You cannot tell what subnet an
address belongs to without Beta
knowing the netmask! 172.16.20.0 172.16.40.0

Network Netmask Alpha Iota

172.16.20.0 255.255.255.0
172.16.30.0 255.255.255.0 172.16.20.2 Delta 172.16.40.2
172.16.40.0 255.255.255.0 172.16.20.1 172.16.40.1

Module Code & Module Title Slide Title SLIDE 38

 Addresses

• Layer 2 addresses are put into the interface ROM by

the hardware manufacturer
• Layer 3 addresses are assigned by the network
administrator
– If users move to another building (or WAP), their device
may get a new Layer 3 address, but the Layer 2 address
remains the same.

The broadcast domain is everyone who can hear a broadcast.

It is important to limit the size of the broadcast domain because too many
broadcast frames can overwhelm endpoints, switches and routers
At layer 3 the broadcast domain is defined by the subnet mask.
At layer 2 a hub is a single broadcast domain, or switch ports are
configured to define the broadcast domain (vlan tagging).
Module Code & Module Title Slide Title SLIDE 39
 Virtual Local Area Networks (VLANs)
A logical method of segmenting a network at the
data link layer (layer 2) – Also called VLAN
Tagging.
• Similar to subnets.
– However, subnets are network layer (layer 3).
• VLANs enable grouping of network hosts not on the same
physical switch or multiple VLANs on the same physical
switch.
• If network configuration changes, the physical cabling and
devices don't need to.
• VLANs can be configured with one or more subnets.

Module Code & Module Title Slide Title Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.orgSLIDE4040
 Internet Protocols and Standards
Application /etc/services IANA: Internet Assigned Numbers Authority

Transport TCP UDP IETF: Internet

Engineering
Internet ICMP Task Force
RFC: Request
IP
For Comments
Network ARP
Access IEEE: Institute of Electrical and
Ethernet Electronic Engineers

And Others ITU: International Telecommunications Union

Module Code & Module Title Slide Title SLIDE 41

 ARP - Address Resolution Protocol

• Concerned with mapping layer 2 to layer 3 addresss, e.g.,

MAC address to IP address.
• The source host sends an ARP request by broadcast, asking
“who has IP address A.B.C.D?”
If the destination host (which owns A.B.C.D) sees the ARP
query, it responds and sends its MAC address.
If the destination host is not on the same local network, the
router/gateway will respond and send its own MAC address.
• The source host registers the MAC address obtained and a
data-link (layer 2) connection is established between the two
hosts.

Module Code & Module Title Slide Title SLIDE 42

 ARP - Address Resolution Protocol

arp Request ARP Spoofing relies

on the decentralized,
unauthenticated, and
completely trusting
nature of ARP
Source IP: 192.168.6.1
Source MAC: a1:b2:c3:d4:e5:f6
Target IP: 192.168.6.101
Target MAC: 00:00:00:00:00:00

Any reply is cached,
even if no request was
sent. Attackers can
easily substitute their
MAC and divert traffic.
arp Reply
Source IP: 192.168.6.101
Source MAC: 1a:2b:3c:4d:5e:6f
Target IP: 192.168.6.1
Target MAC: a1:b2:c3:d4:e5:f6

Module Code & Module Title Slide Title SLIDE 43

 ICMP - Internet Control Message Protocol

Used for gateway management:

• congestion control (source quench)
• route-change notification (redirect)
• subnet addressing (address mask
request/reply)
Also for general network management:
• reachability testing (echo request/reply)
• performance measuring (timestamp)

Module Code & Module Title Slide Title SLIDE 44

 ping

Uses ICMP “echo request” and “echo reply” to

check network connectivity.

• Used to check a target host for a response.

• Many systems block ICMP to prevent attacks:
– Flood system in a Smurf attack.
– Reconfigure routing tables with forged packets.

Is 192.168.0.154
reachable? 192.168.0.154

Echo
1
request

2 Echo reply

Module Code & Module Title Slide Title Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.orgSLIDE4545
 UDP - User Datagram
Protocol

• Connectionless service for application level procedures

– Unreliable: delivery not guaranteed & no duplication control
• Reduced overhead, least common denominator service
• Used when one IP packet is sufficient for the whole message
– DNS tries to use UDP first, fallback to TCP

Module Code & Module Title Slide Title SLIDE 46

 TCP: Transmission Control
Protocol

• TCP connections provide reliable delivery for messages that are

too big for a single packet

• The message is broken into a number of packets before it is sent

• Packets can arrive in any order, missing packets are re-sent

• Packet sequence numbers are established during the initial

connection using a “3-Way Handshake”.

• Other initial connection setup messages establish parameters of

channel e.g., buffer sizes, error detection & recovery procedures.

Module Code & Module Title Slide Title SLIDE 47

 Ports and Port Ranges
Port: The endpoint of a logical network
connection.
• Client computers connect to server programs through a
designated port.
• Port is a “Layer 4” concept – TCP header
• All ports assigned are between the numbers 0 and 65535.

Port Service Secure Port Port Service

20 Telnet SSH 22 53 DNS

25 SMTP SMTPS 465 67 DHCP (server)
80 HTTP HTTPS 443 68 DHCP (client)
143 IMAP IMAPS 993 587 Submission
LDAP
389 LDAP 636
S
Module Code & Module Title Slide Title Copyright (c) 2018 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.orgSLIDE4848
 Service names and port
numbers

• Service names and port numbers are used to

distinguish between different services that run
over TCP and UDP (transport layer)
• A port is actually just a 16 bit number used as
an identifier
• The registration procedures for service names
and port numbers are described in [RFC6335].
• Service names are assigned by IANA with a
first-come, first-served process.

Module Code & Module Title Slide Title SLIDE 49

 Transport Protocol Addresses:
TCP & UDP Port Numbers
/etc/services
# This file contains port numbers for well-known services defined by IANA
# Format:
# <service name> <port number>/<protocol> [aliases...] [#<comment>]
discard 9/tcp sink null
discard 9/udp sink null
qotd 17/tcp quote #Quote of the day
qotd 17/udp quote #Quote of the day
ftp-data 20/tcp #FTP, data
ftp 21/tcp #FTP. control
telnet 23/tcp
smtp 25/tcp mail #Simple Mail Transfer Protocol
time 37/tcp timserver
time 37/udp timserver
domain 53/tcp #Domain Name Server
domain 53/udp #Domain Name Server
bootps 67/udp dhcps #Bootstrap Protocol Server
bootpc 68/udp dhcpc #Bootstrap Protocol Client
tftp 69/udp #Trivial File Transfer
finger 79/tcp
http 80/tcp www www-http #World Wide Web
Module Code & Module Title Slide Title SLIDE 50
 • Port numbers are assigned based on three ranges:
• The Well Known or System Ports (0-1023)
– Ports under 1024 restricted to root

• The Registered or User Ports (1024-49151),

• The Dynamic and/or Private Ports (49152-65535);

System Ports are assigned by IETF for standards-track

protocols, User Ports are assigned by IANA, and
dynamic ports are not assigned.

Module Code & Module Title Slide Title SLIDE 51