Scribd
Upload
84 views43 pages

Instructor Materials Chapter 4: Network Protocols and Services

The document discusses network protocols and services. It covers topics like Ethernet, IP, ARP, ICMP, transport layer protocols and network services. Each section provides explanations and examples of key concepts.

Uploaded by

mfhamze
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
84 views43 pages

Instructor Materials Chapter 4: Network Protocols and Services

The document discusses network protocols and services. It covers topics like Ethernet, IP, ARP, ICMP, transport layer protocols and network services. Each section provides explanations and examples of key concepts.

Uploaded by

mfhamze
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 43

Instructor Materials

Chapter 4: Network
Protocols and Services

Cybersecurity Operations

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1
Chapter 4: Network
Protocols and Services

Cybersecurity Operations

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11
Chapter 4 - Sections & Objectives
 4.1 Network Protocols
• Explain how protocols enable network operations.

 4.2 Ethernet and Internet Protocol (IP)


• Explain how Ethernet and IP protocols support network communication.

 4.3 Connectivity Verification


• Use common testing utilities to verify and test network connectivity.

 4.4 Address Resolution Protocol


• Explain how the address resolution protocol enables communication on
a network.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12
Chapter 4 - Sections & Objectives (Cont.)
 4.5 The Transport Layer
• Explain how transport layer protocols support network functionality.

 4.6 Network Services


• Explain how network services enable network functionality.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13
4.1 Network Protocols

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14
Network Protocols
Network Communications Process
 Views of the network
• Small home network
• SOHO (Small Office/Home Office)
• Medium to large networks
• World-wide networks

 Client-Server communications
• Server stores corporate and user files
• Client devices access these files or
services with client software

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15
Network Protocols
Communications Protocols
 TCP/IP Protocol Suite
• Application Layer
• Transport Layer
• Internet Layer
• Network Access Layer

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
Network Protocols
Communications Protocols (Cont.)
 OSI Model

 Message Delivery
• Unicast – one-to-one
• Multicast – one-to-many
• Broadcast – one-to-all
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17
Network Protocols
Communications Protocols (Cont.)
 Three important addresses
• Protocol address
• Network host address
• Physical address

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18
4.2 Ethernet and Internet
Protocol (IP)

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19
Ethernet and Internet Protocol (IP)
Ethernet
 Operates at Layer 1 and 2
• Defined by the IEEE 802.2 and
802.3 standards

 Ethernet responsibilities
• Data encapsulation
• Media access control
• Put bits on the medium

 Ethernet Frame
• Two key identifiers
o Destination MAC address
o Source MAC address
• Uses hexadecimal

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20
Ethernet and Internet Protocol (IP)
IPv4
 Characteristics
• Connectionless
• Unreliable
• Media Independent

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21
Ethernet and Internet Protocol (IP)
IPv4 Addressing Basics
 All addresses have a network portion and a host portion as
determined by the subnet mask

 A network address is found by ANDing an IP address with the


subnet mask

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22
Ethernet and Internet Protocol (IP)
IPv4 Addressing Basics (Cont.)
 Subnetting takes a network space and divides it into smaller
spaces called subnets.
 Subnetting factors
• Broadcast domain (number of devices)
• Location (building floors)
• Type of devices (all printers)
• Organizational unit (HR dept.)

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23
Ethernet and Internet Protocol (IP)
Types of IPv4 Addresses
 Classes – A, B, C, D, and E
 Public
• Can be used on the Internet

 Private
• Used within an organization
• 10.0.0.0 /8
• 172.16.0.0 /12
• 192.168.0.0 /16

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24
Ethernet and Internet Protocol (IP)
The Default Gateway
 Required IP information to communicate on a TCP/IP
network
• IP address
• Subnet mask
 Default gateway IP address
• Required to send data to a remote
network
• Address is the Layer 3 device,
such as a router connected to
the same network
 IP addressing information
• Configured manually
• Obtained automatically
using DHCP

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25
Ethernet and Internet Protocol (IP)
IPv6
 128-bit address space
• String of 32 hexadecimal values
• Every 4 bits represented by one hexadecimal digit
• Hextet is 16 bits or 4 hexadecimal digits

 IPv6 Addresses
• Can remove leading zeros
• Can leave out 1 “all zeros” segment
• Two sections: Prefix and Interface ID

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26
4.3 Connectivity Verification

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27
Connectivity Verification
ICMP
 Used to provide feedback and troubleshoot network problems
 Message types
• Host confirmation – echo request and echo reply with the ping utility
• Destination or service unreachable codes
o 0 – net unreachable
o 1 – host unreachable
o 2 – protocol unreachable
o 3 – port unreachable
• Time exceeded – used by a router to indicate that a packet cannot be
sent onward
o IPv4 is due to the time to live (TTL) field having a value of 0.
o IPv6 does not have a TTL field, but has a hop limit field instead.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 28
Connectivity Verification
ICMP (Cont.)
 ICMPv6 Special Messages
• Router Solicitation (RS) – used between an IPv6 device and a router
• Router Advertisement (RA) – used between an IPv6 router and a device
to provide addressing info using Stateless Address Autoconfiguration
(SLAAC)

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 29
Connectivity Verification
ICMP (Cont.)
 ICMPv6 Special Messages (Cont.)
• Neighbor Solicitation (NS) – used between IPv6 devices when a device
knows the IPv6 address of a device, but not its MAC address (like ARP
in IPv4)
• Neighbor advertisement (NA) – used to deliver a MAC address in
response to a NS message sent from an IPv6 device

 IPv6 Duplicate Address Detection (DAD)


• Not required, but recommended
• If another device on the network has the same global unicast or link-
local unicast address, the device will respond with an NA message
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 30
Connectivity Verification
Ping and Traceroute Utilities
 Ping
• Test the local stack
o ping 127.0.0.1
• Test connectivity on the LAN
• Test remote connectivity

 Traceroute – Test the path


a packet takes

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 31
4.4 Address Resolution
Protocol

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 32
Address Resolution Protocol
MAC and IP
 Two addresses assigned to an Ethernet device
• MAC address (Layer 2 physical address)
• IP address (Layer 3 logical address)

 A device must have both addresses to communicate with


another TCP/IP-based device
• Uses the source and
destination MAC address
• Uses the source and
destination IP address

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 33
Address Resolution Protocol
MAC and IP (Cont.)
 When communicating with a device on a remote network, the
destination MAC address is the MAC address of the Layer 3
device interface on the same network as the device
originating the packet.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 34
Address Resolution Protocol
ARP
 Protocol used to discover and obtain the destination MAC
address
 Used to resolve IPv4 addresses to MAC addresses
 IPv4 and MAC address mappings kept in an ARP table

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 35
Address Resolution Protocol
ARP Issues
 ARP Broadcasts – could impact large networks
 ARP Spoofing (ARP poisoning) – security risk

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 36
4.5 The Transport Layer

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 37
The Transport Layer
Transport Layer Characteristics
 Tracks individual conversations
 Moves data between applications on network devices
 Segments data
 Identifies applications
using a port number
 Two key protocols
• TCP
• UDP

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 38
The Transport Layer
Transport Layer Characteristics (Cont.)
 TCP
• Used for majority of the
major TCP/IP protocols
• Requires more overhead
(bytes in the header)
• Reliable (3-way handshake)

 UDP
• Used for voice and video
• Fast, fast, fast
• Does not resend dropped
packets

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 39
The Transport Layer
Transport Layer Operation
 Destination port numbers
• Uses well-known port
numbers

 Source port numbers


• Uses dynamic port numbers

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 40
4.6 Network Services

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 41
Network Services
DHCP
 Dynamic Host Configuration Protocol (DHCP)
• Provides IP addressing information such as IP address, subnet mask,
default gateway, DNS server IP address, and domain name
• Messages
o Discover
o Offer
o Request
o Ack(nowledge)

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 42
Network Services
DNS
 Dynamic Name System (DNS)
• Manages and provides domain names and associated IP addresses
• Hierarchy of servers
• 90% of malicious software used to attack networks uses DNS to carry
out attack campaigns

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 43
Network Services
NAT
 Network Address Translation (NAT)
• Used on border devices
• Used to translate private IP addresses into routable public IP addresses

 Port Address Translation (PAT)


• One-to-many – Many internal address translations to one or more public
IP address

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 44
Network Services
File Transfer and Sharing Services
 File Transfer Protocol (FTP)
• TCP-based
• Used to push and pull data from a server

 Trivial File Transfer  Server Message Block (SMB)


Protocol (TFTP)
• Client/server-based file sharing protocol
• UDP-based
• Fast, but unreliable
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 45
Network Services
Email
 Send Email
• Simple Mail Transfer Protocol (SMTP) – Port 25

 Retrieve Email
• Post Office Protocol (POP3)
o Port 110
o Email is downloaded to the
client and removed from
the server
• IMAP
o Copies of messages are
downloaded to the client
app

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 46
Network Services
HTTP
 Hypertext Transfer Protocol (HTTP)
• Port 80
• Governs the way a web server and client interact
• TCP-based
• Has specific server responses

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 47
4.7 Chapter Summary

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 48
Chapter Summary
Summary
 A protocol is a set of communication rules defined for a specific purpose.
 The TCP/IP protocol suite is the most widely used set of protocols in the world.
 The TCP/IP protocol stack has four layers. Starting from the top the layers are Application,
Transport, Internet, and Network Access.
 The OSI reference model has seven layers. Starting from the top the layers are
Application, Presentation, Session, Transport, Network, Data Link, and Physical.
 Ethernet operates at Layer 2 of the OSI model and requires the use of a source and
destination MAC address for communicating on a network.
 ARP is used to discover the MAC address associated with a specific IP address.
 IP operates at Layer 3 of the OSI model and requires the use of a source and destination
IP address for communicating on a network.
 IPv4 addresses are 32-bit and commonly subnetted.
 IPv6 addresses are 128-bit and can be compressed by omitting leading zeros and omitting
one “all zeros” segment.
 ICMP is used for testing connectivity. The ping and traceroute commands are common
ICMP utilities.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 49
Chapter Summary
Summary (Cont.)
 ICMP for IPv6 includes special messages including RS, RA, NS, and NA, as well as an
optional Duplicate Address Detection (DAD) mechanism.
 The transport layer segments data and uses port numbers to identify applications.
 Two key transport layer protocols are TCP and UDP. TCP is reliable, supports windowing,
and uses a three-way handshake to initiate a connection. UDP is used with voice and video
applications and is best effort.
 DHCP is used to assign IP address-related information to network devices.
 DNS is used to provide IP addresses associated with specific domain names.
 NAT is used to translate private IP addresses into one or more routable public IP address.
 Protocols used for file transfer include FTP, TFTP, and SMB.
 Protocols associated with email are SMTP, POP3, and IMAP.
 HTTP is the protocol used between a client web browser and a web server.

Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 50
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 51
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 52

You might also like