What is Network

A network refers to two or more connected computers that can share resources such
as printer, data, application or combination of these resources.

Typical network would look like:

Types/Classification of Network

PAN
Protocols
Protocols are rules that govern how device communicate and share information
across a network. For example:
Internet Protocol [IP]
Hyper Text Transfer Protocol[HTTP]
Simple Mail Transfer Protocol[SMTP]

Multiple protocol often work together to facilitate end-to-end network

communication, forming protocol suites or stacks.

Topologies
A network topologies refers to how the network devices are interconnected, including
physical topology and logical topology.
• Physical Topology: Describe the physical layout of your network. Like Star or Bus or
Mesh.
• Logical Topology: Describe how communication appears from the perspective of
the connected users. This covers how data will flow between nodes and if any
redundancy path available or multiple path to reach destinations.
Network Architectures
A Host/Node refers to any device that is connected to a network using network
address.
Host/Node can request data – basically Client
Host/Node can provide data – basically Server
Host/Node can do both request as well as provide data – referred as Peer.

Commonly referred network architectures are:

Client/Server
Peer-to-Peer
Mainframe/Terminal

Network devices used in networks are:

1. HUB
2. Switches
3. Routers
4. Firewall.
HUB: Hubs are essentially multiport repeaters. All ports connects to the same network
segment, so each port in a hub belongs to the same collision domain. They ignore the
content of an Ethernet frame and simply resend frame they receive out of every interface
on hub.

The two host below communicate using hardware and MAC addresses. Hub operates on
the physical layer of the OSI model.

Below network is actually one collision domain and one broadcast domain.

Hub: Single Collision and Single

Broadcast Domain
Switch: It is a point to point communication device. It operates at the Data-link layer of
the OSI model.

Switch divides the collision domain of hosts but broadcast domain remain same. Below
network shows 3 collision domain and 1 broadcast domain.

Switch: Per port Collision domain

and single broadcast domain
Routers: A router creates an internetwork and provides connection to WAN services.
Routers breaks up collision domain and broadcast domain. Four router functions:
1. Packet Switching – Logical addressing
2. Packet Filtering – Access List
3. Internetwork communication – Network between two networks (Routing)
4. Path Selection – Shortest path from routing table.

Router: Per port collision

domain and Per-port
broadcast domain
Ethernet Network

Ethernet is a contention-based media access method that allows all hosts on a network to share the
same bandwidth of a link. It is scalable (e.g. Fast Ethernet to Gigabit Ethernet) and used on both
Data-link layer and Physical.

Collision Domain: It’s an Ethernet term that refers to a particular network scenario wherein one device
sends a packet out on a network segment, thereby forcing every other device on the same physical
network segment to pay attention to it. This can cause collision, if two device on one physical
segment transmit at the same time. Collision comes from the world of half-duplex Ethernet
For e.g. Single Lane – One at a time.

Broadcast Domain: Broadcast domain refers to a group of devices on a network segment that hear all
the broadcasts sent on that network segment
For e.g. Office Intercom system.

Carrier Sense Multiple Access/Collision Detection (CSMA/CD): Protocol that helps devices share the
bandwidth evenly without having two devices transmit at the same time. It was created to
overcome the problem of collision.
When collision occurs on Ethernet LAN, following happens:
a. Jam signal informs all devices that a collision occurred.
b. Collision invokes a random back off algorithm
c. Each device stops transmitting until back off time expires
d. All host have equal priority to transmit after the timer expires.
Collision Domain: A collision occurs when two devices send a packet at the same time
on the shared network segment. The packets collide and both devices must send the
packets again.

Broadcast Domain: A broadcast domain contains all devices that can reach out at the
data link layer by using broadcast.
Ethernet Networking – Half Duplex an Full Duplex

•There are no collision in full-duplex mode

•Dedicated switch port is required for each full-duplex mode
•Host network card and switch port must be capable of operating in full duplex
mode.
OSI Model
• 1970 & Prior computers would typically communicate only with computers from the
same manufacturer. In late 1970, OSI model was created by ISO to overcome this
barrier and in 1980’s it became a working product of the OSI.
• It help vendors to create interoperable network devices & software in the form of
protocols so that different vendor network could work with each other.
• OSI model is the primary architectural model for network. It explains how data and
network information are communicated from an application on one computer
through the network media to an application on another computer.
• OSI model isn’t a physical model rather a set of guidelines that application developer
use to create and implement applications that run on network. It’s a conceptual
blueprint of how communication should take place.
• Network devices that operates at all 7 layers of OSI model:
– Network Management Stations
– Web and application Servers
– Gateways (Not default Gateway)
– Network Hosts.
• OSI model has 7 Layers
– Top 3 Layers – Software Layer – Responsible for application communication between host.
– Bottom 4 Layers – Hardware Layer – Responsible for networking and network address
Application Layer [L7]: Provide the interface between user application and network.
User application does not reside at the application layer – protocol does. For e.g.
Webpage, SMTP etc.. User interacts with the application, which in turn interacts
with the application protocol like HTTP, FTP, Telnet etc.
Application layer also called Desktop layer.

Presentation Layer [L6]: Controls the formatting (compression, encryption,

decryption, and data types) and syntax of user data for the application layer to
ensure it’s understood by both [Sender and Receiver] applications.
Provides conversion or translation service to facilitate communication.
Presentation layer also called Translation Layer

Session Layer [L5]: Keeps different application data separate [Dialog Control]
Responsible for the establishment of connection, maintenance of session, and
ultimately terminating session between devices. Session communication falls
under one of three categories: Simplex, half-duplex, and full-duplex.
Transport Layer [L4] – Heart of OSI
It segment and reassemble data into data stream. Provide end-to-end transport service and can
establish a logical connection between sending host and destination host on internetwork. Ports
being used at transport layer. TCP and UDP works on transport layer. TCP is connection oriented
and UDP is connectionless.
The term reliable networking can be used at the transport layer. It means that acknowledgement,
sequencing and flow control will be used.

Network Layer [L3] – Manage device addressing, tracks the location of the device on the network and
determine the best way to move data. It provide the routing service within the internetwork. Two
types of packets are used at network layer:
- Data Packet : Routed protocols like IPv4 or IPv6 (Logical Addressing)
- Route Packet : Routing protocols like RIP, EIGRP, OSPF etc [Choose suitable path from source to
destination]

Data-Link Layer [L2] – Provide physical transmission of the data and handles error notification,
network topology, and flow control. It’s responsible for actual unique identification of each device
that resides in network. It formats the message into pieces, each called a data frame and add
customize header of source and destination hardware address. It is divided into two sub-layer:
- Media Access Control (MAC) – How packets are placed in media [FIFO]
-Logical Link Control (LLC) – Identifying network layer protocol and then encapsulating them
(Ensure protocol like IP can function regardless of what type of physical technology is being used).
Physical layer [L1] : It does two things – It send bits and receive bits [Bits comes in
value of 1 or 0s] over physical channel. This layer where you identify DTE [Data
Terminal Equipment] and DCE [Data Control Equipment]. DCE is usually located at
service provider while DTE is attached device most often accessed via modem or
CSU/DSU [Channel Service Unit/Data Service Unit]
OSI Layer PDU Function Devices
Application Message/Data Provide User Interface
Presentation Message/Data Present Data –
Translation,
Encryption,
Compression
Session Message/Data Keep different
application data
separate
Transport Segments End-to-End connection Firewall
Network Packets Data Delivery [Routing] Routers and Layer3
Switch
Data-Link Frames Access to Media Layer 2 Switch and
[Framing] Bridge
Physical Bits Physical Topology Hub and Repeaters
[Binary Transmission]
 Encapsulation and Layered Communication
As data is passed from the user application down the virtual layers, each layer adds a
header containing protocol specific information to that layer. These headers are called
Protocol Data Units[PDUs], and the process of adding these headers is called
Encapsulations. Lower layers perform encapsulation, generally.

PDUs

As data is received on receiving device, each layer communicates with the corresponding
layer. Each Layer stripped away it’s header information before being sent up to the
upper layer. This process is called decapsulation.
Port number and Sockets
Both TCP and UDP provides a mechanism to differentiate applications (or services)
running on the same host, through the use of port numbers. This allows multiple
services to operate simultaneously on the same logical address such as Telnet,
Email, HTTP etc..

Port range from 0-65535 are used by both TCP and UDP.

Combination of IP address and Port number is referred to as socket and it is written as

10.0.0.1:80 or 10.0.0.1:25 (Note – Colon separating the IP address from the port)

First 0-1023 ports have been reserved for widely used known services

Port ranging from 1024-49151 are referred to as registered ports and are allocated by
the IANA upon request.

Port ranging from 49152 – 65535 cannot be registered and considered Dynamic. (For
some operating systems dynamic port starts from 1024 and higher)
Connection-Oriented Session
TCP employs a three-way handshake to form a connection. Control messages are
passed between the two hosts as the connection is set up:

An established state indicates that data transfer can occur. The communication
becomes bidirectional, regardless of which initiated the connections. Connections
are identified by the sockets of both source and destination host and data specific
to each connection is maintained in a Transmission Control Block (TCB).
TCP Segmentation and Sequencing
TCP will not only segment data into smaller pieces for transport, but will also assign a
sequence number to each segment. Note that this sequence number identifies the
data (bytes) within the segment rather than the segment itself.

Data is sequenced and acknowledged in groups, dictated by the TCP Window Size of
the receiving host. Window Size can never exceed the maximum segment size
(MSS) which is 536 bytes by default.
Receiving Host informs Sender how many bytes it is permitted to send, before waiting
for an acknowledgment. This window size is dynamically changed to provide a
measure of flow control, preventing buffer congestion.
A window size of 0 instruct sender to send no further data indicating congestion.
 Transmitting segments with flow control

Flow control prevents a sending host on one side of the connection from overflowing the
buffers in the receiving host.
 TCP Sliding Window & Flow control
Sliding window mechanism falls into one of the four categories
a. Bytes that have already been sent and acknowledged
b. Bytes that have been sent but not acknowledged
c. Bytes that have not yet been sent, but the receiving host is ready for
d. Bytes that have not yet been sent, and the receiving host is not ready for.

Sender Receiver
TCP header provides a PSH (PUSH) flag to accommodate data to be sent immediately,
regardless if the TCP window has been filled. PSH flag can be used in conjunction with
URG(urgent) flag, which allows specified data to be prioritized over other data.

TCP also utilizes the RST (Reset) flag to address half-open connection, sending RST
message will force the remote host to reset the TCP connection and returned to closed
state.
TCP Header
TCP header is comprised of 12 required fields and has a maximum size of 160bits
(20bytes).
Source Port and Destination Port – 16bit field [0-65535] identifies services on the
sending host and application on receiving host.
Sequence Number and Acknowledgement Number – Sequence number are used to
identify the data bytes in a stream and acknowledge is used to acknowledge
sequence number.
Data Offset/Header Length – Indicates where the data begins in a TCP segment. Min.
header length should be 20bytes and max 60bytes.
Reserved – 6 bits in size and always set to 0
Control bits- have flags like ACK, SYN, PSH, RST, URG, and FIN flags.
Window – 16bits in size and use for flow control. Identifies the number of data that
receiver is able to accept.
Checksum – used for error checking, and is computed using both TCP segment and IP
header. Receiving host will discard the segment if it fails the checksum calculations.
Urgent Pointer – Use to identify the last byte of prioritize traffic in segment, when
URG flag is set.
Padding – Ensure that TCP header ends on 32 bit boundary, and is always set to Zeros.
UDP Segment

Length: Length of the UDP header and data.

Checksum: Used for error checking.
IP Header
IPv4 header is connectionless (No connection is established) and Datagram Service ( Can
choose any path to reach destination). Minimum length of the header is 160bits
(20bytes).
Datagram = Header (Min. 20 to 60 bytes) + Payload (0-65515

4 bits 4 bits 8 bits 16 bits

3 bits

16 bits 13 bits

8 bits 8 bits 16 bits

32 bits

32 bits
 Version – Version of IP. In our case it is IPv4 (Binary value of IPv4 will be 0100).

Internet Header Length(IHL) – Specifies the length of the IP header min. 20bytes and
maximum 60bytes. So the value will always start with 5 (5*4=20 – which is the
minimum requirement) however this value may change.

DSCP(Differentiated Service Code Point) – Used to classify traffic for Quality of

Services (QoS) – Earlier this field was referred to as Type of Service(ToS) field.

RFC 2474 (which was released in December 1998) reserved the first six bits of the DS (or IPv4 ToS) field for the
Differentiated Services Code Point (DSCP), and RFC 3168 reserved the last two bits for Explicit Congestion
Notification.
 Let's start with an IP priority of 1, or
0b001 in Binary. The entire ToS field
would then be 001 00000, assuming
that the unused 5 bits are zero. The
DSCP can be interpreted by
resegmenting to 001000 00, where
001000 = 8 is the DSCP value.

Total Length - Identifies the total packet size include both IPv4 header and payload. Header
min. size is 20bytes with no payload and maximum with payload is 65535.
An IPv4 packet that is larger than MTU size of a link must be fragmented. By default, MTU for
Ethernet is 1500bytes.

Time to Live – Limits the lifetime of the packets. It’s 8 bit field so the max value is 255 (2^8).
When router forward packets, it will decrement the TTL value by one. Once reach zero,
packet is dropped.

Protocol – Identifies the next upper layer header like TCP, UDP, HTTP used. For eg. 1 is ICMP, 6
is TCP, 17 is UDP, 88 is EIGRP, 89 is OSPF etc..
https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
Header Checksum – Used to error check IPv4 header. Receiving host will discard the
packet if it fails the checksum calculation. For e.g. If you receive a parcel which is
not intended for you (you will check the name and address on parcel), you will
reject the parcel.

Source IP address and Destination IP address – 32-bit IP address identify the sending
host and the receiving host. The value of both these fields can be changed, if the
packet is forwarded using NAT.

Identification Field (16 bits), Flag field (3 bits), and Fragment offset field (13bits) –
These 3 fields are used when a packet must be fragmented. Each fragment of the
packet is marked with the same identification number and Fragment offset allows
the destination host to reassemble the fragment in the proper order.
Flag field dictate 2 conditions –
Don’t Fragment (DF) – Indicates packet cannot be fragmented. If a packet exceeds a
link’s MTU size and this flag is set, then the packet is dropped. An ICMP error
message is sent to the source host.
More Fragments (MF) – All fragments have this bit set to one, except for the last
fragment, where the bit is set to zero. This allows the destination host to know
that it has received all fragments.
Suppose a router receives an IP packet containing 600 data bytes and has to forward
the packet to a network with maximum transmission unit of 200 bytes. Assume
that IP header is 20 bytes long. What are fragment offset values for divided
packets?
Solution – Datagram here is 600bytes and the IP header is of 20bytes i.e. actual data
will be 600-20=580bytes).
Now we cannot forward 600bytes of packet because our MTU is limited to 200bytes.
So we have to fragment this packet in order to forward it to the network.
200 bytes = 20bytes of header + 180 bytes of data
So we can fragment 580bytes/180bytes = 3.2 so to round off we would need 4
fragments.
Packet 1=180+20 MF will be 1
Packet 2=180+20 MF 1
Packet 3=180+20 MF 1
Packet 4= 40+20 MF 0
Fragment offset will be calculated using scale of 8. i.e.
We don’t have packet before packet 1 so we will consider as a starting point and place
0 value.
For packet 2, we do have packet 1 – 180/8= 22.5
For packet 3, we do have packet 1 and packet 2 – 180+180/8= 45
For packet 4, we do have packet 1, 2, and packet 3 – 180+180+180/8=67.5
 Routing table used in Router

Router use the logical address in a network layer to determine the next hop router to
forward the packets. It can use access list to control security on the type of packets that
are allowed to enter or exit.
Layer 3 device provide connections between VLAN and QOS for specific network traffic
Ethernet Frame
Ethernet Frame is a data link layer protocol data unit. In other words, a data unit on
an Ethernet link transports an Ethernet frame as its payload (actual data).

Preamble and SFD are added by physical layer. It’s purpose is to synchronizes
communication on the network. Preamble [56bits (8*7)] consist of 101010.. Followed
by SFD but SFD last value is always 1 because it indicates a valid frame is about to
begin.
Preamble and SFD are not considered part of the actual frame or calculated as part of
the total frame size.
Source and Destination Mac address – Ethernet uses 48-bit MAC hardware address to
identify who is to receive the frame and the host originating the frame.
EtherType/Length and Payload – Provides a different function depending on the
standard. With 802.3 or Ethernet II , EtherType/Length field identifies the length
of the payload/Data.
Minimum frame size for Ethernet is 64 bytes (512bits), frame smaller than 64bytes will
be discarded. Required field in an Ethernet header add up to 18 bytes , thus frame
payload must be a minimum of 46bytes and max 1500 bytes.
If payload doesn’t meet this minimum, payload is padded with 0 bits until the
minimum is met.
By default, max frame size is 1518bytes [1500 +18] or 1522 [1500+4+18]bytes with
802.1Q(VLAN) tag. Some devices supports jumbo frames of 9216 bytes.
Frame Check Sequence [FCS] or Cycle Redundancy Check(CRC) field is used for error
detection. A frame with an invalid CRC will be discarded by the receiving device.
This field is a trailer and not a header.
Ethernet Address a.k.a MAC/Hardware address

MAC/Hardware address is used to uniquely identify a host within a local network. Ethernet uses
48bits(6 bytes) MAC address as its hardware address. It is often hardcoded on physical network
interface.
MAC address is often represented in hexadecimal. First 6 hexadecimal digits(3 bytes) identify the
manufacturer of the physical network interface commonly referred as OUI (Organizational Unique
Identifier) and the last 6 digits(3 bytes) identify the host itself also referred as Host ID.
Here are some OUI of well known manufacturer

MAC address can be represented using Hypen, Colon or Period.

Hypen in Windows
Colon in Linux
Period in Cisco
Univeral or Local Bit [U/L]
Address can either be universally administered addresses (UAA) or locally
administered address (LAA). If the bit is 0, the address is UAA and if it is 1, the
address is LAA (set by administrator).

Individual or Group (multicast) [I/G]

When bit is 0, the frame is meant to reach only one receiving NIC called Unicast. If
its 1, frame will be sent only once however NIC will choose to accept based on
criteria like configurable list of accepted group NIC.
Ethernet address go by many names: LAN address, Ethernet address, Hardware
address, Burned-in address, Physical address, universal address or MAC address
This address has been encoded in ROM chip on the NIC. IEEE uses term Universal
address to emphasize the fact that the address assigned to a NIC by a
manufacturer should be unique among all the MAC address in the universe.

IEEE defines two general categories of group addresses for Ethernet:

Broadcast Address – Frames sent to this address should be delivered to all devices on
the Ethernet LAN. It has a value of FFFF:FFFF:FFFF
Multicast Address – Frames sent to multicast Ethernet address will be copied and
forwarded to a subset of the devices on the LAN that volunteers to receive frames
sent to a specific multicast address.
Unicast : A unicast address frame is only sent out to the interface leading to a specific
NIC. Mac address of the source machine is always unicast
Multicast : It allows the source to send a frame to a group of devices. IEEE allocated
the address block 01-80-C2-00-00-00 to 01-80-C2-FF-FF-FF for use by standard
protocol.
Broadcast : Ethernet frames with one in all bits of the destination address [FF-FF-FF-
FF-FF-FF] are referred to as broadcast address. Frames that are destined will reach
every computer.
MAC address has one shortcomings – it contains no hierarchy. MAC address provide no
mechanism to create boundaries between networks. This lack of hierarchy poses
significant difficulties to network scalability.

Scalability limitation of Layer 2 hardware addresses are mitigated using logical addressing.

Logical Addressing
Logical addressing is a function of the Network layer of the OSI model, and provides a
hierarchical structure to separate networks. Logical addresses are configured either
manually or dynamically on the network interface and changed freely.
Logical address contains two components:
1. Network ID – Identifies which network a host belongs to.
2. Host ID – uniquely identifies the host on that network.

Internet Protocol
IP provides two fundamental network layer service:
3. Logical Addressing – Provides unique address that identifies both the host, and the
network the host exists on.
4. Routing – Determine best path to a particular destination network.
During the 1990s, companies began adding OSI, TCP/IP, or both to their enterprise
networks. However, by the end of the 1990s, TCP/IP had become the common choice,
and OSI fell away.

A slightly different four-layer original version of the TCP/IP model exists in RFC
1122, but for the purposes of both real networking, uses the five-layer model.
TCP/IP Application Layer - TCP/IP application layer protocols provide services to the
application software running on a computer. The application layer does not define
the application itself, but it defines services that applications need.

TCP/IP Transport Layer - TCP/IP application layer protocols provide services to the
application software running on a computer. The application layer does not define
the application itself, but it defines services that applications need.
 TCP/IP Network Layer - The application layer includes many protocols. The transport layer
includes fewer protocols, most notably, TCP and UDP. The TCP/IP network layer includes a
small number of protocols, but only one major protocol: the Internet Protocol (IP). In fact, the
name TCP/IP is simply the names of the two most common protocols (TCP and IP) separated
by a /.

TCP/IP Data-Link and Physical Layer - TCP/IP application layer protocols provide services to the
application software running on a computer. The application layer does not define the
application itself, but it defines services that applications need.
 Dynamically
Learned MAC
 Dynamic MAC address
are removed from table
every 5 mins of
inactivity – This proess
is called aging.
Switches operate at layer 2 devices where they only learn mac-addresses. If PC1 wants
to send some data to PC3 then it uses ARP (Address Resolution Protocol)

ARP is used to discover the layer 2 address (MAC address). ARP consist of two
messages:
1. ARP Request is broadcast – sent to all host on network because address is unknown
2. ARP Reply is unicast – Sent only to one host.