Networking 101

Tony Situ
2017-10-10
OSI Model
● Conceptual Model of Networking Systems
● Concept of Layers of Abstraction
○ Same level layers communicate with one another
○ A layer serves the one above it and
is served by the one below it
● A grain of salt: this is a MODEL
○ Conceptual doesn’t equate reality
○ There are many networking models (TCP/IP)
● Packet Path
○ Sending : “top down” i.e. high to low
○ Receiving: “bottom up” i.e. low to high
Layers Overview
● Application Layer (L7)
○ Application Layer specifies protocols between hosts
○ HTTP, SSH, FTP
● Presentation Layer (L6) and Session Layer (L5)
○ Not as important ...
● Transport Layer (L4)
○ Provide host-to-host communication services for applications
○ TCP (connection-oriented) and UDP (connection-less) are examples
○ Can provide reliable transport
■ packet loss generates notifications, will ensure all data arrives
■ TCP provides reliable transport; UDP doesn’t
Layers Overview cont.
● Network Layer (L3)
○ IP and IP addresses
○ Deals with packet forwarding and routing through intermediate routers.
○ Delivers data between hosts; no reliability guarantee
● Data Link Layer (L2)
○ Transfers data between network nodes in a wide area network (WAN) or a local area network (LAN).
○ MAC addresses
● Physical Layer (L1)
○ This layer deals with the physical transmission of the data such as passing electrical signals over a fiber optic
cable or radio frequencies for wireless.
Network Interfaces and NICs
● A Network Interface Card is a piece of hardware that
allows your computer to connect to a network
● A network interface is a point of connection between
a computer and a network
● Network interfaces can correspond to physical NICs
or be entirely implemented in software i.e. the
loopback interface
● Configuration are stored in:
/etc/network/interfaces
MAC Addresses
● Media access control (MAC) addresses are a
identifiers uniquely assigned to network
interfaces
● Referred to as the physical address
● Often written in hexadecimal octets and
delimited by colons
● An example MAC address is 00:14:22:01:23:45
● the first 3 octets refer to the Organizationally
Unique Identifier (OUI)
● Broadcast MAC FF:FF:FF:FF:FF:FF
ARP
● Address resolution protocol (ARP) is a means of translating IP addresses into MAC addresses
● Devices maintain their own ARP cache which stores which (IP : MAC) pairings.
● If an IP isn’t in the cache, the device broadcasts an ARP request
○ This is essentially a message that asks “who has IP x.x.x.x tell machine A ” and machine A would attach its
MAC and IP address so response knows who to send the message to
● Owner of that IP address responds with an ARP reply
○ Essentially says “B has IP x.x.x.x and this is my MAC/IP”
IP Addresses
● IP addresses are identify devices connected to a network under Internet Protocol.
● Two versions: IPv4 and IPv6
● IPv4 addresses are expressed in CIDR format, which is comprised of 32 bits, i.e. 4 bytes, long and
are delimited by a dot (.) every byte.
○ 127.0.0.1
○ 01111111.00000000.00000000.00000001
● We can partition a block of addresses into a subnet.
○ 127.0.0.0/8
● The number that comes after the slash (`/`) is the subnet mask.
○ This represents how many bits are in the network address, the remaining bits identify a host within the
network.
● Broadcast IP 255.255.255.255
DNS
● Domain Name System (DNS) is a means of mapping domain names to IP addresses
● When you query for a domain name, your computer tries to resolve it into an IP address
● This usually involves sending out a DNS query to a DNS name server
○ The nameserver breaks down the domain name from right to left and issues queries that grow in specificity
○ Let's take inst.eecs.berkeley.edu for example
○ nameserver will query the root server to find the nameserver for the corresponding Top Level Domain (TLD),
which is .edu in this case
○ TLD points to another nameserver which would be authoritative over the next subdomain i.e. berkeley
● More on name resolution and DNS resolvers in the lab
DNS Records
● DNS servers store data in the form of
Resource Records (RR).
● Resource records are essentially a tuple of
(name, value, type, TTL)
● A records
○ Maps hostname to IP address
○ name = hostname
○ value = IP address
● NS records
○ Refers query to authoritative nameserver
○ name = domain
○ value = name of dns server for domain
DHCP
● Dynamic Host Configuration Protocol (DHCP) is one way a device
receives a IP addresses
● Leased IP addresses are valid for a time specified by the DHCP server
● Once expired, the client must acquire a new IP address lease
○ The client does have the option to renew a previous lease so that it can
retain a previous IP address
● 4 stage process
○ DISCOVERY - BROADCAST
○ OFFER - BROADCAST OR UNICAST
○ REQUEST - BROADCAST (if multiple DHCP servers), can be unicast
○ ACKNOWLEDGE - BROADCAST OR UNICAST
TCP
● TCP is a stateful stream oriented protocol that ensures
reliable transport
● Also has mechanisms to guarantee that information
arrives intact and in order at the destination
● To set up a TCP connection you have to go through the
TCP handshake
● Also has a connection close procedure
● Both of the above are overhead associated with TCP
● Good for usage cases where receiving all data is critical
UDP
● User Datagram Protocol (UDP) is stateless connectionless protocol
○ UDP focuses on sending messages in datagrams
● Being stateless UDP also doesn't incur the overhead of the TCP handshake and termination
● UDP also makes no guarantees about reliable transport so messages may be corrupted, arrive out
of order, or not arrive at all.
○ UDP is sometimes called Unreliable Datagram Protocol
● Good for use cases that value performance over reliable transport
Sysadmin Commands
● hostname
● ping
● traceroute
● arp
● dig
● ip
● netstat
● nc
● curl
● wget
hostname
Used to either set or display the current host, domain or node name of the system
ping
Send packets to a
server; good for
getting metrics
and testing
connectivity
traceroute
Print the route that a packet takes to the destination
arp
Display or modify system arp cache
dig
Utility for doing dns queries and diagnosing DNS issues
The rest
● ip
○ Offers a LOT of functionality -- so much it can be overwhelming at first. You will most commonly be using ip
to display/modify routing, IP addresses, or network interfaces.
○ https://access.redhat.com/sites/default/files/attachments/rh_ip_command_cheatsheet_1214_jcs_print.pdf
● netstat
○ This tool is good for printing network connections, routing tables, and probing sockets, amongst other
functions.
● tcpdump
○ Perfect for monitoring incoming or outgoing traffic on a machine.
● nc
○ A very powerful tool that can be used for just about anything involving TCP or UDP.
● wget/curl
○ Similar tools used to transfer data from or to a server with certain protocols like HTTP, FTP, etc …
● GOOGLE and MAN pages are your friends -- use them!