Material – Network Concepts

1. IP Classification

What is IP Address: An internet protocol (IP) address allows computers to send and
receive information. There are four types of IP addresses: public, private, static, and
dynamic. An IP address allows information to be sent and received by the correct
parties, which means they can also be used to track down a user's physical location

Static IP Addresses: As the name indicates, the static IP addresses usually never
change but they may be changed as a result of network administration. They serve
as a permanent Internet address and provide a simple and reliable way for the
communication. From the static IP address of a system, we can get many details such
as the continent, country, region and city in which a computer is located, The
Internet Service Provider (ISP) that serves that particular computer and non-
technical information such as precise latitude and longitude of the country, and the
locale of the computer. There are many websites providing IP address lookups.

Dynamic IP Addresses: Dynamic IP address are the second category. These are
temporary IP addresses. These IP addresses are assigned to a computer when they
get connected to the Internet each time. They are borrowed from a pool of IP
addresses, shared over various computers. Since limited number of static IP
addresses are available, ISPs usually reserve the portion of their assigned addresses
for sharing among their subscribers in this way.
Static IP addresses are considered as less secure than dynamic IP addresses because
they are easier to track.

Class A private IP range: 10.0.0.0 to 10.255.255.255

Class B private IP range: 172.16.0.0 to 172.31.255.255
Class C private IP range: 192.168.0.0 to 192.168.255.255

2. OSI Layers:
OSI Layers uses: The Open Systems Interconnection (OSI) model defines a
networking framework to implement protocols in layers, with control passed from
one layer to the next. It is primarily used today as a teaching tool. It conceptually
divides computer network architecture into 7 layers in a logical progression.
The Open Systems Interconnection (OSI) model is a conceptual model created by the
International Organization for Standardization which enables diverse communication
systems to communicate using standard protocols. In plain English, the OSI provides
a standard for different computer systems to be able to communicate with each
other.
7. The Application Layer
This is the only layer that directly interacts with data from the user. Software applications
like web browsers and email clients rely on the application layer to initiate communications.
But it should be made clear that client software applications are not part of the application
layer; rather the application layer is responsible for the protocols and data manipulation
that the software relies on to present meaningful data to the user. Application layer
protocols include HTTP as well as SMTP (Simple Mail Transfer Protocol is one of the
protocols that enables email communications).

6. The Presentation Layer

This layer is primarily responsible for preparing data so that it can be used by the application
layer; in other words, layer 6 makes the data presentable for applications to consume. The
presentation layer is responsible for translation, encryption, and compression of data.
Two communicating devices communicating may be using different encoding methods, so
layer 6 is responsible for translating incoming data into a syntax that the application layer of
the receiving device can understand.
If the devices are communicating over an encrypted connection, layer 6 is responsible for
adding the encryption on the sender’s end as well as decoding the encryption on the
receiver's end so that it can present the application layer with unencrypted, readable data.
Finally the presentation layer is also responsible for compressing data it receives from the
application layer before delivering it to layer 5. This helps improve the speed and efficiency
of communication by minimizing the amount of data that will be transferred.

5. The Session Layer

This is the layer responsible for opening and closing communication between the two
devices. The time between when the communication is opened and closed is known as the
session. The session layer ensures that the session stays open long enough to transfer all the
data being exchanged, and then promptly closes the session in order to avoid wasting
resources.
The session layer also synchronizes data transfer with checkpoints. For example, if a 100
megabyte file is being transferred, the session layer could set a checkpoint every 5
megabytes. In the case of a disconnect or a crash after 52 megabytes have been transferred,
the session could be resumed from the last checkpoint, meaning only 50 more megabytes of
data need to be transferred. Without the checkpoints, the entire transfer would have to
begin again from scratch.

4. The Transport Layer

Layer 4 is responsible for end-to-end communication between the two devices. This includes
taking data from the session layer and breaking it up into chunks called segments before
sending it to layer 3. The transport layer on the receiving device is responsible for
reassembling the segments into data the session layer can consume.
The transport layer is also responsible for flow control and error control. Flow control
determines an optimal speed of transmission to ensure that a sender with a fast connection
does not overwhelm a receiver with a slow connection. The transport layer performs error
control on the receiving end by ensuring that the data received is complete and requesting a
retransmission if it isn’t.

3. The Network Layer

The network layer is responsible for facilitating data transfer between two different
networks. If the two devices communicating are on the same network, then the network
layer is unnecessary. The network layer breaks up segments from the transport layer into
smaller units, called packets, on the sender’s device, and reassembling these packets on the
receiving device. The network layer also finds the best physical path for the data to reach its
destination; this is known as routing.

2. The Data Link Layer

The data link layer is very similar to the network layer, except the data link layer facilitates
data transfer between two devices on the SAME network. The data link layer takes packets
from the network layer and breaks them into smaller pieces called frames. Like the network
layer, the data link layer is also responsible for flow control and error control in intra-
network communication (The transport layer only does flow control and error control for
inter-network communications).

1. The Physical Layer

This layer includes the physical equipment involved in the data transfer, such as the cables
and switches. This is also the layer where the data gets converted into a bit stream, which is
a string of 1s and 0s. The physical layer of both devices must also agree on a signal
convention so that the 1s can be distinguished from the 0s on both devices.

How data flows through the OSI model

In order for human-readable information to be transferred over a network from one device
to another, the data must travel down the seven layers of the OSI model on the sending
device and then travel up the seven layers on the receiving end.
For example: Mr. Cooper wants to send Ms. Palmer an email. Mr. Cooper composes his
message in an email application on his laptop and then hits ‘send’. His email application will
pass his email message over to the application layer, which will pick a protocol (SMTP) and
pass the data along to the presentation layer. The presentation layer will then compress the
data and then it will hit the session layer, which will initialize the communication session.
The data will then hit the sender’s transportation layer where it will be segmented, then
those segments will be broken up into packets at the network layer, which will be broken
down even further into frames at the data link layer. The data link layer will then deliver
those frames to the physical layer, which will convert the data into a bitstream of 1s and 0s
and send it through a physical medium, such as a cable.
Once Ms. Palmer’s computer receives the bit stream through a physical medium (such as
her wifi), the data will flow through the same series of layers on her device, but in the
opposite order. First the physical layer will convert the bitstream from 1s and 0s into frames
that get passed to the data link layer. The data link layer will then reassemble the frames
into packets for the network layer. The network layer will then make segments out of the
packets for the transport layer, which will reassemble the segments into one piece of data.
The data will then flow into the receiver's session layer, which will pass the data along to the
presentation layer and then end the communication session. The presentation layer will
then remove the compression and pass the raw data up to the application layer. The
application layer will then feed the human-readable data along to Ms. Palmer’s email
software, which will allow her to read Mr. Cooper’s email on her laptop screen.

3. MAC/Switch/Router/Hub
MAC: MAC stands for Media Access Control, In order to communicate or transfer the
data from one computer to another computer we need some address. In Computer
Network various types of address are introduced; each works at different layer.
Media Access Control Address is a physical address which works at Data Link Layer.
In this article, we will discuss about addressing in DLL, which is MAC Address.
Media Access Control (MAC) Address: MAC Addresses are unique 48-bits hardware
number of a computer, which is embedded into network card (known as Network
Interface Card) during the time of manufacturing. MAC Address is also known
as Physical Address of a network device. In IEEE 802 standard, Data Link Layer is
divided into two sublayers –
Logical Link Control(LLC) Sublayer
Media Access Control(MAC) Sublayer
MAC address is used by Media Access Control (MAC) sublayer of Data-Link Layer.
MAC Address is word wide unique, since millions of network devices exists and we
need to uniquely identify each.
Difference between MAC and IP:
S.n
o MAC ADDRESS IP ADDRESS
1 Media access control Internet protocol
2 6 Bytes Address IPV4 is 4Bytes, IPV6 is 6 Bytes
3 Used to ensure physical address Used to ensure logical address
4 Operates on data link layer Operates on Network layer
5 Helps in identifying device Identifes connection of device
6 Cannot be changed with time Can be modified with time
7 Cannot be found to 3rd party Can be found to 3rd party

Switch: A switch is a data link layer networking device which connects devices in a
network and uses packet switching to send and receive data over the network.
Like a hub, a switch also has many ports, to which computers are plugged in.
However, when a data frame arrives at any port of a network switch, it examines the
destination address and sends the frame to the corresponding device(s). Thus, it
supports both unicast and multicast communications.

Hub: A hub is a physical layer networking device which is used to connect multiple
devices in a network. They are generally used to connect computers in a LAN.
 A hub has many ports in it. A computer which intends to be connected to the
network is plugged in to one of these ports. When a data frame arrives at a port, it is
broadcast to every other port, without considering whether it is destined for a
particular destination or not.
Differences between Hub and Switch
S.n
o Hub Switch
1 Operate on Physical layer Operates on data link layer
2 Non-intelligent network device Intellgent network device
3 Primarily broadcasts messages Supports Uni, multi and broadcasting
4 Collision may occurs in connection Collision does not occur
5 Passive device Actie device

Router: Routers are networking devices operating at layer 3 or a network layer of the
OSI model. They are responsible for receiving, analysing, and forwarding data packets
among the connected computer networks. When a data packet arrives, the router inspects
the destination address, consults its routing tables to decide the optimal route and then
transfers the packet along this route.
Features of Routers
● A router is a layer 3 or network layer device.
● It connects different networks together and sends data packets from one network to
another.
● A router can be used both in LANs (Local Area Networks) and WANs (Wide Area
Networks).
● It transfers data in the form of IP packets. In order to transmit data, it uses IP
address mentioned in the destination field of the IP packet.
● Routers have a routing table in it that is refreshed periodically according to the
changes in the network. In order to transmit data packets, it consults the table and
uses a routing protocol.
● In order to prepare or refresh the routing table, routers share information among
each other.
● Routers provide protection against broadcast storms.
● Routers are more expensive than other networking devices like hubs,bridges and
switches.
 4. NAT/PAT: Basically, NAT stands for Network Address Translation and PAT
stands for Port Address Translation
NAT, in which the Private IP address or local address are translated into the public IP
address. NAT is used to slow down the rate of depletion of available IP address by
translates the local IP or Private IP address into global or public ip address. NAT can
be a one-to-one relation or many-to-one relation.
In PAT, Private IP addresses are translated into the public IP address via Port
numbers. PAT also uses IPv4 address but with port number.
Network Address Translation (NAT) working – Generally, the border router is
configured for NAT i.e the router which has one interface in local (inside) network
and one interface in the global (outside) network. When a packet traverse outside
the local (inside) network, then NAT converts that local (private) IP address to a
global (public) IP address. When a packet enters the local network, the global
(public) IP address is converted to a local (private) IP address.
If NAT run out of addresses, i.e., no address is left in the pool configured then the
packets will be dropped and an Internet Control Message Protocol (ICMP) host
unreachable packet to the destination is sent.
Why mask port numbers?
Suppose, in a network, two hosts A and B are connected. Now, both of them request
for the same destination, on the same port number, say 1000, on the host side, at
the same time. If NAT does an only translation of IP addresses, then when their
packets will arrive at the NAT, both of their IP addresses would be masked by the
public IP address of the network and sent to the destination. Destination will send
replies on the public IP address of the router. Thus, on receiving a reply, it will be
unclear to NAT as to which reply belongs to which host (because source port
numbers for both A and B are same). Hence, to avoid such a problem, NAT masks the
source port number as well and makes an entry in the NAT table.
Network Address Translation (NAT) Types –
There are 3 ways to configure NAT:

Static NAT – In this, a single unregistered (Private) IP address is mapped with a legally
registered (Public) IP address i.e one-to-one mapping between local and global address. This
is generally used for Web hosting. These are not used in organisations as there are many
devices who will need Internet access and to provide Internet access, the public IP address is
needed. Suppose, if there are 3000 devices who need access to the Internet, the
organisation have to buy 3000 public addresses that will be very costly.
Dynamic NAT – In this type of NAT, an unregistered IP address is translated into a registered
(Public) IP address from a pool of public IP address. If the IP address of pool is not free, then
the packet will be dropped as an only a fixed number of private IP address can be translated
to public addresses.
Suppose, if there is a pool of 2 public IP addresses then only 2 private IP addresses can be
translated at a given time. If 3rd private IP address wants to access Internet then the packet
will be dropped therefore many private IP addresses are mapped to a pool of public IP
addresses. NAT is used when the number of users who wants to access the Internet is fixed.
This is also very costly as the organisation have to buy many global IP addresses to make a
pool.
Port Address Translation (PAT) – This is also known as NAT overload. In this, many local
(private) IP addresses can be translated to a single registered IP address. Port numbers are
used to distinguish the traffic i.e., which traffic belongs to which IP address. This is most
frequently used as it is cost-effective as thousands of users can be connected to the Internet
by using only one real global (public) IP address.

5. Ports and Protocols

Ports: ports are physical numbers use by tcp/ip to identify what services/application
should handle data received by system. Tcp having 65536(0-65535) ports.
0-1023 are well known ports
Protocols: a protocol is a set of rules and guidelines for communicating data.
Well known ports and protocols:

Protocol Port No
SSH(secure shell) 22
SCP (secure copy protocol) 22
SSL(secure socket layer) 22
TLS(transport layer security) 22
IPsec(internet protocol security) 500
HTTP(hypertext transfer protocol) 80
HTTPS(hypertext transfer protocol secure) 443
FTP(file transfer protocol) 20 & 21
SNMP(simple network management protocol) 161
DNS(domain name system) 53
DHCP(dyanamic host configuration protocol) 67 & 68
LDAP(leightweight directory access protocol) 389
RDP(remote desktop protocol) 3389
POP3(post office protocol) 110
IMAP(internet message access protocol) 143
MS SQL(Microsoft server) 1433
Kerberose(mutual authentication) 88
SMB(server message block) 445
Syslog 514
NTP Server 123

6. Network/Subnet:
Network: A network is a collection of computers, servers, mainframes, network devices,
peripherals, or other devices connected to one another to allow the sharing of data. An
example of a network is the Internet, which connects millions of people all over the
 world. To the right is an example image of a home network with multiple computers and
other network devices all connected.
Examples of network devices: Desktops, computers, laptops, servers, routers, switches
etc...
Subnet: A subnetwork or subnet is a logical subdivision of an IP network. The practice of
dividing a network into two or more networks is called subnetting.

7. TCP/UDP: TCP Stands for Transmission control protocol and UDP stands for
User datagram protocol
How TCP work?
A TCP connection is established with the help of three-way handshake. It is a process of initiating
and acknowledging a connection. Once the connection is established, data transfer begins, and
when the transmission process is finished, the connection is terminated by the closing of an
established virtual circuit.

How UDP work?

UDP uses a simple transmission method without implied hand-shaking dialogues for ordering,
reliability, or data integrity. UDP also assumes that error checking and correction is not
important or performed in the application, to avoid the overhead of such processing at the
network interface level. It is also compatible with packet broadcasts and multicasting.

Features of TCP:
Delivery Acknowledgements and Re-transmission
Delays transmission when the network is congested
Easy Error detection

Features of UDP:
Supports bandwidth-intensive applications that tolerate packet loss
Less delay
It sends the bulk quantity of packets.
Possibility of the Data loss
Allows small transaction ( DNS lookup)

Difference between TCP and UDP

TCP UDP
1. Connection oriented 1. connection less
2. Rearrange data packets in specific order 2. No Fixed order
3. TCP is slower 3. UDP is faster
4. Check errors and corrects 4. no error correction
5. Reliable 5. Un-reliable
6. Acknowledgement will be provided 6. No Acknowledgement
8. Network Topology: A Network Topology is the arrangement with which
computer systems or network devices are connected to each other. Topologies may define
both physical and logical aspect of the network. Both logical and physical topologies could
be same or different in a same network.

Types of network topologies:

1. Point-to-Point
Point-to-point networks contains exactly two hosts such as computer, switches or routers,
servers connected back to back using a single piece of cable. Often, the receiving end of one
host is connected to sending end of the other and vice-versa. If the hosts are connected
point-to-point logically, then may have multiple intermediate devices. But the end hosts are
unaware of underlying network and see each other as if they are connected directly.

2. Bus Topology:
In case of Bus topology, all devices share single communication line or cable. Bus topology
may have problem while multiple hosts sending data at the same time. Therefore, Bus
topology either uses CSMA/CD technology or recognizes one host as Bus Master to solve the
issue. It is one of the simple forms of networking where a failure of a device does not affect
the other devices. But failure of the shared communication line can make all other devices
stop functioning. Both ends of the shared channel have line terminator. The data is sent in
only one direction and as soon as it reaches the extreme end, the terminator removes the
data from the line.

3. Star Topology:
All hosts in Star topology are connected to a central device, known as switch device, using a
point-to-point connection. That is, there exists a point to point connection between hosts
and switch. As in Bus topology, switch acts as single point of failure. If switch fails,
connectivity of all hosts to all other hosts fails. Every communication between hosts, takes
place through only the switch. Star topology is not expensive as to connect one more host,
only one cable is required and configuration is simple.

4. Ring Topology:
In ring topology, each host machine connects to exactly two other machines, creating a
circular network structure. When one host tries to communicate or send message to a host
which is not adjacent to it, the data travels through all intermediate hosts. To connect one
more host in the existing structure, the administrator may need only one more extra cable.

5. Mesh Topology: In this type of topology, a host is connected to one or multiple hosts. This
topology has hosts in point-to-point connection with every other host or may also have
hosts which are in point-to-point connection to few hosts only. Hosts in Mesh topology also
work as relay for other hosts which do not have direct point-to-point links.
 9. Network Architecture:

What is Network Architecture: Network architecture is the design of a computer network. It is a

framework for the specification of a network's physical components and their functional
organization and configuration, its operational principles and procedures, as well as communication
protocols used.

10.Encoding and Decoding: Encoding is the process of putting a sequence of

characters such as letters, numbers, and other special characters into a specialized format for
efficient transmission. Decoding is the process of converting an encoded format back into the
original sequence of characters. It is completely different from Encryption which we usually
misinterpret. Encoding and decoding are used in data communications and storage. Encoding should
NOT be used for transporting sensitive information.

11.Encryption: Encryption is the process of translating plain text data (plaintext) into
something that appears to be random and meaningless (ciphertext). Decryption is the process of
converting ciphertext back to plaintext.

Types of Encryption: There are two types of encryption in widespread

use symmetric and asymmetric encryption.

What is symmetric encryption?

In symmetric encryption the same key is used for encryption and decryption. It is therefore critical
that a secure method is considered to transfer the key between sender and recipient. Symmetric
encryption – Using the same key for encryption and decryption.

What is asymmetric encryption?

Asymmetric encryption uses the notion of a key pair: a different key is used for the encryption and
decryption process. One of the keys is typically known as the private key and the other is known as
the public key. The private key is kept secret by the owner and the public key is either shared
amongst authorised recipients or made available to the public at large.
Data encrypted with the recipient’s public key can only be decrypted with the corresponding private
key. Data can therefore be transferred without the risk of unauthorised or unlawful access to the
data. Asymmetric encryption – Using a different key for the encryption and decryption process.
12. Hashing: Hashing is a technique that generates a fixed length value summarising a file or
message contents. It is often incorrectly referred to as an encryption method. Hash functions are
used with cryptography to provide digital signatures and integrity controls but as no secret key is
used it does not make the message private as the hash can be recreated.

13. Unicasting/Multicasting/Broadcasting:
Unicast: From one source to one destination i.e. One-to-One. traffic, many streams of IP packets
that move across networks flow from a single point, such as a website server, to a single endpoint
such as a client PC. This is the most common form of information transference on networks. Traffic is
sent from one host to another. A replica of each packet in the data stream goes to every host that
requests it. The implementation of unicast applications is a bit easy as they use well-established IP
protocols; however, they are particularly incompetent when there is a need for many-to-many
communications. In the meantime, all packets in the data stream must be sent to every host
requesting access to the data stream. However, this type of transmission is ineffective in terms of
both network and server resource as it equally presents obvious scalability issues.
Multicast: from one source to multiple destinations stating an interest in receiving the traffic i.e.
One-to-Many In this method traffic recline between the boundaries of unicast (one point to one
destination) and broadcast (one point to all destinations). And multicast is a “one source to many
destinations” way of traffic distribution, means that only the destinations that openly point to their
requisite to accept the data from a specific source to receive the traffic stream. On an IP network,
destinations (i.e. clients) do not regularly communicate straight to sources (i.e. servers), because the
routers between source and destination must be able to regulate the topology of the network from
unicast or multicast side to avoid disordered routing traffic. Multicast routers replicate packets
received on one input interface and send the replicas out on multiple output interfaces.
Broadcast: From one source to all possible destinations i.e. One-to-All. Here, traffic streams from a
single point to all possible endpoints within reach on the network, which is generally a LAN. This is
the easiest technique to ensure traffic reaches to its destinations. This mode is mainly utilized by
television networks for video and audio distribution. Even if the television network is a cable
television (CATV) system, the source signal reaches to all possible destinations, which is the key
reason that some channels’ content is scrambled. Broadcasting is not practicable on the public
Internet due to the massive amount of unnecessary data that would continually reach at each user’s
device, the complications and impact of scrambling and related privacy issues.

14. TCP Three way Handshake: To start tcp session, the client sends a SYN
packet and the server responds with SYN ACK packet, and the client completes the third part of
handshake with ACK packet, at this point connection is established.
After completion of transmission of data client sends the FIN packet and server reply with ACK, at
this point connection is terminated.