0x360 Foundation

This page summarizes network topics based on OSI models. Details of higher level applications such as distributed computing will be covered in other pages.

Physical Layer (1)

Ethernet (IEEE 802.3)

Fiber

1000BASE-X

Submarine cables

Copper

twisted pair

10/100/1000/10GBASE-T

Wireless LAN (IEEE 802.11)

Data Link Layer (2)

MAC

  • unique 48 bit for each hardware
  • each mac address is associated with NIC (network interface card)
  • OUI (Organizationally Unique Identifier) is the first three octats

ARP (Address Resolution Protocol)

ARP is a IPv4 Protocol defined at RFC0826, it is used to translate 32bit IP address into 48bit MAC address.RFC0826

reference: from TCP/IP Illustrated, Volume 1: The protocols

Protocol

  • ARP cache: store arp records in cache, TTL is typically 20 min.
  • ARP request: If not in cache or expired, broadcast an ethernet frame under the subnet mask to request a MAC address corresponding to an IP.
  • ARP reply: NIC with the MAC address reply to the request with unicast. Other NICs will ignore the requests (although they can see the broadcast request)

Command

  • arp -a: retrieval local arp cache

Security

  • arp spoofing: man in the middle attack (ettercap)
  • mac flooding

Reference

  • TCP/IP Illustrated, Volume 1: The protocols Chapter 4

NDP (Neighbor Discovery Protocol)

  • IPv6 Protocol as a replacement of ARP

Hardware:

L2 Switch

Network Layer (3)

IP

ICMP

command

  • tcpdump -nni en0 icmp: filter icmp packets

Transport Layer (4)

Session Layer (5)

Presentation Layer (6)

XDR

  • external data representation
  • a standard data serialization format

Application Layer (7)

DNS

Originally HOSTS.TXT manages all hosts for ARPANET ( HOSTS.TXT is a single txt file ) . Problems with it were latency, linear search complexity etc.

Currently DNS is implemented with a distributed database (e.g.: BIND , Windows DNS). 13 root servers in the world. Each name is a node in an inverted tree, the path to the node is separated by dot. Non ASCII characters are translated into punycode. Dig command can be used to retrieve DNS records. Google public DNS: 8.8.8.8, 8.8.8.4

Organizations

  • ICANN: root domain management
  • Verisign: com, net, 2 root server including the a root server
  • IANA: part of ICANN, assign IP
Reference: TCP/IP Illustrated, Volume 1

Records

  • A: 32 bit for IPv4 (domain -> ip)
  • AAAA: 128 bit for IPv6 (domain -> ip)
  • CNAME: map alias domain name to its canonical domain name
  • TTL: TTL for DNS cache in each name server. Typically 1 day or 2 days.
  • NS: name server for the target domain. used together with A record
  • PTR: map ip to domain (for reverse lookup)
  • MX: domain to SMTP server
  • TXT: meta data about server

Resolution

Reference: TCP/IP Illustrated, Volume 1

Linux Implementation

  • hostname will be first looked up with /etc/hosts, if not found using the default name server configuration is stored at /etc/resolv.conf
  • client: libresolv library (part of libc) provides the standard client implementation
  • server: standard of server implementation is BIND 9

Windows Implementation

  • hosts file is stored under the registry key of %SystemRoot%\System32\drivers\etc\hosts

Security

Reference

[1] Fall, Kevin R., and W. Richard Stevens. TCP/IP illustrated, volume 1: The protocols. addison-Wesley, 2011.