Introductory Networking
An introduction to networking theory and basic networking tools...
The OSI Model - An Overview
The is a standardised model which we use to demonstrate the theory behind computer networking. In practice, it's actually the more compact TCP/IP model that real-world networking is based off; however the OSI model, in many ways, is easier to get an initial understanding from.
The OSI Model consists of 7 layers:
Application
Presentation
Session
Transport
Network
Data Link
Physical
A mnemonic to help remember this is Anxious Pale Shakespeare Treated Nervous Drunks Patiently
Application Layer
The application layer of the OSI model essentially provides networking options to programs running on a computer. It works almost exclusively with applications, providing an interface for them to use in order to transmit data. When data is given to the application layer, it is passed down into the presentation layer.
Presentation Layer
The presentation layer receives data from the application layer. This data tends to be in a format that the application understands, but it's not necessarily in a standardised format that could be understood by the application layer in the receiving computer. The presentation layer translates the data into a standardised format, as well as handling any encryption, compression or other transformations to the data. With this complete, the data is passed down to the session layer.
Session Layer
When the session layer receives the correctly formatted data from the presentation layer, it looks to see if it can set up a connection with the other computer across the network. If it can't then it sends back an error and the process goes no further.
If a session can be established then it's the job of the session layer to maintain it, as well as co-operate with the session layer of the remote computer in order to synchronise communications. The session layer is particularly important as the session that it creates is unique to the communication in question. This is what allows you to make multiple requests to different endpoints simultaneously without all the data getting mixed up (think about opening two tabs in a web browser at the same time)! When the session layer has successfully logged a connection between the host and remote computer the data is passed down to the transport layer.
Transport Layer
The transport layer is a very interesting layer that serves numerous important functions. Its first purpose is to choose the protocol over which the data is to be transmitted. The two most common protocols in the transport layer are and ; with TCP the transmission is connection-based which means that a connection between the computers is established and maintained for the duration of the request. This allows for a reliable transmission, as the connection can be used to ensure that the packets all get to the right place. A TCP connection allows the two computers to remain in constant communication to ensure that the data is sent at an acceptable speed, and that any lost data is re-sent. With UDP, the opposite is true; packets of data are essentially thrown at the receiving computer -- if it can't keep up then that's its problem (this is why a video transmission over something like Skype can be pixelated if the connection is bad). What this means is that TCP would usually be chosen for situations where accuracy is favoured over speed (e.g. file transfer, or loading a webpage), and UDP would be used in situations where speed is more important (e.g. video streaming).
With a protocol selected, the transport layer then divides the transmission up into bite-sized pieces (over TCP these are called segments, over UDP they're called datagrams), which makes it easier to transmit the message successfully.
Network Layer
The network layer is responsible for locating the destination of your request. For example, the Internet is a huge network; when you want to request information from a webpage, it's the network layer that takes the IP address for the page and figures out the best route to take. At this stage we're working with what is referred to as Logical addressing (i.e. IP addresses) which are still software controlled. Logical addresses are used to provide order to networks, categorising them and allowing us to properly sort them. Currently the most common form of logical addressing is the IPV4 format.
Data Link Layer
The data link layer focuses on the physical addressing of the transmission. It receives a packet from the network layer (that includes the IP address for the remote computer) and adds in the physical MAC address of the receiving endpoint. Inside every network enabled computer is a () which comes with a unique address to identify it.
MAC addresses are set by the manufacturer and literally burnt into the card; they can't be changed, although they can be spoofed. When information is sent across a network, it's actually the physical address that is used to identify where exactly to send the information. Additionally, it's also the job of the data link layer to present the data in a format suitable for transmission.
The data link layer also serves an important function when it receives data, as it checks the received information to make sure that it hasn't been corrupted during transmission, which could well happen when the data is transmitted by the physical layer.
Physical Layer
The physical layer is right down to the hardware of the computer. This is where the electrical pulses that make up data transfer over a network are sent and received. It's the job of the physical layer to convert the binary data of the transmission into signals and transmit them across the network, as well as receiving incoming signals and converting them back into binary data.
Encapsulation
As the data is passed down each layer of the model, more information containing details specific to the layer in question is added on to the start of the transmission. This whole process is referred to as encapsulation; the process by which data can be sent from one computer to another.
As an example, the header added by the Network Layer would include things like the source and destination IP addresses, and the header added by the Transport Layer would include (amongst other things) information specific to the protocol being used. The data link layer also adds a piece on at the end of the transmission, which is used to verify that the data has not been corrupted on transmission; this also has the added bonus of increased security, as the data can't be intercepted and tampered with without breaking the trailer.
Encapsulated data is given a different name at different steps of the process. In layers 7, 6 and 5, the data is simply referred to as data. In the transport layer the encapsulated data is referred to as a segment or a datagram (depending on whether TCP/UDP is used). At the Network Layer, the data is referred to as a packet. When the packet gets passed down to the Data Link layer it becomes a frame, and by the time it's transmitted across a network the frame has been broken down into bits.
De-encapsulation is when the message is received by the second computer reverses the process starting at the physical layer and working up until it reaches the application layer, stripping off the added information as it goes.
The processes of encapsulation and de-encapsulation are very important because they give us a standardised method for sending data. This means that all transmissions will consistently follow the same methodology, allowing any network enabled device to send a request to any other reachable device and be sure that it will be understood, regardless of whether they are from the same manufacturer; use the same operating system; or any other factors.
The TCP/IP Model
The TCP/IP model is, in many ways, very similar to the OSI model. It's a few years older, and serves as the basis for real-world networking. The TCP/IP model consists of four layers: Application, Transport, Internet and Network Interface. Between them, these cover the same range of functions as the seven layers of the OSI Model.
The application layer includes the following OSI layers: application, presentation, and session. The transport layer is the same in both models and the internet layer is equivalent to the network layer. The network interface layer include the data link and physical layers from the OSI model.
The processes of encapsulation and de-encapsulation work in exactly the same way with the TCP/IP model as they do with the OSI model. At each layer of the TCP/IP model a header is added during encapsulation, and removed during de-encapsulation.
TCP is a connection-based protocol. Before you send any data via TCP, a stable connection must first be formed between the two computers. The process of forming this connection is called the three-way handshake. The SYN, SYN/ACK, and ACK bits. With this three-way handshake completed, data can be reliably transmitted between the two computers. Any data that is lost or corrupted on transmission is re-sent, thus leading to a connection which appears to be lossless.
Networking Tools
Ping
The ping command is used when we want to test whether a connection to a remote resource is possible. Usually this will be a website on the internet, but it could also be for a computer on your home network if you want to check if it's configured correctly. Ping works using the ICMP protocol, which is one of the slightly less well-known TCP/IP protocols that were mentioned earlier. The ICMP protocol works on the Network layer of the OSI Model, and thus the Internet layer of the TCP/IP model.
Traceroute
Traceroute can be used to map the path your request takes as it heads to the target machine.
The internet is made up of many, many different servers and end-points, all networked up to each other. This means that, in order to get to the content you actually want, you first need to go through a bunch of other servers. Traceroute allows you to see each of these connections -- it allows you to see every intermediate step between your computer and the resource that you requested.
WHOIS
Domains are leased out by companies called Domain Registrars. If you want a domain, you go and register with a registrar, then lease the domain for a certain length of time.
WHOIS essentially allows you to query who a domain name is registered to. In Europe personal details are redacted; however, elsewhere you can potentially get a great deal of information from a whois search. There is a web GUI for those who don't like the command line.
Dig
A URL gets coverted into an IP address via the TCP/IP protocol DNS. DNS allows us to ask a special server to give us the IP address of the website we're trying to access. For example, if we made a request to www.google.com, our computer would first send a request to a special DNS server. The server would then go looking for the IP address for Google and sent it back to us. Our computer could then send the request to the IP of the Google server.
To break it down further, you make a request to a website. The first thing that your computer does is check its local cache to see if it's already got an IP address stored for the website; if it does, great. If not, it goes to the next stage of the process.
Next, our computer will then send a request to what's known as a recursive DNS server. Recursive DNS servers are TLD's. For example, if you were searching for google.com, your request would be redirected to a TLD server that handles .com domains.
When a TLD server receives your request for information, the server passes it down to an appropriate Authoritative name server which are used to store DNS records for domains directly.
Dig allows us to manually query recursive DNS servers of our choice for information about domains. It is also a very useful tool for network troubleshooting.
Answers
Task 2
Which layer would choose to send data over TCP or UDP? 4
Which layer checks received information to make sure that it hasn’t been corrupted? 2
In which layer would data be formatted in preparation for transmission? 2
Which layer transmits and receives data? 1
Which layer encrypts, compresses, or otherwise transforms the initial data to give it a standardised format? 6
Which layer tracks communications between the host and receiving computers? 5
Which layer accepts communication requests from applications? 7
Which layer handles logical addressing? 3
When sending data over TCP, what would you call the “bite-sized” pieces of data? Segments
Which layer would the FTP protocol communicate with? 7
Which transport layer protocol would be best suited to transmit a live video? UDP
Task 3
How would you refer to data at layer 2 of the encapsulation process (with the OSI model)? Frames
How would you refer to data at layer 4 of the encapsulation process (with the OSI model), if the UDP protocol has been selected? Datagrams
What process would a computer perform on a received message? De-encapsulation
Which is the only layer of the OSI model to add a trailer during encapsulation? Data Link
Does encapsulation provide an extra layer of security (Aye/Nay)? Aye
Task 4
Which model was introduced first, OSI or TCP/IP? TCP/IP
Which layer of the TCP/IP model covers the functionality of the Transport layer of the OSI model (Full Name)? Transport
Which layer of the TCP/IP model covers the functionality of the Session layer of the OSI model (Full Name)? Application
The Network Interface layer of the TCP/IP model covers the functionality of two layers in the OSI model. These layers are Data Link, and?.. (Full Name)? Physical
Which layer of the TCP/IP model handles the functionality of the OSI network layer? Internet
What kind of protocol is TCP? Connection based
What is SYN short for? Synchronise
What is the second step of the three-way handshake? SYN/ACK
What is the short name for the “Acknowledgement” segment in the three-way handshake? ACK
Task 5
What command would you use to ping the bbc.co.uk website? ping bbc.co.uk
Ping muirlandoracle.co.uk What is the IPv4 address? 217.160.0.152
What switch lets you change the interval of sent ping requests? -i
What switch would allow you to restrict requests to IPv4? -4
What switch would give you a more verbose output? -v
Task 6
What switch would you use to specify an interface when using Traceroute? -i
What switch would you use if you wanted to use TCP SYN requests when tracing the route? -T
Which layer of the TCP/IP model will traceroute run on by default (Windows)? Internet
Task 7
What is the registrant postal code for facebook.com? 94025
When was the facebook.com domain first registered (Format: DD/MM/YYYY)? 29/03/1997
Which city is the registrant based in? Redmond
What is the name of the golf course that is near the registrant address for microsoft.com? Bellevue Golf Course
What is the registered Tech Email for microsoft.com? msnhst@microsoft.com
Task 8
What is DNS short for? Domain Name System
What is the first type of DNS server your computer would query when you search for a domain? Recursive
What type of DNS server contains records specific to domain extensions (i.e. .com, .co.uk*, etc)*? Use the long version of the name. Top-Level Domain
Where is the very first place your computer would look to find the IP address of a domain? Local Cache
Google runs two public DNS servers. One of them can be queried with the IP 8.8.8.8, what is the IP address of the other one? 8.8.4.4
If a DNS query has a TTL of 24 hours, what number would the dig query show? 86400
Last updated