DATA COMMUNICATIONS AND NETWORKING 1 Reviewer ICS26014

2ND SEMESTER | 2023 - 2024 | Sir Ian Cris Luna [email protected] Consultation: Monday - Friday, 8AM - 5PM

LESSON 9 - Address Resolution

ARP

ARP Overview
MAC and IP
A device uses ARP to determine the destination
Destination on Same Network
MAC address of a local device when it knows its
There are two primary addresses assigned to a IPv4 address.
device on an Ethernet LAN:
ARP provides two basic functions:
- Layer 2 physical address (the MAC address)
- Resolving IPv4 addresses to MAC addresses.
Used for NIC to NIC communications on the
- Maintaining an ARP table of IPv4 to MAC
same Ethernet network.
address mappings.
- Layer 3 logical address (the IP address)
Used to send the packet from the source device
to the destination device.

Layer 2 addresses are used to deliver frames

from one NIC to another NIC on the same
network. If a destination IP address is on the
same network, the destination MAC address will
be that of the destination device. ARP Functions

Destination on Remote Network To send a frame, a device will search its ARP
table for a destination IPv4 address and a
When the destination IP address is on a remote corresponding MAC address.
network, the destination MAC address is that of - If the packet’s destination IPv4 address is on
the default gateway. the same network, the device will search the
- ARP is used by IPv4 to associate the IPv4 ARP table for the destination IPv4 address.
address of a device with the MAC address of - If the destination IPv4 address is on a different
the device NIC. network, the device will search the ARP table
- ICMPv6 is used by IPv6 to associate the IPv6 for the IPv4 address of the default gateway.
address of a device with the MAC address of - If the device locates the IPv4 address, its
the device NIC. corresponding MAC address is used as the
destination MAC address in the frame.
- If there is no ARP table entry is found, then the
device sends an ARP request.

ICMPv6 is the technical term for ping

 Legend:
Lesson | Header | Main Notes | Example | Extra Notes

Removing Entries from an ARP Table

- Entries in the ARP table are not permanent and

are removed when an ARP cache timer expires
after a specified period of time.
- The duration of the ARP cache timer differs
depending on the operating system.
- ARP table entries can also be removed
manually by the administrator.

IPv6 Neighbor Discovery

IPv6 Neighbor Discovery Messages IPv6

Neighbor Discovery (ND) protocol provides:
• Address resolution
ARP Tables on Networking Devices • Router discovery
• Redirection services
- The show ip arp command displays the ARP • ICMPv6 Neighbor Solicitation (NS) and
table on a Cisco router. Neighbor Advertisement (NA) messages are
- The arp –a command displays the ARP table used for device-to-device messaging such as
on a Windows 10 PC. address resolution.
• ICMTPv6 Router Solicitation (RS) and Router
Advertisement (RA) messages are used for
messaging between devices and routers for
router discovery.
• ICMPv6 redirect messages are used by routers
for better next-hop selection.

IPv6 Neighbor Discovery – Address Resolution

ARP Issues – ARP Broadcasting and ARP • IPv6 devices use ND to resolve the MAC
Spoofing address of a known IPv6 address.
• ICMPv6 Neighbor Solicitation messages are
• ARP requests are received and processed by sent using special Ethernet and IPv6 multicast
every device on the local network. addresses.
• Excessive ARP broadcasts can cause some
reduction in performance.

• ARP replies can be spoofed by a threat actor to

perform an ARP poisoning attack. • Enterprise
level switches include mitigation techniques to
protect against ARP attacks.
 Legend:
Lesson | Header | Main Notes | Example | Extra Notes

?
 Legend:
Lesson | Header | Main Notes | Example | Extra Notes

LESSON 10 - Basic Router Configuration Configure Interfaces

Configure Router Interfaces

Configure Initial Router Settings Configuring a router interface includes issuing

the following commands:
Basic Router Configuration Steps

• Configure the device name.

• Secure privileged EXEC mode.

• It is a good practice to use the description
command to add
• Secure user EXEC mode. information about the network connected to the
interface.
• The no shutdown command activates the
interface.
• Secure remote Telnet / SSH Access.

The commands to configure interfaces G0/0/0

on R1 are show here:
• Encrypt all plaintext passwords.

• Provide legal notification and

save the configuration

The commands to configure interfaces G0/0/1

• Commands for basic router configuration on R1. on R1 are shown here:
• Configuration is saved to NVRAM.

Verify Interface Configuration

To verify interface configuration use the show ip

interface brief and show ipv6 interface brief
commands shown here:

?
 Legend:
Lesson | Header | Main Notes | Example | Extra Notes

Configure Verification Commands

The table summarizes show commands used to

verify interface configuration

Display IPv6 statistics for router interfaces with

the show ipv6 interface command shown here:

Display the contents of the IP routing tables with

the show ip route ad show ipv6 route commands
as shown here:
?

Configure the Default Gateway

The default gateway is used

when a host sends a packet to a
device on another network.

• The default gateway address is

generally the router interface
Display statistics for all interfaces with the show address attached to the local
interfaces command, as shown here: network of the host.

• To reach PC3, PC1 addresses a

packet with the IPv4 address of
Display IPv4 statistics for router interfaces with PC3, but forwards the packet to
the show ip interface command, as shown here: its default gateway, the G0/0/0
interface of R1.
 Legend:
Lesson | Header | Main Notes | Example | Extra Notes

Default Gateway on a Switch

A switch must have a default

gateway address configured to
remotely manage the switch from
another network.

• To configure an IPv4 default

gateway on a switch, use the ip
default-gateway ip-address
global configuration command
In the example:
• The local host sends an ICMP Echo Request to
a host.
• If the host is available, the destination host
responds with an Echo Reply
? Destination or Services Unreachable

• An ICMP Destination Unreachable message can

be used to notify the source that a
LESSON 13 - ICMP destination or service is unreachable.
• The ICMP message will include a code
indicating why the packet could not be delivered.
A few Destination Unreachable
ICMP Messages
codes for ICMPv4 are as follows:
ICMPv4 and ICMPv6 Messages • 0 - Net unreachable
• 1 - Host unreachable
• Internet Control Message Protocol (ICMP) • 2 - Protocol unreachable
provides feedback about issues related to the • 3 - Port unreachable
processing of IP packets under certain A few Destination Unreachable codes for
conditions. ICMPv6 are as follows:
• ICMPv4 is the messaging protocol for IPv4. • 0 - No route to destination
ICMPv6 is the messaging protocol for IPv6 and • 1 - Communication with the destination is
includes additional functionality. administratively prohibited (e.g., firewall)
• The ICMP messages common to both ICMPv4 • 2 – Beyond scope of the source address
and ICMPv6 include: • 3 - Address unreachable
• Host reachability • 4 - Port unreachable
• Destination or Service Unreachable Note: ICMPv6 has similar but slightly different
• Time exceeded codes for Destination Unreachable messages
Note: ICMPv4 messages are not required and are
Time Exceeded
often not allowed within a network for
security reasons.
When the Time to Live (TTL) field in a packet is
Host Reachability decremented to 0, an ICMPv4 Time
Exceeded message will be sent to the source
ICMP Echo Message can be used to test host.
the reachability of a host on an IP • ICMPv6 also sends a Time Exceeded message.
Network. Instead of the IPv4 TTL field, ICMPv6 uses
the IPv6 Hop Limit field to determine if the packet
has expired
 Legend:
Lesson | Header | Main Notes | Example | Extra Notes

message in response to an RS message.

• In the figure, PC1 sends a RS message to

determine how to receive its IPv6 address
information dynamically.

• R1 replies to the RS with an RA

Message.
Note: Time Exceeded messages are used by the
traceroute tool. • PC1 sends an RS message, “Hi, I just
booted up. Is there an IPv6 router on the
ICMPv6 Messages
network? I need to know how to get my
IPv6 address information dynamically.”
ICMPv6 has new features and improved
functionality not found in ICMPv4, including four
• R1 replies with an RA message. “Hi all
new
IPv6-enabled devices. I’m R1 and you
protocols as part of the Neighbor Discovery
can use SLAAC to create an IPv6 global
Protocol (ND or NDP).
unicast address. The prefix is
Messaging between an IPv6 router and an
2001:db8:acad:1::/64. By the way, use
IPv6 device, including dynamic address
my link-local address fe80::1 as your
allocation are as follows:
default gateway."
• Router Solicitation (RS) message
• Router Advertisement (RA) message
A device assigned a global IPv6 unicast or
Messaging between IPv6 devices, including
link-local unicast address, may perform
duplicate address detection and address
duplicate address detection (DAD) to ensure
resolution are as follows:
that the IPv6 address is unique.
• Neighbor Solicitation (NS) message
• To check the uniqueness of an address, the
• Neighbor Advertisement (NA) message
device will send an NS message with its own
IPv6 address as the targeted IPv6 address.
Note: ICMPv6 ND also includes the redirect
message, which has a similar function to the
• If another device on the network has this
redirect
address, it will respond with an NA message
message used in ICMPv4
notifying to the sending device that the
address is in use. Note: DAD is not required, but
• RA messages are sent by IPv6-enabled
RFC 4861
routers every 200 seconds to provide
recommends that DAD is performed on
addressing information to IPv6-enabled
unicast addresses.
Hosts.
• To determine the MAC address for the
• RA message can include addressing
destination, the device will send an NS
information for the host such as the prefix,
message to the solicited node address.
prefix length, DNS address, and domain
• The message will include the known
Name.
(targeted) IPv6 address. The device that
has the targeted IPv6 address will
• A host using Stateless Address
respond with an NA message containing
Autoconfiguration (SLAAC) will set its default
Its Ethernet MAC Address
gateway to the link-local address of the
router that sent the RA.
In the figure, R1 sends a NS message to
2001:db8:acad:1::10 asking for its MAC
• An IPv6-enabled router will also send out an RA
address.
 Legend:
Lesson | Header | Main Notes | Example | Extra Notes

the router interface serving as the

default gateway are both operational
on the local network.
• If the default gateway address does
? not respond, a ping can be sent to
the IP address of another host on the
local network that is known to be
Ping and Traceroute Tests Operational

Ping - Test Conectivity

The ping command is an IPv4 and IPv6 testing Ping a Remote Host
utility that uses ICMP echo request and echo
reply Ping can also be used to test the ability of a
messages to test connectivity between hosts and local host to communicate across an
provides a summary that includes the success internetwork.
rate A local host can ping a host on a remote
and average round-trip time to the destination. network. A successful ping across the
• If a reply is not received within the timeout, ping internetwork confirms communication on the
provides a message indicating that a response local network.
was Note: Many network administrators limit or
not received. prohibit the entry of ICMP messages therefore,
• It is common for the first ping to timeout if the lack of a ping response could be due to
address security restrictions
resolution (ARP or ND) needs to be performed
before sending the ICMP Echo Request. Traceroute - Test the Path

Ping the Loopback Traceroute (tracert) is a utility that is used

to test the path between two hosts and
Ping can be used to test the internal provide a list of hops that were successfully
configuration of IPv4 or IPv6 on the local reached along that path.
host. To do this, ping the local loopback
address of 127.0.0.1 for IPv4 (::1 for IPv6). • Traceroute provides round-trip time for
• A response from 127.0.0.1 for IPv4, or ::1 each hop along the path and indicates if a
for IPv6, indicates that IP is properly hop fails to respond. An asterisk (*) is used
installed on the host. to indicate a lost or unreplied packet.
• An error message indicates that TCP/IP
is not operational on the host. • This information can be used to locate a
problematic router in the path or may
indicate that the router is configured not to
Reply.
Ping the Default Gateway
Note: Traceroute makes use of a function of the
The ping command can be used to test the TTL field in IPv4 and the Hop Limit field in IPv6 in
ability of a host to communicate on the local the Layer 3 headers, along with the ICMP Time
network. Exceeded message
The default gateway address is most often used
because the router is normally always The first message sent from traceroute will
operational. have a TTL field value of 1. This causes the
• A successful ping to the default TTL to time out at the first router. This router
gateway indicates that the host and then responds with a ICMPv4 Time
 Legend:
Lesson | Header | Main Notes | Example | Extra Notes

Exceeded message. the same network

• Traceroute then progressively increments the Transport Layer Protocols

TTL field (2, 3, 4...) for each sequence of
messages. This provides the trace with the • IP does not specify how the
address of each hop as the packets time out delivery or transportation of the
further down the path. packets takes place.
• Transport layer protocols
• The TTL field continues to be increased until specify how to transfer
the destination is reached, or it is messages between hosts, and
incremented to a predefined maximum. are responsible for managing
reliability requirements of a
conversation.
• The transport layer includes the
TCP and UDP protocols
?
Transmission Control Protocol

TCP provides reliability and flow

control. TCP basic operations:
• Number and track data segments
LESSON 14 - Transport Layer transmitted to a specific host from
a specific application
• Acknowledge received data
Transportation of Data • Retransmit any unacknowledged
data after a certain amount of time
Role of the Transport Layer • Sequence data that might arrive in
wrong order
The transport layer is: • Send data at an efficient rate that
• responsible for logical is acceptable by the receiver
communications between
User Datagram Protocol (UDP)
applications running on
different hosts.
UDP provides the basic functions
• The link between the
for delivering datagrams between
application layer and the lower
the appropriate applications, with
layers that are responsible for
very little overhead and data
network transmission.
checking.
Transport Layer Responsibilities • UDP is a connectionless
protocol.
The transport layer has the following • UDP is known as a best-effort
responsibilities: delivery protocol because
• Tracking individual conversations there is no acknowledgment
• Segmenting data and reassembling that the data is received at the
segments destination
• Adds header information
The Right Transport Layer Protocol for the Right
• Identify, separate, and manage
Application
multiple conversations
• Uses segmentation and multiplexing
UDP is also used by request-and-reply
to enable different communication
applications where the data is
conversations to be interleaved on
 Legend:
Lesson | Header | Main Notes | Example | Extra Notes

minimal, and retransmission can be

done quickly.
If it is important that all the data
arrives and that it can be processed in
its proper sequence, TCP is used as
the transport protocol

?
Applications that use TCP

TCP Overview TCP handles all tasks associated

with dividing the data stream into
TCP Features segments, providing reliability,
controlling data flow, and reordering
▪ Establishes a Session - TCP is a segments
connection-oriented protocol that negotiates and
establishes a permanent connection (or session)
between source and destination devices prior
to forwarding any traffic. ?
▪ Ensures Reliable Delivery - For many reasons, it
is possible for a segment to become
corrupted or lost completely, as it is transmitted
over the network. TCP ensures that each UDP Overview
segment that is sent by the source arrives at the
destination. UDP features include the following:
▪ Provides Same-Order Delivery - Because • Data is reconstructed in the order that it is
networks may provide multiple routes that can received.
have different transmission rates, data can arrive • Any segments that are lost are not resent.
in the wrong order. • There is no session establishment.
▪ Supports Flow Control - Network hosts have • The sending is not informed about resource
limited resources (i.e., memory and processing availability.
power). When TCP is aware that these resources
are overtaxed, it can request that the
sending application reduce the rate of data flow UDP Header

TCP Header The UDP header is far simpler than the TCP
header because it only has four fields and
TCP is a stateful protocol which requires 8
means it keeps track of the state of bytes (i.e. 64 bits).
the communication session.
TCP records which information it
has sent, and which information
has been acknowledged

TCP Header Fields

UDP Header Fields

 Legend:
Lesson | Header | Main Notes | Example | Extra Notes

The table identifies and describes the four fields within an IP packet.
in a UDP header. • The combination of the source IP address
and source port number, or the
destination IP address and destination
port number is known as a socket.
• Sockets enable multiple processes,
running on a client, to distinguish
themselves from each other, and multiple
connections to a server process to be
Applications that use UDP distinguished from each other.

▪ Live video and multimedia applications - These

applications can tolerate some data loss but Port Number Groups
require little or no delay. Examples include VoIP
and live streaming video.
▪ Simple request and reply applications -
Applications with simple transactions where a
host
sends a request and may or may not receive a
reply. Examples include DNS and DHCP.
▪ Applications that handle reliability themselves -
Unidirectional communications where flow
control,
error detection, acknowledgments, and error
recovery is not required, or can be handled by the
application. Examples include SNMP and TFTP

Port Numbers

Multiple Separate Communications

TCP and UDP transport layer protocols use port

numbers to manage multiple, simultaneous The netstat Command
conversations.
The source port number is associated with the Unexplained TCP connections can pose a major
originating application on the local host security threat, Netstat is an important tool to
whereas the destination port number is verify connections.
associated with the destination application on
the
remote host.

Socket Pairs

• The source and destination ports are

placed within the segment.
• The segments are then encapsulated
 Legend:
Lesson | Header | Main Notes | Example | Extra Notes

• It establishes that the destination device is

present on the network.
? • It verifies that the destination device has an
active service and is accepting requests on the
destination port number that the initiating client
TCP Communication Process intends to use.
• It informs the destination device that the source
TCP Server Process client intends to establish a communication
session on that port number.
Each application process running on a server is After the communication is completed the
configured to use a port number. sessions are closed, and the connection is
• An individual server cannot have two terminated. The
services assigned to the same port number connection and session mechanisms enable TCP
within the same transport layer services. reliability function.
• An active server application assigned to a
specific port is considered open, which The six control bit flags are as follows:
means that the transport layer accepts, and • URG - Urgent pointer field
processes segments addressed to that port. significant
• Any incoming client request addressed to • ACK - Acknowledgment flag used
the correct socket is accepted, and the data in connection establishment and
is passed to the server application. session termination
• PSH - Push function
TCP Connection Establishment • RST - Reset the connection when
an error or timeout occurs
Step 1: The initiating client requests a client- • SYN - Synchronize sequence
to-server communication session with the numbers used in connection
server. establishment
Step 2: The server acknowledges the client- • FIN - No more data from sender
to-server communication session and and used in session termination
requests a server-to-client communication
session.
Step 3: The initiating client acknowledges the
server-to-client communication session.

Session Termination

Step 1: When the client has no more data to

send in the stream, it sends a segment with
the FIN flag set.
Step 2: The server sends an ACK to
acknowledge the receipt of the FIN to
terminate the session from client to server. ?
Step 3: The server sends a FIN to the client
to terminate the server-to-client session.
Step 4: The client responds with an ACK to
Reliability and Flow Control
acknowledge the FIN from the server.
TCP Reliability - Guaranteed and Ordered Delivery
TCP Three-Way Handshake Analysis
• TCP can also help maintain the flow
Functions of the Three-Way Handshake:
of packets so that devices do not
 Legend:
Lesson | Header | Main Notes | Example | Extra Notes

become overloaded. • A common MSS is 1,460 bytes

• There may be times when TCP when using IPv4.
segments do not arrive at their
destination or arrive out of order. • A host determines the value of its
• All the data must be received and the MSS field by subtracting the IP and
data in these segments must be TCP headers from the Ethernet
reassembled into the original order. maximum transmission unit (MTU),
• Sequence numbers are assigned in which is 1500 bytes by default.
the header of each packet to achieve
this goal. • 1500 minus 40 (20 bytes for the
IPv4 header and 20 bytes for the
TCP header) leaves 1460 bytes.
TCP Reliability - Data Loss and Retransmission

No matter how well designed a network TCP Flow Control - Congestion Avoidance
is, data loss occasionally occurs.
TCP provides methods of managing When congestion occurs on a network, it results
these segment losses. Among these is in packets being discarded by the overloaded
a mechanism to retransmit segments for router.
unacknowledged data To avoid and control congestion, TCP employs
several congestion handling mechanisms, timers,
Host operating systems today typically and algorithms.
employ an optional TCP feature called
selective acknowledgment (SACK),
negotiated during the three-way
handshake. ?
If both hosts support SACK, the receiver
can explicitly acknowledge which
segments (bytes) were received including UDP Communication
any discontinuous segments
UDP Low Overhead versus Reliability
TCP Flow Control - Window Size and
Acknowledgements UDP does not establish a connection. UDP
provides low overhead data transport because
TCP also provides mechanisms for it has a small datagram header and no network
flow control as follows: management traffic.
• Flow control is the amount of data
that the destination can receive and
process reliably. UDP Datagram Reassembly
• Flow control helps maintain the
reliability of TCP transmission by • UDP does not track
adjusting the rate of data flow sequence numbers the way
between source and destination for TCP does.
a given session. • UDP has no way to reorder
the datagrams into their
TCP Flow Control - Maximum Segment Size transmission order.
• UDP simply reassembles the
Maximum Segment Size (MSS) is the data in the order that it was
maximum amount of data that the received and forwards it to
destination device can receive. the application.
 Legend:
Lesson | Header | Main Notes | Example | Extra Notes

UDP Server Processes and Requests

UDP-based server applications

are assigned well-known or
registered port numbers.
UDP receives a datagram
destined for one of these ports, it
forwards the application data to
the appropriate application based
on its port number

UDP Client Processes

• The UDP client process

dynamically selects a port number
from the range of port numbers and
uses this as the source port for the
conversation.
• The destination port is usually the
well-known or registered port
number assigned to the server
process.
• After a client has selected the
source and destination ports, the
same pair of ports are used in the
header of all datagrams in the
transaction.