Scribd
Upload
6 views

Cisco

Uploaded by

e84exo81n
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as ODT, PDF, TXT or read online on Scribd
6 views

Cisco

Uploaded by

e84exo81n
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as ODT, PDF, TXT or read online on Scribd
You are on page 1/ 60

• Local Area Network (LAN) - A network infrastructure that provides access to users and

end devices in a small geographical area, which is typically an enterprise, home, or small
business network owned and managed by an individual or IT department.
• Wide Area Network (WAN) - A network infrastructure that provides access to other
networks over a wide geographical area, which is typically owned and managed by a
telecommunications service provider.
Other
types of

networks include:
• Metropolitan Area Network (MAN) - A network infrastructure that spans a physical area
larger than a LAN but smaller than a WAN (e.g., a city). MANs are typically operated by a
single entity such as a large organization.
• Wireless LAN (WLAN) - Similar to a LAN but wirelessly interconnects users and end
points in a small geographical area.
• Storage Area Network (SAN) - A network infrastructure designed to support file servers
and provide data storage, retrieval, and replication

● A fault tolerant network is one that limits the impact of a failure, so that the fewest number
of devices are affected. It is also built in a way that allows quick recovery when such a
failure occurs. These networks depend on multiple paths between the source and destination
of a message. If one path fails, the messages can be instantly sent over a different link.
Having multiple paths to a destination is known as redundancy.
● A scalable network can expand quickly to support new users and applications without
impacting the performance of the service being delivered to existing users.
● Quality of Service (QoS) is also an ever increasing requirement of networks today. New
applications available to users over internetworks, such as voice and live video
transmissions, create higher expectations for the quality of the delivered services.
● Information security refers to protecting the information contained within the packets being
transmitted over the network and the information stored on network attached devices. In
order to achieve the goals of network security, there are three primary requirements, as
shown in Figure 2:
• Confidentiality - Data confidentiality means that only the intended and authorized
recipients can access and read data.
• Integrity - Data integrity means having the assurance that the information has not
been altered in transmission, from origin to destination.
• Availability - Data availability means having the assurance of timely and reliable
access to data services for authorized users.

BYOD is about end users having the freedom to use personal tools to access information and
communicate across a business network. These personal tools include laptops, netbooks, tablets,
smartphones, and e-readers. These can be devices purchased by the company purchased by the
individual, or both.

Cloud computing allows us to store personal files, even backup our entire hard disk drive on
servers over the Internet. Applications such as word processing and photo editing can be accessed
using the Cloud.
Network security components for a home or small office network should include, at a minimum:
-Antivirus and antispyware – These are used to protect end devices from becoming
infected with malicious software.
-Firewall filtering – This is used to block unauthorized access to the network. This may
include a host-based firewall system that is implemented to prevent unauthorized access to
the end device, or a basic filtering service on the home router to prevent unauthorized access
from the outside world into the network.
-Dedicated firewall systems – These are used to provide more advanced firewall
capabilities that can filter large amounts of traffic with more granularity.
-Access control lists (ACL) – These are used to further filter access and traffic forwarding.
-Intrusion prevention systems (IPS) – These are used to identify fast-spreading threats,
such as zero-day or zero-hour attacks.
-Virtual private networks (VPN) – These are used to provide secure access to remote
workers.

Console – This is a physical management port that provides out-of-band access to a Cisco device.
Out-of-band access refers to access via a dedicated management channel that is used for device
maintenance purposes only.
Secure Shell (SSH) – SSH is a method for remotely establishing a secure CLI connection through a
virtual interface, over a network. Unlike a console connection, SSH connections require active
networking services on the device including an active interface configured with an address.
Telnet - Telnet is an insecure method of remotely establishing a CLI session through avirtual
interface, over a network. Unlike SSH, Telnet does not provide a securely encrypted connection.
User authentication, passwords, and commands are sent over the network in plaintext.
- To

move from user EXEC mode to privileged EXEC mode, use the enable
-Use the disable privileged EXEC mode command to return to user EXEC mode.

Switch(config)# line console 0


Switch(config-line)# interface FastEthernet 0/1
Switch(config-line)# interface FastEthernet 0/1
Switch(config-line)# exit
• ping ip-address - The command is ping and the user-defined argument is the ip-address of
the destination device. For example, ping 10.10.10.5.
• traceroute ip-address - The command is traceroute and the user-defined argument is the ip-
address of the destination device. For example, traceroute 192.168.254.254.
enable secret 1234 ustawia hasło do privliged exec treść hasla to „1234”
line console 0 The zero is used to represent the first (and in most cases the only) console interface
password 1234 EXEC mode password „1234”
login enable user EXEC access

line vty 0 15 Virtual terminal (VTY) lines enable remote access to the device.
password 1234 specify the VTY password
login enable VTY access
service password-encryption encrypt passwords,
banner motd # baner informujacy że nie ma się dosępu po nacisnieciu enter należy wpisać treść
banera i nacisnąć #
startup-config - The file stored in Non-volatile Random Access Memory (NVRAM) that contains
all of the commands that will be used by the device upon startup or reboot. NVRAM does not lose
its contents when the device is powered off.
running-config - The file stored in Random Access Memory (RAM) that reflects the current
configuration. Modifying a running configuration affects the operation of a Cisco device
immediately. RAM is volatile memory. It loses all of its content when the device is powered off or
restarted.

show running-config privileged EXEC mode command to view the running configuration file.
show startup-config To view the startup configuration file.
copy running-config startup-config To save changes made to the running configuration to the
startup configuration file

erase startup-config delete the startup config


DHCP enables automatic IPv4 address configuration for every end device that has DHCP enabled.
interface vlan 1 To access the switch remotely, an IP address and a subnet mask must be configured
on the SVI. To configure an SVI on a switch.
ip address ip-address subnet-mask interface configuration command.
no shutdown- enable the virtual interface
jeśli da się pingować z jednego komputera na drugi ale nie z powrotem to wyłączyć firewalla

• HTT
P - is
an

application protocol that governs the way a web server and a web client interact. HTTP
defines the content and formatting of the requests and responses that are exchanged between
the client and server. Both the client and the web server software implement HTTP as part of
the application. HTTP relies on other protocols to govern how the messages are transported
between the client and server.
• TCP - is the transport protocol that manages the individual conversations. TCP divides the
HTTP messages into smaller pieces, called segments. These segments are sent between the
web server and client processes running at the destination host. TCP is also responsible for
controlling the size and rate at which messages are exchanged between the server and the
client.
• IP - is responsible for taking the formatted segments from TCP, encapsulating them into
packets, assigning them the appropriate addresses, and delivering them to the destination
host.
• Ethernet - is a network access protocol that describes two primary functions:
communication over a data link and the physical transmission of data on the network media.
Network access protocols are responsible for taking the packets from IP and formatting them
to be transmitted over the media.
1. Warstwa fizyczna
Zapewnia transmisję danych pomiędzy węzłami sieci. Definiuje interfejsy sieciowe i medium
transmisji. Określa m.in. sposób połączenia mechanicznego, elektrycznego, standard fizycznej
transmisji danych. W skład jej obiektów wchodzą min.: przewody, karty sieciowe, modemy,
wzmacniacze, koncentratory.
2. Warstwa łącza danych
Zapewnia niezawodność łącza danych. Definiuje mechanizmy kontroli błędów w przesyłanych
ramkach lub pakietach - CRC (Cyclic Redundancy Check). Jest ona ściśle powiązana z warstwą
fizyczną, która narzuca topologię. Warstwa ta często zajmuje się również kompresją danych. W
skład jej obiektów wchodzą sterowniki urządzeń sieciowych, np.: sterowniki kart sieciowych oraz
mosty i przełączniki.
3. Warstwa sieciowa
Zapewnia metody ustanawiania, utrzymywania i rozłączania połączenia sieciowego. Obsługuje
błędy komunikacji. Ponadto jest odpowiedzialna za trasowanie pakietów w sieci, czyli wyznaczenie
optymalnej trasy dla połączenia. W niektórych warunkach dopuszczalne jest gubienie pakietów
przez tę warstwę. W skład jej obiektów wchodzą min.: rutery.
4. Warstwa transportowa
Zapewnia przezroczysty transfer danych typu point-to-point. Dba o kolejność pakietów
otrzymywanych przez odbiorcę. Sprawdza poprawność przesyłanych pakietów i w przypadku ich
uszkodzenia lub zaginięcia, zapewnia ich retransmisję.
5. Warstwa sesji
Zapewnia aplikacjom na odległych komputerach realizację wymiany danych pomiędzy nimi.
Kontroluje nawiązywanie i zrywanie połączenia przez aplikację. Jest odpowiedzialna za poprawną
realizację zapytania o daną usługę. Do warstwy tej można zaliczyć funkcje API udostępniane
programiście przez bibliotekę realizującą dostęp do sieci na poziomie powyżej warstwy
transportowej takie jak np. biblioteka strumieni i gniazdek BSD.

6. Warstwa prezentacji
Zapewnia tłumaczenie danych, definiowanie ich formatu oraz odpowiednią składnię. Umożliwia
przekształcenie danych na postać standardową, niezależną od aplikacji. Rozwiązuje takie problemy
jak niezgodność reprezentacji liczb, znaków końca wiersza, liter narodowych itp. Odpowiada także
za kompresję i szyfrowanie.
7. Warstwa aplikacji
Zapewnia aplikacjom metody dostępu do środowiska OSI. Warstwa ta świadczy usługi końcowe dla
aplikacji, min.: udostępnianie zasobów (plików, drukarek). Na tym poziomie rezydują procesy
sieciowe dostępne bezpośrednio dla użytkownika.
Wysyłanie wiadomości layer 2
wiadomość wysyła się z pc1 na router

wysyłając wiadomośc z routera 1 na router 2 zmienia się mac źródła(src NIC) i mac docelowy(dest
NIC) ale adresy ip zostają takie same
Shielded Twisted-Pair Cable

Kabel koncentryczny
UTP cable does not use shielding to counter the effects of EMI and RFI. Instead, cable
designers have discovered that they can limit the negative effect of crosstalk by:
• Cancellation: Designers now pair wires in a circuit. When two wires in an electrical circuit
are placed close together, their magnetic fields are the exact opposite of each other.
Therefore, the two magnetic fields cancel each other and also cancel out any outside EMI
and RFI signals.
• Varying the number of twists per wire pair: To further enhance the cancellation effect of
paired circuit wires, designers vary the number of twists of each wire pair in a cable. UTP
cable must follow precise specifications governing how many twists or braids are permitted
per meter of cable. Notice in the figure that the orange/orange white pair is twisted less than
the blue/blue white pair. Each colored pair is twisted a different number of times.
Budowa światłowodu


• Singl
e-
mode
fiber
(SMF): Consists of a very small core and uses expensive laser technology to send a single
ray of light, as shown in Figure 1. Popular in long-distance situations spanning hundreds of
kilometers, such as those required in long haul telephony and cable TV applications.
• Multimode fiber (MMF): Consists of a larger core and uses LED emitters to send light
pulses. Specifically, light from an LED enters the multimode fiber at different angles, as
shown in Figure 2. Popular in LANs because they can be powered by low-cost LEDs. It
provides bandwidth up to 10 Gb/s over link lengths of up to 550 meters.
generated by either:
• Lasers
• Light emitting diodes (LEDs)
Three common types of fiber-optic termination and splicing errors are:
• Misalignment: The fiber-optic media are not precisely aligned to one another when joined.
• End gap: The media does not completely touch at the splice or connection.
• End finish: The media ends are not well polished, or dirt is present at the termination.

Wireless does have some areas of concern, including:


• Coverage area: Wireless data communication technologies work well in open
environments. However, certain construction materials used in buildings and structures, and
the local terrain, will limit the effective coverage.
• Interference: Wireless is susceptible to interference and can be disrupted by such common
devices as household cordless phones, some types of fluorescent lights, microwave ovens,
and other wireless communications.
• Security: Wireless communication coverage requires no access to a physical strand of
media. Therefore, devices and users, not authorized for access to the network, can gain
access to the transmission. Network security is a major component of wireless network
administration.
• Shared medium: WLANs operate in half-duplex, which means only one device can send or
receive at a time. The wireless medium is shared amongst all wireless users. The more users
needing to access the WLAN simultaneously, results in less bandwidth for each user. Half-
duplex is discussed later in this chapter.
The physical layer consists of electronic circuitry, media, and connectors developed by engineers.
Therefore, it is appropriate that the standards governing this hardware are defined by the relevant
electrical and communications engineering organizations.

The data link layer of the OSI model (Layer 2), as shown in Figure 1, is responsible for:
• Allowing the upper layers to access the media
• Accepting Layer 3 packets and packaging them into frames
• Preparing network data for the physical network
• Controlling how data is placed and received on the media
• Exchanging frames between nodes over a physical network media, such as UTP or fiber-
optic
• Receiving and directing packets to an upper layer protocol
• Performing error detection
The data link layer is divided into two sublayers:
• Logical Link Control (LLC) - This upper sublayer communicates with the network layer. It
places information in the frame that identifies which network layer protocol is being used for
the frame. This information allows multiple Layer 3 protocols, such as IPv4 and IPv6, to
utilize the same network interface and media. It is implemented in software,
• Media Access Control (MAC) - This lower sublayer defines the media access processes
performed by the hardware. It provides data link layer addressing and access to various
network technologies.
Physical topology - Refers to the physical connections and identifies how end devices and
infrastructure devices such as routers, switches, and wireless access points are interconnected.
Physical topologies are usually point-to-point or star. See Figure 1.
Logical topology - Refers to the way a network transfers frames from one node to the next. This
arrangement consists of virtual connections between the nodes of a network. These logical signal
paths are defined by data link layer protocols. The logical topology of point-to-point links is
relatively simple while shared media offers different access control methods. See Figure 2.
• Star - End devices are connected to a central intermediate device. Early star topologies
interconnected end devices using Ethernet hubs. However, star topologies now use Ethernet
switches. The star topology is easy to install, very scalable (easy to add and remove end
devices), and easy to troubleshoot.
• Extended Star - In an extended star topology, additional Ethernet switches interconnect
other star topologies. An extended star is an example of a hybrid topology.
• Bus - All end systems are chained to each other and terminated in some form on each end.
Infrastructure devices such as switches are not required to interconnect the end devices. Bus
topologies using coax cables were used in legacy Ethernet networks because it was
inexpensive and easy to set up.
• Ring - End systems are connected to their respective neighbor forming a ring. Unlike the
bus topology, the ring does not need to be terminated. Ring topologies were used in legacy
Fiber Distributed Data Interface (FDDI) and Token Ring networks
• Half-duplex communication - Both devices can transmit and receive on the media but
cannot do so simultaneously. The half-duplex mode is used in legacy bus topologies and
with Ethernet hubs. WLANs also operate in half-duplex. Half-duplex allows only one device
to send or receive at a time on the shared medium and is used with contention-based access
methods. Figure 1 shows half-duplex communication.
• Full-duplex communication - Both devices can transmit and receive on the media at the
same time. The data link layer assumes that the media is available for transmission for both
nodes at any time. Ethernet switches operate in full-duplex mode by default, but can operate
in half-duplex if connecting to a device such as an Ethernet hub. Figure 2 shows full-duplex
communication.

As shown in the figure, the Ethernet MAC sublayer has two primary
responsibilities:
• Data encapsulation
The data encapsulation process includes frame assembly before transmission, and frame
disassembly upon reception of a frame. In forming the frame, the MAC layer adds a header
and trailer to the network layer PDU.
Data encapsulation provides three primary functions:
◦ Frame delimiting - The framing process provides important delimiters that are used to
identify a group of bits that make up a frame. These delimiting bits provide
synchronization between the transmitting and receiving nodes.
◦ Addressing - The encapsulation process contains the Layer 3 PDU and also provides for
data link layer addressing.
◦ Error detection - Each frame contains a trailer used to detect any errors in
transmissions.
• Media Access Control
The second responsibility of the MAC sublayer is media access control. Media access
control is responsible for the placement of frames on the media and the removal of frames
from the media. As its name implies, it controls access to the media. This sublayer
communicates directly with the physical layer.
The underlying logical topology of Ethernet is a multi-access bus; therefore, all nodes
(devices) on a single network segment share the medium. Ethernet is a contention-based
method of networking. A contention-based method means that any device can try to transmit
data across the shared medium whenever it has data to send. The Carrier Sense Multiple
Access/Collision Detection (CSMA/CD) process is used in half-duplex Ethernet LANs to
detect and resolve collisions. Today’s Ethernet LANs use full-duplex switches, which allow
multiple devices to send and receive simultaneously with no collisions.
Budowa ramki ethernet 2
The minimum Ethernet frame size is 64 bytes and the maximum is 1518 bytes

Jak zmienić sobie mac


On modern PC operating systems and NICs, it is possible to change the MAC address in software.
When the computer starts up, the first thing the NIC does is copy the MAC address from ROM into
RAM.
Można zmienić adres mac programowo w ramie i mamy urządzenie o innym adresie

Wysyłanie ramki na unicast i na broadcast

Multicast addresses
allow a source
device to send a packet to a group of devices. Devices that belong to a multicast group are assigned
a multicast group IP address. The range of IPv4 multicast addresses is 224.0.0.0 to
239.255.255.255. The range of IPv6 multicast addresses begin with FF00::/8. Because multicast
addresses represent a group of addresses (sometimes called a host group), they can only be used as
the destination of a packet. The source will always be a unicast address.

As with the unicast and broadcast addresses, the multicast IP address requires a corresponding
multicast MAC address to actually deliver frames on a local network. The multicast MAC address
associated with an IPv4 multicast address is a special value that begins with 01-00-5E in
hexadecimal. The remaining portion of the multicast MAC address is created by converting the
lower 23 bits of the IP multicast group address into 6 hexadecimal characters. For an IPv6 address,
the multicast MAC address begins with 33-33.

Every frame that enters a switch is checked for new information to learn. It does this by examining
the frame’s source MAC address and port number where the frame entered the switch.
• If the source MAC address does not exist, it is added to the table along with the incoming
port number. In Figure 1, PC-A is sending an Ethernet frame to PC-D. The switch adds the
MAC address for PC-A to the table.
• If the source MAC address does exist, the switch updates the refresh timer for that entry. By
default, most Ethernet switches keep an entry in the table for 5 minutes.
Next, if the destination MAC address is a unicast address, the switch will look for a match between
the destination MAC address of the frame and an entry in its MAC address table.
• If the destination MAC address is in the table, it will forward the frame out the specified
port.
• If the destination MAC address is not in the table, the switch will forward the frame out all
ports except the incoming port. This is known as an unknown unicast. As shown in Figure 2,
the switch does not have the destination MAC address in its table for PC-D, so it sends the
frame out all ports except port 1.
If the destination MAC address is a broadcast or a multicast, the frame is also flooded out all ports
except the incoming port.
Link gdzie moge generować sobie pytania z switcha
https://static-course-assets.s3.amazonaws.com/ITN6/en/index.html#5.2.1.6
Switches use one of the following forwarding methods for switching data between network
ports:
• Store-and-forward switching
• Cut-through switching

There are two


variants of cut-
through

switching:

Fast-forward switching - Fast-forward switching offers the lowest level of latency. Fast-forward
switching immediately forwards a packet after reading the destination address. Because fast-
forward switching starts forwarding before the entire packet has been received, there may be times
when packets are relayed with errors. This occurs infrequently, and the destination network adapter
discards the faulty packet upon receipt. In fast-forward mode, latency is measured from the first bit
received to the first bit transmitted. Fast-forward switching is the typical cut-through method of
switching.
Fragment-free switching - In fragment-free switching, the switch stores the first 64 bytes of the
frame before forwarding. Fragment-free switching can be viewed as a compromise between store-
and-forward switching and fast-forward switching. The reason fragment-free switching stores only
the first 64 bytes of the frame is that most network errors and collisions occur during the first 64
bytes. Fragment-free switching tries to enhance fast-forward switching by performing a small error
check on the first 64 bytes of the frame to ensure that a collision has not occurred before forwarding
the frame. Fragment-free switching is a compromise between the high latency and high integrity of
store-and-forward switching, and the low latency and reduced integrity of fast-forward switching.

Two of the most basic settings on a switch are the bandwidth and duplex settings for each
individual switch port. It is critical that the duplex and bandwidth settings match between the
switch port and the connected devices, such as a computer or another switch.
There are two types of duplex settings used for communications on an Ethernet network: half
duplex and full duplex.
• Full-duplex – Both ends of the connection can send and receive simultaneously.
• Half-duplex – Only one end of the connection can send at a time.
Autonegotiation enables two devices to automatically exchange information about speed and
duplex capabilities. The switch and the connected device will choose the highest performance
mode.
duplex Mismatch One of the most common causes of performance issues on 10/100 Mb/s Ethernet
links occurs when one port on the link operates at half-duplex while the other port operates at full-
duplex. This occurs when one or both ports on a link are reset, and the autonegotiation process does
not result in both link partners having the same configuration. It also can occur when users
reconfigure one side of a link and forget to reconfigure the other. Both sides of a link should have
autonegotiation on, or both sides should have it off.

auto-MDIX When the auto-MDIX feature is enabled, the switch detects the type of cable attached
to the port, and configures the interfaces accordingly. Therefore, you can use either a crossover or a
straight-through cable for connections to a copper 10/100/1000 port on the switch, regardless of the
type of device on the other end of the connection.
When the router receives the Ethernet frame, it de-encapsulates the Layer 2 information. Using the
destination IP address, it determines the next-hop device, and then encapsulates the IP packet in a
new data link frame for the outgoing interface. Along each link in a path, an IP packet is
encapsulated in a frame specific to the particular data link technology associated with that link, such
as Ethernet. If the next-hop device is the final destination, the destination MAC address will be that
of the device’s Ethernet NIC.

ARP
ARP is used to determine the destination MAC address. ARP provides two basic functions:
• Resolving IPv4 addresses to MAC addresses
• Maintaining a table of mappings
When a packet is sent to the data link layer to be encapsulated into an Ethernet frame, the device
refers to a table in its memory to find the MAC address that is mapped to the IPv4 address. This
table is called the ARP table . The ARP table is stored in the RAM of the device.
The sending device will search its ARP table for a destination IPv4 address and a corresponding
MAC address.
• If the packet’s destination IPv4 address is on the same network as the source IPv4 address,
the device will search the ARP table for the destination IPv4 address.
• If the destination IPv4 address is on a different network than the source IPv4 address, the
device will search the ARP table for the IPv4 address of the default gateway.
If the device locates the IPv4 address, its corresponding MAC address is used as the destination
MAC address in the frame. If there is no entry is found, then the device sends an ARP request.
An ARP request is sent when a device needs a MAC address associated with an IPv4 address
The ARP request message includes:
• Target IPv4 address – This is the IPv4 address that requires a corresponding MAC address.
• Target MAC address - This is the unknown MAC address and will be empty in the ARP
request message.
Because ARP requests are broadcasts, they are flooded out all ports by the switch except the
receiving port. All Ethernet NICs on the LAN process broadcasts. Every device must process the
ARP request to see if the target IPv4 address matches its own. A router will not forward
broadcasts out other interfaces.
Only one device on the LAN will have an IPv4 address that matches the target IPv4 address in the
ARP request and it will reply to the sending device. IPv4 address and the corresponding MAC
address are added to ARP table.
• If no device responds to the ARP request, the packet is dropped because a frame cannot be
created.
• Entries in the ARP table are time stamped. If a device does not receive a frame from a
particular device by the time the timestamp expires, the entry for this device is removed
from the ARP table.
• Additionally, static map entries can be entered in an ARP table, but this is rarely done. Static
ARP table entries do not expire over time and must be manually removed.
• IPv6 uses a similar process to ARP for IPv4, known as ICMPv6 neighbor discovery.
When the destination IPv4 address is not on the same network as the source IPv4 address, the
source device needs to send the frame to its default gateway. Whenever a source device has a packet
with an IPv4 address on another network, it will encapsulate that packet in a frame using the
destination MAC address of default gateway The IPv4 address of the default gateway address is
stored in the IPv4 configuration of the hosts. When a host creates a packet for a destination, it
compares the destination IPv4 address and its own IPv4 address to determine if the two IPv4
addresses are located on the same Layer 3 network. If the destination host is not on its same
network, the source checks its ARP table for an entry with the IPv4 address of the default gateway.
If there is not an entry, it uses the ARP process to determine a MAC address of the default
gateway. .
show ip arp polecenie pokazujące Tablice ARP router cisco
arp –a pokazuje
tablice arp w
windowsie
ARP Spoofing
This is a

technique used by an attacker to reply to an ARP request for an IPv4 address belonging to another
device, such as the default gateway, as shown in the figure. The attacker sends an ARP reply with its
own MAC address. The receiver of the ARP reply will add the wrong MAC address to its ARP table
and send these packets to the attacker.

Ip encapsulation
IP encapsulates the transport layer segment or other data by adding an IP header. This header is used
to deliver the packet to the destination host. The IP header remains the same from the time the
packet leaves the source host until it arrives at the destination host.
Cechy protokołu IP

• Bezpołączeniowość – przed wysłaniem wiadomości nie trzeba utworzyć żadnej sesji


• Best Effort – oznacza że nie ma żadnej gwarancji iż wszystkie pakiety dotrą bez zakłuceń
ani że w ogóle dotrą. Błędy które mogą nastąpić należy rozwiązać używając protokołów
innych warstw.
• Niezależny od medium – pakiet wygląda tak samo niezależnie od medium transmisyjnego
istnieje jednak jedna cecha medium które ma znaczenie czyli maksymalna wielkość PDU
który może być wysyłany przez medium. Czasami jeśli pakiet jest wysyłany do routera z
uzyciem medium z dużym Maks PDU a następnie ma być dalej przesłany przez inne
medium z mniejszym Maks PDU to musi zostać podzielony na kilka mniejszych pakietów
co nazsywamy fragmentacją.

Bezpołączeniowość jest jak wysyłanie listu


Limity IPv4

Ograniczona liczba adresów IPv4 liczba urządzeń z połączeniem do internetu rośnie w


ogromnym tempie
• Internet routing table expansion - A routing table is used by routers to make best path
determinations. As the number of servers connected to the Internet increases, so too does the
number of network routes. These IPv4 routes consume a great deal of memory and
processor resources on Internet routers.
• Lack of end-to-end connectivity - Network Address Translation (NAT) is a technology
commonly implemented within IPv4 networks. NAT provides a way for multiple devices to
share a single public IPv4 address. However, because the public IPv4 address is shared, the
IPv4 address of an internal network host is hidden. This can be problematic for technologies
that require end-to-end connectivity
Zalety IPv6
• Increased address space - IPv6 addresses are based on 128-bit hierarchical addressing as
opposed to IPv4 with 32 bits.
• Improved packet handling - The IPv6 header has been simplified with fewer fields.
• Eliminates the need for NAT - With such a large number of public IPv6 addresses, NAT
between a private IPv4 address and a public IPv4 is not needed. This avoids some of the
NAT-induced application problems experienced by applications requiring end-to-end
connectivity.
Default Gateway (Brama domyślna) -jest to router na który kierowany jest ruch przeznaczony
poza sieć wewnętrzną

On a Windows host, the route print or netstat -r command can be used to display the host routing
table.

When a host sends a packet to another host, it will use its routing table to determine where to send
the packet. If the destination host is on a remote network, the packet is forwarded to the default
gateway.
What happens when a packet arrives at the default gateway, which is usually a router? The router
looks at its routing table to determine where to forward packets.
The routing table of a router can store information about:
• Directly-connected routes - These routes come from the active router interfaces. Routers
add a directly connected route when an interface is configured with an IP address and is
activated. Each of the router's interfaces is connected to a different network segment.
• Remote routes - These routes come from remote networks connected to other routers.
Routes to these networks can be manually configured on the local router by the network
administrator or dynamically configured by enabling the local router to exchange routing
information with other routers using a dynamic routing protocol.
• Default route – Like a host, routers also use a default route as a last resort if there is no
other route to the desired network in the routing table.
show ip route Polecenie które wypisuje tabele routingu
Tabela zawiera informacje o tym jak dana trasa została nauczona, wiarygodność trasy oraz „rating”
kiedy trasa ostatnio została używana oraz na jaki interfejs kierować ruch żeby pakiet dotarł do hosta
docelowego. Jeśli jest kilka tras do jednego hosta to decyzja zależy od wartości metric

Bezpośrednie połączenie (directly connected)


1.jak trasa znalezion 2.IP sieci docelowej 3.interfejs którego trzeba użyć
1. 2. 3.

C - Identifies a directly-connected network. Jest to IP id sieci


L - Identifies that this is a local interface. Jest to IP urządzenia

a b c d e f g
a) jak
trasa
została nauczona (S-static, D- EIGRP , O-ospf)
b) sieć docelowa
c) dystans administracyjny (trustworthiness) zródła trasy. im niższa wart tym wieksza
wiarygodność
d) metric niższa wart oznacza że trasa jest bardziej preferowana
e) IP routera na który należy wysłać pakiet
f) Timestamp – kiedy ostatnio trasa była używana
g) Outgoing interface- jakim interfejsem należy przesłać pakiet








RAM - This is volatile memory used in Cisco routers to store applications, processes, and data
needed to be executed by the CPU. Cisco routers use a fast type of RAM called synchronous
dynamic random access memory (SDRAM).
• ROM - This non-volatile memory is used to store crucial operational instructions and a
limited IOS. Specifically, ROM is firmware embedded on an integrated circuit inside the
router which can only be altered by Cisco.
• NVRAM – This is non-volatile memory is used as the permanent storage for the startup
configuration file (startup-config).
• Flash - This non-volatile computer memory used as permanent storage for the IOS and other
system related files such as log files, voice configuration files, HTML files, backup
configurations, and more. When a router is rebooted, the IOS is copied from flash into
RAM.

Skąd i jakie pliki kopiowane są do RAMu podczas uruchamiania routera


Przebieg
uruchamiania routera

1. Performing POST and Load Bootstrap Program


During the Power-On Self-Test (POST), the router executes diagnostics from ROM on several
hardware components, including the CPU, RAM, and NVRAM. After the POST, the bootstrap
program is copied from ROM into RAM. The main task of the bootstrap program is to locate the
Cisco IOS and load it into RAM.
Note: At this point, if you have a console connection to the router, you begin to see the output on
the screen.
2. Locating and Loading Cisco IOS (Figure 3)
The IOS is typically stored in flash memory and is copied into RAM for execution by the CPU. If
the IOS image is not located in flash, then the router may look for it using a Trivial File Transfer
Protocol (TFTP) server. If a full IOS image cannot be located, a limited IOS is copied into RAM,
which can be used to diagnose problems and transfer a full IOS into Flash memory.
3. Locating and Loading the Configuration File (Figure 4)
The bootstrap program then copies the startup configuration file from NVRAM into RAM. This
becomes the running configuration. If the startup configuration file does not exist in NVRAM, the
router may be configured to search for a TFTP server. If a TFTP server is not found, then the router
displays the setup mode prompt.
show version command displays information about the version of the Cisco IOS software
Podstawowa konfiguracja SWITCHA(routera taka sama)
konfiguracja interfejsów ROUTERA

• show ip route - Displays the contents of the IPv4 routing table stored in RAM.
• show interfaces - Displays statistics for all interfaces on the device.
• show ip interface (brief) - Displays the IPv4 statistics for all interfaces on a router. Można
dopisać brief żeby było krócej

Brama Domyślna na switchu


żeby móc połączyć się ze switchem używając ssh lub telnet spoza sieci lokalnej należy ustawić na
nim brame domyślną
robimy to poleceniem
IP default gateway – ustawia brame domyślną dla switha
Uwaga: Wiele osób uważa że brama domyślna służy wysyłaniu pakietów otrzymanych z hostów
połączonych ze switcha ale hosty takie muszą mieć zdefiniowaną brame domyślną. Brama
domyślna (ustawiona na switchu) jest używana do pakietów generowanych prze switch

IP i maska

Adres IP identyfikuje określonego hosta ale hosty znajdujące się w tej samej podsieci mają taki sam
początek IP co sprawia że używając maski można ustalić czy 2 hosty znajdują się w tej samej
podsieci. Maska informuje nas ile początkowych bitów jest użyte do identyfikacji
adres sieci - identyfikuje sieć
adresy hostów – można je przypisać urzadzeniom
adres broadcastowy – wysyłając coś na adres broadcastowy wysyłamy to do wszystkich urządzeń w
podsieci

Adres IP można ustawić manualnie albo automatycznie z użyciem protokołu dhcp


IPv4 has reserved the 224.0.0.0 to 239.255.255.255 addresses as a multicast range. The IPv4
multicast addresses 224.0.0.0 to 224.0.0.255 are reserved for multicasting on the local network only.

Public IPv4 addresses are addresses which are globally routed between ISP (Internet Service
Provider) However, not all available IPv4 addresses can be used on the Internet. There are blocks of
addresses called private addresses that are used by most organizations to assign IPv4 addresses to
internal hosts.
Specifically, the private address blocks are:
• 10.0.0.0 /8 or 10.0.0.0 to 10.255.255.255
• 172.16.0.0 /12 or 172.16.0.0 to 172.31.255.255
• 192.168.0.0 /16 or 192.168.0.0 to 192.168.255.255
It is important to know that addresses within these address blocks are not allowed on the Internet
and must be filtered (discarded) by Internet routers

Specjalne adresy
There are certain addresses such as the network address and broadcast address that cannot be
assigned to hosts. There are also special addresses that can be assigned to hosts, but with restrictions
on how those hosts can interact within the network.
• Loopback addresses (127.0.0.0 /8 or 127.0.0.1 to 127.255.255.254) – More commonly
identified as only 127.0.0.1, these are special addresses used by a host to direct traffic to
itself. For example, it can be used on a host to test if the TCP/IP configuration is operational,
such as shown in the figure. Notice how the 127.0.0.1 loopback address replies to the ping
command. Also note how any address within this block will loop back to the local host, such
as shown with the second ping in the figure.
• Link-Local addresses (169.254.0.0 /16 or 169.254.0.1 to 169.254.255.254) – More
commonly known as the Automatic Private IP Addressing (APIPA) addresses, they are used
by a Windows DHCP client to self-configure in the event that there are no DHCP servers
available.Useful in a peer-to-peer connection.
• TEST-NET addresses (192.0.2.0/24 or 192.0.2.0 to 192.0.2.255) – These addresses are set
aside for teaching and learning purposes and can be used in documentation and network
examples
Klasy IP

Dual stack

pozwala na używanie adresów IPv4 oraz IPv6


w obrębie jednej sieci
Tunelowanie IPv6 – sposób komunikacji między hostami IPv6 połączonych siecią IPv4 polega na
tym że pakiet IPv6 jest enkapsuowany w pakiecie IPv4 i wysyłany

Translacja – pozwala na komunikacje między hostami IPv4 i IPv6. Odbywa się to w taki sposób że
pakiety IPv4 są tłumaczone na IPv6 oraz na odwrót

Adres IPv6 składa się z 128 bitów i zapisuje się go w postaci szesnastkowej.

Adres zapisujemy w formie x:x:x:x:x:x:x:x gdzie każdy x oznacza jeden oktet(4 licz hex/16 bin)

skracanie zapisu
No leading 0s pomijamy zera z pierwszych miejsc oktetu
Compresed jeden lub kilka oktetów możemy zastąpić podwójnym dwókropkiem

There are three types of IPv6 addresses:


• Unicast - An IPv6 unicast address uniquely identifies an interface on an IPv6-enabled
device. As shown in the figure, a source IPv6 address must be a unicast address.
• Multicast - An IPv6 multicast address is used to send a single IPv6 packet to multiple
destinations.
• Anycast - An IPv6 anycast address is any IPv6 unicast address that can be assigned to
multiple devices. A packet sent to an anycast address is routed to the nearest device having
that address. Anycast addresses are beyond the scope of this course.

Global unicast A global unicast address is similar to a public IPv4 address. These are globally
unique, Internet routable addresses. Global unicast addresses can be configured statically or
assigned dynamically.
Link-local Link-local addresses are used to
communicate with other devices on the same local link.
With IPv6, the term link refers to a subnet. Link-local
addresses are confined to a single link. Their
uniqueness must only be confirmed on that link
because they are not routable beyond the link. In other
words, routers will not forward packets with a link-
local source or destination address.
Unique local Another type of unicast address is the
unique local unicast address. Unique local addresses
are used for local addressing within a site or between a
limited number of sites. These addresses should not be
routable in the global IPv6 and should not be translated
to a global IPv6 address. Unique local addresses are in the range of FC00::/7 to FDFF::/7.

Every IPv6-enabled network interface is required to have a link-local address.


If a link-local address is not configured manually on an interface, the device will automatically
create its own without communicating with a DHCP server. IPv6-enabled hosts create an IPv6 link-
local address even if the device has not been assigned a global unicast IPv6 address. This allows
IPv6-enabled devices to communicate with other IPv6-enabled devices on the same subnet. This
includes communication with the default gateway (router).
IPv6 link-local addresses are in the FE80::/10 range. The /10 indicates that the first 10 bits are 1111
1110 10xx xxxx. The first hextet has a range of 1111 1110 1000 0000 (FE80) to 1111 1110 1011
1111 (FEBF).

Global Unicast Address


A global unicast address has three parts:
• Global Routing Prefix The global routing prefix is the prefix, or network, portion of
the address that is assigned by the provider, such as an ISP, to a customer or site. Typically,
RIRs assign a /48 global routing prefix to customers. This can include everyone from
enterprise business networks to individual households.

• Subnet ID The Subnet ID is used by an organization to identify subnets within its site.
The larger the subnet ID, the more subnets available.

• Interface ID The IPv6 Interface ID is equivalent to the host portion of an IPv4 address.
The term Interface ID is used because a single host may have multiple interfaces, each
having one or more IPv6 addresses. It is highly recommended that in most cases /64 subnets
should be used. In other words a 64-bit interface ID as shown in Figure 2.

Adres
Ipv6

można
ustawić

manualnie lub automatycznie


There are two ways in which a device can obtain an IPv6 global unicast address
automatically:
• Stateless Address Autoconfiguration (SLAAC)
• Stateful DHCPv6
Stateless Address Autoconfiguration (SLAAC) is a method that allows a device to obtain its
prefix, prefix length, default gateway address, and other information from an IPv6 router without
the use of a DHCPv6 server. Using SLAAC, devices rely on the local router’s ICMPv6 Router
Advertisement (RA) messages to obtain the necessary information.
IPv6 routers periodically send out ICMPv6 RA messages, every 200 seconds, to all IPv6-enabled
devices on the network. An RA message will also be sent in response to a host sending an ICMPv6
Router Solicitation (RS) message.
The ICMPv6 RA message is a suggestion to a device on how to obtain an IPv6 global unicast
address. The ultimate decision is up to the device’s operating system. The ICMPv6 RA message
includes:
• Network prefix and prefix length – Tells the device which network it belongs to.
• Default gateway address – This is an IPv6 link-local address, the source IPv6 address of
the RA message.
• DNS addresses and domain name – Addresses of DNS servers and a domain name.
there are three options for RA messages:
• Option 1: SLAAC
• Option 2: SLAAC with a stateless DHCPv6 server
• Option 3: Stateful DHCPv6 (no SLAAC)
RA Option 1: SLAAC
By default, the RA message suggests that the receiving device use the information in the RA
message to create its own IPv6 global unicast address and for all other information. The services of
a DHCPv6 server are not required.
SLAAC is stateless, which means there is no central server (for example, a stateful DHCPv6 server)
allocating global unicast addresses and keeping a list of devices and their addresses. With SLAAC,
the client device uses the information in the RA message to create its own global unicast address. As
shown in Figure 2, the two parts of the address are created as follows:
• Prefix – Received in the RA message
• Interface ID – Uses the EUI-64 process or by generating a random 64-bit number

Option 2: SLAAC and Stateless DHCPv6


With this option, the RA message suggests devices use:
• SLAAC to create its own IPv6 global unicast address.
• The router’s link-local address, the RA’s source IPv6 address for the default gateway
address.
• A stateless DHCPv6 server to obtain other information such as a DNS server address and a
domain name.
A stateless DHCPv6 server distributes DNS server addresses and domain names. It does not allocate
global unicast addresses.
RA Option 3: Stateful DHCPv6
Stateful DHCPv6 is similar to DHCP for IPv4. A device can automatically receive its addressing
information including a global unicast address, prefix length, and the addresses of DNS servers
using the services of a stateful DHCPv6 server.
With this option the RA message suggests devices use:
• The router’s link-local address, the RA’s source IPv6 address for the default gateway
address.
• A stateful DHCPv6 server to obtain a global unicast address, DNS server address, domain
name and all other information.
A stateful DHCPv6 server allocates and maintains a list of which device receives which IPv6
address. DHCP for IPv4 is stateful.

ICMP messages common to both ICMPv4 and ICMPv6 include:


• Host confirmation
• Destination or Service Unreachable
• Time exceeded
• Route redirection

Ping
Ping has a timeout value for the reply. If a reply is not received within the timeout, ping provides a
message indicating that a response was not received. This usually indicates that there is a problem,
but could also indicate that security features blocking ping messages have been enabled on the
network.
inging the Local Loopback
There are some special testing and verification cases for which we can use ping. One case is for
testing the internal configuration of IPv4 or IPv6 on the local host. To perform this test, we ping the
local loopback address of 127.0.0.1 for IPv4 (::1 for IPv6). Testing the IPv4 loopback is shown in
the figure.
A response from 127.0.0.1 for IPv4, or ::1 for IPv6, indicates that IP is properly installed on the
host. This response comes from the network layer. This response is not, however, an indication that
the addresses, masks, or gateways are properly configured. Nor does it indicate anything about the
status of the lower layer of the network stack. This simply tests IP down through the network layer
of IP. An error message indicates that TCP/IP is not operational on the host.
Testing Connectivity to the Local LAN
You can also use ping to test the ability of a host to communicate on the local network.A ping to the
gateway indicates that the host and the router interface serving as the gateway are both operational
on the local network. For this test, the gateway address is most often used because the router is
normally always operational. If the gateway address does not respond, a ping can be sent to the IP
address of another host on the local network that is known to be operational.
If either the gateway or another host responds, then the local host can successfully communicate
over the local network. If the gateway does not respond but another host does, this could indicate a
problem with the router interface serving as the gateway.
One possibility is that the wrong gateway address has been configured on the host. Another
possibility is that the router interface may be fully operational but have security applied to it that
prevents it from processing or responding to ping requests.
Testing Connectivity to Remote
Ping can also be used to test the ability of a local host to communicate across an internetwork. The
local host can ping an operational IPv4 host of a remote network, as shown in the figure.
If this ping is successful, the operation of a large piece of the internetwork can be verified. A
successful ping across the internetwork confirms communication on the local network, the
operation of the router serving as the gateway, and the operation of all other routers that might be in
the path between the local network and the network of the remote host.
Additionally, the functionality of the remote host can be verified. If the remote host could not
communicate outside of its local network, it would not have responded.
Note: Many network administrators limit or prohibit the entry of ICMP messages into the corporate
network; therefore, the lack of a ping response could be due to security restrictions.

Traceroute
Ping is used to test connectivity between two hosts but does not provide information about the
details of devices between the hosts. Traceroute (tracert) is a utility that generates a list of hops that
were successfully reached along the path. This list can provide important verification and
troubleshooting information. If the data reaches the destination, then the trace lists the interface of
every router in the path between the hosts. If the data fails at some hop along the way, the address of
the last router that responded to the trace can provide an indication of where the problem or security
restrictions are found.
Round Trip Time (RTT)
Using traceroute provides round trip time for each hop along the path and indicates if a hop fails to
respond. The round trip time is the time a packet takes to reach the remote host and for the response
from the host to return. An asterisk (*) is used to indicate a lost or unreplied packet.
This information can be used to locate a problematic router in the path. If the display shows high
response times or data losses from a particular hop, this is an indication that the resources of the
router or its connections may be stressed.
IPv4 TTL and IPv6 Hop Limit
Traceroute makes use of a function of the TTL field in IPv4 and the Hop Limit field in IPv6 in the
Layer 3 headers, along with the ICMP time exceeded message.
Play the animation in the figure to see how Traceroute takes advantage of TTL.
The first sequence of messages sent from traceroute will have a TTL field value of 1. This causes
the TTL to time out the IPv4 packet at the first router. This router then responds with an ICMPv4
message. Traceroute now has the address of the first hop.
Traceroute then progressively increments the TTL field (2, 3, 4...) for each sequence of messages.
This provides the trace with the address of each hop as the packets timeout further down the path.
The TTL field continues to be increased until the destination is reached, or it is incremented to a
predefined maximum.
After the final destination is reached, the host responds with either an ICMP port unreachable
message or an ICMP echo reply message instead of the ICMP time exceeded message.
VLSM pozwala na dzielenie podsieci na więcej podsieci
Dzielenie sieci na 8 podsieci należy pożyczyć 3 bity

następnie dzielimy sieć 192.168.20.224 na 8 podsieci należy pożyczyć 3 bity


Within a network, there are different types of devices that require addresses, including:
• End user clients – Most networks allocate addresses dynamically using Dynamic Host
Configuration Protocol (DHCP). This reduces the burden on network support staff and
virtually eliminates entry errors. As well, addresses are only leased for a period of time.
Changing the subnetting scheme means that the DHCP server needs to be reconfigured, and
the clients must renew their IP addresses. IPv6 clients can obtain address information using
DHCPv6 or SLAAC.
• Servers and peripherals – These should have a predictable static IP address. Use a
consistent numbering system for these devices.
• Servers that are accessible from the Internet – In many networks, servers must be made
available to the remote users. In most cases, these servers are assigned private addresses
internally, and the router or firewall at the perimeter of the network must be configured to
translate the internal address into a public address.
• Intermediary devices – These devices are assigned addresses for network management,
monitoring, and security. Because we must know how to communicate with intermediary
devices, they should have predictable, statically assigned addresses.
• Gateway - Routers and firewall devices have an IP address assigned to each interface which
serves as the gateway for the hosts in that network. Typically, the router interface uses either
the lowest or highest address in the network.

Dzielenie adresów IPv6

Global routing prefix - jest wartością przypisywaną do organizacji/lokalizacji. Zwykle jest to


prefiks /32, /40, /48 lub /56, w zależności od wielkości organizacji/lokalizacji i ich potrzeb.
Subnet ID - służy do identyfikacji kolejnych połączeń/podsieci w danej organizacji/lokalizacji.
Interface ID służy do identyfikacji hosta lub interfejsu routera
prefiksy i ich znaczenie

Prefiks Zastosowanie prefiksu


2000::/3 Global Unicast
fec0::/10 Site-Local Unicast (przestarzałe - RFC 3879)
fc00::/7 Unique Local Addresses
fe80::/10 Link-Local Unicast
2001:db8::/32 Zarezerwowany do użytku w dokumentacjach
0000::/96 IPv4-Compatible IPv6 address (przestarzałe - RFC 4213)
::ffff:0:0/96 IPv4-mapped IPv6 address
64:ff9b::/96 Algorytm mapowania dla IPv4-embedded IPv6 addresses (RFC 6052)

The 16 bit subnet ID section of the IPv6 global unicast address can be used by an organization to
create internal subnets.
The subnet ID provides more than enough subnets and host support than will ever be needed in one
subnet. For instance, the 16 bit section can:
• Create up to 65,536 /64 subnets. This does not include the possibility of borrowing any bits
from the interface ID of the address.
• Support up to 18 quintillion host IPv6 addresses per subnet (i.e.,
18,000,000,000,000,000,000).
Warstwa transpotrowa
W warswie transportowej każdy zestaw danych płynących między aplikacją zródłową i aplikacją
docelową nazywamy konwersacją.
Host może mieć wiele aplikacji które komunikują się z jednym lub wieloma aplikacjami na jednym
lub wielu komputerach zadaniem warstwy transportowej jest śledzenie i utrzymanie tych
konwersacji.
Segmenting Data and Reassembling Segments
Data must be prepared to be sent across the media in manageable pieces. Most networks have a
limitation on the amount of data that can be included in a single packet. Transport layer protocols
have services that segment the application data into blocks that are an appropriate size This service
includes the encapsulation required on each piece of data. A header, used for reassembly, is added to
each block of data. This header is used to track the data stream. At the destination, the transport
layer must be able to reconstruct the pieces of data into a complete data stream that is useful to the
application layer. The protocols at the transport layer describe how the transport layer header
information is used to reassemble the data pieces into streams to be passed to the application layer.
Identifying the Applications
To pass data streams to the proper applications, the transport layer must identify the target
application (Figure 3). To accomplish this, the transport layer assigns each application an identifier
called a port number. Each software process that needs to access the network is assigned a port
number unique to that host.
Sending some types of data (for example, a streaming video) across a network, as one complete
communication stream, can consume all of the available bandwidth. This will then prevent other
communications from occurring at the same time. It would also make error recovery and
retransmission of damaged data difficult.
The figure shows that segmenting the data into smaller chunks enables many different
communications, from many different users, to be interleaved (multiplexed) on the same network.
To identify each segment of data, the transport layer adds a header containing binary data organized
into several fields. It is the values in these fields that enable various transport layer protocols to
perform different functions in managing data communication.

TCP Protokół warstwy transportowej


3 basic operations of reability TCP
• numeracja i śledzenie segmentów danych wysyłanych z aplikacji do hosta
• Potwierdzanie otrzymania segmentów
• Retransmisja niewysłanych pakietów po czasie

UDP
• Segmenty nie są numerowane
• nie ma potwierdzenia otrzymania pakietów przez hosta
• nie ma retransmisji
• protokół jest best effort co znaczy że nie ma gwarancji że dane otrymane przez adresata są
prawidłowe ani że w ogóle dotrą

TCP

Establishing a Session– tworzy sesje przed wysyłaniem jakichkolwiek segmentów


• Reliable Delivery – segmenty które nie dotarły są retransmitowane
• Same-Order Delivery – ramki mogą dotrzeć do adresata wieloma trasami i późniejsza
ramka może dotrzeć wcześniej TCP upenia się że segmenty zostaną złożone w całość tak
samo jak zostały wysłane
• Flow Control można dostosowywać tempo wysyłanych segmentów do tempa w jakim
adresat je analizuje
Nagłówek TCP
• Source Port (16 bits) and
Destination Port (16 bits) - Used to
identify the application.

• Sequence number (32 bits) - Used for


data reassembly purposes.

• Acknowledgment number (32 bits) -


Indicates data has been received and
the next byte expected from the
source.

• Header length (4 bits) - Known as


ʺdata offsetʺ. Indicates the length of
the TCP segment header.

• Reserved (6 bits) - This field is


reserved for the future.

• Control bits (6 bits) - Includes bit


codes, or flags, which indicate the
purpose and function of the TCP segment.

• Window size (16 bits) - Indicates the number of bytes that can be accepted at one time.
• Checksum (16 bits) - Used for error checking of the segment header and data.
• Urgent (16 bits) - Indicates if data is urgent.

Features UDP

nagłówek
udp jest
możliwie
mały
żeby
przesyłać
więcej
danych jednym segmentem
Warstwa transpotrowa umożliwia na wiele oddzielnych konwersacji w tym samym czasie. Jest to
możliwe dzięki numerom portów które znajdują się w nagłówku seegmentu.

Source Port (Port źródłowy) - określa numer portu z którego wysyłana jest wiadomość.
?Jest dynamicznie generowany przez urządzenie wysyłające?(z ccna)
Port docelowy (Destination Port) – nadawca umieszcza numer portu w segmencie żeby
poinformować jakiej usługi jest on żądaniem (np. HTTP port:80, FTP port 21)

Dwie wiadomości są wysłane do


serwera w jednym czasie numer portu
określa jaka usługa jest żądana
• Well-known Ports (Numbers 0 to 1023) - These numbers are reserved for services and
applications. They are commonly used for applications such as web browsers, email clients,
and remote access clients.
• Registered Ports (Numbers 1024 to 49151) - These processes are primarily individual
applications that a user has chosen to install, rather than common applications that would
receive a well-known port number.
• Dynamic or Private Ports (Numbers 49152 to 65535) - Also known as ephemeral ports,
these are usually assigned dynamically by the client’s OS when a connection to a service is
initiated. The dynamic port is then used to identify the client application during
communication.

The netstat Command


Polecenie netstat wyświetla
wszystkie połączenia TCP i jakie
są to protokoły.

Każda akpikacja uruchomiona na


serwerze z przypisanym portem
jest nazywana otwartą. Każdy segment wysłany do odpowiedniego portu jest akceptoany i
analizowany.

Tree way handshake ustanowienie sesji

Step 1 - The initiating client requests a client-to-server communication session with the server.
Step 2 - The server acknowledges the client-to-server communication session and requests a server-
to-client communication session.
Step 3 - The initiating client acknowledges the server-to-client communication session.

Zakończenie sesji TCP


Note: In this explanation, the terms client and server are used as a reference for simplicity, but the
termination process can be initiated by any two hosts that have an open session:
Step 1 - When the client has no more data to send in the stream, it sends a segment with the FIN
flag set.
Step 2 - The server sends an ACK to acknowledge the receipt of the FIN to terminate the session
from client to server.
Step 3 - The server sends a FIN to the client to terminate the server-to-client session.
Step 4 - The client responds with an ACK to acknowledge the FIN from the server.

When all segments have been acknowledged, the session is closed.

TCP is a full-duplex protocol, where each connection represents two one-way


communication streams or sessions. To establish the connection, the hosts
perform a three-way handshake
The six bits in the Control Bits field of the TCP segment
header are also known as flags. We have discussed SYN,
ACK, and FIN. The RST flag is used to reset a
connection when an error or timeout occurs.
TCP naprawia kolejność otrzymywanych pakietów

During session setup, an initial sequence number (ISN) is set. This ISN represents the starting value
of the bytes for this session that is transmitted to the receiving application. As data is transmitted
during the session, the sequence number is incremented by the number of bytes that have been
transmitted. This data byte tracking enables each segment to be uniquely identified and
acknowledged. Missing segments can then be identified.
Note: The ISN does not begin at one but is effectively a random number. This is to prevent certain
types of malicious attacks. For simplicity, we will use an ISN of 1 for the examples in this chapter.
Segment sequence numbers indicate how to reassemble and reorder received segments, as shown in
the figure.
The receiving TCP process places the data from a segment into a receiving buffer. Segments are
placed in the proper sequence order and passed to the application layer when reassembled. Any
segments that arrive with sequence numbers that are out of order are held for later processing. Then,
when the segments with the missing bytes arrive, these segments are processed in order.
Retransmisja danych
A destination host service using TCP usually only acknowledges data for
contiguous sequence bytes. If one or more segments are missing, only the data
in the first contiguous sequence of bytes is acknowledged. For example, if
segments with sequence numbers 1500 to 3000 and 3400 to 3500 were
received, the ACK number would be 3001. This is because there are segments
with the SEQ numbers 3001 to 3399 that have not been
received.
When TCP at the source host has not received an acknowledgement after a
predetermined amount of time, it returns to the last ACK number received and
retransmits the data from that point forward. The retransmission process is not
specified by the Request for Comments (RFC), but is left up to the particular
implementation of TCP.

Maksymalny rozmiar segmentu


The figure
shows an
example of
window size
and

acknowledgments. The window size is the number of bytes that the destination device of a TCP
session can accept and process at one time. In this example, PC B’s initial window size for the
TCP session is 10,000 bytes. Starting with the first byte, byte number 1, the last byte PC A can
send without receiving an acknowledgment is byte 10,000. This is known as PC A’s send
window. The window size is included in every TCP segment so the destination can modify the
window size at any time depending on buffer availability.Typically, PC B will not wait until all
10,000 bytes have been received before sending an acknowledgment. This means PC A can
adjust its send window as it receives acknowledgments from PC B. As shown in the figure, when
PC A receives an acknowledgment with the acknowledgment number 2,921, PC A’s send
window will increment another 10,000 bytes (the size of PC B’s current window size) to 12,920.
PC A can now continue to send up to another 10,000 bytes to PC B as long as it does not send
past its new send window at 12,920. The process of the destination sending acknowledgments
as it processes bytes received and the continual adjustment of the source’s send window is
known as sliding windows. If the availability of the destination’s buffer space decreases, it may
reduce its window size to inform the source to reduce the number of bytes it should send
without receiving an acknowledgment.
Retransmisja segmentów

When congestion occurs on a network, it results in packets being discarded by


the overloaded router. When packets containing TCP segments don’t reach
their destination, they are left unacknowledged.Whenever there is congestion,
retransmission of lost TCP segments from the source will occur. If the retransmission is not properly
controlled, the additional retransmission of the TCP segments can make the congestion even worse.
If the source determines that the TCP segments are either not being
acknowledged or not acknowledged in a timely manner, then it can reduce the
number of bytes it sends before receiving an acknowledgment. Notice that it is
the source that is reducing the number of unacknowledged bytes it sends and
not the window size determined by the destination.
UDP nie naprawia kolejności

Protokoły warstwy Aplikacji


Some of the most widely known application layer protocols include Hypertext
Transfer Protocol (HTTP), File Transfer Protocol (FTP), Trivial File Transfer Protocol
(TFTP), Internet Message Access Protocol (IMAP), and Domain Name System
(DNS) protocol
Warstwa Prezentacji
• Formatting, or presenting, data at the source device into a compatible
form for receipt by the destination device
• Compressing data in a way that can be decompressed by the destination
device
• Encrypting data for transmission and decrypting data upon receipt
As shown in the figure, the presentation layer formats data for the application
layer, and it sets standards for file formats. Some well-known standards for
video include QuickTime and Motion Picture Experts Group (MPEG). Some well-
known graphic image formats that are used on networks are Graphics
Interchange Format (GIF), Joint Photographic Experts Group (JPEG), and
Portable Network Graphics (PNG) format.
The Session Layer
As the name implies, functions at the session layer create and maintain dialogs between source and
destination applications. The session layer handles the exchange of information to initiate dialogs,
keep them active, and to restart sessions that are disrupted or idle for a long period of time.

DNS
The DNS server stores different types of resource records used to resolve
names. These records contain the name, address, and type of record. Some of
these record types are:
• A - An end device IPv4 address
• NS - An authoritative name server
• AAAA - An end device IPv6 address (pronounced quad-A)
• MX - A mail exchange record
When a client makes a query, the server’s DNS process first looks at its own records to resolve the
name. If it is unable to resolve the name using its stored records, it contacts other servers to resolve
the name. After a match is found and returned to the original requesting server, the server
temporarily stores the numbered address in the event that the same name is requested again.
The DNS Client service on Windows PCs also stores previously resolved names in memory. The
ipconfig /displaydns command displays all of the cached DNS entries.

The DNS protocol uses a hierarchical system to create a database to provide


name resolution. The hierarchy looks like an inverted tree with the root at the
top and branches below (see the figure). DNS uses domain names to form the
hierarchy.
The naming structure is broken down into small, manageable zones. Each DNS server maintains a
specific database file and is only responsible for managing name-to-IP mappings for that small
portion of the entire DNS structure. When a DNS server receives a request for a name translation
that is not within its DNS zone, the DNS server forwards the request to another DNS server within
the proper zone for translation.
Note: DNS is scalable because hostname resolution is spread across multiple servers.
The different top-level domains represent either the type of organization or the country of origin.
Examples of top-level domains are:
• .com - a business or industry
• .org - a non-profit organization
• .au - Australia
• .co - Colombia
nslookup polecenie do wyszukania informacji o znanych stronach i ich adresach
IP
DHCP
The Dynamic Host Configuration Protocol (DHCP) for IPv4 service automates
the assignment of IPv4 addresses, subnet masks, gateways, and other IPv4
networking parameters. This is referred to as dynamic addressing. The
alternative to dynamic addressing is static addressing. When using static
addressing, the network administrator manually enters IP address information
on hosts.
When a host connects to the network, the DHCP server is contacted, and an address is requested.
The DHCP server chooses an address from a configured range of addresses called a pool and
assigns (leases) it to the host.

Działanie DHCP

As shown in the figure,


when an IPv4, DHCP-configured device boots up or connects to the network,
the client broadcasts a DHCP discover (DHCPDISCOVER) message to identify
any available DHCP servers on the network. A DHCP server replies with a DHCP
offer (DHCPOFFER) message, which offers a lease to the client. The offer
message contains the IPv4 address and subnet mask to be assigned, the IPv4
address of the DNS server, and the IPv4 address of the default gateway. The
lease offer also includes the duration of the lease.The client may receive
multiple DHCPOFFER messages if there is more than one DHCP server on the
local network. Therefore, it must choose between them, and sends a DHCP
request (DHCPREQUEST) message that identifies the explicit server and lease
offer that the client is accepting. A client may also choose to request an
address that it had previously been allocated by the server. Assuming that the
IPv4 address requested by the client, or offered by the server, is still available,
the server returns a DHCP acknowledgment (DHCPACK) message that
acknowledges to the client that the lease has been finalized. If the offer is no
longer valid, then the selected server responds with a DHCP negative
acknowledgment (DHCPNAK) message. If a DHCPNAK message is returned,
then the selection process must begin again with a new DHCPDISCOVER
message being transmitted. After the client has the lease, it must be renewed
prior to the lease expiration through another DHCPREQUEST message.

FTP

FTP is another commonly used application layer protocol. FTP was developed to
allow for data transfers between a client and a server. An FTP client is an
application that runs on a computer that is used to push and pull data from an
FTP server.
As the figure illustrates, to successfully transfer data, FTP requires two
connections between the client and the server, one for commands and replies,
the other for the actual file transfer:
• The client establishes the first connection to the server for control traffic
using TCP port 21, consisting of client commands and server replies.
• The client establishes the second connection to the server for the actual
data transfer using TCP port 20. This connection is created every time
there is data to be transferred.
The data transfer can happen in either direction. The client can download (pull)
data from the server, or the client can upload (push) data to the server.

ZAGROŻENIA
The four classes of physical threats are:
• Hardware threats - physical damage to servers, routers, switches, cabling plant, and
workstations
• Environmental threats - temperature extremes (too hot or too cold) or humidity extremes
(too wet or too dry)
• Electrical threats - voltage spikes, insufficient supply voltage (brownouts), unconditioned
power (noise), and total power loss
• Maintenance threats - poor handling of key electrical components (electrostatic discharge),
lack of critical spare parts, poor cabling, and poor labeling

Ping polecenie do sprawdzenia połączenia


Testing the Loopback
The ping command can also be used to verify the internal IP configuration on the local host by
pinging the loopback address, 127.0.0.1, as shown in Figure 2. This verifies the proper operation of
the protocol stack from the network layer to the physical layer, and back, without actually putting a
signal on the media.
Extended ping otrzymujemy go po wpisaniu ping w konsoli routera bez IP hosta
daje nam to dostęp do zmiany parametrów np. ip źródłowe pingu
show running-config (Figure 1)
• show interfaces (Figure 2)
• show arp (Figure 3)
• show ip route (Figure 4)
• show protocols (Figure 5)
• show version (Figure 6)

You might also like