2023/08/21

Computer Networking Essentials Week 4

Networking

Computer Networking Essentials Week 4

Commands

1. show mac address-table: This command displays the MAC address table on a network switch, showing the MAC addresses that are associated with each switch port.
2. show interface F0/23: This command provides detailed information about the status, configuration, and statistics for a specific interface (in this case, FastEthernet port 0/23) on a network device.
3. clear mac address-table dynamic: This command clears the dynamic entries in the MAC address table on a network switch, typically used to remove old or unnecessary entries and allow the table to be repopulated with current data.
4. ipconfig /all: This is used to display detailed information about all network interfaces on a Windows system, including IP addresses, subnet masks, gateways, DNS servers, and MAC addresses. If you were using a MAC or Linux host, ifconfig command is used.
5. service password-encryption: Secures all passwords in the config file by encrypting them

Ethernet Protocol

1. Ethernet Encapsulation: Ethernet Encapsulation is a process that allows for the transmission of data over Ethernet networks, operating in both the data link and physical layers. It plays a crucial role in enabling communication between different devices within a local network, supporting various data bandwidths ranging from 10Mbps to 100Gbps as per the defined Ethernet standards.
   
   In the context of Ethernet Encapsulation, the data link layer is divided into two separate sublayers: the Logical Link Control (LLC) and the MAC (Media Access Control) sublayers.
   
   The LLC sublayer serves as the bridge for communication between the upper and lower layers in the network protocol stack. Unlike the MAC sublayer, LLC is implemented in software, meaning that it is independent of the hardware being used. This provides flexibility as it allows the LLC to manage logical link connections without being tied to specific physical characteristics.
   
   Conversely, the MAC sublayer is typically implemented by hardware, often in the computer’s Network Interface Card (NIC). Its responsibilities are more concrete, focusing on the placement of frames onto the media and the removal of frames from the media. Essentially, the MAC sublayer governs how data frames are physically transmitted and received over the network medium.
   
   The encapsulation process itself involves taking data from the network layer and adding both LLC and MAC headers, creating an Ethernet frame. This frame is then transmitted over the physical medium, be it twisted-pair cables, coaxial cables, or fiber optics.
   
   Ethernet Encapsulation, therefore, represents a collaboration between software and hardware elements, defining both Layer 2 protocols and Layer 1 technologies to allow for efficient, reliable communication over various physical media. By utilizing both LLC and MAC sublayers, it ensures seamless integration between logical network functions and the actual transmission of data on the physical network.
2. Ethernet Frame Fields:
   
   
   
   Ethernet Frame Fields are essential components that constitute the structure of an Ethernet frame, responsible for carrying data across Ethernet networks. They encompass various fields that hold distinct information required for successful data transmission and reception. The discussion of these fields necessitates an understanding of the minimum and maximum sizes of an Ethernet frame and what these sizes signify.
   
   The Ethernet frame size ranges from 64 bytes to 1518 bytes. This size is pivotal in determining the validity of a frame.
   • Minimum Frame Size (64 bytes): Frames that are less than 64 bytes are referred to as “collision fragments” or “runt frames.” Such frames are typically the result of collisions or other unwanted signals on the network, leading to partial or malformed frames. Receiving stations will automatically discard these frames as they are considered invalid and cannot be processed.
   • Maximum Frame Size (1518 bytes): This includes the Destination MAC address to the Frame Check Sequence (FCS). Frames that consist of more than 1500 bytes of data are referred to as “jumbo” or “baby giant frames.” While these may be used in specific scenarios to enhance performance, they are not standard, and many receiving devices will drop frames that exceed the maximum allowable size.
3. Ethernet MAC Addresses:
   • The MAC address rules are established by IEEE.
   • The IEEE assigns the vendor a 3-byte (24-bit) code, called the Organizationally Unique Identifier (OUI).
4. Frame Processing:
   
   
   • The NIC compares the destination MAC address in the frame with the device’s physical MAC address stored in RAM.
   • If there is a match, the framed is passed up the OSI layers.
   • If there is no match, the device discards the frame.
5. Unicast MAC Address:
   
   
   
   A unicast MAC address is the unique address used when a frame is sent from a single transmitting device to a single destination device.
6. Broadcast MAC Address:
   
   
   
   Network protocols like DHCP (Dynamic Host Configuration Protocol) and ARP (Address Resolution Protocol) make extensive use of broadcasts to communicate with devices on a local network. This mechanism is essential for the functioning of a network where devices need to discover each other or obtain network configuration information dynamically.
   
   A broadcast packet is a special type of packet that is intended to be received by all hosts on the local network segment. This is achieved by setting the destination IPv4 address in such a way that all the bits in the host portion of the address are set to ones. In practical terms, this means that every device on the local network will process the packet, rather than just a single designated recipient.
   
   When this broadcast packet is encapsulated in an Ethernet frame for transmission across the local network, the destination MAC (Media Access Control) address is set to the broadcast MAC address, which is represented in hexadecimal as FF-FF-FF-FF-FF-FF (or 48 ones in binary). This MAC address is universally recognized by all Ethernet devices as a broadcast, ensuring that every device on the Ethernet LAN will receive and process the frame.
   
   In the case of DHCP, broadcasts are used when a client device is seeking to obtain an IP address from a DHCP server but doesn’t yet know the server’s IP address. By broadcasting a request, the client ensures that all DHCP servers on the local network receive it.
   
   With ARP, broadcasts are employed to determine the MAC address that corresponds to a known IP address. By broadcasting an ARP request, a device can ask all devices on the local network “who has this IP address?” and the device with that IP address will reply.
   
   The use of broadcasts ensures that devices can discover each other and communicate even when they lack prior knowledge of each other’s addresses. However, broadcasts are confined to the local network segment and will not be forwarded by routers to other parts of the network, thereby limiting their scope and ensuring that they do not cause unnecessary traffic on other parts of the network. This restriction helps in maintaining network efficiency while still enabling essential discovery and configuration processes within the local network segment.
7. Multicast Mac Address:
   
   
   
   Multicast addresses are a crucial part of network communication, allowing a source device to send a packet to a specific group of devices. Unlike unicast, where a packet is sent to a single destination, or broadcast, where a packet is sent to all devices in a network, multicast targets a specific subset of devices.
   
   Multicast is employed in scenarios where the same data needs to be sent to multiple recipients simultaneously. Common applications include live streaming, video conferencing, and distribution of software updates to multiple clients within a network.
   
   IPv4 multicast addresses fall within the range of 224.0.0.0 to 239.255.255.255. In IPv6, multicast addresses begin with FF00::/8. The devices that need to receive the multicast transmission join a specific multicast group, and each group is identified by a unique multicast IP address within these ranges.
   
   These multicast IP addresses are mapped to a corresponding multicast MAC address, which begins with 01-00-5E in hexadecimal. This relationship between IP and MAC addresses enables routers and switches to recognize and appropriately handle multicast traffic at both the Network Layer (Layer 3) and the Data Link Layer (Layer 2) of the OSI model.
   
   When a device wants to send a packet to a multicast group, it uses the corresponding multicast IP address as the destination. Network devices like routers and switches then use the associated multicast MAC address to efficiently forward the packet to only the segments of the network where the members of that multicast group reside.
   
   The use of multicast addresses significantly improves network efficiency, as the source device only needs to send a single copy of the packet. The network infrastructure then takes responsibility for ensuring that all members of the multicast group receive the packet. This is in contrast to unicast transmission, where the source would have to send a separate copy of the packet to each recipient, consuming more bandwidth.
   
   Multicast requires proper configuration and support both in the network devices (such as routers and switches) and the host devices that are part of the multicast group. Protocols like Internet Group Management Protocol (IGMP) are often used to manage membership in multicast groups and ensure that devices only receive the multicast traffic for groups they have joined.

LAN Switches

1. The MAC address table is sometimes referred to as a content addressable memory (CAM) table.
2. The process to learn the Source MAC Address:
   • Switches examine all incoming frames for new source MAC address information to learn.
   • If the source MAC address is unknown, it is added to the table along with the port number.
   • If the source MAC address does exist, the switch updates the refresh timer for that entry.
   • By default, most Ethernet switches keep an entry in the table for 5 minutes.
3. The process to forward the Destination MAC Address:
   • If the destination MAC address is a broadcast or a multicast, the frame is also flooded out all ports except the incoming port.
   • If the destination MAC address is a unicast address, the switch will look for a match in its MAC address table.
   • If the destination MAC address is in the table, it will forward the frame out the specified port.
   • If the destination MAC address is not in the table (i.e., an unknown unicast) the switch will forward the frame out all ports except the incoming port.

Address Resolution Protocol

1. ARP Functions:
   
   
   
   The Address Resolution Protocol (ARP) functions as an essential bridge between two key aspects of network communication: Internet Protocol (IP) addresses, used by the network layer, and Media Access Control (MAC) addresses, used by the data link layer. In the context provided, we can discuss ARP’s operations and functions without relying on listings.
   
   Within a local network, devices need to translate IPv4 addresses to corresponding MAC addresses to communicate effectively. ARP provides this translation by maintaining a table, known as the ARP table or ARP cache, in the device’s memory (such as RAM). This table maps IPv4 addresses to their corresponding MAC addresses, allowing devices to find each other on the local network.
   
   When a device wants to communicate with another device within the same network, it consults its ARP table. If the destination IPv4 address’s corresponding MAC address is found, it can send the packet directly. If not, the ARP process involves sending an ARP request broadcast within the LAN to discover the required MAC address and update the ARP table accordingly.
   
   However, if the destination IPv4 address is on a different network, the device doesn’t try to find the MAC address of the destination itself. Instead, it looks up the ARP table for the MAC address of the default gateway, a networking device that routes traffic between different networks. This is because the packet must be sent to the gateway first, which will then route it to the appropriate network.
   
   The ARP table is dynamic, with entries being updated as devices join and leave the network or as IP addresses change. This ensures that the ARP table reflects the current state of the network, allowing for seamless communication between devices.
2. Removing Entries from an ARP Table:
   • Every device has an ARP cache timer that removes ARP entries that have not been used for a specified period of time.
   • The times differ depending on the device’s operating system.
   • Some Windows operating systems store ARP cache entries for 2 minutes.
   • You can also manually remove all or some of the entries in the ARP table.
3. ARP Tables:
   • On a Cisco router, the show ip arp command is used to display the ARP table.
   • On a Windows 7 PC, the arp –a command is used to display the ARP table.
4. ARP Broadcasts:
   
   
   • As a broadcast frame, an ARP request is received and processed by every device on the local network.
   • ARP requests can flood the local segment if a large number of devices were to be powered up and all start accessing network services at the same time.
5. Dynamic ARP Inspection (DAI): Dynamic ARP Inspection (DAI) is a security feature implemented on many enterprise-level switches to prevent ARP spoofing attacks, wherein an attacker can deceive network devices about the actual MAC address associated with an IP address.
   
   Here’s a detailed explanation of DAI, considering the reference:
   
   ARP Spoofing Problem: In a typical ARP spoofing scenario, an attacker’s host responds to ARP requests with false information. In the example provided, Host A wants to know the MAC address of the default gateway. However, instead of the actual gateway, Host C (the attacker) replies with its own MAC address. Host A then updates its ARP table and starts sending packets destined for the default gateway to Host C. This allows the attacker to intercept, modify, or even stop the packets, leading to various security issues such as data theft and man-in-the-middle attacks.
   
   Dynamic ARP Inspection Solution: DAI is designed to combat this kind of threat. Here’s how it works:
   • Inspection: DAI inspects ARP packets on the network. It intercepts each ARP response (reply) and validates it before forwarding.
   • Validation: Validation is usually done by comparing the ARP response with a trusted database of IP-to-MAC address bindings. This database can be built through DHCP snooping or other trusted means. If the ARP response contains valid IP-to-MAC bindings, it is forwarded. If not, it’s discarded.
   • Logging and Monitoring: In addition to blocking invalid ARP responses, DAI can also log them, helping in monitoring and troubleshooting potential attacks.
   • Rate Limiting: DAI can also be configured to limit the rate of ARP requests and replies from a single host, preventing potential ARP flooding attacks.

Network Layer Protocols

1. The network layer uses four processes in order to provide end-to-end transport:
   • Addressing of end devices: IP addresses must be unique for identification purposes.
   • Encapsulation: The protocol data units from the transport layer are encapsulated by adding IP header information including source and destination IP addresses.
   • Routing: The network layer provides services to direct packets to other networks. Routers select the best path for a packet to take to its destination network.
   • De-encapsulation: The destination host de-encapsulates the packet to see if it matches its own.
2. Characteristics of IP:
   • IP was designed as a protocol with low overhead – it provides only the functions required to deliver a packet from the source to a destination.
   • An IP packet is sent to the destination without prior establishment of a connection
   • IP was not designed to track and manage the flow of packets. (These functions, if required, are performed by other layers – primarily TCP)
3. The network layer has a maximum size of the Protocol Data Unit (PDU) that can be transported, referred to as the Maximum Transmission Unit (MTU), and the data link layer tells the network layer the MTU.
4. IPv4 Packet Header:
   
   
   • Version: Specifies packet is IP version 4
   • Differentiated Services or DiffServ (DS): Used to determine the priority of each packet on the network.
   • Time-to-Live (TTL): Limits the lifetime of a packet – decreased by one at each router along the way.
   • Protocol: Used to identify the next level protocol.
   • Source IPv4 Address: Source address of the packet.
   • Destination IPv4 Address: Address of destination.
5. Limitations of IPv4:
   • IP address depletion (the reduction of something by a large amount so that there is not enough left): IPv4 has a limited number of unique public IPv4 addresses available.
   • Internet routing table expansion: A routing table contains the routes to different networks in order to make the best path determination. As more devices and servers are connected to the network, more routes are created. A large number of routes can slow down a router.
   • Lack of end-to-end connectivity: Network Address Translation (NAT) was created for devices to share a single IPv4 address. However, because they are shared, this can cause problems for technologies that require end-to-end connectivity.
6. Advantages of IPv6 over IPv4 using the simplified header::
   • Simplified header format for efficient packet handling
   • Hierarchical network architecture for routing efficiency
   • Auto-configuration for addresses
   • Elimination of need for network address translation (NAT) between private and public addresses
7. IPv6 Packet Header:
   
   
   • Version: Contains a 4-bit binary value set to 0110 that identifies it as a IPv6 packet.
   • Traffic Class: 8-bit field equivalent to the IPv4 Differentiated Services (DS) field.
   • Flow Label: 20-bit field suggests that all packets with the same flow label receive the same type of handling by routers.
   • Payload Length: 16-bit field indicates the length of the data portion or payload of the packet.
   • Next Header: 8-bit field is equivalent to the IPv4 Protocol field. It indicates the data payload type that the packet is carrying.
   • Hop Limit: 8-bit field replaces the IPv4 TTL field. This value is decremented by 1 as it passes through each router. When it reaches zero, the packet is discarded.
   • Source IPv6 Address: 128-bit field that identifies the IPv6 address of the sending host.
   • Destination IPv6 Address: 128-bit field that identifies the IPv6 address of the receiving host.

Routing

1. Host Routing Tables:
   
   On a Windows host, you can display the routing table using:
   • route print
   • netstat -r

   Three sections will be displayed:

   • Interface List: Lists the Media Access Control (MAC) address and assigned interface number of network interfaces on the host.
   • IPv4 Route Table: Lists all known IPv4 routes.
   • IPv6 Route Table: Lists all known IPv6 routes.
2. On a Cisco IOS router, the show ip route command is used to display the router’s IPv4 routing table. The routing table shows:
   • Directly connected and remote routes
   • How each route was learned
   • Trustworthiness and rating of the route
   • When the route was last updated
   • Which interface is used to reach the destination
3. When configuring a router interface and activating it, two essential entries are created in the routing table, which together play a vital role in the router’s operation.
   • C: Identifies that the network is directly connected and the interface is configured with an IP address and activated.
   • L: Identifies that it is a local interface. This is the IPv4 address of the interface on the router.
4. Remote Route Entries in a routing table:
   
   
   
   Remote Route Entries in a routing table provide essential information for a router to forward packets to networks that are not directly connected to it. These entries act as a guidepost, directing data towards its destination, based on a set of parameters as defined below:
   • Destination Network: An entry like “10.1.1.0/24” would identify the destination network that the router needs to reach. It includes both the network address and the subnet mask, specifying the range of IP addresses within that network.
   • Administrative Distance: This is a measure of the trustworthiness of the route. In the context provided, a value of 90 signifies the administrative distance for the corresponding network. A lower administrative distance indicates a more preferred or trustworthy source for the routing information. Different routing protocols have different default administrative distances, and this value helps in selecting the best route among multiple available ones.
   • Metric: Represented by a number like “2170112”, the metric is a value that the routing algorithm uses to determine the most efficient path to the destination. Lower values generally indicate preferred routes, and the way metrics are calculated can differ depending on the routing protocol in use.
   • Next-hop IP Address: The IP address “209.165.200.226” would be the address of the next router to which the packet needs to be forwarded. This next-hop router is a stepping stone on the path to the destination network.
   • Route Timestamp: A timestamp like “00:00:05” identifies when the router last heard from the next hop. It can be an essential element in determining the freshness or validity of the route.
   • Outgoing Interface: Specified by an entry like “Serial/0/0/0”, this tells the router through which of its interfaces it should forward the packet to reach the next-hop router.

Routers

1. A router uses four types of memory:
   • RAM: Volatile memory used to store applications, processes, and data needed to be executed by the CPU.
   • ROM: Non-volatile memory used to store crucial operational instructions and a limited IOS. ROM is firmware embedded on an integrated circuit inside of the router.
   • NVRAM: Non-volatile memory used as permanent storage for the startup configuration file (startup-config).
   • Flash: Non-volatile memory used as permanent storage for the IOS and other operating system files such as log or backup files.
2. Bootset Files: Routers operate using specialized software known as the Internetwork Operating System (IOS). This IOS is an image file stored in a memory component known as Flash. Flash memory also houses other essential system files needed for the operation of the router. In addition, the router’s Non-Volatile Random Access Memory (NVRAM) stores critical configuration parameters that define how the router operates within the network.
3. Router Bootup Process:
   
   
   
   When a router is powered on, several sequential steps occur to initialize its operation:
   1. Power On Self Test (POST): This initial step tests the hardware to ensure that all components are functioning properly.
   2. Load the Bootstrap Program: The bootstrap program is a basic set of instructions to start the router’s operating system. It’s the fundamental code that tells the router how to find and load its operating system.
   3. Locate and Load the Cisco IOS Software: The router then locates the IOS image file in Flash and loads it into memory, which is the full operating system the router will run.
   4. Locate and Load the Startup Configuration File or Enter Setup Mode: Finally, the router loads its configuration settings from NVRAM, or if no settings are found, it may enter a setup mode where an administrator can define the necessary settings manually.
4. Show Version Output: Routers are complex devices, and understanding their status and configuration can be vital for troubleshooting and performance optimization. Cisco routers include a command known as “show version,” which can be immensely useful for administrators. By executing this command, information about the router is displayed, such as the amounts of memory installed, what IOS image was loaded during boot, and more. This command gives an immediate snapshot of the router’s current state and configuration, making it an invaluable tool for monitoring and management.

Configuring a Cisco Router

1. In-Band Interfaces: In networking, in-band interfaces are the communication paths that routers and other network devices use for regular data traffic. These are the physical or logical connections through which data packets travel.
   
   Example: Cisco 1941 Router: For example, the Cisco 1941 router has four in-band interfaces:
   • Two Gigabit Ethernet Interfaces (G0/0 and G0/1): These are high-speed connections commonly used for local network connections. They are often used to connect to devices within the same building or campus.
   • One Serial WAN Interface Card with Two Interfaces (S 0/0/0 and S0/0/1): WAN (Wide Area Network) interfaces are used to connect networks across longer distances, such as between cities or countries. Serial connections are often used for this purpose, although they are considered somewhat dated.
2. show ip interface brief: Provides you a summarized view of all interfaces to verify if they are activated and operational. Look for Status of “up” and Protocol of “up”.
3. show ip route: Displays the contents of the IPv4 routing table stored in RAM.
4. show interfaces: Displays the IPv4 statistics for all interfaces on a router.
5. copy running-config startup-config: Save your configuration changes
6. Default gateway for switch:
   
   Layer 2 Devices and IP Addressing: A Layer 2 device, such as a switch, operates primarily at the data link layer of the OSI model. It’s mainly concerned with forwarding frames based on MAC addresses within a local network. As such, it doesn’t inherently need an IP address to function in its basic role of switching frames between devices on the same local network.
   
   Remote Configuration and Management: While a switch doesn’t need an IP address for its basic switching function, assigning an IP address to a switch provides several benefits, particularly for configuration and management:
   • Remote Access: By giving the switch an IP address, subnet mask, and default gateway address, administrators can connect to the switch remotely using protocols like SSH or Telnet. This enables them to configure or manage the switch without being physically present at its location.
   • Default Gateway Configuration: The ip default-gateway global configuration command sets the default gateway on the switch. This is not used to forward traffic between hosts on the local network and remote networks, as routers do. Instead, this is used specifically for packets that originate from the switch itself.

   For example, if an administrator is remotely connected to the switch and wants to send commands to it, the switch will use the default gateway to send responses back to the administrator if they are on a different network.
   
   Important Distinctions

   • Switches Do Not Route Traffic: Unlike routers, switches do not forward traffic between different networks. The IP address and default gateway on a switch are used solely for the switch’s own communication, such as remote management.
   • Local Network Operation: Within the local network, the switch continues to operate based on Layer 2 information (MAC addresses) and does not need the IP address or default gateway for this function.
   • Remote Management Utility: The primary reason for configuring an IP address and default gateway on a switch is to enable remote access for configuration and management, not for the normal operation of forwarding traffic within the local network.

Infotech Networking

• Tweet
• LINE
• facebook