Electrical-Forenics Home ray@RayFranco.com                       601.529.7473
   © Dr. Ray Franco, PhD, PE  -  208 Fairways Dr., Vicksburg, MS 39183

Updated 11/20/2024

Networking - Video References:

  1. YouTube - Practical Networks - Network Devices: Host IP Address Network - Lesson 1a
  2. YouTube - Practical Networks - Network Devices: Repeaters, Hubs, Bridges, Swiches & Routers - Lesson 1b
  3. YouTube - Practical Networks - OSI Model - Lesson 2a
  4. YouTube - Practical Networks - OSI Model - Lesson 2b
  5. YouTube - Practical Networks - Everyting Host Do - Lession 3a
  6. YouTube - Practical Networks - Everyting Host Do - Lession 3b
  7. YouTube - Practical Networks - Everything Switches Do - Lesson 4a
  8. YouTube - Practical Networks - Everything Switches Do - Lesson 4b
  9. YouTube - Practical Networks - Everything Routers Do - Lesson 5a
  10. YouTube - Practical Networks - Everything Routers Do - Lession 5b
  11. YouTube - Practical Networks - Router Hierachies and Route Summarization - Lession 5c
  12. YouTube - Practical Networks - Network Protocols - Lession 6
  13. YouTube - Practical Networks - How Data Moves Through the Internet - Lession 7

Computer Networks

The Internet is a bunch of Interconnected Networks.

A host is any device that send or receives data.

A network is a logical grouping of host which require similar connectivity. Networks have an IP address space, and all of the host in the network have an IP Address that is in the network's IP address space.

A NIC is a Network Interface Card (Ethernet or WiFi). Today, these have been integraded onto the motherboard or inside a phone or watch. However, the therm nic is still used.

A Hub is a multi-port repeater. It sits in the center and facilates scaling communications betweeen additinal host. The problem with hubs is that every host receives every host's data.

Bridges sit between two connected host. Bridges by defination only have two ports. Bridges learn which hosts are connected to which bridge port. Bridges issolate traffice by permitting only traffic that needs to cross the bridge to do so.

Switches are a combinatin of Hubs and Bridges. They have multiple ports, and they learn which host are on each port. Switches facilitate communications within a network.

A Router facilitates communications between networks. Since Rounters sit between networks, they are a logical location for security, filtering, and redirection. Routers learn which neworks they are connected to. A Routing Table is all the networks a Router knows about.

A Gateway is a host's way out of their local Network.

The Internet is composed of a bunch of interconnected Routers in a Hierarchy.

Open-System Interconnect (OSI Model)

# Layer Devices Header Addressing Delievery
7 Application Merged Application      
6 Presentation
5 Session
4 Transport Port No's, TCP, UDP TCP Port No. or
UDP Port No.
16-bits /
0-65535 decimal
Service-to-Service
3 Network Anything with an IP Address
i.e. Hosts & Routers
scr & dst IP Addresses 32-bits
4 octets (0-255 decmial)
End-to-End
2 Data Link NIC, WiFi, Switches scr & dst MAC Addresses 48-bit /
6 Hexidecimal pairs
Hop-to-Hop
1 Physical Cables, WiFi, Repeaters & Hubs      

TCP: Tranmission Control Protocol - guaranteed delievery.

UDP: User Datagram Protocol - fast but not guaranteed delievery.

The transmport header dst port number is a "well known" port number and/or assigned port number. ie https - TCP 443, http - TCP 80, IRC (Chat) UDP 6669). The source port number is usually a random number. This allows for applications with tabs or multiple windows on the desktop at the same time.

The ARP (Address Resolution Protocol maps IP Addresses to MAC Address. It bridges L3 and L2.

As data moves down the stack:

As the data moves through the network, at each router, the Layer 2 header is removed, and replaced with a new Layer 2 header to carry it to the next hop.

Finally, the receiving host, checks the Layer 2 header and if it matches, removes it, then checks the Layer 3, and if it matches, removes it. The application then processes the data.

Everything Host Do

The following should be configured for each host:

Assumee that Host_1 needs to send data to Host_2, and Host_1 knows Host_2's IP Address. Since Host_1 knows it own IP Address and the destination IP Address, it has enough information to construct the L3 header (IP Addresses). However, it does not have enough information to construct the L2 header (MAC addresses).

It compares it own IP address and subnet mast to the destination IP Address to determine if the destination IP Address is on the same network or a foreign network.

Host have a ARP Table that maps IP Addresses to MAC Addresses.

The difference between a host and router is that host do not forward frames (or packets). If a host receives a frame that is not address to it, it drops the frame (or packet). Linux allows turning a host into a router by enabling forwarding.

Everything Switches Do

Switching is the process of moving data within a single network.

Switches are Level 2 (Data Link) devices. Switches are only concerned with MAC Addresses. Switches have a MAC Address Table that maps switchport numbers to the MAC Address of the NIC that it is connected to.

Switches do 3 things: Learn, Flood, and Forward.

Initially the MAC Address Table is emply. However, everytime a frame (MAC Address Header + data) flows into a switch, the the switche learns which switchport number is connected to the NIC with the header's source address. This is a one-to-one mapping i.e. each switch port is connected to only one NIC.

If the header's designation MAC Address is not in the switch's MAC Address Table, it does not know where to send the frame. It therefore sends the frame out of all of the switch ports that were not populated in the table. This process is called Flooding. It is not the same as Broadcasting to every switch port.

Simple switches do not have a MAC or IP Address. Managed switches do have a MAC and IP Addresse, which is only used to facilitate managing the switch.

Everything Routers Do

Routing is the process of moving data between networks.

Routers are Level 3 (Network) devices. Routers have an IP Address and a MAC Address for each Network they are connected to.

Each Router has a Routing Table that maps Router Ports to Neworks that they know about. This is a one to many mapping. That is, you can usually reach more than one network per router port.

There are 3 ways to populate a routing table: 1. Direct connected networks, 2. static (adm manual) entries, and information from from other routers via one of serveral dyamic routing protocol. Routing Tables are populated in advance. If a router receives a packet and its destination IP address is not in its routing table, it drops the packet.

Routers also have an ARP Tables (IP Addresses to MAC Addresses). This was discussed in "Everyting Host DO".

As will be discussed in the next section, routers something have an Network Address Translation (NAT) table.

Network Address Tranlation (NAT)

In the Internet address space, there are both private an public IP addresses. The private address spaces are:

The remaining addresses are public.

Since there is no way to recieve a response, a rounter will not forward a packet to the Internet whose source address is private. Instead it will replace the private source IP address with the the routers IP address. In addition, it will also generate a new random port number for the source port number so when the response is recieved at the router, it will know, which host to forward it to. Formally in RFC 2663, uses to term network address and port translation (NAPT) . However, the port transltion is often left out. It is also referred to as port address translation (PAT), IP masquerading, NAT overload, and many-to-one NAT.

One big advantage of NAT (many-to-one) is that it saves public IP Addresses.

As pointed out in one of my old books, "Learning TCP/IP in 24 hours: if the your router always does source NATing then your local Area Network can be any IP Address space not just thoese reversed by private.

There are the terms souce nework address translation (SNAT) and designation network address translation (DNAT).

Router that perform NAT keep a NAT table so that it can forward the respone to the correct host - nftable refers to this as conn tracking.

References:

  1. YouTube - PieterExpainsTech - How Network Address Translation Works
  2. Wikipedia - Network Address Translation
IP Address Host Internet Identity
Subnet Mask Size of the Network the Host is connected to
Default Gateway IP Address of a Rounter connected to this Network
Domain Name Server (DNS) Converts Domain Names to IP Addresses

In his examples, the router are connected linear. In this configuration, hosts in the middle network have two gateways. Which is the default gateway? How does the host know which gateway to chose? Will arranging the host in a heirachie eliminate this problem?

Closing Thoughts

It is customary for the IP Address of a rounter to end in the number one i.e. xxx.xxx.xxx.1. However, it can be any IP Address in the network's IP space. Chosing a another value may be more secure.

When using a Linux Box as a router, you can always perform masquerading via nftables. Therefore, you can chose any IP Address space for the Network - not just the reserved for private use space. If you do use the reserved for private use space then 10.xxx.xxx.xxx is a much larger space, and this may be more secure.

To understand how computer networks operate, you have to understand how data moves though networks. This is the foundation you will need to expand your knowlege of computer networks.

References:

  1. Setting up a Linux Server as a Router
  2. Set Static IP Address
  3. Practical Networking - HTTP vs HTML: Unveiling Network Protocols using Telnet
  4. YouTube - Tall Paul Tech - NAT is Not a Firewall
  5. VLANs - Raspberry Pi as a Router Using a Single Network Interface