Layer Model: Diagram
 |
IP stack connections
CC BY-SA 3.0 |
UMD Libraries, Emerging Technologies Discussion Group
June 23, 2015
Many network models exist. Today we will discuss the network model used for The Internet, known as the Internet protocol suite.
A common way to build and understand complex computer systems is to create layers, with each layer only needing to know its own implementation and how to interact with an adjacent layer.
|
IP stack connections
CC BY-SA 3.0 |
In the Internet model each layer only needs to understand itself and how to interface with the next lower layer.
The link layer is used to move packets between the Internet layer interfaces of two different hosts on the same link. This layer may be implemented on top of virtually any hardware networking technology.
https://en.wikipedia.org/wiki/Internet_protocol_suite#Link_layer
Physical interconnection: Ethernet, Phone Line, Cable, WiFi, 4G cell signal
Link endpoints: Network Interface Controller (NIC), Modem, Antenna
Networked devices are identified at the link layer by their Media Access Control
(MAC) Address (e.g., 80:e6:50:25:0d:74)
Locate the MAC addresses for the WiFi NIC on your computer.
ifconfig en0 at the prompt and press [Return]
Observe Ethernet frames, with Source and Destination MAC addresses
The internet layer is responsibile for sending packets across potentially multiple networks. Internetworking requires sending data from the source network to the destination network. This process is called routing.
https://en.wikipedia.org/wiki/Internet_protocol_suite#Internet_layer
The Internet Protocol (IP) is the principal communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet.
A unique address for a computer on a network.
192.168.192.125fe80:4::82e6:50ffA subnetwork, or subnet, is a logical, visible subdivision of an IP network. Computers that belong to a subnet are addressed with a common, identical, prefix in their IP address.
Show subnets and IP addresses for all interfaces on your computer.
netstat -i -nTraffic is exchanged (routed) between subnetworks with special gateways (routers) when the routing prefixes of the source address and the destination address differ.
Routers have a NIC for each network that they connect to, and a separate IP address assigned to each NIC. One IP is their "public identity", visible to other networks, and the other is their "private identity", visbile only to the devices that are on the local subnet.
Show what router to use to connect to specific IP address.
route -n get www.lib.umd.edu -ifscope en0Follow the route to the destination.
traceroute -n -i en0 www.lib.umd.edutraceroute -n -i en0 echodin.net
The transport layer establishes a basic data channel between hosts. It provides end-to-end services that are independent of the underlying network (link and internet layers). These services are also independent of the structure of user data and the logistics of exchanging information for any particular specific purpose (application layer).
https://en.wikipedia.org/wiki/Internet_protocol_suite#Transport_layer
Both operate on top of the IP protocol. Due to the prevalence of TCP traffic the Internet protocol suite is also known as TCP/IP.
TCP and UDP both introduce the concept of port numbers (0-65535) to identify sending and receiving application end-points on a host.
Many applications have well known ports on the receiving end, eg. port 80 for web servers (HTTP).
User Datagram Protocol (UDP) - used for simple, connectionless messaging transmissions
Observe UDP communications, using special interface Loopback (lo0) with IP address 127.0.0.1
udp.port eq 64000netcat --udp --listen --local-port=64000 to listen for UDP datagrams on port 64000echo 'Hello, World' | netcat --udp 127.0.0.1 64000 to send "Hello, World" datagramTransmission Control Protocol (TCP) - connection oriented, bi-directional messaging
Observe TCP communications, using Loopback interface
tcp.port eq 64000netcat --tcp --listen --local-port=64000 to listen for TCP connections on port 64000echo 'Hello, World' | netcat --tcp --close 127.0.0.1 64000 to send "Hello, World" message
The application layer includes the protocols for providing user services or exchanging data over the network connections established by the lower level protocols. Data coded according to application layer protocols is encapsulated into transport layer protocol units (such as TCP or UDP messages), which in turn use lower layer protocols to effect actual data transfer.
https://en.wikipedia.org/wiki/Internet_protocol_suite#Application_layer
Domain Name System (DNS)
The Domain Name System is an essential component of the functionality of most Internet services because it is the Internet's primary directory service, translating domain names, which can be easily memorized by humans, to IP addresses.
Observe DNS communications.
dnsnslookup lib.umd.edunslookup www.lib.umd.edunslookup oer.umd.edunslookup google.comHypertext Transfer Protocol (HTTP)
An application protocol for distributed, collaborative, hypermedia information systems; the foundation of data communication for the World Wide Web.
HTTP Client Request
Requesting http://www.example.com/index.html
GET /index.html HTTP/1.1
Host: www.example.comHTTP Server Response:
HTTP/1.1 200 OK
Date: Mon, 23 May 2005 22:38:34 GMT
Server: Apache/1.3.3.7 (Unix) (Red-Hat/Linux)
Last-Modified: Wed, 08 Jan 2003 23:11:55 GMT
ETag: "3f80f-1b6-3e1cb03b"
Content-Type: text/html; charset=UTF-8
Content-Length: 138
Accept-Ranges: bytes
Connection: close
<html>
<head>
<title>An Example Page</title>
</head>
<body>
Hello World, this is a very simple HTML document.
</body>
</html>Requesting http://lib.umd.edu/
Open Wireshark, capture packets on en0, filter ip.addr eq 129.2.19.172 and tcp.port eq 80
telnet lib.umd.edu
GET / HTTP/1.0
Host: lib.umd.edu
Ctrl-DRequesting http://www.lib.umd.edu/
telnet www.lib.umd.edu
GET / HTTP/1.0
Host: lib.umd.edu
Ctrl-Dcurl is a command-line tool to transfer data from or to a server, using one of the supported protocols (HTTP, etc.). The command is designed to work without user interaction.
curl http://lib.umd.edu
Web development tools for inspection and debugging of web pages.
HTTP Secure (HTTPS)
HTTP communication within a connection encrypted by Transport Layer Security (TLS), et al. The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data.
Requesting https://mdsoar.org/
Open Wireshark, capture packets on en0, filter ip.addr eq 129.2.19.141 and tcp.port eq 443
curl https://mdsoar.org/
Addtional examples: