What is an intranet?

An intranet is a private network contained within an enterprise that is used to securely share
company information and computing resources among employees. An intranet can also be used
for working in groups and teleconferences.

Intranets encourage communication within an organization. They let employees easily access
important information, links, applications, forms and databases of company records. A database
that includes all the usernames of employees who have access rights to the network is often used
to maintain intranet security.

How are intranets used?

Organizations use intranets in a variety of ways depending on their needs. These include the
following:

 Central repository. Intranets become the main repository where important information
and company data are stored.
 Collaboration. These internal networks provide a way to share information that makes it
easier for employees to work together.
 Personalization. Intranets provide personalized content to employees based on their role
within the company.
 Communication. They make employee directories, company news and organization
charts readily available, improving internal corporate communications.
 Easy access to information. Intranets provide easy access to information about company
policies, benefits and updates.
 Social elements. Social media features let employees create an account, post content and
status alerts and browse a newsfeed.
 Project management. To-do lists, employee directories, status updates and other
resources aid users in project management.
 Automation. Intranets streamline everyday activities by helping to automate repeatable
tasks.

Hyper Office's Atlas Intranet Collaboration Suite enables organizations to create custom intranet
templates quickly with little to no design or HTML experience. Here is an example intranet page
customized for the organization's travel and expenses information.

How do intranets work?

A secure and reliable intranet requires a web server that manages requests for data hosted on the
server. The web server finds requested files and delivers them to the appropriate user. A content
management system should also be set up to control the creation, publication and management of
intranet content.
An intranet may also consist of many interlinked local area networks (LANs), as well as leased
lines connecting to wide area network resources. The intranet's web server uses TCP/IP, HTTP
and other internet protocols. Typically, an intranet includes connections through one or more
gateway computers to the outside internet and external resources.

To access their company intranet, employees must have a special network password and be
connected to the company LAN. Remote employees access the intranet through a virtual private
network (VPN) or another secure connection. The VPN lets users not actually connected to the
required LAN sign into the intranet and access all the same information and functions that would
be available had they been connected to the LAN.

Firewall software is essential to the security of an organization's intranet. It stands between the
outside internet and the private intranet. The firewall will track all incoming and outgoing data
packets to confirm they do not contain unauthorized or suspicious requests. Firewalls also ensure
malware and other malicious attacks do not penetrate the intranet.

When a segment of an intranet is made accessible to customers, partners, suppliers or others

outside the company, that segment becomes part of an extranet. A firewall is especially
important to secure intranet networks that include extranet extensions.

The intranet generally looks like a private version of the internet. With tunneling, companies can
send private messages through the public network. They use special encryption and decryption
and other security safeguards to connect one part of their intranet to another.

Hosted software applications also provide intranets. Instead of a company having its own private
server, it buys intranet software that performs the same functions as traditional intranets. Some
modern intranets operate similarly to social media applications that connect to an array of
corporate applications. These applications are also called employee experience platforms.

What are the advantages of an intranet?

Some potential benefits of using an intranet include the following:

 improved communication, information sharing and collaboration within a business;

 simplified records management;
 streamlined tracking of requests;
 a testing environment for new ideas before they are implemented on a company's
webpage;
 improved corporate culture that focuses on employees and encourages participation and
interaction; and
 a favorable return on investment from low implementation and operating costs.

What are the disadvantages of an intranet?

There are also challenges when implementing an intranet, including these:

  Low user participation rates can result in a lack of the content, communications and
documents needed to make the intranet beneficial.
 The high cost of personnel leads to inadequate support for intranet users. As a result,
when software bugs or other issues arise, problems are not resolved quickly.
 The network must be managed, with regular inspections and maintenance checks to
ensure it is running properly and content is fresh and relevant.
 A lack of proper ownership or ownership being distributed among groups complicates
network responsibilities and management.
 A lack of mobile device and remote support creates problems, including limiting the
ability of remote workers to access information on the intranet.

How do intranets, the internet and extranets differ?

The internet, intranets and extranets are different types of networks with some similarities and
overlapping aspects.

Internet

The internet works on a public network that anyone can access. There are no limits on who can
access the internet, other than users must have access to a computing device that's connected to
the internet. The public internet can have unlimited users at any one time, but it is more
vulnerable to attackers than an intranet.

Intranet

An intranet works on a private network of computers. Only authorized people and systems can
access it. They also must connect to the intranet via the required LAN or VPN. An intranet
typically can host a specific number of users.

Extranet

An extranet is an intranet that grants access to those outside of an organization to certain

information and applications. Third parties such as customers, vendors and partners are given
access to certain parts of the organization's intranet.

What are intranet best practices?

Intranets were developed around the same time as the internet and evolved alongside it. Some
best practices for an intranet strategy in the modern digital workplace include the following:

Multichannel approach. A modern intranet should incorporate other team collaboration tools
inside the main intranet application. It should centralize disparate applications, which may
include collaboration and communication tools, tools for virtual conferences and line-of-business
applications.
Optimize for remote work. Many older intranet platforms were not optimized for mobile or
remote workers. Intranet applications should be easy to access without the use of a corporate
desktop or laptop PC. Intranets should let remote workers access resources without having to be
online constantly.

Modern user experience. To ensure user participation, intranet platforms should be engaging.
They often resemble consumer applications that put a focus on ease-of-use and the user
experience. A smart homepage that users can customize is a plus.

Regular engagement. Regularly posting fresh content boosts user engagement and fosters a
sense of community. Intranets can be used to create smaller groups within a company based on
employee interest. They can also be used to enable peer-to-peer acknowledgment of jobs well
done. Making the corporate intranet a place where employees are encouraged to communicate
with one another strengthens company culture and provides insight into employee needs.

What is the DNS Protocol?

The Domain Network System (DNS) protocol helps Internet users and network devices discover
websites using human-readable hostnames, instead of numeric IP addresses.

The DNS process, simplified, works as follows:

1. A browser, application or device called the DNS client, issues a DNS request or DNS
address lookup, providing a hostname such as “example.com”.
2. The request is received by a DNS resolver, which is responsible for finding the correct IP
address for that hostname. The DNS resolver looks for a DNS name server that holds the
IP address for the hostname in the DNS request.
3. The resolver starts from the Internet’s root DNS server, moving down the hierarchy to
Top Level Domain (TLD) DNS servers (“.com” in this case), down to the name server
responsible for the specific domain “example.com”.
4. When the resolver reaches the authoritative DNS name server for “example.com”, it
receives the IP address and other relevant details, and returns it to the DNS client. The
DNS request is now resolved.
5. The DNS client device can connect to the server directly using the correct IP address.

History of DNS
The idea of mapping human-readable hostnames to numerical addresses originated in the 1970s,
with ARPANET, the predecessor of the modern internet. The Stanford Research Institute (SRI)
was responsible for maintaining a text file called hosts.txt that mapped hostnames to computer
addresses on ARPANET. To add an entry to the hosts file, users would call SRI staff during
business hours, and they would add the host and its associated numeric address manually to the
file.

In the 1980s it was understood that a centralized, manually updated host file was not a scalable
approach. John Postel of the University of Southern California, whose team was responsible for
the ARPANET Assigned Numbers List, assigned the task of creating an automated naming
system to Paul Mockapetris. Mockapetris was supposed to find a compromise between five
competing technical solutions, but instead he created his own solution, the Domain Name
System.

In 1984, four UC Berkeley students wrote the first DNS name server implementation for unix,
and named it BIND. In the 1990s BIND was ported to Windows NT. To date, it is the world’s

DNS Protocol Specification

The Domain Namespace

The DNS namespace governs public hostnames used on the Internet. The namespace is a tree
structure, with each node in the tree having a textual label and zero or more DNS resource
records (RR) describing the domain.

The domain name consists of the label, together with the label of its parent nodes, separated by a
dot (as in “example.com”). The domain namespace is divided into zones, and each zone is
delegated to a specific legal entity for administration and management.

Domain Name Syntax and Format

A domain name consists of one or more parts called labels, which are separated by dots. A label
may contain up to 63 characters. The label at the extreme right is the top-level domain (TLD),
and the next labels from right to left are lower down in the namespace hierarchy. Each label is
known as a subdomain of the label above it. DNS allows up to 127 hierarchical levels.

For example, “forum.support.example.com” represents a subdomain “forum” under the

subdomain “support”, under the domain “example”, under the top level domain “.com”.

Architecture of DNS Resolver and Name Server

There are two key components that resolve DNS requests by clients: a DNS resolver and a DNS
name server.

DNS Resolver

Also called a recursive resolver, this is a server designed to receive DNS queries from web
browsers and other applications or network devices. It receives a hostname, and is responsible
for tracking down the IP address for that hostname:

1. The resolver looks for the required DNS resource record in its local cache or that of the
operating system on the local device.
2. If not found, it looks for a direct reference to the authoritative name server of the
domain’s DNS zone.
3. Failing that, it performs a recursive query - the resolver contacts a DNS Root Server and
receives details of a TLD Name Server for relevant TLD, e.g. “.com”.
4. Via the TLD Name Server, it receives details of the Authoritative Name Server, and asks
it for the IP that matches the requested hostname.

In reality, resolvers do not go through this entire process for every recursive query, because part
of the journey, including DNS server addresses, may already be stored in local cache.

Authoritative Name Server

The authoritative name server is the last stop in a DNS query. It holds the DNS Master File for
the DNS zone it manages, which contains the trusted, correct resource records for all domains in
the zone.

In some cases, the authoritative name server routes the DNS resolver to another name server that
contains specific records for a subdomain, for example, support.example.com. If a CNAME or
ALIAS record is used, the name server redirects the DNS resolver to another hostname, for
which the requested hostname is an alias, and the DNS resolution process starts over.

DNS Message Format

DNS communication occurs via two types of messages: queries and replies. Both DNS query
format and reply format consist of the following sections:

 The header section contains Identification; Flags; Number of questions; Number of

answers; Number of authority resource records (RRs); and Number of additional resource
records.
 The flag field contains sections of one or four bits, indicating type of message, whether
the name server is authoritative; whether the query is recursive or not, whether request
was truncated, and status.
 The question section contains the domain name and type of record (A, AAAA, MX,
TXT, etc.) being resolved. Each label in the domain name is prefixed by its length.
 The answer section has the resource records of the queried name.
DNS Transport Protocol

DNS uses the User Datagram Protocol (UDP) on port 53 to serve DNS queries. UDP is preferred
because it is fast and has low overhead. A DNS query is a single UDP request from the DNS
client followed by a single UDP reply from the server.

If a DNS response is larger than 512 bytes, or if a DNS server is managing tasks like zone
transfers (transferring DNS records from primary to secondary DNS server), the Transmission
Control Protocol (TCP) is used instead of UDP, to enable data integrity checks.

ADDRESS RESOLUTION PROTOCOL

Address Resolution Protocol (ARP) is a protocol or procedure that connects an ever-changing
Internet Protocol (IP) address to a fixed physical machine address, also known as a media access
control (MAC) address, in a local-area network (LAN).

This mapping procedure is important because the lengths of the IP and MAC addresses differ,
and a translation is needed so that the systems can recognize one another. The most used IP
today is IP version 4 (IPv4). An IP address is 32 bits long. However, MAC addresses are 48 bits
long. ARP translates the 32-bit address to 48 and vice versa.

There is a networking model known as the Open Systems Interconnection (OSI) model. First
developed in the late 1970s, the OSI model uses layers to give IT teams a visualization of what is
going on with a particular networking system. This can be helpful in determining which layer
affects which application, device, or software installed on the network, and further, which IT or
engineering professional is responsible for managing that layer.

The MAC address is also known as the data link layer, which establishes and terminates a
connection between two physically connected devices so that data transfer can take place. The IP
address is also referred to as the network layer or the layer responsible for forwarding packets of
data through different routers. ARP works between these layers.
What Does ARP Do and How Does It Work?

When a new computer joins a local area network (LAN), it will receive a unique IP address to
use for identification and communication.

Packets of data arrive at a gateway, destined for a particular host machine. The gateway, or the
piece of hardware on a network that allows data to flow from one network to another, asks the
ARP program to find a MAC address that matches the IP address. The ARP cache keeps a list of
each IP address and its matching MAC address. The ARP cache is dynamic, but users on a
network can also configure a static ARP table containing IP addresses and MAC addresses.

ARP caches are kept on all operating systems in an IPv4 Ethernet network. Every time a device
requests a MAC address to send data to another device connected to the LAN, the device verifies
its ARP cache to see if the IP-to-MAC-address connection has already been completed. If it
exists, then a new request is unnecessary. However, if the translation has not yet been carried
out, then the request for network addresses is sent, and ARP is performed.

An ARP cache size is limited by design, and addresses tend to stay in the cache for only a few
minutes. It is purged regularly to free up space. This design is also intended for privacy and
security to prevent IP addresses from being stolen or spoofed by cyber attackers. While MAC
addresses are fixed, IP addresses are constantly updated.

In the purging process, unutilized addresses are deleted; so is any data related to unsuccessful
attempts to communicate with computers not connected to the network or that are not even
powered on.
What is address resolution protocol's relationship with DHCP and DNS? How
do they differ?

ARP is the process of connecting a dynamic IP address to a physical machine's MAC address. As
such, it is important to have a look at a few technologies related to IP.

As mentioned previously, IP addresses, by design, are changed constantly for the simple reason
that doing so gives users security and privacy. However changes on IP addresses should not be
completely random. There should be rules that allocate an IP address from a defined range of
numbers available in a specific network. This helps prevent issues, such as two computers
receiving the same IP address. The rules are known as DHCP or Dynamic Host Configuration
Protocol.

IP addresses as identities for computers are important because they are needed to perform an
internet search. When users search for a domain name or Uniform Resource Locator (URL), they
use an alphabetical name. Computers, on the other hand, use the numerical IP address to
associate the domain name with a server. To connect the two, a Domain Name System (DNS)
server is used to translate an IP address from a confusing string of numbers into a more readable,
easily understandable domain name, and vice versa.

What Are the Types of ARP?

There are different versions and use cases of ARP. Let us take a look at a few.

Proxy ARP

Proxy ARP is a technique by which a proxy device on a given network answers the ARP request
for an IP address that is not on that network. The proxy is aware of the location of the traffic's
destination and offers its own MAC address as the destination.

Gratuitous ARP

Gratuitous ARP is almost like an administrative procedure, carried out as a way for a host on a
network to simply announce or update its IP-to-MAC address. Gratuitous ARP is not prompted
by an ARP request to translate an IP address to a MAC address.

Reverse ARP (RARP)

Host machines that do not know their own IP address can use the Reverse Address Resolution
Protocol (RARP) for discovery.

Inverse ARP (IARP)

Whereas ARP uses an IP address to find a MAC address, IARP uses a MAC address to find an
IP address.
What is ARP in Networking Useful For?

ARP is necessary because the software address (IP address) of the host or computer connected to
the network needs to be translated to a hardware address (MAC address). Without ARP, a host
would not be able to figure out the hardware address of another host. The LAN keeps a table or
directory that maps IP addresses to MAC addresses of the different devices, including both
endpoints and routers on that network.

This table or directory is not maintained by users or even by IT administrators. Instead, the ARP
protocol creates entries on the fly. If a user's device does not know the hardware address of the
destination host, the device will send a message to every host on the network asking for this
address. When the proper destination host learns of the request, it will reply back with its
hardware address, which will then be stored in the ARP directory or table.

If ARP is not supported, manual entries can be made to this directory.

What Is ARP Spoofing/ARP Poisoning Attack?

ARP spoofing is also known as ARP poison routing or ARP cache poisoning. This is a type of
malicious attack in which a cyber criminal sends fake ARP messages to a target LAN with the
intention of linking their MAC address with the IP address of a legitimate device or server within
the network. The link allows for data from the victim's computer to be sent to the attacker's
computer instead of the original destination.

ARP spoofing attacks can prove dangerous, as sensitive information can be passed between
computers without the victims' knowledge. ARP spoofing also enables other forms of
cyberattacks, including the following:

Man-in-the-Middle (MTM) Attacks

A man-in-the-middle (MITM) attack is a type of eavesdropping in which the cyber attacker

intercepts, relays, and alters messages between two parties—who have no idea that a third party
is involved—to steal information. The attacker may try to control and manipulate the messages
of one of the parties, or of both, to obtain sensitive information. Because these types of attacks
use sophisticated software to mimic the style and tone of conversations—including those that are
text- and voice-based—a MITM attack is difficult to intercept and thwart.

A MITM attack occurs when malware is distributed and takes control of a victim's web browser.
The browser itself is not important to the attacker, but the data that the victim shares very much
is because it can include usernames, passwords, account numbers, and other sensitive
information shared in chats and online discussions.

Once they have control, the attacker creates a proxy between the victim and a legitimate site,
usually with a fake lookalike site, to intercept any data between the victim and the legitimate site.
Attackers do this with online banking and e-commerce sites to capture personal information and
financial data.
Denial-of-Service Attacks

A denial-of-service (DoS) attack is one in which a cyber attacker attempts to overwhelm

systems, servers, and networks with traffic to prevent users from accessing them. A larger-scale
DoS attack is known as a distributed denial-of-service (DDoS) attack, where a much larger
number of sources are used to flood a system with traffic.

These types of attacks exploit known vulnerabilities in network protocols. When a large number
of packets are transmitted to a vulnerable network, the service can easily become overwhelmed
and then unavailable.

Session Hijacking

Session hijacking occurs when a cyber attacker steals a user's session ID, takes over that user's
web session, and masquerades as that user. With the session ID in their possession, the attacker
can perform any task or activity that user is authorized to do on that network.

Authentication occurs when a user tries to gain access to a system or sign in to a restricted
website or web service. The session ID is stored in a cookie in the browser, and an attacker
engaged in session hijacking will intercept the authentication process and intrude in real time.

How Fortinet Can Help

The Fortinet network access control (NAC) solution provides enhanced visibility across all
devices in a network to keep up with the ever-evolving threat landscape. NAC is part of the zero-
trust network access model for security, in which trust is not a given for users, applications, or
devices, whether connected to the network or not, but has to be established.

Each device in a network maintains a copy of the ARP cache, and the cache is cleaned every few
minutes. As such, all devices connected to that network must be kept secure so that important
data, including IP addresses, are not compromised. To further protect your network devices and
servers, Fortinet Ethernet LAN switches safeguard an organization's infrastructure and even
include a selector tool to identify the best switch to meet network requirements.

What is Telnet?

Telnet, developed in 1969, is a protocol that provides a command line interface for communication with
a remote device or server, sometimes employed for remote management but also for initial device
setup like network hardware. Telnet stands for Teletype Network, but it can also be used as a verb; 'to
telnet' is to establish a connection using the Telnet protocol.

Is Telnet secure?

Because it was developed before the mainstream adaptation of the internet, Telnet on its own does not
employ any form of encryption, making it outdated in terms of modern security. It has largely been
overlapped by Secure Shell (SSH) protocol (which has its own security considerations around remote
access), at least on the public internet, but for instances where Telnet is still in use, there are a few
methods for securing your communications.

How does Telnet work?

Telnet provides users with a bidirectional interactive text-oriented communication system

utilizing a virtual terminal connection over 8 byte. User data is interspersed in-band with telnet
control information over the transmission control protocol (TCP). Often, Telnet was used on a
terminal to execute functions remotely.

The user connects to the server by using the Telnet protocol, which means entering Telnet into a
command prompt by following this syntax: telnet hostname port. The user then executes
commands on the server by using specific Telnet commands into the Telnet prompt. To end a
session and log off, the user ends a Telnet command with Telnet.

What are common uses for Telnet?

Telnet can be used to test or troubleshoot remote web or mail servers, as well as for remote access to
MUDs (multi-user dungeon games) and trusted internal networks.

FTP

 FTP stands for File transfer protocol.

 FTP is a standard internet protocol provided by TCP/IP used for transmitting the files from one
host to another.
 It is mainly used for transferring the web page files from their creator to the computer that acts
as a server for other computers on the internet.
 It is also used for downloading the files to computer from other servers.

Objectives of FTP

 It provides the sharing of files.

 It is used to encourage the use of remote computers.
 It transfers the data more reliably and efficiently.

Why FTP?

Although transferring files from one system to another is very simple and straightforward, but
sometimes it can cause problems. For example, two systems may have different file conventions.
Two systems may have different ways to represent text and data. Two systems may have
different directory structures. FTP protocol overcomes these problems by establishing two
connections between hosts. One connection is used for data transfer, and another connection is
used for the control connection.
Mechanism of FTP

The above figure shows the basic model of the FTP. The FTP client has three components: the
user interface, control process, and data transfer process. The server has two components: the
server control process and the server data transfer process.

There are two types of connections in FTP:

 Control Connection: The control connection uses very simple rules for communication. Through
control connection, we can transfer a line of command or line of response at a time. The control
connection is made between the control processes. The control connection remains connected
during the entire interactive FTP session.
  Data Connection: The Data Connection uses very complex rules as data types may vary. The
data connection is made between data transfer processes. The data connection opens when a
command comes for transferring the files and closes when the file is transferred.

FTP Clients

 FTP client is a program that implements a file transfer protocol which allows you to transfer files
between two hosts on the internet.
 It allows a user to connect to a remote host and upload or download the files.
 It has a set of commands that we can use to connect to a host, transfer the files between you
and your host and close the connection.
 The FTP program is also available as a built-in component in a Web browser. This GUI based FTP
client makes the file transfer very easy and also does not require to remember the FTP
commands.

Advantages of FTP:

 Speed: One of the biggest advantages of FTP is speed. The FTP is one of the fastest way to
transfer the files from one computer to another computer.
 Efficient: It is more efficient as we do not need to complete all the operations to get the entire
file.
 Security: To access the FTP server, we need to login with the username and password.
Therefore, we can say that FTP is more secure.
 Back & forth movement: FTP allows us to transfer the files back and forth. Suppose you are a
manager of the company, you send some information to all the employees, and they all send
information back on the same server.

Disadvantages of FTP:

 The standard requirement of the industry is that all the FTP transmissions should be encrypted.
However, not all the FTP providers are equal and not all the providers offer encryption. So, we
will have to look out for the FTP providers that provides encryption.
 FTP serves two operations, i.e., to send and receive large files on a network. However, the size
limit of the file is 2GB that can be sent. It also doesn't allow you to run simultaneous transfers to
multiple receivers.
 Passwords and file contents are sent in clear text that allows unwanted eavesdropping. So, it is
quite possible that attackers can carry out the brute force attack by trying to guess the FTP
password.
 It is not compatible with every system.

What is HTTP?

The Hypertext Transfer Protocol (HTTP) is the foundation of the World Wide Web, and is used
to load web pages using hypertext links. HTTP is an application layer protocol designed to
transfer information between networked devices and runs on top of other layers of the network
protocol stack. A typical flow over HTTP involves a client machine making a request to a server,
which then sends a response message.

What’s in an HTTP request?

An HTTP request is the way internet communications platforms such as web browsers ask for
the information they need to load a website.

Each HTTP request made across the Internet carries with it a series of encoded data that carries
different types of information. A typical HTTP request contains:

1. HTTP version type

2. a URL
3. an HTTP method
4. HTTP request headers
5. Optional HTTP body.

Let’s explore in greater depth how these requests work, and how the contents of a request can be
used to share information.

What’s an HTTP method?

An HTTP method, sometimes referred to as an HTTP verb, indicates the action that the HTTP
request expects from the queried server. For example, two of the most common HTTP methods
are ‘GET’ and ‘POST’; a ‘GET’ request expects information back in return (usually in the form
of a website), while a ‘POST’ request typically indicates that the client is submitting information
to the web server (such as form information, e.g. a submitted username and password).

What are HTTP request headers?

HTTP headers contain text information stored in key-value pairs, and they are included in every
HTTP request (and response, more on that later). These headers communicate core information,
such as what browser the client is using what data is being requested.

Example of HTTP request headers from Google Chrome's network tab:

What’s in an HTTP request body?

The body of a request is the part that contains the ‘body’ of information the request is
transferring. The body of an HTTP request contains any information being submitted to the web
server, such as a username and password, or any other data entered into a form.
What’s in an HTTP response?

An HTTP response is what web clients (often browsers) receive from an Internet server in
answer to an HTTP request. These responses communicate valuable information based on what
was asked for in the HTTP request.

A typical HTTP response contains:

1. an HTTP status code

2. HTTP response headers
3. optional HTTP body

As soon as a client requests a communication session with the server, a three-way handshake
process initiates TCP traffic by following three steps.

The Three Steps of a Three-Way Handshake

Step 1: A connection between server and client is established

First, a connection between server and client is established, so the target server must have open
ports that can accept and initiate new connections. The client node sends a SYN (Synchronize
Sequence Number) data packet over an IP network to a server on the same or an external
network.

This SYN packet is a random sequence number that the client wants to use for the
communication (for example, X). The objective of this packet is to ask/infer if the server is open
for new connections.

Step 2: The server receives the SYN packet from the client node

When the server receives the SYN packet from the client node, it responds and returns a
confirmation receipt – the ACK (Acknowledgement Sequence Number) packet or SYN/ACK
packet. This packet includes two sequence numbers.

The first one is ACK one, which is set by the server to one more than the sequence number it
received from the client (e.g. X+1).

The second one is the SYN sent by the server, which is another random sequence number (for
example, Y).

This sequence indicates that the server correctly acknowledged the client’s packet, and that is
sending its own to be acknowledged as well.

Step 3: Client node receives the SYN/ACK from the server and responds with an
ACK packet

The client node receives the SYN/ACK from the server and responds with an ACK packet. Once
again, each side must acknowledge the sequence number received by incrementing it by one.

So now it’s the turn of the client to acknowledge the server’s packet by adding one to the
sequence number (in this case, Y+1), and resend it to the server.

Upon completion of this process, the connection is created and the host and server can
communicate.

All these steps are necessary to verify the serial numbers originated by both sides, guaranteeing
the stability of the connection.

Since both hosts must acknowledge the connection parameters of the other side, a missing or out-
of-order segment can be quickly detected before the actual data transfer process is initiated.

Flow Control

You can use flow control to manage the rate of data transfer between two devices.
Flow control is configured when two physically connected devices perform auto-negotiation.

An overwhelmed network node might send a pause frame to halt the transmission of the sender
for a specified period. A frame with a multicast destination address sent to a switch is forwarded
out through all other ports of the switch. Pause frames have a special multicast destination
address that distinguishes them from other multicast traffic. A compliant switch does not forward
a pause frame. Frames sent to this range are meant to be acted upon only within the switch.
Pause frames have a limited duration, and expire after a time interval. Two computers that are
connected through a switch never send pause frames to each other, but can send pause frames to
a switch.

One reason to use pause frames is to support network interface controllers (NICs) that do not
have enough buffering to handle full-speed reception. This problem is uncommon with advances
in bus speeds and memory sizes.

Congestion Control

Congestion control helps you control the traffic on the network.

Congestion control applies mainly to packet switching networks. Network congestion within a
switch might be caused by overloaded inter-switch links. If inter-switch links overload the
capability on the physical layer, the switch introduces pause frames to protect itself.

Priority Flow Control

Priority-based flow control (PFC) helps you eliminate frame loss due to congestion.

Priority-based flow control (IEEE 802.1Qbb) is achieved by a mechanism similar to pause

frames, but operates on individual priorities. PFC is also called Class-Based Flow Control
(CBFC) or Per Priority Pause (PPP).

Flow Control and Congestion Control

Flow control is an end-to-end mechanism that controls the traffic between a sender and a
receiver. Flow control occurs in the data link layer and the transport layer.

Congestion control is used by a network to control congestion in the network. This problem is
not as common in modern networks with advances in bus speeds and memory sizes. A more
likely scenario is network congestion within a switch. Congestion Control is handled by the
network layer and the transport layer.
Introduction and IPv4 Datagram Header

The network layer is the third layer (from bottom) in the OSI Model. The network layer is
concerned with the delivery of a packet across multiple networks. The network layer is
considered the backbone of the OSI Model. It selects and manages the best logical path for data
transfer between nodes. This layer contains hardware devices such as routers, bridges, firewalls,
and switches, but it actually creates a logical image of the most efficient communication route
and implements it with a physical medium. Network layer protocols exist in every host or router.
The router examines the header fields of all the IP packets that pass through it. Internet Protocol
and Netware IPX/SPX are the most common protocols associated with the network layer.
In the OSI model, the network layer responds to requests from the layer above it (transport layer)
and issues requests to the layer below it (data link layer).

Responsibilities of Network Layer:

Packet forwarding/Routing of packets: Relaying of data packets from one network segment to
another by nodes in a computer network

Connectionless communication(IP): A data transmission method used in packet-switched

networks in which each data unit is separately addressed and routed based on information carried
by it

Fragmentation of data packets: Splitting of data packets that are too large to be transmitted on
the network

There are two types of network transmission techniques, circuit switched network and packet
switched network.
Circuit Switch vs Packet Switch
In circuit switched network, a single path is designated for transmission of all the data packets.
Whereas in case of a packet-switched network, each packet may be sent through a different path
to reach the destination.

In a circuit switched network, the data packets are received in order whereas in a packet switched
network, the data packets may be received out of order.

The packet switching is further subdivided into Virtual circuits and Datagram.

IPv4:
IPv4 is a connectionless protocol used for packet-switched networks. It operates on a best effort
delivery model, in which neither delivery is guaranteed, nor proper sequencing or avoidance of
duplicate delivery is assured. Internet Protocol Version 4 (IPv4) is the fourth revision of the
Internet Protocol and a widely used protocol in data communication over different kinds of
networks. IPv4 is a connectionless protocol used in packet-switched layer networks, such as
Ethernet. It provides a logical connection between network devices by providing identification
for each device. There are many ways to configure IPv4 with all kinds of devices – including
manual and automatic configurations – depending on the network type.

IPv4 is defined and specified in IETF publication RFC 791.

IPv4 uses 32-bit addresses for Ethernet communication in five classes: A, B, C, D and E. Classes
A, B and C have a different bit length for addressing the network host. Class D addresses are
reserved for military purposes, while class E addresses are reserved for future use.

IPv4 uses 32-bit (4 byte) addressing, which gives 232 addresses. IPv4 addresses are written in the
dot-decimal notation, which comprises of four octets of the address expressed individually in
decimal and separated by periods, for instance, 192.168.1.5.

IPv4 Datagram Header

Size of the header is 20 to 60 bytes.

VERSION: Version of the IP protocol (4 bits), which is 4 for IPv4

HLEN: IP header length (4 bits), which is the number of 32 bit words in the header. The
minimum value for this field is 5 and the maximum is 15.

Type of service: Low Delay, High Throughput, Reliability (8 bits)

Total Length: Length of header + Data (16 bits), which has a minimum value 20 bytes and the
maximum is 65,535 bytes.

Identification: Unique Packet Id for identifying the group of fragments of a single IP datagram
(16 bits)

Flags: 3 flags of 1 bit each : reserved bit (must be zero), do not fragment flag, more fragments
flag (same order)

Fragment Offset: Represents the number of Data Bytes ahead of the particular fragment in the
particular Datagram. Specified in terms of number of 8 bytes, which has the maximum value of
65,528 bytes.

Time to live: Datagram’s lifetime (8 bits), It prevents the datagram to loop through the network
by restricting the number of Hops taken by a Packet before delivering to the Destination.

Protocol: Name of the protocol to which the data is to be passed (8 bits)

Header Checksum: 16 bits header checksum for checking errors in the datagram header

Source IP address: 32 bits IP address of the sender

Destination IP address: 32 bits IP address of the receiver

Option: Optional information such as source route, record route. Used by the Network
administrator to check whether a path is working or not.

Due to the presence of options, the size of the datagram header can be of variable length (20
bytes to 60 bytes).

Size
Field Name Description
(bytes)
Version: Identifies the version of IP used to generate the
datagram. For IPv4, this is of course the number 4. The
purpose of this field is to ensure compatibility between
1/2 devices that may be running different versions of IP. In
Version
(4 bits) general, a device running an older version of IP will reject
datagrams created by newer implementations, under the
assumption that the older version may not be able to
interpret the newer datagram correctly.
Internet Header Length (IHL): Specifies the length of the IP
1/2
IHL header, in 32-bit words. This includes the length of any
(4 bits)
options fields and padding. The normal value of this field
 when no options are used is 5 (5 32-bit words = 5*4 = 20
bytes). Contrast to the longer Total Length field below.
Type Of Service (TOS): A field designed to carry
information to provide quality of service features, such as
prioritized delivery, for IP datagrams. It was never widely
TOS 1 used as originally defined, and its meaning has been
subsequently redefined for use by a technique called
Differentiated Services (DS). See below for more
information.
Total Length (TL): Specifies the total length of the IP
datagram, in bytes. Since this field is 16 bits wide, the
TL 2
maximum length of an IP datagram is 65,535 bytes, though
most are much smaller.
Identification: This field contains a 16-bit value that is
common to each of the fragments belonging to a particular
message; for datagrams originally sent unfragmented it is
still filled in, so it can be used if the datagram must be
fragmented by a router during delivery. This field is used by
Identificatio
2 the recipient to reassemble messages without accidentally
n
mixing fragments from different messages. This is needed
because fragments may arrive from multiple messages
mixed together, since IP datagrams can be received out of
order from any device. See the discussion of IP message
fragmentation.

3/8
Flags
(3 bits)
 Fragment Offset: When fragmentation of a message
occurs, this field specifies the offset, or position, in the
1 5/8
Fragment overall message where the data in this fragment goes. It is
(13
Offset specified in units of 8 bytes (64 bits). The first fragment has
bits)
an offset of 0. Again, see the discussion of fragmentation for
a description of how the field is used.
Time To Live (TTL): Short version: Specifies how long the
datagram is allowed to “live” on the network, in terms of
router hops. Each router decrements the value of the TTL
field (reduces it by one) prior to transmitting it. If the TTL field
TTL 1
drops to zero, the datagram is assumed to have taken too
long a route and is discarded.

See below for the longer explanation of TTL.

Protocol 1

Header Header Checksum: A checksum computed over the header

2
Checksum to provide basic protection against corruption in
 transmission. This is not the more complex CRC code
typically used by data link layer technologies such as
Ethernet; it's just a 16-bit checksum. It is calculated by
dividing the header bytes into words (a word is two bytes)
and then adding them together. The data is not
checksummed, only the header. At each hop the device
receiving the datagram does the same checksum calculation
and on a mismatch, discards the datagram as damaged.
Source Address: The 32-bit IP address of the originator of
the datagram. Note that even though intermediate devices
Source
4 such as routers may handle the datagram, they do not
Address
normally put their address into this field—it is always the
device that originally sent the datagram.
Destination Address: The 32-bit IP address of the intended
Destination recipient of the datagram. Again, even though devices such
4
Address as routers may be the intermediate targets of the datagram,
this field is always for the ultimate destination.
Options: One or more of several types of options may be
Variabl
Options included after the standard headers in certain IP datagrams.
e
I discuss them in the topic that follows this one.
Padding: If one or more options are included, and the
Variabl number of bits used for them is not a multiple of 32, enough
Padding
e zero bits are added to “pad out” the header to a multiple of
32 bits (4 bytes).
Variabl Data: The data to be transmitted in the datagram, either an
Data
e entire higher-layer message or a fragment of one.

Figure 86: Internet Protocol Version 4 (IPv4) Datagram Format

This diagram shows graphically the all-important IPv4 datagram format. The first 20
bytes are the fixed IP header, followed by an optional Options section, and a variable-
length Data area. Note that the Type Of Service field is shown as originally defined in
the IPv4 standard.
Differences between IPv4 and IPv6

IPv4 and IPv6 are internet protocol version 4 and internet protocol version 6, IP version 6 is the
new version of Internet Protocol, which is way better than IP version 4 in terms of complexity
and efficiency.

Difference Between IPv4 and IPv6:

IPv4 IPv6

IPv4 has a 32-bit address length IPv6 has a 128-bit address length

It supports Auto and renumbering address

It Supports Manual and DHCP address configuration
configuration

In IPv4 end to end, connection integrity is In IPv6 end to end, connection integrity is
Unachievable Achievable

Address space of IPv6 is quite large it can

It can generate 4.29×109 address space
produce 3.4×1038 address space

IPSEC is an inbuilt security feature in the IPv6

The Security feature is dependent on application
protocol

Address representation of IPv4 is in decimal Address Representation of IPv6 is in hexadecimal

Fragmentation performed by Sender and forwarding In IPv6 fragmentation performed only by the
routers sender

In IPv6 packet flow identification are Available

In IPv4 Packet flow identification is not available
and uses the flow label field in the header

In IPv4 checksum field is available In IPv6 checksum field is not available

In IPv6 multicast and anycast message

It has broadcast Message Transmission Scheme
transmission scheme is available

In IPv6 Encryption and Authentication are

In IPv4 Encryption and Authentication facility not
provided
provided
 IPv4 IPv6

IPv6 has header of 40 bytes fixed

IPv4 has a header of 20-60 bytes.

IPv6 consist of 8 fields, which are separated by

IPv4 consist of 4 fields which are separated by dot (.)
colon (:)

IPv4’s IP addresses are divided into five different

IPv6 does not have any classes of IP address.
classes. Class A , Class B, Class C , Class D , Class E.

IPv4 supports VSLM(Virtual Length subnet mask). IPv6 does not support VSLM.

Classful Vs Classless Addressing

Classful Address

The first addressing system to be implemented as part of the Internet Protocol was Classful
Addressing. In the year 1981, the Classful addressing network architecture was first used on the
Internet. The Classful addressing system was superseded by a Classless addressing scheme with
the introduction of Classless Inter-Domain Routing (CIDR) in 1993.

 The IP address comprises up of 32 bits and is split into four sections separated by dots:
part 1, part 2, part 3, and part 4.
 The IP address is made up of four parts, each of which is eight bits long (1 byte).
 Further, the 4 parts of the IP address is divided into parts: a network ID and a Host ID.

Types of Classful Address

Class A, Class B, Class C, Class D, and Class E are the five varieties of Classful addresses. In
IPv4, this classification is known as Classful addressing or IP address classes.

 The first three classes, Class A, B, and C, are used for "public addressing", in which
communication is always one-to-one between source and destination. It implies that when
data is transmitted from a source, it will only be sent to a single network host.
 The reserved categories include Class D and Class E, with Class D being utilized for
multicast and Class E being saved for future usage exclusively.
 In IPv4, the Network ID is the first part of Class A, B, and C, while the Host ID is the
remaining second portion.
  The Host ID always indicates the number of hosts or nodes in a certain network, whereas
the Network ID always identifies the network in a specific place.
 In Class A, B, and C, the address space is split into a certain number of IP address blocks.
It also specifies the maximum number of hosts in a network.

Network and Host part in Classful Addressing

The first octet or byte of an IP address is part of the network ID (short for Net-ID), while the
next three octets or three bytes are part of the host ID in Class A. (in short, host-ID).

 The network ID takes up the first two octets or two bytes in Class B, whereas the host ID
takes up the remaining two octets or two bytes.
 In Class C, the first three octets or bytes are dedicated to the network ID, while the last
octet or byte is dedicated to the host ID.

Classless Addressing

Classless Inter-Domain Routing (CIDR) is another name for classless addressing. This
addressing type aids in the more efficient allocation of IP addresses. This technique assigns a
block of IP addresses based on specified conditions when the user demands a specific amount of
IP addresses. This block is known as a "CIDR block", and it contains the necessary number of IP
addresses.

When allocating a block, classless addressing is concerned with the following three rules.

 Rule 1 − The CIDR block's IP addresses must all be contiguous.

 Rule 2 − The block size must be a power of two to be attractive. Furthermore, the block's
size is equal to the number of IP addresses in the block.
 Rule 3 − The block's first IP address must be divisible by the block size.
For example, assume the classless address is 192.168.1.35/27.

 The network component has a bit count of 27, whereas the host portion has a bit count of
5. (32-27)
 The binary representation of the address is: (00100011 . 11000000 . 10101000 .
00000001).
 (11000000.10101000.00000001.00100000) is the first IP address (assigns 0 to all host
bits), that is, 192.168.1.32
 (11000000.10101000.00000001.00111111) is the most recent IP address (assigns 1 to all
host bits), that is, 192.168.1.63
 The IP address range is 192.168.1.32 to 192.168.1.63.

Difference Between Classful and Classless Addressing

 Classful addressing is a technique of allocating IP addresses that divides them into five
categories. Classless addressing is a technique of allocating IP addresses that is intended
to replace classful addressing in order to reduce IP address depletion.
 The utility of classful and classless addressing is another distinction. Addressing without
a class is more practical and helpful than addressing with a class.
 The network ID and host ID change based on the classes in classful addressing. In
classless addressing, however, there is no distinction between network ID and host ID. As
a result, another distinction between classful and classless addressing may be made.

Conclusion

There are two forms of IP addressing: classful and classless. The primary distinction between
classful and classless addressing is that classless addressing provides for more efficient
allocation of IP addresses than classful addressing. In a nutshell, classless addressing avoids the
problem of IP address exhaustion that can arise with classful addressing.

Definition

subnet (subnetwork)

What is a subnet?

A subnet, or subnetwork, is a segmented piece of a larger network. More specifically, subnets are
a logical partition of an IP network into multiple, smaller network segments. The Internet
Protocol (IP) is the method for sending data from one computer to another over the internet.
Each computer, or host, on the internet has at least one IP address as a unique identifier.

Organizations will use a subnet to subdivide large networks into smaller, more efficient
subnetworks. One goal of a subnet is to split a large network into a grouping of smaller,
interconnected networks to help minimize traffic. This way, traffic doesn't have to flow through
unnecessary routs, increasing network speeds.

Subnetting, the segmentation of a network address space, improves address allocation efficiency.
It is described in the formal document, Request for Comments 950, and is tightly linked to IP
addresses, subnet masks and Classless Inter-Domain Routing (CIDR) notation.

How do subnets work?

Each subnet allows its connected devices to communicate with each other, while routers are used
to communicate between subnets. The size of a subnet depends on the connectivity requirements
and the network technology employed. A point-to-point subnet allows two devices to connect,
while a data center subnet might be designed to connect many more devices.

Each organization is responsible for determining the number and size of the subnets it creates,
within the limits of the address space available for its use. Additionally, the details of subnet
segmentation within an organization remain local to that organization.

An IP address is divided into two fields: a Network Prefix (also called the Network ID) and a
Host ID. What separates the Network Prefix and the Host ID depends on whether the address is a
Class A, B or C address. Figure 1 shows an IPv4 Class B address, 172.16.37.5. Its Network
Prefix is 172.16.0.0, and the Host ID is 37.5.

Figure 1.
Class B IP address

The subnet mechanism uses a portion of the Host ID field to identify individual subnets. Figure
2, for example, shows the third group of the 172.16.0.0 network being used as a Subnet ID. A
subnet mask is used to identify the part of the address that should be used as the Subnet ID. The
subnet mask is applied to the full network address using a binary AND operation. AND
operations operate, assuming an output is "true" only when both inputs are "true." Otherwise, the
output is "false." Only when two bits are both 1. This results in the Subnet ID.

Figure 2 shows the AND of the IP address, as well as the mask producing the Subnet ID. Any
remaining address bits identify the Host ID. The subnet in Figure 2 is identified as 172.16.2.0,
and the Host ID is 5. In practice, network staff will typically refer to a subnet by just the Subnet
ID. It would be common to hear someone say, "Subnet 2 is having a problem today," or, "There
is a problem with the dot-two subnet."

Figure 2.
Subnet ID

The Subnet ID is used by routers to determine the best route between subnetworks. Figure 3
shows the 172.16.0.0 network, with the third grouping as the Subnet ID. Four of the 256 possible
subnets are shown connected to one router. Each subnet is identified either by its Subnet ID or
the subnet address with the Host ID set to .0. The router interfaces are assigned the Host ID of .1
-- e.g., 172.16.2.1.

When the router receives a packet addressed to a host on a different subnet than the sender --
host A to host C, for example -- it knows the subnet mask and uses it to determine the Subnet ID
of host C. It examines its routing table to find the interface connected to host C's subnet and
forwards the packet on that interface.

Subnet segmentation
A subnet itself also may be segmented into smaller subnets, giving organizations the flexibility
to create smaller subnets for things like point-to-point links or for subnetworks that support a few
devices.

The example below uses an 8-bit Subnet ID. The number of bits in the subnet mask depends on
the organization's requirements for subnet size and the number of subnets. Other subnet mask
lengths are common. While this adds some complexity to network addressing, it significantly
improves the efficiency of network address utilization.

Figure 3. Subnet segmentation

A subnet can be delegated to a sub organization, which itself may apply the subnetting process to
create additional subnets, as long as sufficient address space is available. Subnetting performed
by a delegated organization is hidden from other organizations. As a result, the Subnet ID field
length and where subnets are assigned can be hidden from the parent (delegating) organization, a
key characteristic that allows networks to be scaled up to large sizes.

In modern routing architectures, routing protocols distribute the subnet mask with routes and
provide mechanisms to summarize groups of subnets as a single routing table entry. Older
routing architectures relied on the default Class A, B and C IP address classification to determine
the mask to use.

CIDR notation is used to identify Network Prefix and Mask, where the subnet mask is a number
that indicates the number of ones in the Mask (e.g., 172.16.2.0/24). This is also known as
Variable-Length Subnet Masking (VLSM) and CIDR. Subnets and sub netting are used in both
IPv4 and IPv6 networks, based on the same principles.
What are subnets used for?

 Reallocating IP addresses. Each class has a limited number of host allocations; for
example, networks with more than 254 devices need a Class B allocation. If a network
administrator is working with a Class B or C network and needs to allocate 150 hosts for
three physical networks located in three different cities, they would need to either request
more address blocks for each network -- or divide a network into subnets that enable
administrators to use one block of addresses on multiple physical networks.
 Relieving network congestion. If much of an organization's traffic is meant to be shared
regularly between the same cluster of computers, placing them on the same subnet can
reduce network traffic. Without a subnet, all computers and servers on the network would
see data packets from every other computer.
 Improving network security. Subnetting allows network administrators to reduce
network-wide threats by quarantining compromised sections of the network and by
making it more difficult for trespassers to move around an organization's network.