Professional Documents
Culture Documents
IT Notes
IT Notes
An intranet is a private network contained within an enterprise that is used to securely share
company information and computing resources among employees. An intranet can also be used
for working in groups and teleconferences.
Intranets encourage communication within an organization. They let employees easily access
important information, links, applications, forms and databases of company records. A database
that includes all the usernames of employees who have access rights to the network is often used
to maintain intranet security.
Organizations use intranets in a variety of ways depending on their needs. These include the
following:
Central repository. Intranets become the main repository where important information
and company data are stored.
Collaboration. These internal networks provide a way to share information that makes it
easier for employees to work together.
Personalization. Intranets provide personalized content to employees based on their role
within the company.
Communication. They make employee directories, company news and organization
charts readily available, improving internal corporate communications.
Easy access to information. Intranets provide easy access to information about company
policies, benefits and updates.
Social elements. Social media features let employees create an account, post content and
status alerts and browse a newsfeed.
Project management. To-do lists, employee directories, status updates and other
resources aid users in project management.
Automation. Intranets streamline everyday activities by helping to automate repeatable
tasks.
Hyper Office's Atlas Intranet Collaboration Suite enables organizations to create custom intranet
templates quickly with little to no design or HTML experience. Here is an example intranet page
customized for the organization's travel and expenses information.
A secure and reliable intranet requires a web server that manages requests for data hosted on the
server. The web server finds requested files and delivers them to the appropriate user. A content
management system should also be set up to control the creation, publication and management of
intranet content.
An intranet may also consist of many interlinked local area networks (LANs), as well as leased
lines connecting to wide area network resources. The intranet's web server uses TCP/IP, HTTP
and other internet protocols. Typically, an intranet includes connections through one or more
gateway computers to the outside internet and external resources.
To access their company intranet, employees must have a special network password and be
connected to the company LAN. Remote employees access the intranet through a virtual private
network (VPN) or another secure connection. The VPN lets users not actually connected to the
required LAN sign into the intranet and access all the same information and functions that would
be available had they been connected to the LAN.
Firewall software is essential to the security of an organization's intranet. It stands between the
outside internet and the private intranet. The firewall will track all incoming and outgoing data
packets to confirm they do not contain unauthorized or suspicious requests. Firewalls also ensure
malware and other malicious attacks do not penetrate the intranet.
The intranet generally looks like a private version of the internet. With tunneling, companies can
send private messages through the public network. They use special encryption and decryption
and other security safeguards to connect one part of their intranet to another.
Hosted software applications also provide intranets. Instead of a company having its own private
server, it buys intranet software that performs the same functions as traditional intranets. Some
modern intranets operate similarly to social media applications that connect to an array of
corporate applications. These applications are also called employee experience platforms.
The internet, intranets and extranets are different types of networks with some similarities and
overlapping aspects.
Internet
The internet works on a public network that anyone can access. There are no limits on who can
access the internet, other than users must have access to a computing device that's connected to
the internet. The public internet can have unlimited users at any one time, but it is more
vulnerable to attackers than an intranet.
Intranet
An intranet works on a private network of computers. Only authorized people and systems can
access it. They also must connect to the intranet via the required LAN or VPN. An intranet
typically can host a specific number of users.
Extranet
Intranets were developed around the same time as the internet and evolved alongside it. Some
best practices for an intranet strategy in the modern digital workplace include the following:
Multichannel approach. A modern intranet should incorporate other team collaboration tools
inside the main intranet application. It should centralize disparate applications, which may
include collaboration and communication tools, tools for virtual conferences and line-of-business
applications.
Optimize for remote work. Many older intranet platforms were not optimized for mobile or
remote workers. Intranet applications should be easy to access without the use of a corporate
desktop or laptop PC. Intranets should let remote workers access resources without having to be
online constantly.
Modern user experience. To ensure user participation, intranet platforms should be engaging.
They often resemble consumer applications that put a focus on ease-of-use and the user
experience. A smart homepage that users can customize is a plus.
Regular engagement. Regularly posting fresh content boosts user engagement and fosters a
sense of community. Intranets can be used to create smaller groups within a company based on
employee interest. They can also be used to enable peer-to-peer acknowledgment of jobs well
done. Making the corporate intranet a place where employees are encouraged to communicate
with one another strengthens company culture and provides insight into employee needs.
1. A browser, application or device called the DNS client, issues a DNS request or DNS
address lookup, providing a hostname such as “example.com”.
2. The request is received by a DNS resolver, which is responsible for finding the correct IP
address for that hostname. The DNS resolver looks for a DNS name server that holds the
IP address for the hostname in the DNS request.
3. The resolver starts from the Internet’s root DNS server, moving down the hierarchy to
Top Level Domain (TLD) DNS servers (“.com” in this case), down to the name server
responsible for the specific domain “example.com”.
4. When the resolver reaches the authoritative DNS name server for “example.com”, it
receives the IP address and other relevant details, and returns it to the DNS client. The
DNS request is now resolved.
5. The DNS client device can connect to the server directly using the correct IP address.
History of DNS
The idea of mapping human-readable hostnames to numerical addresses originated in the 1970s,
with ARPANET, the predecessor of the modern internet. The Stanford Research Institute (SRI)
was responsible for maintaining a text file called hosts.txt that mapped hostnames to computer
addresses on ARPANET. To add an entry to the hosts file, users would call SRI staff during
business hours, and they would add the host and its associated numeric address manually to the
file.
In the 1980s it was understood that a centralized, manually updated host file was not a scalable
approach. John Postel of the University of Southern California, whose team was responsible for
the ARPANET Assigned Numbers List, assigned the task of creating an automated naming
system to Paul Mockapetris. Mockapetris was supposed to find a compromise between five
competing technical solutions, but instead he created his own solution, the Domain Name
System.
In 1984, four UC Berkeley students wrote the first DNS name server implementation for unix,
and named it BIND. In the 1990s BIND was ported to Windows NT. To date, it is the world’s
The DNS namespace governs public hostnames used on the Internet. The namespace is a tree
structure, with each node in the tree having a textual label and zero or more DNS resource
records (RR) describing the domain.
The domain name consists of the label, together with the label of its parent nodes, separated by a
dot (as in “example.com”). The domain namespace is divided into zones, and each zone is
delegated to a specific legal entity for administration and management.
A domain name consists of one or more parts called labels, which are separated by dots. A label
may contain up to 63 characters. The label at the extreme right is the top-level domain (TLD),
and the next labels from right to left are lower down in the namespace hierarchy. Each label is
known as a subdomain of the label above it. DNS allows up to 127 hierarchical levels.
DNS Resolver
Also called a recursive resolver, this is a server designed to receive DNS queries from web
browsers and other applications or network devices. It receives a hostname, and is responsible
for tracking down the IP address for that hostname:
1. The resolver looks for the required DNS resource record in its local cache or that of the
operating system on the local device.
2. If not found, it looks for a direct reference to the authoritative name server of the
domain’s DNS zone.
3. Failing that, it performs a recursive query - the resolver contacts a DNS Root Server and
receives details of a TLD Name Server for relevant TLD, e.g. “.com”.
4. Via the TLD Name Server, it receives details of the Authoritative Name Server, and asks
it for the IP that matches the requested hostname.
In reality, resolvers do not go through this entire process for every recursive query, because part
of the journey, including DNS server addresses, may already be stored in local cache.
The authoritative name server is the last stop in a DNS query. It holds the DNS Master File for
the DNS zone it manages, which contains the trusted, correct resource records for all domains in
the zone.
In some cases, the authoritative name server routes the DNS resolver to another name server that
contains specific records for a subdomain, for example, support.example.com. If a CNAME or
ALIAS record is used, the name server redirects the DNS resolver to another hostname, for
which the requested hostname is an alias, and the DNS resolution process starts over.
DNS communication occurs via two types of messages: queries and replies. Both DNS query
format and reply format consist of the following sections:
DNS uses the User Datagram Protocol (UDP) on port 53 to serve DNS queries. UDP is preferred
because it is fast and has low overhead. A DNS query is a single UDP request from the DNS
client followed by a single UDP reply from the server.
If a DNS response is larger than 512 bytes, or if a DNS server is managing tasks like zone
transfers (transferring DNS records from primary to secondary DNS server), the Transmission
Control Protocol (TCP) is used instead of UDP, to enable data integrity checks.
This mapping procedure is important because the lengths of the IP and MAC addresses differ,
and a translation is needed so that the systems can recognize one another. The most used IP
today is IP version 4 (IPv4). An IP address is 32 bits long. However, MAC addresses are 48 bits
long. ARP translates the 32-bit address to 48 and vice versa.
There is a networking model known as the Open Systems Interconnection (OSI) model. First
developed in the late 1970s, the OSI model uses layers to give IT teams a visualization of what is
going on with a particular networking system. This can be helpful in determining which layer
affects which application, device, or software installed on the network, and further, which IT or
engineering professional is responsible for managing that layer.
The MAC address is also known as the data link layer, which establishes and terminates a
connection between two physically connected devices so that data transfer can take place. The IP
address is also referred to as the network layer or the layer responsible for forwarding packets of
data through different routers. ARP works between these layers.
What Does ARP Do and How Does It Work?
When a new computer joins a local area network (LAN), it will receive a unique IP address to
use for identification and communication.
Packets of data arrive at a gateway, destined for a particular host machine. The gateway, or the
piece of hardware on a network that allows data to flow from one network to another, asks the
ARP program to find a MAC address that matches the IP address. The ARP cache keeps a list of
each IP address and its matching MAC address. The ARP cache is dynamic, but users on a
network can also configure a static ARP table containing IP addresses and MAC addresses.
ARP caches are kept on all operating systems in an IPv4 Ethernet network. Every time a device
requests a MAC address to send data to another device connected to the LAN, the device verifies
its ARP cache to see if the IP-to-MAC-address connection has already been completed. If it
exists, then a new request is unnecessary. However, if the translation has not yet been carried
out, then the request for network addresses is sent, and ARP is performed.
An ARP cache size is limited by design, and addresses tend to stay in the cache for only a few
minutes. It is purged regularly to free up space. This design is also intended for privacy and
security to prevent IP addresses from being stolen or spoofed by cyber attackers. While MAC
addresses are fixed, IP addresses are constantly updated.
In the purging process, unutilized addresses are deleted; so is any data related to unsuccessful
attempts to communicate with computers not connected to the network or that are not even
powered on.
What is address resolution protocol's relationship with DHCP and DNS? How
do they differ?
ARP is the process of connecting a dynamic IP address to a physical machine's MAC address. As
such, it is important to have a look at a few technologies related to IP.
As mentioned previously, IP addresses, by design, are changed constantly for the simple reason
that doing so gives users security and privacy. However changes on IP addresses should not be
completely random. There should be rules that allocate an IP address from a defined range of
numbers available in a specific network. This helps prevent issues, such as two computers
receiving the same IP address. The rules are known as DHCP or Dynamic Host Configuration
Protocol.
IP addresses as identities for computers are important because they are needed to perform an
internet search. When users search for a domain name or Uniform Resource Locator (URL), they
use an alphabetical name. Computers, on the other hand, use the numerical IP address to
associate the domain name with a server. To connect the two, a Domain Name System (DNS)
server is used to translate an IP address from a confusing string of numbers into a more readable,
easily understandable domain name, and vice versa.
There are different versions and use cases of ARP. Let us take a look at a few.
Proxy ARP
Proxy ARP is a technique by which a proxy device on a given network answers the ARP request
for an IP address that is not on that network. The proxy is aware of the location of the traffic's
destination and offers its own MAC address as the destination.
Gratuitous ARP
Gratuitous ARP is almost like an administrative procedure, carried out as a way for a host on a
network to simply announce or update its IP-to-MAC address. Gratuitous ARP is not prompted
by an ARP request to translate an IP address to a MAC address.
Host machines that do not know their own IP address can use the Reverse Address Resolution
Protocol (RARP) for discovery.
Whereas ARP uses an IP address to find a MAC address, IARP uses a MAC address to find an
IP address.
What is ARP in Networking Useful For?
ARP is necessary because the software address (IP address) of the host or computer connected to
the network needs to be translated to a hardware address (MAC address). Without ARP, a host
would not be able to figure out the hardware address of another host. The LAN keeps a table or
directory that maps IP addresses to MAC addresses of the different devices, including both
endpoints and routers on that network.
This table or directory is not maintained by users or even by IT administrators. Instead, the ARP
protocol creates entries on the fly. If a user's device does not know the hardware address of the
destination host, the device will send a message to every host on the network asking for this
address. When the proper destination host learns of the request, it will reply back with its
hardware address, which will then be stored in the ARP directory or table.
ARP spoofing is also known as ARP poison routing or ARP cache poisoning. This is a type of
malicious attack in which a cyber criminal sends fake ARP messages to a target LAN with the
intention of linking their MAC address with the IP address of a legitimate device or server within
the network. The link allows for data from the victim's computer to be sent to the attacker's
computer instead of the original destination.
ARP spoofing attacks can prove dangerous, as sensitive information can be passed between
computers without the victims' knowledge. ARP spoofing also enables other forms of
cyberattacks, including the following:
A MITM attack occurs when malware is distributed and takes control of a victim's web browser.
The browser itself is not important to the attacker, but the data that the victim shares very much
is because it can include usernames, passwords, account numbers, and other sensitive
information shared in chats and online discussions.
Once they have control, the attacker creates a proxy between the victim and a legitimate site,
usually with a fake lookalike site, to intercept any data between the victim and the legitimate site.
Attackers do this with online banking and e-commerce sites to capture personal information and
financial data.
Denial-of-Service Attacks
These types of attacks exploit known vulnerabilities in network protocols. When a large number
of packets are transmitted to a vulnerable network, the service can easily become overwhelmed
and then unavailable.
Session Hijacking
Session hijacking occurs when a cyber attacker steals a user's session ID, takes over that user's
web session, and masquerades as that user. With the session ID in their possession, the attacker
can perform any task or activity that user is authorized to do on that network.
Authentication occurs when a user tries to gain access to a system or sign in to a restricted
website or web service. The session ID is stored in a cookie in the browser, and an attacker
engaged in session hijacking will intercept the authentication process and intrude in real time.
The Fortinet network access control (NAC) solution provides enhanced visibility across all
devices in a network to keep up with the ever-evolving threat landscape. NAC is part of the zero-
trust network access model for security, in which trust is not a given for users, applications, or
devices, whether connected to the network or not, but has to be established.
Each device in a network maintains a copy of the ARP cache, and the cache is cleaned every few
minutes. As such, all devices connected to that network must be kept secure so that important
data, including IP addresses, are not compromised. To further protect your network devices and
servers, Fortinet Ethernet LAN switches safeguard an organization's infrastructure and even
include a selector tool to identify the best switch to meet network requirements.
What is Telnet?
Telnet, developed in 1969, is a protocol that provides a command line interface for communication with
a remote device or server, sometimes employed for remote management but also for initial device
setup like network hardware. Telnet stands for Teletype Network, but it can also be used as a verb; 'to
telnet' is to establish a connection using the Telnet protocol.
Is Telnet secure?
Because it was developed before the mainstream adaptation of the internet, Telnet on its own does not
employ any form of encryption, making it outdated in terms of modern security. It has largely been
overlapped by Secure Shell (SSH) protocol (which has its own security considerations around remote
access), at least on the public internet, but for instances where Telnet is still in use, there are a few
methods for securing your communications.
The user connects to the server by using the Telnet protocol, which means entering Telnet into a
command prompt by following this syntax: telnet hostname port. The user then executes
commands on the server by using specific Telnet commands into the Telnet prompt. To end a
session and log off, the user ends a Telnet command with Telnet.
Telnet can be used to test or troubleshoot remote web or mail servers, as well as for remote access to
MUDs (multi-user dungeon games) and trusted internal networks.
FTP
Objectives of FTP
Why FTP?
Although transferring files from one system to another is very simple and straightforward, but
sometimes it can cause problems. For example, two systems may have different file conventions.
Two systems may have different ways to represent text and data. Two systems may have
different directory structures. FTP protocol overcomes these problems by establishing two
connections between hosts. One connection is used for data transfer, and another connection is
used for the control connection.
Mechanism of FTP
The above figure shows the basic model of the FTP. The FTP client has three components: the
user interface, control process, and data transfer process. The server has two components: the
server control process and the server data transfer process.
Control Connection: The control connection uses very simple rules for communication. Through
control connection, we can transfer a line of command or line of response at a time. The control
connection is made between the control processes. The control connection remains connected
during the entire interactive FTP session.
Data Connection: The Data Connection uses very complex rules as data types may vary. The
data connection is made between data transfer processes. The data connection opens when a
command comes for transferring the files and closes when the file is transferred.
FTP Clients
FTP client is a program that implements a file transfer protocol which allows you to transfer files
between two hosts on the internet.
It allows a user to connect to a remote host and upload or download the files.
It has a set of commands that we can use to connect to a host, transfer the files between you
and your host and close the connection.
The FTP program is also available as a built-in component in a Web browser. This GUI based FTP
client makes the file transfer very easy and also does not require to remember the FTP
commands.
Advantages of FTP:
Speed: One of the biggest advantages of FTP is speed. The FTP is one of the fastest way to
transfer the files from one computer to another computer.
Efficient: It is more efficient as we do not need to complete all the operations to get the entire
file.
Security: To access the FTP server, we need to login with the username and password.
Therefore, we can say that FTP is more secure.
Back & forth movement: FTP allows us to transfer the files back and forth. Suppose you are a
manager of the company, you send some information to all the employees, and they all send
information back on the same server.
Disadvantages of FTP:
The standard requirement of the industry is that all the FTP transmissions should be encrypted.
However, not all the FTP providers are equal and not all the providers offer encryption. So, we
will have to look out for the FTP providers that provides encryption.
FTP serves two operations, i.e., to send and receive large files on a network. However, the size
limit of the file is 2GB that can be sent. It also doesn't allow you to run simultaneous transfers to
multiple receivers.
Passwords and file contents are sent in clear text that allows unwanted eavesdropping. So, it is
quite possible that attackers can carry out the brute force attack by trying to guess the FTP
password.
It is not compatible with every system.
What is HTTP?
The Hypertext Transfer Protocol (HTTP) is the foundation of the World Wide Web, and is used
to load web pages using hypertext links. HTTP is an application layer protocol designed to
transfer information between networked devices and runs on top of other layers of the network
protocol stack. A typical flow over HTTP involves a client machine making a request to a server,
which then sends a response message.
An HTTP request is the way internet communications platforms such as web browsers ask for
the information they need to load a website.
Each HTTP request made across the Internet carries with it a series of encoded data that carries
different types of information. A typical HTTP request contains:
Let’s explore in greater depth how these requests work, and how the contents of a request can be
used to share information.
An HTTP method, sometimes referred to as an HTTP verb, indicates the action that the HTTP
request expects from the queried server. For example, two of the most common HTTP methods
are ‘GET’ and ‘POST’; a ‘GET’ request expects information back in return (usually in the form
of a website), while a ‘POST’ request typically indicates that the client is submitting information
to the web server (such as form information, e.g. a submitted username and password).
HTTP headers contain text information stored in key-value pairs, and they are included in every
HTTP request (and response, more on that later). These headers communicate core information,
such as what browser the client is using what data is being requested.
The body of a request is the part that contains the ‘body’ of information the request is
transferring. The body of an HTTP request contains any information being submitted to the web
server, such as a username and password, or any other data entered into a form.
What’s in an HTTP response?
An HTTP response is what web clients (often browsers) receive from an Internet server in
answer to an HTTP request. These responses communicate valuable information based on what
was asked for in the HTTP request.
As soon as a client requests a communication session with the server, a three-way handshake
process initiates TCP traffic by following three steps.
This SYN packet is a random sequence number that the client wants to use for the
communication (for example, X). The objective of this packet is to ask/infer if the server is open
for new connections.
Step 2: The server receives the SYN packet from the client node
When the server receives the SYN packet from the client node, it responds and returns a
confirmation receipt – the ACK (Acknowledgement Sequence Number) packet or SYN/ACK
packet. This packet includes two sequence numbers.
The first one is ACK one, which is set by the server to one more than the sequence number it
received from the client (e.g. X+1).
The second one is the SYN sent by the server, which is another random sequence number (for
example, Y).
This sequence indicates that the server correctly acknowledged the client’s packet, and that is
sending its own to be acknowledged as well.
Step 3: Client node receives the SYN/ACK from the server and responds with an
ACK packet
The client node receives the SYN/ACK from the server and responds with an ACK packet. Once
again, each side must acknowledge the sequence number received by incrementing it by one.
So now it’s the turn of the client to acknowledge the server’s packet by adding one to the
sequence number (in this case, Y+1), and resend it to the server.
Upon completion of this process, the connection is created and the host and server can
communicate.
All these steps are necessary to verify the serial numbers originated by both sides, guaranteeing
the stability of the connection.
Since both hosts must acknowledge the connection parameters of the other side, a missing or out-
of-order segment can be quickly detected before the actual data transfer process is initiated.
Flow Control
You can use flow control to manage the rate of data transfer between two devices.
Flow control is configured when two physically connected devices perform auto-negotiation.
An overwhelmed network node might send a pause frame to halt the transmission of the sender
for a specified period. A frame with a multicast destination address sent to a switch is forwarded
out through all other ports of the switch. Pause frames have a special multicast destination
address that distinguishes them from other multicast traffic. A compliant switch does not forward
a pause frame. Frames sent to this range are meant to be acted upon only within the switch.
Pause frames have a limited duration, and expire after a time interval. Two computers that are
connected through a switch never send pause frames to each other, but can send pause frames to
a switch.
One reason to use pause frames is to support network interface controllers (NICs) that do not
have enough buffering to handle full-speed reception. This problem is uncommon with advances
in bus speeds and memory sizes.
Congestion Control
Congestion control applies mainly to packet switching networks. Network congestion within a
switch might be caused by overloaded inter-switch links. If inter-switch links overload the
capability on the physical layer, the switch introduces pause frames to protect itself.
Priority-based flow control (PFC) helps you eliminate frame loss due to congestion.
Flow control is an end-to-end mechanism that controls the traffic between a sender and a
receiver. Flow control occurs in the data link layer and the transport layer.
Congestion control is used by a network to control congestion in the network. This problem is
not as common in modern networks with advances in bus speeds and memory sizes. A more
likely scenario is network congestion within a switch. Congestion Control is handled by the
network layer and the transport layer.
Introduction and IPv4 Datagram Header
The network layer is the third layer (from bottom) in the OSI Model. The network layer is
concerned with the delivery of a packet across multiple networks. The network layer is
considered the backbone of the OSI Model. It selects and manages the best logical path for data
transfer between nodes. This layer contains hardware devices such as routers, bridges, firewalls,
and switches, but it actually creates a logical image of the most efficient communication route
and implements it with a physical medium. Network layer protocols exist in every host or router.
The router examines the header fields of all the IP packets that pass through it. Internet Protocol
and Netware IPX/SPX are the most common protocols associated with the network layer.
In the OSI model, the network layer responds to requests from the layer above it (transport layer)
and issues requests to the layer below it (data link layer).
Packet forwarding/Routing of packets: Relaying of data packets from one network segment to
another by nodes in a computer network
Fragmentation of data packets: Splitting of data packets that are too large to be transmitted on
the network
There are two types of network transmission techniques, circuit switched network and packet
switched network.
Circuit Switch vs Packet Switch
In circuit switched network, a single path is designated for transmission of all the data packets.
Whereas in case of a packet-switched network, each packet may be sent through a different path
to reach the destination.
In a circuit switched network, the data packets are received in order whereas in a packet switched
network, the data packets may be received out of order.
The packet switching is further subdivided into Virtual circuits and Datagram.
IPv4:
IPv4 is a connectionless protocol used for packet-switched networks. It operates on a best effort
delivery model, in which neither delivery is guaranteed, nor proper sequencing or avoidance of
duplicate delivery is assured. Internet Protocol Version 4 (IPv4) is the fourth revision of the
Internet Protocol and a widely used protocol in data communication over different kinds of
networks. IPv4 is a connectionless protocol used in packet-switched layer networks, such as
Ethernet. It provides a logical connection between network devices by providing identification
for each device. There are many ways to configure IPv4 with all kinds of devices – including
manual and automatic configurations – depending on the network type.
IPv4 uses 32-bit (4 byte) addressing, which gives 232 addresses. IPv4 addresses are written in the
dot-decimal notation, which comprises of four octets of the address expressed individually in
decimal and separated by periods, for instance, 192.168.1.5.
HLEN: IP header length (4 bits), which is the number of 32 bit words in the header. The
minimum value for this field is 5 and the maximum is 15.
Identification: Unique Packet Id for identifying the group of fragments of a single IP datagram
(16 bits)
Flags: 3 flags of 1 bit each : reserved bit (must be zero), do not fragment flag, more fragments
flag (same order)
Fragment Offset: Represents the number of Data Bytes ahead of the particular fragment in the
particular Datagram. Specified in terms of number of 8 bytes, which has the maximum value of
65,528 bytes.
Time to live: Datagram’s lifetime (8 bits), It prevents the datagram to loop through the network
by restricting the number of Hops taken by a Packet before delivering to the Destination.
Header Checksum: 16 bits header checksum for checking errors in the datagram header
Option: Optional information such as source route, record route. Used by the Network
administrator to check whether a path is working or not.
Due to the presence of options, the size of the datagram header can be of variable length (20
bytes to 60 bytes).
Size
Field Name Description
(bytes)
Version: Identifies the version of IP used to generate the
datagram. For IPv4, this is of course the number 4. The
purpose of this field is to ensure compatibility between
1/2 devices that may be running different versions of IP. In
Version
(4 bits) general, a device running an older version of IP will reject
datagrams created by newer implementations, under the
assumption that the older version may not be able to
interpret the newer datagram correctly.
Internet Header Length (IHL): Specifies the length of the IP
1/2
IHL header, in 32-bit words. This includes the length of any
(4 bits)
options fields and padding. The normal value of this field
when no options are used is 5 (5 32-bit words = 5*4 = 20
bytes). Contrast to the longer Total Length field below.
Type Of Service (TOS): A field designed to carry
information to provide quality of service features, such as
prioritized delivery, for IP datagrams. It was never widely
TOS 1 used as originally defined, and its meaning has been
subsequently redefined for use by a technique called
Differentiated Services (DS). See below for more
information.
Total Length (TL): Specifies the total length of the IP
datagram, in bytes. Since this field is 16 bits wide, the
TL 2
maximum length of an IP datagram is 65,535 bytes, though
most are much smaller.
Identification: This field contains a 16-bit value that is
common to each of the fragments belonging to a particular
message; for datagrams originally sent unfragmented it is
still filled in, so it can be used if the datagram must be
fragmented by a router during delivery. This field is used by
Identificatio
2 the recipient to reassemble messages without accidentally
n
mixing fragments from different messages. This is needed
because fragments may arrive from multiple messages
mixed together, since IP datagrams can be received out of
order from any device. See the discussion of IP message
fragmentation.
3/8
Flags
(3 bits)
Fragment Offset: When fragmentation of a message
occurs, this field specifies the offset, or position, in the
1 5/8
Fragment overall message where the data in this fragment goes. It is
(13
Offset specified in units of 8 bytes (64 bits). The first fragment has
bits)
an offset of 0. Again, see the discussion of fragmentation for
a description of how the field is used.
Time To Live (TTL): Short version: Specifies how long the
datagram is allowed to “live” on the network, in terms of
router hops. Each router decrements the value of the TTL
field (reduces it by one) prior to transmitting it. If the TTL field
TTL 1
drops to zero, the datagram is assumed to have taken too
long a route and is discarded.
Protocol 1
This diagram shows graphically the all-important IPv4 datagram format. The first 20
bytes are the fixed IP header, followed by an optional Options section, and a variable-
length Data area. Note that the Type Of Service field is shown as originally defined in
the IPv4 standard.
Differences between IPv4 and IPv6
IPv4 and IPv6 are internet protocol version 4 and internet protocol version 6, IP version 6 is the
new version of Internet Protocol, which is way better than IP version 4 in terms of complexity
and efficiency.
IPv4 IPv6
IPv4 has a 32-bit address length IPv6 has a 128-bit address length
In IPv4 end to end, connection integrity is In IPv6 end to end, connection integrity is
Unachievable Achievable
Fragmentation performed by Sender and forwarding In IPv6 fragmentation performed only by the
routers sender
IPv4 supports VSLM(Virtual Length subnet mask). IPv6 does not support VSLM.
Classful Address
The first addressing system to be implemented as part of the Internet Protocol was Classful
Addressing. In the year 1981, the Classful addressing network architecture was first used on the
Internet. The Classful addressing system was superseded by a Classless addressing scheme with
the introduction of Classless Inter-Domain Routing (CIDR) in 1993.
The IP address comprises up of 32 bits and is split into four sections separated by dots:
part 1, part 2, part 3, and part 4.
The IP address is made up of four parts, each of which is eight bits long (1 byte).
Further, the 4 parts of the IP address is divided into parts: a network ID and a Host ID.
Class A, Class B, Class C, Class D, and Class E are the five varieties of Classful addresses. In
IPv4, this classification is known as Classful addressing or IP address classes.
The first three classes, Class A, B, and C, are used for "public addressing", in which
communication is always one-to-one between source and destination. It implies that when
data is transmitted from a source, it will only be sent to a single network host.
The reserved categories include Class D and Class E, with Class D being utilized for
multicast and Class E being saved for future usage exclusively.
In IPv4, the Network ID is the first part of Class A, B, and C, while the Host ID is the
remaining second portion.
The Host ID always indicates the number of hosts or nodes in a certain network, whereas
the Network ID always identifies the network in a specific place.
In Class A, B, and C, the address space is split into a certain number of IP address blocks.
It also specifies the maximum number of hosts in a network.
The first octet or byte of an IP address is part of the network ID (short for Net-ID), while the
next three octets or three bytes are part of the host ID in Class A. (in short, host-ID).
The network ID takes up the first two octets or two bytes in Class B, whereas the host ID
takes up the remaining two octets or two bytes.
In Class C, the first three octets or bytes are dedicated to the network ID, while the last
octet or byte is dedicated to the host ID.
Classless Addressing
Classless Inter-Domain Routing (CIDR) is another name for classless addressing. This
addressing type aids in the more efficient allocation of IP addresses. This technique assigns a
block of IP addresses based on specified conditions when the user demands a specific amount of
IP addresses. This block is known as a "CIDR block", and it contains the necessary number of IP
addresses.
When allocating a block, classless addressing is concerned with the following three rules.
The network component has a bit count of 27, whereas the host portion has a bit count of
5. (32-27)
The binary representation of the address is: (00100011 . 11000000 . 10101000 .
00000001).
(11000000.10101000.00000001.00100000) is the first IP address (assigns 0 to all host
bits), that is, 192.168.1.32
(11000000.10101000.00000001.00111111) is the most recent IP address (assigns 1 to all
host bits), that is, 192.168.1.63
The IP address range is 192.168.1.32 to 192.168.1.63.
Classful addressing is a technique of allocating IP addresses that divides them into five
categories. Classless addressing is a technique of allocating IP addresses that is intended
to replace classful addressing in order to reduce IP address depletion.
The utility of classful and classless addressing is another distinction. Addressing without
a class is more practical and helpful than addressing with a class.
The network ID and host ID change based on the classes in classful addressing. In
classless addressing, however, there is no distinction between network ID and host ID. As
a result, another distinction between classful and classless addressing may be made.
Conclusion
There are two forms of IP addressing: classful and classless. The primary distinction between
classful and classless addressing is that classless addressing provides for more efficient
allocation of IP addresses than classful addressing. In a nutshell, classless addressing avoids the
problem of IP address exhaustion that can arise with classful addressing.
Definition
subnet (subnetwork)
What is a subnet?
A subnet, or subnetwork, is a segmented piece of a larger network. More specifically, subnets are
a logical partition of an IP network into multiple, smaller network segments. The Internet
Protocol (IP) is the method for sending data from one computer to another over the internet.
Each computer, or host, on the internet has at least one IP address as a unique identifier.
Organizations will use a subnet to subdivide large networks into smaller, more efficient
subnetworks. One goal of a subnet is to split a large network into a grouping of smaller,
interconnected networks to help minimize traffic. This way, traffic doesn't have to flow through
unnecessary routs, increasing network speeds.
Subnetting, the segmentation of a network address space, improves address allocation efficiency.
It is described in the formal document, Request for Comments 950, and is tightly linked to IP
addresses, subnet masks and Classless Inter-Domain Routing (CIDR) notation.
Each subnet allows its connected devices to communicate with each other, while routers are used
to communicate between subnets. The size of a subnet depends on the connectivity requirements
and the network technology employed. A point-to-point subnet allows two devices to connect,
while a data center subnet might be designed to connect many more devices.
Each organization is responsible for determining the number and size of the subnets it creates,
within the limits of the address space available for its use. Additionally, the details of subnet
segmentation within an organization remain local to that organization.
An IP address is divided into two fields: a Network Prefix (also called the Network ID) and a
Host ID. What separates the Network Prefix and the Host ID depends on whether the address is a
Class A, B or C address. Figure 1 shows an IPv4 Class B address, 172.16.37.5. Its Network
Prefix is 172.16.0.0, and the Host ID is 37.5.
Figure 1.
Class B IP address
The subnet mechanism uses a portion of the Host ID field to identify individual subnets. Figure
2, for example, shows the third group of the 172.16.0.0 network being used as a Subnet ID. A
subnet mask is used to identify the part of the address that should be used as the Subnet ID. The
subnet mask is applied to the full network address using a binary AND operation. AND
operations operate, assuming an output is "true" only when both inputs are "true." Otherwise, the
output is "false." Only when two bits are both 1. This results in the Subnet ID.
Figure 2 shows the AND of the IP address, as well as the mask producing the Subnet ID. Any
remaining address bits identify the Host ID. The subnet in Figure 2 is identified as 172.16.2.0,
and the Host ID is 5. In practice, network staff will typically refer to a subnet by just the Subnet
ID. It would be common to hear someone say, "Subnet 2 is having a problem today," or, "There
is a problem with the dot-two subnet."
Figure 2.
Subnet ID
The Subnet ID is used by routers to determine the best route between subnetworks. Figure 3
shows the 172.16.0.0 network, with the third grouping as the Subnet ID. Four of the 256 possible
subnets are shown connected to one router. Each subnet is identified either by its Subnet ID or
the subnet address with the Host ID set to .0. The router interfaces are assigned the Host ID of .1
-- e.g., 172.16.2.1.
When the router receives a packet addressed to a host on a different subnet than the sender --
host A to host C, for example -- it knows the subnet mask and uses it to determine the Subnet ID
of host C. It examines its routing table to find the interface connected to host C's subnet and
forwards the packet on that interface.
Subnet segmentation
A subnet itself also may be segmented into smaller subnets, giving organizations the flexibility
to create smaller subnets for things like point-to-point links or for subnetworks that support a few
devices.
The example below uses an 8-bit Subnet ID. The number of bits in the subnet mask depends on
the organization's requirements for subnet size and the number of subnets. Other subnet mask
lengths are common. While this adds some complexity to network addressing, it significantly
improves the efficiency of network address utilization.
A subnet can be delegated to a sub organization, which itself may apply the subnetting process to
create additional subnets, as long as sufficient address space is available. Subnetting performed
by a delegated organization is hidden from other organizations. As a result, the Subnet ID field
length and where subnets are assigned can be hidden from the parent (delegating) organization, a
key characteristic that allows networks to be scaled up to large sizes.
In modern routing architectures, routing protocols distribute the subnet mask with routes and
provide mechanisms to summarize groups of subnets as a single routing table entry. Older
routing architectures relied on the default Class A, B and C IP address classification to determine
the mask to use.
CIDR notation is used to identify Network Prefix and Mask, where the subnet mask is a number
that indicates the number of ones in the Mask (e.g., 172.16.2.0/24). This is also known as
Variable-Length Subnet Masking (VLSM) and CIDR. Subnets and sub netting are used in both
IPv4 and IPv6 networks, based on the same principles.
What are subnets used for?
Reallocating IP addresses. Each class has a limited number of host allocations; for
example, networks with more than 254 devices need a Class B allocation. If a network
administrator is working with a Class B or C network and needs to allocate 150 hosts for
three physical networks located in three different cities, they would need to either request
more address blocks for each network -- or divide a network into subnets that enable
administrators to use one block of addresses on multiple physical networks.
Relieving network congestion. If much of an organization's traffic is meant to be shared
regularly between the same cluster of computers, placing them on the same subnet can
reduce network traffic. Without a subnet, all computers and servers on the network would
see data packets from every other computer.
Improving network security. Subnetting allows network administrators to reduce
network-wide threats by quarantining compromised sections of the network and by
making it more difficult for trespassers to move around an organization's network.