Professional Documents
Culture Documents
Dhruvi CEHV12
Dhruvi CEHV12
Network:
Multiple device connected to each other and sharing resources called network. Computer Network is a
group of devices connected physically/logically for communication.
Each device in the network is known as host/node.
Internet is nothing but interconnection of network. Or Internet is all about multiple networks
communicating with each other.
A network is a set of devices (nodes) connected by communication links.
A node can be a computer, printer, or any other device capable of sending and/or receiving data
generated by other nodes on the network.
A network is a combination of hardware and software that sends data from one location to another.
The hardware consists of the physical equipment that carries signals from one point of the network to
another.
The software consists of instruction sets that make possible the services that we expect from a network.
Application of Network
• Resource Sharing
– Hardware (computing resources, disks, printers)
– Software (application software)
• Information Sharing
– Easy accessibility from anywhere (files, databases)
– Search Capability (WWW)
• Communication
– Email
– Message broadcast
• Remote computing
• Distributed processing
Transmission Modes:
Transmission mode means transferring data between two devices. It is also known as a communication
mode. Buses and networks are designed to allow communication to occur between individual devices
that are interconnected.
Simplex Mode:
In Simplex mode, the communication is unidirectional, as on a one-way street. Only one
of the two devices on a link can transmit, the other can only receive. The simplex mode
can use the entire capacity of the channel to send data in one direction.
Example: Keyboard and traditional monitors. The keyboard can only introduce input;
the monitor can only give the output.
Advantages:
Simplex mode is the easiest and most reliable mode of communication.
It is the most cost-effective mode, as it only requires one communication channel.
There is no need for coordination between the transmitting and receiving devices,
which simplifies the communication process.
Simplex mode is particularly useful in situations where feedback or response is not
required, such as broadcasting or surveillance.
Disadvantages:
Only one-way communication is possible.
There is no way to verify if the transmitted data has been received correctly.
Simplex mode is not suitable for applications that require bidirectional
communication.
Example: Walkie-talkie in which message is sent one at a time and messages are sent in
both directions.
Advantages:
Half-duplex mode allows for bidirectional communication, which is useful in situations
where devices need to send and receive data.
It is a more efficient mode of communication than simplex mode, as the channel can be
used for both transmission and reception.
Half-duplex mode is less expensive than full-duplex mode, as it only requires one
communication channel.
Disadvantages:
Half-duplex mode is less reliable than Full-Duplex mode, as both devices cannot
transmit at the same time.
There is a delay between transmission and reception, which can cause problems in
some applications.
There is a need for coordination between the transmitting and receiving devices, which
can complicate the communication process.
Advantages:
Full-duplex mode allows for simultaneous bidirectional communication, which is ideal
for real-time applications such as video conferencing or online gaming.
It is the most efficient mode of communication, as both devices can transmit and
receive data simultaneously.
Full-duplex mode provides a high level of reliability and accuracy, as there is no need
for error correction mechanisms.
Disadvantages:
Full-duplex mode is the most expensive mode, as it requires two communication
channels.
It is more complex than simplex and half-duplex modes, as it requires two physically
separate transmission paths or a division of channel capacity.
Full-duplex mode may not be suitable for all applications, as it requires a high level of
bandwidth and may not be necessary for some types of communication.
Repeater:
Repeaters are network devices operating at physical layer of the OSI model that amplify
or regenerate an incoming signal before retransmitting it. They are incorporated in
networks to expand its coverage area. They are also known as signal boosters.
Repeater is used to regenerate the signal in the network before it gets weak or corrupted.
It is a two port device.
They do not amplify the signals.
Why are Repeaters needed?
When an electrical signal is transmitted via a channel, it gets attenuated depending upon the nature of
the channel or the technology. This poses a limitation upon the length of the LAN or coverage area of
cellular networks. This problem is alleviated by installing repeaters at certain intervals.
Repeaters amplifies the attenuated signal and then retransmits it. Digital repeaters can even reconstruct
signals distorted by transmission loss. So, repeaters are popularly incorporated to connect between two
LANs thus forming a large single LAN.
Types of Repeaters:
According to the types of signals that they regenerate, repeaters can be classified into two
categories −
Analog Repeaters − They can only amplify the analog signal.
Digital Repeaters − They can reconstruct a distorted signal.
According to the types of networks that they connect, repeaters can be categorized into two
types
Wired Repeaters − They are used in wired LANs.
Wireless Repeaters − They are used in wireless LANs and cellular networks.
According to the domain of LANs they connect, repeaters can be divided into two categories
−
Local Repeaters − They connect LAN segments separated by small distance.
Remote Repeaters − They connect LANs that are far from each other
Types of Networks:
• Personal area network, or PAN.
• Local area network, or LAN.
• Wireless Local area network, or WLAN.
• Campus area network, or CAM.
• Metropolitan area network, or MAN.
• Wide area network, or WAN.
• Enterprise private network, or EPN
• Virtual private network, or VPN
Network that is used for personal level. Mostly used to transfer small files.
• wireless: Bluetooth, infrared, NFC.
• Wired: USB cable
Wireless:
• A wireless personal area network (WPAN) is a group of devices connected without the use of wires or
cables. Today, most PANs for everyday use are wireless. WPANs use close-range wireless connectivity
protocols such as Bluetooth.
• The range of a WPAN is usually very small, as short-range wireless protocols like Bluetooth are not
efficient over distances larger than 5-10 meters.
• Wireless Personal Area Network (WPAN) is connected through signals such as infrared, ZigBee,
Bluetooth and ultra wideband, etc.
• High-rate WPAN: The data throughput is more than 20 Mbps
• Medium-rate WPAN: Data throughput is 1 Mbps
• Low-rate WPAN: Data throughput is less than 0.25 Mbps
• ZigBee: It is a technology of home networking that is created for controlling and sensing networks. It is
based on IEEE 802.15.4 and is a standard to address the need for low-cost implementation of low-
power devices with low data rates for short-range wireless communications.
• Bluetooth: It is a WPAN technology that is used for exchanging data over shorter distances. This type
of wireless Personal Area Network operates in the industrial, scientific, unlicensed, and medical bands
from 2.4-2.485 GHz.
• IrDA: IrDA short form is Infrared Data Association. This type of Personal Area Network utilizes
infrared light and has a frequency that is lower than that sensitive to the human eye. It can run at
speeds ranging from 115.2Kbps – 1.15Mbps and 4Mbps. Devices that utilize IrDA ports must be within
10 feet of each other with a clear line of sight between them.
Wired PAN:
• Wired PAN is connected through cables/wires such as Fire wire or USB (Universal Serial Bus).
• These networks provide short connections between peripherals using wired technologies, such as USB,
IEEE-1394 high-performance serial buses or a Thunderbolt hardware interface.
• Thunderbolt: It is a type of hardware interface for connecting external peripherals to computer. This
networking technology extends PCIe network to external peripherals. The latest version of Thunderbolt
4 protocol supports two 4K displays or a single 8K display. In this case, cords can be up to two meters
long. This version is fully compatible with USB4 protocol and data rates.
• Universal Serial Bus (USB): This industry standard establishes specifications for cables, protocols,
connectors for communication, and power supply between peripheral devices and personal computers.
It standardizes the connection of peripherals, but with time, USB is used for communicating and
supplying electric power.
• Most LANs connect to the Internet at a central point: a router. Home LANs often use a single router,
while LANs in larger spaces may additionally use network switches for more efficient packet delivery.
• LANs almost always use Ethernet, Wi-Fi, or both in order to connect devices within the network.
Ethernet is a protocol for physical network connections that requires the use of Ethernet cables. WiFi is
a protocol for connecting to a network via radio waves.
• A variety of devices can connect to LANs, including servers, desktop computers, laptops, printers, IoT
devices, and even game consoles. In offices, LANs are often used to provide shared access to internal
employees to connected printers or servers.
Client/Server LANs:
• A client/server LAN consists of several devices (the clients) connected to a central server. The server
manages file storage, application access, device access, and network traffic. A client can be any
connected device that runs or accesses applications or the Internet. The clients connect to the server
either with cables or through wireless connections.
• Typically, suites of applications can be kept on the LAN server. Users can access databases, email,
document sharing, printing, and other services through applications running on the LAN server, with
read and write access maintained by a network or IT administrator. Most midsize to large business,
government, research, and education networks are client/server-based LANs.
Peer-to-Peer LANs.:
• A peer-to-peer LAN doesn't have a central server and cannot handle heavy workloads like a
client/server LAN can, and so they're typically smaller. On a peer-to-peer LAN, each device shares
equally in the functioning of the network. The devices share resources and data through wired or
wireless connections to a switch or router. Most home networks are peer-to-peer.
• A switch is a port active in the filtration of data, generally coming in the form of frames. A switch can
also function as a dual-port device, with one end handling data filtration and the other managing
connections. In contrast, a router assists data packets in determining the best path to take and
forwarding data packets to their intended IP addresses.
• Disguising your whereabouts: VPN servers essentially act as your proxies on the internet. Because
the demographic location data comes from a server in another country, your actual location cannot be
determined. In addition, most VPN services do not store logs of your activities. Some providers, on the
other hand, record your behavior, but do not pass this information on to third parties. This means that
any potential record of your user behavior remains permanently hidden.
• Access to regional content: Regional web content is not always accessible from everywhere. Services
and websites often contain content that can only be accessed from certain parts of the world. Standard
connections use local servers in the country to determine your location. This means that you cannot
access content at home while traveling, and you cannot access international content from home. With
VPN location spoofing, you can switch to a server to another country and effectively “change” your
location.
• Secure data transfer: If you work remotely, you may need to access important files on your
company’s network. For security reasons, this kind of information requires a secure connection. To gain
access to the network, a VPN connection is often required. VPN services connect to private servers and
use encryption methods to reduce the risk of data leakage.
Brief of VPN:
• Suppose the IP address is 101.22.23.3 which belongs to India. That’s why our device is not able to access
the Spotify music app.
• But the magic begins when we used the Psiphon app which is an android app and is used to change the
device IP address to the IP address of the location we want (say US where Spotify works in a seamless
manner).
• The IP address is changed using VPN technology. Basically what happens is that your device will
connect to a VPN server of the respective country that you have entered in your location textbox of the
Psiphon app and now you will inherit a new IP from this server.
• Now we typed “what is my IP address”? Amazingly the IP address changed to 45.79.66.125 which
belongs to the USA and since Spotify works well in the US, so we can use it now being in India (virtually
in the USA). Is not that good? obviously, it is very useful.
• VPN also ensures security by providing an encrypted tunnel between client and VPN server.
• VPN is used to bypass many blocked sites.
• VPN facilitates Anonymous browsing by hiding your ip address.
• Also, most appropriate Search engine optimization(SEO) is done by analyzing the data from VPN
providers which provide country-wise stats of browsing a particular product. This method of SEO is
used widely my many internet marketing managers to form new strategies
Network Topology:
• A network topology is the physical and logical arrangement of nodes and connections in a network.
Nodes usually include devices such as switches, routers and software with switch and router features.
Network topologies are often represented as a graph.
• The network topology defines the way in which computers, printers, and other devices are connected.
• A network topology describes the layout of the wire and devices as well as the paths used by data
transmissions
Wired Topology:
Star topology:
• The most common wired topology is star topology. In star topology all the computers are connected to a
central wiring point such as hub or a switch with a point to point connection. In this computer there is
dedicated connection to all computers and has very fast performance. We can easily upgrade the hub
which is the central point all the data will be pass from the hub before continuing to its destination.
When the information will be sent from the computer to the hub and from where all the data will be
transfer to other computers. While if the centralized device is switch when the message will be sent to
the switch from where depending on the address the data will be sent to the destination. Multiple
communications are possible in the star topology. Star topology is mostly used in client server networks.
• A configuration that centers around one node to which all others are connected and through which all
messages are sent.
Ring topology:
• The most common wired topology is star topology. In star topology all the computers are connected to a
central wiring point such as hub or a switch with a point to point connection. In this computer there is
dedicated connection to all computers and has very fast performance.
• We can easily upgrade the hub which is the central point all the data will be pass from the hub before
continuing to its destination. When the information will be sent from the computer to the hub and from
where all the data will be transfer to other computers.
• While if the centralized device is switch when the message will be sent to the switch from where
depending on the address the data will be sent to the destination. Multiple communications are possible
in the star topology. Star topology is mostly used in client server networks.
• A configuration that connects all nodes in a closed loop on which messages travel in one direction.
BUS topology:
• The bus topology is very old technology and like the ring topology it not used that much.
• This is the kind of the network setup where each of the computer and the network devices are connected
to a single cable which coaxial cable and at the end of the wire we connect grounded terminals which is
known as terminator so that the data communication cannot be echoed by the message. The terminator
will ground the message.
• The terminator stops signals after reaching end wire. A lot of computer is connected with main cable or
hub. The data will flow in one direction. By adding more computers will reduce the access speed of the
network.
• The devices will share responsibility for getting data from one point to another point.
• Each computer communicates to other computer on the network independently this is referred to peer
to peer network system. Because each computer communicating with other computer independently.
• The computer connecting to this cable using special connectors called BNC which is also known as T
connectors.
• All nodes are connected to a single communication line that carries messages in both directions
MESH topology:
• In a mesh topology each computer on the network is connected to every other computer on the network.
In this topology it has channels for n devices.
• There are two ways for data transferring one is routing in which the computer or hub all already know
and have an algorithm which finds a best and short way to send data.
• Another method is flooding the data is flooded to all the nodes.
• This topology is robust and is fully connected and secure.
• The mesh topology connects all devices (nodes) to each other for redundancy and fault tolerance.
• So by having so many connections it handles failure very well. In this illustration there are 4 computers
with 3 connections on each computer which makes a total 12 connections for this network.
• The advantage of the mesh topology is that it creates a high redundancy level. Because if one or more
connections fail the computer would be still being able to communicate with each other but because of
the amount of the cabling and network cards that have to be used, mesh topologies can be expensive so
they are rarely used on local area network or LAN.
• They are mainly used in wide area network like the internet. In fact, the internet is good example of a
mesh topology because the internet is made up of numerous routers all over the world that are
connected to each other to route data to their intended destination.
• So even if a few routers goes down the data will get routed using a different path ultimately reach their
destination. Internet is very redundant because it is using a mesh topology.
Tree topology:
• In this topology we have the main bus and hubs to which computers are connected in star formation such type
of topology is known as tree topology. As this is the combination of two topologies which are bus and star
topology. Now that is used in WAN which means wide area network.
• We can easily expend the nodes in it which means we can easily connect a lot of devices and star networks to it.
The maintenance of this topology is easy but it is also hub dependent that means if the main bus fails then all the
network will fail.
• If one of the star topology will damage it will not affect the network.
Hybrid topology:
• It consists of the main bus with which the star topology and ring topology are connected with the central hub.
When more than two types of topologies are combined then this type of topology is known as hybrid topology. It
is used to handle larger volume.
• In this type of the topology if any of the computers fails it is easily detected and removed. It has improved
network performance but on the negative side it is very expensive. It requires MSAU which means multi station
access unit which is used to bypass the faulty devices and has complex design.
Wireless topologies:
Infrastructure topology:
• This topology uses a combination of the wired and wireless devices. This is very similar to a star topology where
we have a wired device. The computers are physically connected to a switch and also have wireless access point
that also connected by a cable to same switch.
• The wireless access point is here so that the wireless devices such as laptops, tablets, cell phones etc. can
connect wirelessly to the network.
• So the wireless access points act like a bridge between the wireless network and the wired network. Now the
infrastructure topology is not limited to the single wireless access point.
• In fact, we can have the multiple wireless access point if we want it just depends on the needs of the network.
Ad hoc topology:
• Ad hoc is very simple wireless topology. It is simple because it does not rely on any infrastructure such as cables,
routers, servers or wireless access point. All the devices in Ad hoc network wirelessly connect to other devices in
a simple peer to peer network.
• They directly connect to each other without using a centralized device such as a Wi-Fi router or access point and
because they directly access each other without a server or router in between each device is responsible for its
own security and permission.
• Ad hoc are useful for setting up quick wireless network on the fly where the device can share the data without
the need of an existing wireless network.
Network of Networks
Internet
• No single person or company owns the Internet or even controls it entirely.
• As a wide-area network, it is made up of many smaller networks.
• These smaller networks are often owned and managed by a person or organization.
• The Internet is defined by how connections can be made between these networks.
Internet Connection
• Internet backbone
– A set of high-speed networks that carry Internet traffic
– These networks are provided by companies such as AT&T, GTE, and IBM
• Internet service provider (ISP)
– A company that provides other companies or individuals with access to the Internet
There are various technologies available that you can use to connect a home
computer to the Internet
• A phone modem converts computer data into an analog audio signal for transfer over a telephone line, and then
a modem at the destination converts it back again into data
• A digital subscriber line (DSL) uses regular copper phone lines to transfer digital data to and from the phone
company’s central office
• A cable modem uses the same line that your cable TV signals come in on to transfer the data back and forth
OSI Model
• The Open Systems Interconnection (OSI) model describes seven layers that computer systems use to
communicate over a network. It was the first standard model for network communications, adopted by all major
computer and telecommunication companies in the early 1980s.
• The modern Internet is not based on OSI, but on the simpler TCP/IP model. However, the OSI 7-layer model is
still widely used, as it helps visualize and communicate how networks operate, and helps isolate and
troubleshoot networking problems.
• Open Systems Interconnection (OSI).
• Developed by the International Organization for Standardization (ISO).
• Model for understanding and developing computer-to-computer communication architecture that is flexible,
robust and interoperable.
• It is not a protocol.
• Developed in the 1980s.
• Divides network architecture into seven layers.
1. Physical Layer:
• The physical layer transports data using electrical, mechanical or procedural interfaces. This layer is responsible
for sending computer bits from one device to another along the network. It determines how physical
connections to the network are set up and how bits are represented into predictable signals as they're
transmitted either electrically, optically or via radio waves.
• The main functionality of the physical layer is to transmit the individual bits from one node to another node.
• It is the lowest layer of the OSI model.
• It establishes, maintains and deactivates the physical connection.
• It specifies the mechanical, electrical and procedural network interface specifications.
• The media does not carry the frame as a single entity. The media carries signals, one at a time, to represent the
bits that make up the frame.
There are three basic forms of network media on which data is represented:
– Copper cable
– Fiber
– Wireless
• The representation of the bits - that is, the type of signal - depends on the type of media. For copper cable
media, the signals are patterns of electrical pulses. For fiber, the signals are patterns of light. For wireless media,
the signals are patterns of radio transmissions.
• Note: 1. Hub, Repeater, Modem, and Cables are Physical Layer devices.
Note:
– Packet in the Data Link layer is referred to as Frame.
– 2. Data Link layer is handled by the NIC (Network Interface Card) and device drivers of host machines.
– 3. Switch & Bridge are Data Link Layer devices
Hop-to-Hop Delivery:
• Hop to Hop delivery in Data Link Layer can be delivery of packets from the host’s network interface card(NIC) to
the router’s interface or it can be delivery of packets from one router’s interface to another router’s interface or
it can be delivery of packets from one router’s interface to host’s network interface card(NIC). It does not
directly deliver the packets from source to destination instead delivers them from one hop(node) to another
• Subnet Traffic Control: Routers (network layer intermediate systems) can instruct a sending station to “throttle
back” its frame transmission when the router’s buffer fills up.
• Logical-Physical Address Mapping: translates logical addresses, or names, into physical addresses.
• Subnet Usage Accounting: has accounting functions to keep track of frames forwarded by subnet intermediate
systems, to produce billing information.
• In the network layer and the layers below, peer protocols exist between a node and its immediate neighbor, but
the neighbor may be a node through which data is routed, not the destination station. The source and
destination stations may be separated by many intermediate systems.
• Internetworking: One of the main responsibilities of network layer is to provide internetworking between
different networks. It provides logical connection between different types of network. It is because of this layer,
we can combine various different networks to form a bigger network.
• Logical Addressing: Large number of different networks can be combined together to from bigger networks or
internetwork. In order to identify each device on internetwork uniquely, network layer defines an addressing
scheme. Such an address distinguishes each device uniquely and universally.
• Routing: When independent networks or links are combined together to create internet works, multiple routes
are possible from source machine to destination machine. The network layer protocols determine which route
or path is best from source to destination. This function of network layer is known as routing.
• Routes frames among networks.
• Packetizing: The network layer receives the data from the upper layers and creates its own packets by
encapsulating these packets. The process is known as packetizing. This packetizing in done by Internet Protocol
(IP) that defines its own packet format.
• Fragmentation: Fragmentation means dividing the larger packets into small fragments. The maximum size for a
transportable packet in defined by physical layer protocol. For this, network layer divides the large packets into
fragments so that they can be easily sent on the physical medium.
• If it determines that a downstream router’s maximum transmission unit (MTU) size is less than the frame size, a
router can fragment a frame for transmission and re-assembly at the destination station.
• If two systems are connected to same link, then there is no need for network layer. And if two systems are
attached to different networks with connecting devices like routers between the networks, then there is need
for the network layer.
• It also translates the logical address into the physical address e.g. computer name into MAC address. It is also
responsible for defining the route, it managing the network problems and addressing The network layer controls
the operation of the subnet, deciding which physical path the data should take based on network conditions,
priority of service, and other factors. The X.25 protocols works at the physical, data link, and network layers.
• The network layer lies between data link layer and transport layer. It takes services from Data link and provides
services to the transport layer.
4. Layer 4: Transport Layer:
• The transport layer provides services to the application layer and takes services from the network layer. The data
in the transport layer is referred to as Segments. It is responsible for the End to End Delivery of the complete
message. The transport layer also provides the acknowledgment of the successful data transmission and re-
transmits the data if an error is found.
• At the sender’s side: The transport layer receives the formatted data from the upper layers, performs
Segmentation, and also implements Flow & Error control to ensure proper data transmission. It also adds Source
and Destination port numbers in its header and forwards the segmented data to the Network Layer.
Note: The sender needs to know the port number associated with the receiver’s application.
• Generally, this destination port number is configured, either by default or manually. For example, when a web
application requests a web server, it typically uses port number 80, because this is the default port assigned to
web applications. Many applications have default ports assigned.
• At the receiver’s side: Transport Layer reads the port number from its header and forwards the Data which it
has received to the respective application. It also performs sequencing and reassembling of the segmented data.
• The Transport layer is a Layer 4 ensures that messages are transmitted in the order in which they are sent and
there is no duplication of data.
• The main responsibility of the transport layer is to transfer the data completely.
• It receives the data from the upper layer and converts them into smaller units known as segments.
• This layer can be termed as an end-to-end layer as it provides a point-to-point connection between source and
destination to deliver the data reliably.
Process-to-process delivery:
• The data link layer is responsible for delivery of frames between two neighboring nodes over a link. This is called
node-to-node delivery. The network layer is responsible for delivery of datagrams between two hosts.
• This is called host-to-host delivery. Real communication takes place between two processes (application
programs). We need process-to-process delivery.
• The transport layer is responsible for process-to-process delivery-the delivery of a packet, part of a message,
from one process to another.
5. Layer 5: Session Layer:
• This layer is responsible for the establishment of connection, maintenance of sessions, and authentication, and
also ensures security.
• The session layer sets up, coordinates and terminates conversations between applications. Its services include
authentication and reconnection after an interruption. This layer determines how long a system will wait for
another application to respond. Examples of session layer protocols include X.225 and Zone Information Protocol
(ZIP).
Note:
All the below 3 layers (including Session Layer) are integrated as a single layer in the TCP/IP model as the
“Application Layer”.
Implementation of these 3 layers is done by the network application itself. These are also known as Upper
Layers or Software Layers.
6. Layer 6: Presentation Layer:
• The presentation layer is also called the Translation layer. The data from the application layer is extracted here
and manipulated as per the required format to transmit over the network.
• The presentation layer translates or formats data for the application layer based on the semantics or syntax the
application accepts. This layer also handles the encryption and decryption that the application layer requires.
• A Presentation layer is mainly concerned with the syntax and semantics of the information exchanged between
the two systems.
• It acts as a data translator for a network.
• This layer is a part of the operating system that converts the data from one presentation format to another
format.
• The Presentation layer is also known as the syntax layer.
Advantages
Many Routing protocols are supported.
It is highly scalable and uses a client-server architecture.
It is lightweight.
Disadvantages
Little difficult to set up.
The transport layer does not guarantee delivery of packets.
Vulnerable to a synchronization attack.
UDP Header: –
UDP header is an 8-bytes fixed and simple header, while for TCP it may vary from 20 bytes to 60 bytes. The first 8
Bytes contains all necessary header information and the remaining part consist of data. UDP port number fields
are each 16 bits long, therefore, the range for port numbers is defined from 0 to 65535; port number 0 is
reserved. Port numbers help to distinguish different user requests or processes.
1. Source Port: Source Port is a 2 Byte long field used to identify the port number of the source.
2. Destination Port: It is a 2 Byte long field, used to identify the port of the destined packet.
3. Length: Length is the length of UDP including the header and the data. It is a 16-bits field.
4. Checksum: Checksum is 2 Bytes long field. It is the 16-bit one’s complement of the one’s
complement sum of the UDP header, the pseudo-header of information from the IP header, and the
data, padded with zero octets at the end (if necessary) to make a multiple of two octets.
Applications of UDP:
Used for simple request-response communication when the size of data is less and hence there is
lesser concern about flow and error control.
It is a suitable protocol for multicasting as UDP supports packet switching.
UDP is used for some routing update protocols like RIP (Routing Information Protocol).
Normally used for real-time applications which cannot tolerate uneven delays between sections of a
received message.
UDP is widely used in online gaming, where low latency and high-speed communication is essential
for a good gaming experience. Game servers often send small, frequent packets of data to clients,
and UDP is well suited for this type of communication as it is fast and lightweight.
Streaming media applications, such as IPTV, online radio, and video conferencing, use UDP to
transmit real-time audio and video data. The loss of some packets can be tolerated in these
applications, as the data is continuously flowing and does not require retransmission.
VoIP (Voice over Internet Protocol) services, such as Skype and WhatsApp, use UDP for real-time
voice communication. The delay in voice communication can be noticeable if packets are delayed due
to congestion control, so UDP is used to ensure fast and efficient data transmission.
DNS (Domain Name System) also uses UDP for its query/response messages. DNS queries are
typically small and require a quick response time, making UDP a suitable protocol for this application.
DHCP (Dynamic Host Configuration Protocol) uses UDP to dynamically assign IP addresses to
devices on a network. DHCP messages are typically small, and the delay caused by packet loss or
retransmission is generally not critical for this application.
Advantages of UDP:
1. Speed: UDP is faster than TCP because it does not have the overhead of establishing
a connection and ensuring reliable data delivery.
2. Lower latency: Since there is no connection establishment, there is lower latency and
faster response time.
3. Simplicity: UDP has a simpler protocol design than TCP, making it easier to
implement and manage.
4. Broadcast support: UDP supports broadcasting to multiple recipients, making it useful
for applications such as video streaming and online gaming.
5. Smaller packet size: UDP uses smaller packet sizes than TCP, which can reduce
network congestion and improve overall network performance.
Disadvantages of UDP:
1) No reliability: UDP does not guarantee delivery of packets or order of delivery, which
can lead to missing or duplicate data.
2) No congestion control: UDP does not have congestion control, which means that it
can send packets at a rate that can cause network congestion.
3) No flow control: UDP does not have flow control, which means that it can overwhelm
the receiver with packets that it cannot handle.
4) Vulnerable to attacks: UDP is vulnerable to denial-of-service attacks, where an
attacker can flood a network with UDP packets, overwhelming the network and
causing it to crash.
5) Limited use cases: UDP is not suitable for applications that require reliable data
delivery, such as email or file transfers, and is better suited for applications that can
tolerate some data loss, such as video streaming or online gaming.
OSI represents Open System Interconnection. TCP/IP model represents the Transmission
Control Protocol / Internet Protocol.
OSI is a generic, protocol independent standard. It TCP/IP model depends on standard protocols
is acting as an interaction gateway between the about which the computer network has created. A
network and the final-user. connection protocol assigns the network of hosts
over the internet.
The OSI model was developed first, and then The protocols were created first and then built the
protocols were created to fit the network TCP/IP model.
architecture’s needs.
The OSI model represents defines administration, It does not mention the services, interfaces, and
interfaces and conventions. It describes clearly, protocols.
which layer provides services.
The protocols of the OSI model are better unseen The TCP/IP model protocols are not hidden, and
and can be returned with another appropriate we cannot fit a new protocol stack in it.
protocol quickly.
The smallest size of the OSI header is 5 bytes. The smallest size of the TCP/IP header is 20
bytes.
Protocols are unknown in the OSI model and are In TCP/IP, returning protocol is not difficult.
returned while the technology modifies.
Devices:
1. Hub, a distributor that has a lot of ports, which connected to computers.
2. Switches, like a hub but it transmit packets to it destination
3. Bridge, it is used to connect two similar LANs.
4. Routers: A router is a device that connects two or more packet-switched networks or subnetworks. It serves two
primary functions: managing traffic between these networks by forwarding data packets to their intended IP
addresses, and allowing multiple devices to use the same Internet connection. It chooses the best path to
transmit the packet.
5. Gateway, it is use to connect two deferent LANs and connect different application protocols.
6. Repeaters, repeats signals that travels via long distance
Parts of IPv4:
Network part:
The network part indicates the distinctive variety that is appointed to the network. The network part
conjointly identifies the category of the network that is assigned.
Host Part:
The host part uniquely identifies the machine on your network. This part of the IPv4 address is assigned to
every host.
For each host on the network, the network part is the same, however, the host half must vary.
Subnet number:
This is the nonobligatory part of IPv4. Local networks that have massive numbers of hosts are divided into
subnets and subnet numbers are appointed to that.
Characteristics of IPv4:
IPv4 could be a 32-Bit IP Address.
IPv4 could be a numeric address, and its bits are separated by a dot.
The number of header fields is twelve and the length of the header field is twenty.
It has Unicast, broadcast, and multicast style of addresses.
IPv4 supports VLSM (Virtual Length Subnet Mask).
IPv4 uses the Post Address Resolution Protocol to map to the MAC address.
RIP may be a routing protocol supported by the routed daemon.
Networks ought to be designed either manually or with DHCP.
Packet fragmentation permits from routers and causing host.
Advantages of IPv4
IPv4 security permits encryption to keep up privacy and security.
IPV4 network allocation is significant and presently has quite 85000 practical routers.
It becomes easy to attach multiple devices across an outsized network while not NAT.
This is a model of communication so provides quality service also as economical knowledge transfer.
IPV4 addresses are redefined and permit flawless encoding.
Routing is a lot of scalable and economical as a result of addressing is collective more effectively.
Data communication across the network becomes a lot of specific in multicast organizations.
Limits net growth for existing users and hinders the use of the net for brand new users.
Internet Routing is inefficient in IPv4.
IPv4 has high System Management prices and it is labor-intensive, complex, slow & frequent to
errors.
Security features are nonobligatory.
Difficult to feature support for future desires as a result of adding it on is extremely high overhead
since it hinders the flexibility to attach everything over IP.
Limitations of IPv4
IP relies on network layer addresses to identify end-points on network, and each network has a unique IP
address.
The world’s supply of unique IP addresses is dwindling, and they might eventually run out theoretically.
If there are multiple host, we need IP addresses of next class.
Complex host and routing configuration, non-hierarchical addressing, difficult to re-numbering addresses,
large routing tables, non-trivial implementations in providing security, QoS (Quality of Service), mobility and
multi-homing, multicasting etc. are the big limitation of IPv4 so that’s why IPv6 came into the picture.
Note: IPv6 support a theoretical maximum of 340, 282, 366, 920, 938, 463, 463, 374, 607, 431, 768, 211, 456.
To keep it straightforward, we will never run out of IP addresses again.
Advantages of IPv6
Reliability
Faster Speeds: IPv6 supports multicast rather than broadcast in IPv4.This feature allows bandwidth-intensive
packet flows (like multimedia streams) to be sent to multiple destinations all at once.
Stronger Security: IP Security, which provides confidentiality, and data integrity, is embedded into IPv6.
Routing efficiency
Most importantly, it is the final solution for growing nodes in Global-network.
Disadvantages of IPv6
Conversion: Due to widespread present usage of IPv4 it will take a long period to completely shift to IPv6.
Communication: IPv4 and IPv6 machines cannot communicate directly with each other. They need an
intermediate technology to make that possible.
Open Command Draft and Check your IP by suing IPConfig and then check existing IP by
Ping command and put IP.
DHCP may be used on a variety of networks, from small home networks to big university networks and regional
ISP networks. DHCP server capability is available on many routers and residential gateways.
Differences:
S.NO DNS DHCP
In DNS, with the help of DNS server, domain While in DHCP, DHCP server is
5. names are translated into IP addresses and IP used to configures the hosts
addresses are translated into domain names. mechanically.
Ethical Hacking:-
Hacking is an authorized practice of bypassing system security to identify potential data breaches and threats in
a network. The company that owns the system or network allows Cyber Security experts to perform such
activities in order to test the system’s defenses. Thus, unlike malicious hacking, this process is planned,
approved, and more importantly, legal.
Terminologies:
Attack:
An attack is an action that is done on a system to get its access and extract sensitive data.
Vulnerability:
A vulnerability in security refers to a weakness or opportunity in an information system that cybercriminals can
exploit and gain unauthorized access to a computer system. Vulnerabilities weaken systems and open the door
to malicious attacks.
Weakness in a system e.g.: in hardware or software
Exploit:
An exploit is a software tool that takes advantage of a vulnerability in a computer system for malicious purposes
such as installing malware.
A method to intrude or penetrate in a system.
Payload:
Malicious code inside the exploit is called payload.
Malware:
Malware is malicious (intent ended to do harm) software which when enters the target host, gives an attacker
full or limited control over the target.
Backdoor:
A back door, or trap door, is a hidden entry to a computing device or software that bypasses security measures,
such as logins and password protections.
Hack value:
The notion among hackers that something is worth doing. It is the reputation of the hackers (i.e.) how good he is
in hacking
Firewall:
A firewall is a network security device that monitors traffic to or from your network. It allows or blocks traffic
based on a defined set of security rules
1. Reconnaissance:
Reconnaissance, also known as the preparatory phase, is where the hacker gathers information about a target
before launching an attack and is completed in phases prior to exploiting system vulnerabilities. One of the first
phases of Reconnaissance is dumpster diving?
It is during this phase that the hacker finds valuable information such as old passwords, names of important
employees (such as the head of the network department), and performs an active reconnaissance to know how
the organization functions.
As a next step, the hacker completes a process called foot printing to collect data on the security posture,
reduces the focus area such as finding out specific IP addresses, identifies vulnerabilities within the target
system, and finally draws a network map to know exactly how the network infrastructure works to break into it
easily. Foot printing provides important information such as the domain name, TCP and UDP services, system
names, and passwords.
There are also other ways to do foot printing, including impersonating a website by mirroring it, using search
engines to find information about the organization, and even using the information of current employees for
impersonation.
Active: Directly interacting with the target to gather information about the target. Eg Using Nmap tool to scan
the target
Passive: Trying to collect the information about the target without directly accessing the target. This involves
collecting information from social media, public websites etc.
2. Scanning:
Three types of scanning are involved:
Port scanning: This phase involves scanning the target for the information like open ports, live systems, and
various services running on the host.
Vulnerability Scanning: Checking the target for weaknesses or vulnerabilities, which can be exploited. Usually
done with help of automated tools
Network Mapping: Finding the topology of network, routers, firewalls servers if any, and host information and
drawing a network diagram with the available information. This map may serve as a valuable piece of
information throughout the hacking process.
3. Gaining Access:
In this phase, the hacker designs the blueprint of the network of the target with the help of data collected during
Phase 1 and Phase 2. The hacker has finished enumerating and scanning the network and now decides that they
have some options to gain access to the network.
For example, say a hacker chooses a Phishing Attack. The hacker decides to play it safe and use a simple phishing
attack to gain access. The hacker decides to infiltrate the IT department. They see that there have been some
recent hires and they are likely not up to speed on the procedures yet. A phishing email will be sent using the
CTO’s actual email address using a program and sent out to the techs.
The email contains a phishing website that will collect their login and passwords. Using any number of options
(phone app, website email spoofing, Zmail, etc.) the hacker sends an email asking the users to log in to a new
Google portal with their credentials. They already have the Social Engineering Toolkit running and have sent an
email with the server address to the users masking it with a bitly or tinyurl.
4. Maintaining Access:
Once a hacker has gained access, they want to keep that access for future exploitation and attacks. Once the
hacker owns the system, they can use it as a base to launch additional attacks.
In this case, the owned system is sometimes referred to as a zombie system. Now that the hacker has multiple e-
mail accounts, the hacker begins to test the accounts on the domain. The hacker from this point creates a new
administrator account for themselves based on the naming structure and tries and blends in. As a precaution,
the hacker begins to look for and identify accounts that have not been used for a long time. The hacker assumes
that these accounts are likely either forgotten or not used so they change the password and elevate privileges to
an administrator as a secondary account in order to maintain access to the network.
The hacker may also send out emails to other users with an exploited file such as a PDF with a reverse shell in
order to extend their possible access. No overt exploitation or attacks will occur at this time. If there is no
evidence of detection, a waiting game is played letting the victim think that nothing was disturbed. With access
to an IT account, the hacker begins to make copies of all emails, appointments, contacts, instant messages and
files to be sorted through and used later.
Phase 1: Reconnaissance:
During the Reconnaissance phase, a malicious actor identifies a target and explores vulnerabilities and
weaknesses that can be exploited within the network. As part of this process, the attacker may harvest login
credentials or gather other information, such as email addresses, user IDs, physical locations, software
applications and operating system details, all of which may be useful in phishing or spoofing attacks.
Generally speaking, the more information the attacker is able to gather during the Reconnaissance phase, the
more sophisticated and convincing the attack will be and, hence, the higher the likelihood of success.
Intelligence Gathering
Target Selection
Open Source Intelligence (OSINT)
Covert Gathering
Foot printing
Intelligence Gathering:
Intelligence collection involves finding, selecting, and acquiring information from publicly available sources and
analyzing it to produce actionable intelligence. An intelligence-gathering network is a system through which
information about a particular entity is collected for the benefit of another through the use of more than one,
inter-related source. Such information may be gathered by a military intelligence, government intelligence, or
commercial intelligence network.
Target Selection:
• Identification and Naming of Target
• Consider any Rules of Engagement limitations
• Check your Ethics
• Size of the company and revenue
• Consider end goal
• Politics
Covert Gathering:
• Covert means not getting caught. In the reconnaissance phase this is gathering open source information about a
target, or searching for a target anonymously.
Foot printing:
• The process of accumulating data regarding a specific network environment, usually for the purpose of finding
ways to intrude into the environment. This information can be open source or from direct inspection.
Phase 2: Weaponization:
During the Weaponization phase, the attacker creates an attack vector, such as remote access malware,
ransomware, virus or worm that can exploit a known vulnerability. During this phase, the attacker may also set
up back doors so that they can continue to access to the system if their original point of entry is identified and
closed by network administrators.
Phase 3: Delivery:
In the Delivery step, the intruder launches the attack. The specific steps taken will depend on the type of attack
they intend to carry out. For example, the attacker may send email attachments or a malicious link to spur user
activity to advance the plan.
This activity may be combined with social engineering techniques to increase the effectiveness of the campaign.
Phase 4: Exploitation:
Exploitation is the stage that follows delivery and weaponization. In the exploitation step of the Cyber Kill Chain,
attackers take advantage of the vulnerabilities they have discovered in previous stages to further infiltrate a
target’s network and achieve their objectives. In this process, cybercriminals often move laterally across a
network to reach their targets. Exploitation can sometimes lead attackers to their targets if those responsible for
the network have not deployed deception measures.
Phase 5: Installation:
After cybercriminals have exploited their target’s vulnerabilities to gain access to a network, they begin the
installation stage of the Cyber Kill Chain: attempting to install malware and other cyber weapons onto the target
network to take control of its systems and exfiltrate valuable data. In this step, cybercriminals may install cyber
weapons and malware using Trojan horses, backdoors, or command-line interfaces.
• Developed in 2013, the MITRE ATT&CK Framework uses real-world observations to documents specific attack
methods, tactics, and techniques. As new vulnerabilities and attack surfaces come to light, they are added to the
ATT&CK framework, which thus is constantly evolving. In the past few years, the MITRE ATT&CK framework and
its matrices have become an industry standard for both knowledge and remediation tools regarding attacker
behavior.
1. Reconnaissance: gathering information to plan future adversary operations, i.e., information about the target
organization
2. Resource Development: establishing resources to support operations, i.e., setting up command and control
infrastructure
3. Initial Access: trying to get into your network, i.e., spear phishing
4. Execution: trying the run malicious code, i.e., running a remote access tool
5. Persistence: trying to maintain their foothold, i.e., changing configurations
6. Privilege Escalation: trying to gain higher-level permissions, i.e., leveraging a vulnerability to elevate access
7. Defense Evasion: trying to avoid being detected, i.e., using trusted processes to hide malware
8. Credential Access: stealing accounts names and passwords, i.e., keylogging
9. Discovery: trying to figure out your environment, i.e., exploring what they can control
10. Lateral Movement: moving through your environment, i.e., using legitimate credentials to pivot through
multiple systems
11. Collection: gathering data of interest to the adversary goal, i.e., accessing data in cloud storage
12. Command and Control: communicating with compromised systems to control them, i.e., mimicking normal web
traffic to communicate with a victim network
13. Exfiltration: stealing data, i.e., transfer data to cloud account
14. Impact: manipulate, interrupt, or destroy systems and data, i.e., encrypting data with ransomware
• Within each tactic of the MITRE ATT&CK matrix there are adversary techniques, which describe the actual
activity carried out by the adversary. Some techniques have sub-techniques that explain how an adversary
carries out a specific technique in greater detail.
Module 2
Information Gathering
Passive Information Gathering:
DNS Info:
Tech Info:
Cache Info:
Google Dorks:
Employee Emails:
Sub Domain
Metadata
DMZ (Demilitarized zone)
DNS Info:
Search DNS Lookup on google
https://www.digitalocean.com/
https://www.whatismyip.com/
https://dnschecker.org/
https://who.is/
https://sitereport.netcraft.com/
And many more
RIR (Regional Internet Registries):
There are five Regional Internet Registries (RIRs) in the world. RIRs manage, distribute, and register Internet
number resources (IPv4 and IPv6 address space and Autonomous System (AS) Numbers) within their respective
regions.
Technology Info:
Use https://www.wappalyzer.com/ to get Technology info of the website
Cache Info:
Use Way back Machine https://archive.org/ to get the history/Geography of the websites.
Google Dorks:
Google dorking, also called Google hacking, is a search-hacking technique that uses advanced search queries to
uncover hidden information in Google. Google dorks, or Google hacks, refer to the specific search commands
(including special parameters and search operators) that when entered into the Google search bar reveal hidden
parts of websites.
When Google crawls the web to index pages for its search engine, it can see parts of websites that normal
internet users can’t. Google dorks and Google hacks uncover some of that hidden data, letting you see
information that organizations, companies, and website owners may not want you to see.
A simple example of an advanced search query is the use of quotation marks. Using quotation marks in searches
gives you a list of results that includes web pages where the complete phrase is used, rather than some
combination (complete or incomplete) of the individual words you entered into the search field.
There are many more types of Google hacks using advanced search queries, but their technical explanations
don’t actually get much more complicated than that. Their power lies in the ability to use them creatively.
2. Intitle:
Using “intitle:” asks Google to search only for pages with that specific text in their HTML pages titles.
3. Inurl:
Using “inurl:” will search only for pages with that specific text in their URL.
4. Filetype or ext:
Using “filetype:” or “ext:” will narrow your search to the specific file type mentioned.
5. Intext:
Using “intext:” in a search query will search only for the supplied keywords. In the example below, all results
listed will have the quoted text somewhere on the page.
To use Old theHarvester go to download directory/download Path Over there open theHarvester
Use LS command to view Directories
Use python3 theHarvester.py –h to view Old Havester – Now we will have theHarvester.py – google,
linkedin, etc
Use python3 theHarvester.py -d facebook.com -l 200 -b google
Subfinder – Subdomain
Use subfinder -h to view uses of it
Usage of subfinder:
Metadata
Metadata means "data about data". Metadata is defined as the data providing information about one or more
aspects of the data; it is used to summarize basic information about data that can make tracking and working
with specific data easier.
Metadata is often used to describe information about the file, such as its author and creation date. It can also
include other data, including keywords and ratings. Metadata helps users find files they are looking for and make
decisions about which ones to use. Metadata is often used to describe the contents of a file.
Information gathering: This is the very first and very essential phase of any security assessment project. The
focus is on collecting as much information as possible related to the target. Success of any Pentest highly relies
on the information gathering phase as it the information collected during this phase that is leveraged in later
stages for the purpose of intrusion. The task of gathering the information can be done utilizing various methods
such as OSINT (Open Source Intelligence) tools eg. Search Engines, scanners, fingerprinting tools (active and
passive) etc.
OSINT (Open Source Intelligence): Open Source Intelligence implicates finding, selecting and procuring
information from the sources which are publicly available. This information can be exploited to harvest acumen
based on which critical decisions can be taken. Open source intelligence can be collected from variety of sources
such as Newspapers; Web based content; Public documents etc. From Cyber security point of view it is mostly
the web based content that is the main source of open source intelligence. The advantage of open source
intelligence is that it is present in the public domain and hence it is easy to access. It is a very crucial part of the
information gathering phase of security testing.
Metagoofil: Metagoofil is a linux based tool developed in python which extracts metadata from public
documents which are available on the target website(s). Metagoofil supports different document types like df,
doc, xls, ppt, odp, ods, docx, xlsx, pptx. The tool utilizes different python libraries like GoogleSearch, Hachoir,
PdfMiner etc. for the purpose of locating the files and extracting metadata. The output of the tool is displayed as
a report in HTML format, which can be easily viewed on a browser.
Metagoofil – Kali
Use metagoofil –h to view usage of it
Use this way to get data from any website metagoofil -d intellipaat.com -l 30 -t
doc,pdf,xls -n 30
DMZ (Demilitarized zones)
Demilitarized zones, or DMZ for short, are used in cybersecurity. DMZs separate internal networks from the
internet and are often found on corporate networks. A DMZ is typically created on a company’s internal network
to isolate the company from external threats. While the name might sound negative, a DMZ can be a helpful tool
for network security.
The DMZ is a network barrier between the trusted and untrusted network in a company’s private and public
network. The DMZ acts as a protection layer through which outside users cannot access the company’s data.
DMZ receives requests from outside users or public networks to access the information, website of a company.
For such type of request, DMZ arranges sessions on the public network. It cannot initiate a session on the private
network. If anyone tries to perform malicious activity on DMZ, the web pages are corrupted, but other
information remains safe.
The goal of DMZ is to provide access to the untrusted network by ensuring the security of the private network.
DMZ is not mandatory, but a better approach to use it with a firewall.
Advantages Disadvantages
It provides access to external users by securing the Various vulnerabilities can be found in DMZ
internal sensitive network. System’s services.
DMZ enables web server, email servers etc. to be The data provided on a public network to the
accessible on the internet simultaneously protecting it external networks can be leaked or
with a firewall. replicated.
Key features:
A DMZ provides a buffer from the outside world for your computer systems. When you create a network, you
must decide where your computer systems will reside.
Creating a buffer zone between your systems and the internet allows you to function normally without being
susceptible to external attacks. Keeping your internal systems inside a DMZ also makes it difficult for hackers to
steal data or cause disruptions on company networks. For this reason, most organizations use a DMZ when
creating secure computer systems.
A DMZ provides a target for ethical hackers. Hackers often seek out companies with weak computer security;
this is why many organizations use a DMZ to protect their internal systems.
Companies that have strong security measures typically don’t create vulnerabilities in their networks by
demilitarizing zones on their own computers or in their IT environments.
The DMZ makes it easy for ethical hackers to find vulnerabilities and gain access to designated targets once
they’re inside the buffer zone. By knowing which systems have weak security and then targeting them, ethical
hackers can perform necessary maintenance without damaging company networks further.
Entities:
Entities are “bits of information” that we have obtained from a data source.
The above example from Maltego’s docs shows some basic Entity types available in Maltego: a physical location,
a website, a company name, an email address, a person’s name and a telephone number. It is possible to create
custom Entities
Transforms:
A Transform is “the bit of code that generates some information based on a bit of information we already have…
[T]he process of executing the code that generates more Entities [is known] as ‘Running a Transform’
Example: Open Maltego in Kali – Click on New and Paste Website URL