Network Security - MOD1 (I)

MODULE 1: INTRODUCTION TO NETWORKS

Network traffic

Computer network traffic is the data that is transmitted to or from a computer system via a
transmission media. Network traffic is usually encapsulated within entities called as packets. An
analysis of the network performance can be performed using the network traffic. While analysing
the network performance of the network, a network administrator could find the latency in the
network, the bandwidth utilisation, throughput, the upload and download speeds, etc. This is useful
when trying to upgrade the network.

Any malicious activities can also be discovered by analysing the network traffic, and the source of
a network-based cyber-attack, such as a Denial-of-Service attack, can also be found out by the
analysis.

A computer network comprises of nodes and links. A node is a device that is connected to the
network, such as a printer, workstation, switch, etc. A link is the communications path that two
nodes use to communicate with each other.

To understand the concept of network traffic here are some of the eBooks: -

• Network analysis with open source packet analyser
• Packet Capture & Traffic Analysis with Wireshark

Protocols

The communication that occurs between two communicating devices is controlled by specific
rulesets called protocols. These rulesets specify how the communication will actually take place
between the two communicating devices. An example of a protocol is the DNS protocol which
controls all the DNS transactions that occur between client systems and name servers to help the
client in resolving a particular fully qualified domain name to its related IP address.

A reference model, such as the OSI model, is used to design various protocols for data
communication over a network by two communicating devices.

• Protocol semantic: this lays out which object will perform what activities whenever an
event occurs.

• Roles: recovery and error detection, flow and sequence control, routing and addressing of
messages, etc.

• Request For Comments (RFC): these documents provide information about a protocol's
specifications as laid out by the organisation or the individual author who created the
document. An example of a protocol RFC is RFC 883 that provides information about the
implementation of the Domain Name System (DNS).

• Protocol syntax: this specifies the format and the type of information that is exchanged by
the systems.

The IP protocol

In the computer networking world, the devices that use the IP protocol for communication are
identified by an IP address or Internet Protocol address. It is a logical address that can be used for
end-to-end communications over a network or across different networks. An IP address consists
of four fields which are also referred to as octets. There are two main functions of an IP address:

• Location addressing
• Interface identification of networks and hosts

There are different classes of IP addresses that have different IP address ranges and different subnet
masks related to those addresses. Below is an example of a network using IP addresses to identify
the devices connected to the network:

In the OSI model, while sending data, every entity that lies in a particular network layer will
transfer data only to an entity that lies in the layer below it. For example, while sending data, the
router that operates in the network layer will transmit the data onto the switch that operates in the
data-link layer that lies below the network layer while going from top to bottom in the OSI model.

When receiving data, it works in the opposite way. An entity present in a specific layer sends data
to another entity that is present in a layer that is above it. For example, a switch that operates in
the data-link layer will transfer the data to a router that operates in the network layer that lies above
the data-link layer while going from bottom to top in the OSI model.

The data is exchanged inside containers that are called Packet Data Units or PDUs. While sending
data, every layer adds its own header and trailer to the PDU, and while receiving data, each layer
removes its header and the trailer.
Transmission Control Protocol (TCP)
The TCP protocol is a connection-oriented protocol that can be used for the reliable delivery of
data between two communicating devices. TCP does so by providing:

• Retransmission of data packets
• In-order packet delivery
• Detection of errors

The bytes of data are sent and received in the form of a stream when TCP is in use. The size is
limited to 64 Kb when the IP protocol is being used by the network layer. A large amount of data
can be sent by using TCP as it breaks the data into smaller data streams, and then further breaks
those data streams into IP packets. By using sequences and sequence acknowledgment numbers,
TCP numbers the packets, and then uses those numbers to reassemble the data when it is received.

Port number are also specified by the TCP protocol to enhance the functioning of the Internet
Protocol. Each machine can communicate with each other using any of the available 65535 ports
used in conjunction with the IP addresses of the machines. Together, the port and the IP address
make up a socket. An example of a port is port 53, which is used by DNS. Every port can use
either TCP or UDP or both.

User Datagram Protocol (UDP)
The User Datagram Protocol is a connectionless protocol that is present in the Transport layer. It
has a 64 Kb packet-size limit, and also has various ports associated with it. UDP does not make
sure whether the data that was sent actually reached the destination or not. Hence, it is only good
when sending data that is not large in size and when it is to be sent continuously like in a video
streaming website. Errors cannot be detected when UDP is being used for communication. There
is one advantage of UDP, which is that data transmission becomes a very fast process.

Some of the application-level protocols that applications present on computer systems can use for
sending data to another application present on the receiving system are as follows:

• Network News Transfer Protocol or NNTP: netnews can be transmitted among various
news servers using this protocol.

• Simple Network Management Protocol or SNMP: the network devices connected to a
network can be managed via this protocol and the information regarding their current
statistics can also be found out.

• Secure Shell or SSH: this protocol can be used to securely connect to a remote host.
• File Transfer Protocol or FTP: it is mainly used for transferring files from one host to

the other.
• Simple Mail Transfer Protocol or SMTP: this protocol is used for sending and receiving

emails.