Mark's Hive

Introduction to Networking (1)

May 9, 2020

 What I cannot create, I do not understand.
 - Richard Feynman

Table of Contents

  1. Introduction
  2. Layers
    1. Physical Layer
    2. Data Link Layer
    3. Network Layer
    4. Transport Layer
  3. Unwrapping Layers
  4. ARP Cache Poisoning
  5. Pseudo Port

These are notes for the series - "HydPy meetup on networking" and hence are a supplementary read discussing only the essentials.

1. Introduction -

When you look at this blog you look at human readable text and interpretable images. For these human interpretable structures to reach you there is a vast complex constant communication going on between machines. At the base level all these structures are streams of bits travelling through cables. The protocols which engage in the formation and extraction of data streams travelling through cables to the interpretable structures you are looking at right now (for instance) were created by International Organization for Standardization (ISO) named OSI or Open systems interconnections model.

OSI model

OSI model

From sender to receiver the data makes its way up the OSI model from layer 1 to 7 at receiver’s end and vica versa. Along this process it keeps enveloping itself with the header of each layer.

We are going to discuss and work our way up to transport layer of OSI model. Theoretically discussing about each protocol and why it is the way it is.

  1. Physical layer
  2. Data Link layer
  3. Network Layer
  4. Transport Layer

(TALK NOTES) - An analogy will help along the way - consider a hypothetical scenario where you need to connect two individuals living in their houses.

2. Layers -

2.1 Physical Layer -

This layer transmits raw stream of bits / the lowest level of data format between different machines across the globe. The transmission of these bits can be through various media for instance coaxial cables, fibre optics and even radio-waves. Also known as hardware layer.

(TALK NOTES) - This layer acts as the “cable” connecting the houses.

2.2 Data Link Layer -

This layer actually directs the data from layer 1 to the specific node(s) for which it was intended along with other basic checks of error correction. The most important information this layers adds is the hardware address (aka mac address which is hard coded in the NIC) of the receiving and sending node(s) to the header.

Eg. of MAC address - ab:cd:ef:12:34:56 (6 bytes in size)

Common protocols of this layer - ARP, Ethernet

(TALK NOTES) - This layers provides information about the SSN (a static identity) of the individuals.

ether header

Ethernet header

ARP protocol - Address resolution protocol resolves the IP address to it’s corresponding hardware address, for this to happen each device has its own hardware address : ip address mapping which is called ARP table. which looks something like

$ > arp -a # lists the arp table on *nix machines.
_gateway (192.168.0.12) at 16:4e:12:1f:3s:2d [ether] on eth0
? (192.168.0.187) at 12:d4:af:1a:23:11 [ether] on eth0

this resolution takes place when you try to communicate with an IP in your network with something as light as a ping.

2.3 Network Layer -

This layer routes the packet from the source address to target address following the shortest path, defining address of each node. IP address have an edge over hardware addresses as IP addresses are disposable, provides information about the network you are part of, geographic location etc.

Other uses involves specifying the protocol of next layer - transport layer (eg. UDP, TCP)

ether header 

struct iphdr_ {
#if __BYTE_ORDER == __LITTLE_ENDIAN 
    unsigned int ihl:4; 
    unsigned int version:4;
#elif __BYTE_ORDER == __BIG_ENDIAN 
    unsigned int version:4; 
    unsigned int ihl:4;
#else 
# error "Please fix <bits/endian.h>" 
#endif 
    u_int8_t tos; 
    u_int16_t tot_len; 
    u_int16_t id;
    u_int16_t frag_off; 
    u_int8_t ttl; 
    u_int8_t protocol; 
    u_int16_t check; 
    struct in_addr saddr; 
    struct in_addr daddr; 
};

(TALK NOTES) - This layer adds the residence address (temporary address) aka ip address of the individuals.

2.4 Transport Layer -

This layer provides end to end transfer of data, establishes connection between two nodes (unlike lower layers which aids in establishing connection), acknowledge the success of data transmission and send the data again in case of error.

Details of TCP (transfer control protocol) -

ether header 

struct tcphdr
  {
    __extension__ union
    {
      struct
      {
	uint16_t th_sport;	/* source port */
	uint16_t th_dport;	/* destination port */
	tcp_seq th_seq;		/* sequence number */
	tcp_seq th_ack;		/* acknowledgement number */
# if __BYTE_ORDER == __LITTLE_ENDIAN
	uint8_t th_x2:4;	/* (unused) */
	uint8_t th_off:4;	/* data offset */
# endif
# if __BYTE_ORDER == __BIG_ENDIAN
	uint8_t th_off:4;	/* data offset */
	uint8_t th_x2:4;	/* (unused) */
# endif
	uint8_t th_flags;
# define TH_FIN	0x01
# define TH_SYN	0x02
# define TH_RST	0x04
# define TH_PUSH	0x08
# define TH_ACK	0x10
# define TH_URG	0x20
	uint16_t th_win;	/* window */
	uint16_t th_sum;	/* checksum */
	uint16_t th_urp;	/* urgent pointer */
      };

The total available ports on a machine are 2^16 -1, so it can handle these many connections at once.
Common ports -

  • 22 - ssh
  • 80 - http
  • 443 - https

Three way handshake

Three way handshaking is used by two machines to establish connection using TCP.

  1. The client sends a sequence number (a random number to initialise connection) to the server.
  2. The server in turn sends its own sequence number and the client’s sequence number + 1 as acknowledgement number.
  3. The client responds back with the server’s sequence number.

This drill synchronises server and client with each other’s sequence numbers, in further communication the machines will expect for the other machines sequence number + 1 to align packets in order.

Three way handshake

(TALK NOTES) - This layer connects two specific doors aka ports (from multiple doors) of the two houses.

How structures are laid out in the memory, explain datatypes like unsigned

3 Unwrapping Layers -

This layer routes the packet from the source address to target address following the shortest path, defining address of each node. IP address have an edge over hardware addresses as IP addresses are disposable, provides information about the network you are part of, geographic location etc.

unwrap_pack.cpp

4 ARP Cache Poisoning -

This layer routes the packet from the source address to target address following the shortest path, defining address of each node. IP address have an edge over hardware addresses as IP addresses are disposable, provides information about the network you are part of, geographic location etc.

arply.cpp

5 Pseudo Port -

This layer routes the packet from the source address to target address following the shortest path, defining address of each node. IP address have an edge over hardware addresses as IP addresses are disposable, provides information about the network you are part of, geographic location etc.

pseudo_port.cpp

https://whofi.com/blog/technical-info/why-do-computers-need-both-mac-addresses-and-ip-addresses/

MAC ID of a server AKA website, server crashed, get new messed. IP addr tells what network you are part of.