Category Archives: CYBER SECURITY

Common Network Analysis Tool For Cyber Security Analysts

Common Network Analysis Tool For Cyber Security Analysts

Leave a reply

A SOC relies on a supporting infrastructure of tools and systems that provide the following services:

  • Network mapping
  • Network monitoring
  • Vulnerability detection
  • Penetration testing
  • Data collection
  • Threat and anomaly detection
  • Data aggregation and correlation

 

One tool that is used by analysts in a SOC is Security Onion.

Security Onion is intended to support SOC analysts with a suite of tools for network security monitoring, including intrusion detection, network security monitoring, and log management. The Security Onion distribution is based on the Ubuntu Linux operating system and contains several useful security tools that are designed to provide four core network security-monitoring functions as follows:

  • Full packet capture
  • Network-based and host-based intrusion detection sensors
  • Security analysis tools
  • Log management

The Enterprise Log Search and Archive (ELSA) version of Security Onion is composed of the following tools:

#1 ELSA

ELSA is a centralized syslog framework that is built on Syslog-NG, MySQL, and Sphinx full-text search. It provides a fully asynchronous web-based query interface that normalizes logs and makes searching billions of them for arbitrary strings as easy as searching the web. It also includes tools for assigning permissions for viewing the logs, email-based alerts, scheduled queries, and graphing.

#2 Snort

 An open source, rules-driven network intrusion detection system (NIDS) and network intrusion prevention system (NIPS) developed by Cisco (Sourcefire). It performs real-time threat detection and generates alerts when threats are detected. The NIPS inline mode is not supported within Security Onion.

#3 Suricata

 A script-driven NIDS and NIPS threat detection engine for analyzing traffic and generating alerts. NIPS inline mode is not supported within Security Onion.

#4 Zeek (Bro)

A packet recorder and protocol parsing engine that is commonly used to analyze network traffic to detect behavioral anomalies.

#5 Traffic logging

Traffic captured by means of SPAN, a TAP port, or a packet broker. Traffic logging generates comprehensive, protocol-specific traffic logs for more than 35 network protocols and application layer analyzers, including HTTP, DNS FTP, and SMTP.

#6 Automated analysis

Traffic analysis that uses Bro scripts.

#7 File extraction

Extracts and reassembles various file types directly off the wire.

#8 Wazuh (OSSEC)

Host-based intrusion detection system (HIDS) that replaced OSSEC and is used to monitor and defend Security Onion. Wazuh offers a lightweight monitoring agent that can be installed on network host devices and is supported on Windows, Linux, Mac OS X, HP-UX, AIX, and Solaris platforms.

#9 Netsniff-ng

Captures network traffic via SPAN, a TAP port, or packet broker in the form of PCAP files.

#10 Sysmon

Windows system service to monitor event log and system activity.

#11 Syslog-ng

 An enhanced BSD log daemon that can receive logs and collect inputs from a wide range of sources.

Network analyst tools

Provide packet capture and network traffic IP flow analytics capabilities that can be used to find anomalous network activity. The following popular network analyst tools are included within Security Onion:

#1 Wireshark

 Network protocol analyzer

#2 Sguil

Sguil (pronounced “sgweel”) is built by network security analysts for network security analysts. Sguil’s main component is an intuitive GUI that provides access to real-time events, session data, and raw packet captures. Sguil facilitates the practice of Network Security Monitoring and event driven analysis.

#3 Squert

Squert is a web application that is used to query and view event data that is stored in a Sguil database (typically IDS alert data). Squert is a visual tool that attempts to provide additional context to events by using metadata, time series representations and weighted and logically grouped result sets.

#4 NetworkMiner

 Performs network traffic analysis for parsing PCAP files and extracting artifacts

#5 CyberChef

Web-based application for data manipulation

#6 CapME

Helps with analyzing PCAP transcripts and downloading captured PCAP files

The preceding tools are included in Security Onion to aid the SOC analyst in viewing network telemetry data and analyzing that data to determine if a network intrusion has occurred. For example, IDS alerts are generated from Snort or Suricata. A SOC analyst could use ELSA to query log data from other sources to validate alert messages that are from Snort. Sguil is a real-time event- and session-monitoring tool that displays data for a SOC analyst to interpret. These types of tools are used by security analysts to perform their jobs.

 

A newer release of Security Onion is called the Elastic Stack (ELK) version. It includes the following tools:

  • Elasticsearch: Ingest and index logs, large scalable search engine based on Apache Lucene
  • Logstash: Data ingestion engine, parsing, and format logs
  • Kibana: Web dashboard that offers visualizations of ingested log data and data exploration. (Kibana and Squert can pivot to CapMe to retrieve full packet captures.)
  • TheHIVE: Security incident response platform and case management system integrated with Malware Information Sharing Platform (MISP)
  • Elastic Beats: Lightweight data shipper server agent that sends specific types of operational data to Logstash and Elasticsearch
  • Curator: Manage indices through scheduled maintenance
  • ElastAlert: Query Elasticsearch and alert on user-defined anomalous behavior or other interesting bits of information
  • FreqServer: Detect DGAs and find random filenames, script names, process names, service names, workstation names, TLS certificate and issuer subjects, and so on.
  • DomainStats: Conducts whois lookups and provides info about a domain by providing additional context, such as creation time, age, reputation.

The following figure shows the relationship between the Security Onion 2 Elastic Stack components.

You might use other tools, besides Security Onion, such as the following:

  • Cisco Secure Network Analytics (formerly Stealthwatch): Displays distinct views of the IP flows traversing network devices that are configured to send NetFlow data to Cisco Secure Network Analytics. Cisco Secure Network Analytics uses NetFlow, IPFIX, and other types of network telemetry data to detect a wide range of threats such as advanced persistent threats (APT)s, distributed denial of service (DDoS) attacks, zero-day malware, and insider threats. Cisco Secure Network Analytics applies various behavior and policy-based algorithms to alarm SOC analysts about suspicious behavior on the network.
  • Cisco Secure Malware Analytics (formerly Threat Grid): A cloud-based malware analysis and threat intelligence sandbox solution. A SOC analyst can submit malware samples for analysis during an investigation. Secure Malware Analytics uses various static and dynamic analysis engines to dissect file behaviors to determine whether a file might be malicious. Cisco Secure Malware Analytics will search and correlate data elements of a single malware sample against millions of samples collected and sourced from around the world providing a global view of malware attacks and its association. Cisco Secure Malware Analytics is included as an integrated component of many Cisco Secure products.
  • Cisco SecureX platform: Connects the Cisco integrated security portfolio with the organization’s entire security infrastructure. The result is a consistent experience that unifies visibility and identifies unknown threats. It also enables automated workflows to strengthen security across the network, endpoint, cloud, and applications. Cisco SecureX is an open, cloud-native platform that is included with many Cisco Secure products. It provides a comprehensive user experience, aligns with products from more than 175 security technology providers, and offers more than 300 product-to-product integrations.
  • Penetration testing tools: The purpose of penetration testing is to actually exploit weaknesses. A penetration test simulates the actions of an attacker who aims to breach the information security of the organization. Using many tools and techniques, the penetration tester (ethical hacker) attempts to exploit critical systems and gain access to sensitive data. A vulnerability assessment is the process that looks for known vulnerabilities in the information systems and reports potential exposures. Penetration testing and vulnerability assessment are often incorrectly used interchangeably, which has created confusion for many enterprises.
  • Most organizations usually start with a vulnerability assessment, and act on its results to either eliminate those weaknesses or reduce them to an acceptable level of risk, and then perform a penetration test if they are confident in their improved security posture. Kali Linux contains many penetration testing tools from various niches of the security and forensics fields, tools such as Metasploit Framework, Armitage, and Social Engineer Toolkit (SET). The following figure shows an example of using Armitage to exploit the Apache Struts vulnerability to open a reverse connection to the vulnerable Apache server (192.168.1.107).

    In the following figure, the whoami command is issued after the reverse connection is established.

Security Information and Event Management

The primary purpose of a Security Information and Event Management (SIEM) in security operations is to collect and correlate logs to events that indicate malicious or suspicious actions in the network environment.

SIEM systems help SOC analysts by collecting all relevant security data into one place, correlating the data, alerting SOC analysts about anomalies, and enriching the data. Without SIEM systems, a security operations team would not be able to monitor hundreds, thousands, or millions of assets. A SIEM automates the collection, indexing, and alerting of data that is critical to SOC operations.

 

Although a SIEM is excellent for ingesting, processing, and storing large volumes of data, they fall short when the data must be interpreted in the context of the network environment. While some response actions can and should be automated, humans still need to interpret, analyze, and decide how a specific set of events impacts the environment.

 

Splunk Enterprise is a popular commercial SIEM product that offers several features including search, indexing, alters, pivot, reports, and data modeling.

 

Splunk Enterprise, with artificial intelligence and machine-learning capabilities, helps SOC analysts uncover the actionable insights from all the data, regardless of the format. The Splunk Enterprise environment can be customized to fit the specific needs of the organization by the use of apps.

 

An app is a collection of configurations, knowledge objects, views, and dashboards that run on the Splunk platform. Certain Cisco products support certain Splunk apps.

 

Do you enjoy this article, add Our Posts to your Reading List.

Action Point

PS: I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you could drop your comment. Thanks in anticipation.

Fact Check Policy

CRMNuggets is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

 

Become Part Of our Fan Base on Facebook. Click Here.
Follow Us on Twitter. Click Here.
Many Crypto. One place. Use Roqqu

Hi, I now use RavenBank to send, receive, and save money. I also pay my bills with ease, you should try it out too

 

OUR MISSION

To create well-reached content that will increase the intellectual prowess of our readers.

OUR VISION

To become a reference point in the blogging space by the year 2030. We want to be among the first 30 blogs in Nigeria.

Official Social Media Pages for crmnuggets.com

 

Join Our Telegram Channel: CRMNUGGETS

Twitter: @cehnigeria
​Facebook: @CRMNuggets
Instagram: @crmnigeriablog
Pinterest: CEHNIGERIA

Threads @crmnuggets

Fact Check Policy
Contact Us:

System Security Operations: Highlighting The Major Threats To Security Operations

Leave a reply

 

In my previous article, I have talked about some of the facts that you need to know about computer security awareness. In this article, I want to look at seven major threats to system security. Follow me as we are going to look at that together in this article.

Facts about System security…

There are some facts that you need to know about system security before I even start talking about some of these threats…

First and foremost, you need to understand that every system and operating systems are subject to security flaws. There will always be a loophole that hackers can capitalise on in order to attack systems and devices.

At times, software developers do not complete their work before they rush to market and this is what create lapses in their systems. That is why they always release patches in order to cover loopholes in their systems.

If you want to stay secure, there is a need for you to install the patches and stay secured. Although in my own part of the world, we are always conscious of data and bandwidth bit, all the same, patches need to be updated in order to stay secure.

You also need to make sure that security patches are applied in a timely manner. It takes just a second for hackers to wreak havoc and destroy sensitive data that you have stored on your devices.

The threats…

#1 Virus

This is a form of program that replicates itself by copying itself to other programs, system boot sectors or documents and alters or damages the computer files and applications.

#2 Worm

A worm is a self-replicating program that does not alter files but resides in the computer memory and replicate itself. This makes the disk to be filled more than the files and folders that are available on that memory.

#3 Backdoor

This is an unauthorized access point that is being created to access system files that are not known to other system users. One of the means of creating this unauthorised access is through a Guest account and other access that does not require passwords.

#4 Rootkit

A rootkit is a kind of program that gives toot level access to unauthorized users. When a system is attacked with a rootkit, an ordinary user will have administrative access and he will be able to do what an admin will be able to do.

#5 Trojan

A Trojan is a malicious program that looks legitimate but has bad intentions. Take for example you download free antivirus online but at the end of the data the anti-virus ended up stealing sensitive information from your device.

#6 Logic bomb

This is a program that is meant to launch a particular program that is meant to launch an attack at a particular time. For example, a program might be launched to release programs to steal 1BTC on Christmas day.

#7 Spyware

Spyware includes Trojans and other malicious software that steal personal information from the system without the user’s knowledge. A good example is Keylogger that can record keystrokes on users keyboard.

#8 Keylogger

A Keylogger is a hardware device or small software device that can record all keystrokes that are pressed on user’s keyboard.

#9 Password cracking

Password cracking is the process of identifying or recovering forgotten or unknown passwords. I will talk more about password recovery in my subsequent articles.

Do you enjoy this article, add Our Posts to your Reading List.

Action Point

PS: I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you could drop your comment. Thanks in anticipation.

Fact Check Policy

CRMNuggets is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

 

Become Part Of our Fan Base on Facebook. Click Here.
Follow Us on Twitter. Click Here.
Many Crypto. One place. Use Roqqu

Hi, I now use RavenBank to send, receive and save money. I also pay my bills with ease, you should try it out too

 

OUR MISSION

To create well-reached contents that will increase the intellectual prowess of our readers. 

OUR VISION

To become a reference point in the blogging space by the year 2030. We want to be among the first 30 blogs in Nigeria. 

Official Social Media Pages for crmnuggets.com

 

Join Our Telegram Channel: CRMNUGGETS

Twitter: @cehnigeria
​Facebook: @CRMNuggets
Instagram: @crmnigeriablog
Pinterest: CEHNIGERIA

Threads @crmnuggets

    
Fact Check Policy
Contact Us

Major Networking Basics: Understanding The Basic Facts

Leave a reply

 

In my previous article, I have talked about all that you need to know about networks. In this article, I want to talk about some of the network basics that you need to know as a network security expert. Follow me as we are going to look at that in this article.

Major Networking Basics

 

A network is simply a way for two or more devices to communicate and share resources.

On a physical level, it consists of all devices that you want to connect and the resources that you are going to use to connect them together.

Please note that individual devices can be connected using cables as a medium of connection. They can also be connected together through the use of wireless devices.

In order to connect multiple devices together, each device must be connected together using a device called a hub or a switch as a tool for such connection.

These hubs/switches must be connected together. In a larger network, each of the subnetworks is connected together by using a router as a mode of connection.

Basic network structures …

Connection points must exist between your network and the outside world. Also, a barrier will be set up between your network and the internet. This can be done with the use of a device called a firewall. Above all, the major purpose of a network is to have communication between a machine and other devices within and outside the network.

It should be established here that every path through which networks can communicate can also be an avenue to attack such networks.

The first line of defense that you have in order to prevent your network from being attacked or hijacked is to understand how a network works.

Also, network interface cards, routers, switches, and hubs are the fundamental physical pieces of a network. The way they are connected and the fact that they are used for communication is what is known as network architecture.

Do you enjoy this article, add Our Posts to your Reading List.

 

Fact Check Policy

CRMNuggetsis committed to fact-checking in a fair, transparent, and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

Become Part of our fan base onFacebook. Click Here.
Follow Us on Twitter.Click Here.
Many Crypto. One place. UseRoqqu

Hi, I now use RavenBank to send, receive, and save money. I also pay my bills with ease,you should try it out too

OUR MISSION

To create well-reached content that will increase the intellectual prowess of our readers.

OUR VISION

To become a reference point in the blogging space by the year 2030. We want to be among the first 30 blogs in Nigeria.

Official Social Media Pages for crmnuggets.com

To Get Email Updates when we post new content,Click Here.

Computer Security Awareness: Boosting The Performance Of Your Devices

Leave a reply

 

 

There is a saying that you cannot outgrow what you don’t know. The same thing applies to system security, you need to make a conscious effort to learn of you don’t want to fall, a victim.

 

In this article, I want to look at five benefits of computer security awareness ..Follow me as we are going to look at the benefits together on this article.

Now the benefits…

#1 little chances

The first thing is that if you are aware of all the precautions that you need to take in order to secure your devices and you are doing all you could to follow all the necessary precautions, it will reduce the rate of computer attacks that hackers can perpetrate on your device.

#2 Prevent the loss of information

If your re also security conscious at all times, you will be able to prevent loss of sensitive data and information to hackers.

Those who are not security conscious always feel that there is nothing they have that is of benefit to hackers. This also allows hackers to have unhindered access to their sensitive data and information.

 

#3 Man in the middle

Other benefits of having computer security awareness are that it will prevent you from being used as a medium of attack for others.

When you are security conscious, you will not be used as an avenue to steal vital information from others.

#4 Minimize physical damage

Also, when you have computing security knowledge, you will be able to minimise physical damages.

You will know some of the necessary precautions that you need to take in order to keep your computer and other devices secured. This will increase the lifespan of your devices.

#5 Protecting sensitive data 

Also, having a good computer awareness knowledge also assists every stakeholder to be more sensitive and work towards preventing sensitive data from falling into the hands of hackers.

Most at times, it might not even be outsiders bit individuals who want to exert revenge or those that have evil intentions. 

Do you enjoy this article, add Our Posts to your Reading List.

Probabilistic Analysis In Cyber Security: How To Determine The Likelihood Of Events

Leave a reply

Statistical techniques can be used to evaluate the risk that exploits will be successful in a given network. This type of analysis can help decision-makers to better evaluate the cost of mitigating a threat with the damage that an exploit could cause.
Two general approaches used to do this are deterministic and probabilistic analysis.
The deterministic analysis evaluates risk based on what is known about a vulnerability.
It assumes that for an exploit to be successful all prior steps in the exploit process must also be successful.
This type of risk analysis can only describe the worst case. However, many threat actors, although aware of the process to carry out an exploit, may lack the knowledge or expertise to successfully complete each step on the path to a successful exploit.
This can give the cybersecurity analyst an opportunity to detect the exploit and stop it before it proceeds any further.
The probabilistic analysis estimates the potential success of an exploit by estimating the likelihood that if one step in an exploit has successfully been completed that the next step will also be successful.
Probabilistic analysis is especially useful in real-time network security analysis in which numerous variables are at play and a given threat actor can make unknown decisions as an exploit is pursued.

 

The probabilistic analysis relies on statistical techniques that are designed to estimate the probability that an event will occur based on the likelihood that prior events will occur.
Using this type of analysis, the most likely paths that an exploit will take can be estimated and the attention of security personnel can be focused on preventing or detecting the most likely exploit.
In a deterministic analysis, all of the information to accomplish an exploit is assumed to be known. The characteristics of the exploit, such as the use of specific port numbers, are known either from other instances of the exploit or because standardized ports are in use.
In probabilistic analysis, it is assumed that the port numbers that will be used can only be predicted with some degree of confidence.
In this situation, an exploit that uses dynamic port numbers, for example, cannot be analyzed deterministically. Such exploits have been optimized to avoid detection by firewalls that use static rules.

 

The two approaches are summarized below.

  • Deterministic Analysis – For an exploit to be successful, all prior steps in the exploit must also be successful. The cybersecurity analyst knows the steps for a successful exploit.
  • Probabilistic Analysis – Statistical techniques are used to determine the probability that a successful exploit will occur based on the likelihood that each step in the exploit will succeed.

 

Do you enjoy this article, add Our Posts to your Reading List.

To Get Email Updates when we post new contents, Click Here.

Initial SQL Slammer Infection: How It Is Done

Leave a reply

Worms share similar characteristics. They all exploit an enabling vulnerability, have a way to propagate themselves, and they all contain a payload.

Worm Components

Despite the mitigation techniques that have emerged over the years, worms have continued to evolve and pose a persistent threat. Worms have become more sophisticated over time, but they still tend to be based on exploiting weaknesses in software applications.

Common Worm Pattern

Most worm attacks consist of three components, as listed in the animation above.

  • Enabling vulnerability – A worm installs itself using an exploit mechanism, such as an email attachment, an executable file, or a Trojan horse, on a vulnerable system.
  • Propagation mechanism – After gaining access to a device, the worm replicates itself and locates new targets.
  • Payload – Any malicious code that results in some action is a payload. Most often this is used to create a backdoor that allows a threat actor access to the infected host or to create a DoS attack.

 

Worms are self-contained programs that attack a system to exploit a known vulnerability. Upon successful exploitation, the worm copies itself from the attacking host to the newly exploited system and the cycle begins again. Their propagation mechanisms are commonly deployed in a way that is difficult to detect.

Code Red Worm Propagation

Note: Worms never really stop spreading on the internet. After they are released, worms continue to propagate until all possible sources of infection are properly patched.

Ransomware

Threat actors have used viruses, worms, and Trojan horses to carry their payloads and for other malicious reasons. However, malware continues to evolve.
Currently, the most dominating malware is ransomware. Ransomware is malware that denies access to the infected computer system or its data. The cybercriminals then demand payment to release the computer system.
Ransomware has evolved to become the most profitable malware type in history. In the first half of 2016, ransomware campaigns targeting both individual and enterprise users became more widespread and potent.
There are dozens of ransomware variants. Ransomware frequently uses an encryption algorithm to encrypt system files and data.
The majority of known ransomware encryption algorithms cannot be easily decrypted, leaving victims with little option but to pay the asking price. Payments are typically paid in Bitcoin because users of bitcoin can remain anonymous. Bitcoin is an open-source, digital currency that nobody owns or controls.
Email and malicious advertising, also known as malvertising, are vectors for ransomware campaigns. Social engineering is also used when cybercriminals who identify themselves as security technicians call homes and persuade users to connect to a website that downloads the ransomware to the user’s computer.

To Get Email Updates when we post new contents, Click Here.

Trojan Horses: How It Really Works (+Examples)

Leave a reply

 

The term Trojan horse originated from Greek mythology. Greek warriors offered the people of Troy (the Trojans) a giant hollow horse as a gift. The Trojans brought the giant horse into their walled city, unaware that it contained many Greek warriors.
At night, after most Trojans were asleep, the warriors burst out of the horse, opened the city gates, and allowed a sizeable force to enter and take over the city.
Trojan horse malware is software that appears to be legitimate, but it contains malicious code which exploits the privileges of the user that runs it. Often, Trojans are found attached to online games.
Users are commonly tricked into loading and executing the Trojan horse on their systems. While playing the game, the user will not notice a problem. In the background, the Trojan horse has been installed on the user’s system. The malicious code from the Trojan horse continues operating even after the game has been closed.
The Trojan horse concept is flexible. It can cause immediate damage, provide remote access to the system, or access through a back door. It can also perform actions as instructed remotely, such as “send me the password file once per week.” This tendency of malware to send data back to the cybercriminal highlights the need to monitor outbound traffic for attack indicators.
Custom-written Trojan horses, such as those with a specific target, are difficult to detect.
 

Trojan Horse Classification

Trojan horses are usually classified according to the damage that they cause, or the manner in which they breach a system, as shown in the figure.
Type of Trojan Horse Description
Remote-access Enables unauthorized remote access.
Data-sending Provides the threat actor with sensitive data, such as passwords.
Destructive Corrupts or deletes files.
Proxy Uses the victim’s computer as the source device to launch attacks and perform other illegal activities.
FTP Enables unauthorized file transfer services on end devices.
Security software disabler Stops antivirus programs or firewalls from functioning.
Denial of Service (DoS) Slows or halts network activity.
Keylogger Actively attempts to steal confidential information, such as credit card numbers, by recording keystrokes entered into a web form.

To Get Email Updates when we post new contents, Click Here.

Blogging As Part Of Online Marketing: What You Need To Know

Leave a reply

 

It has been mentioned on several occasions that blogging is part of online marketing. Essentially, it is a strategy that is closely linked to many other segments that together make what we know as online marketing, i.e., the promotion of a brand or business using online resources and media. Regardless if you are blogging as a company or an individual, regardless your niche and blog popularity, blogging should always be connected with other segments of online promotion. They complement each other in multiple ways, allowing you an opportunity to make the most out of all of them.

 

Your task is to explore how blogging relates to online marketing segments and then to maximize your efficiency through a unified strategy.

Blogging and content marketing

Content marketing is a part of online marketing that focuses on the usage of content to promote a brand or business online. Since blogging involves content creation for a blog, it means that blogging is actually a part of content marketing. In fact, blogging usually makes an essential part of content marketing since a blog is the central platform bloggers use to share their content.

 

Content marketing also includes any type of content creation that is used for online promotion. Besides blog content, it can also include social media content and graphics, content shared in email marketing campaigns, content created for the search engine or social media ads, etc.

Other segments which are included in content marketing, and yet they are relevant for blogging include content optimization and distribution.

 

Content optimization

Content optimization refers to the process of adjusting the content published online, in this case, blog content so that search engines can easily find and index such content. Applying content optimization techniques to blogging means that you should optimize each blog article based on the general recommendations to make it SEO-friendly. These include optimization of the following elements of blog content:

 

 

Title

The title holds the highest level of relevancy as to what the content is related to. It should include a keyword (or keyword phrases), and it should be optimized to encourage clicks from online users. Besides the search engine result pages, this title is also visible in social media posts, in email messages, instant messaging apps, etc.

Headings

Using headings helps readers to glimpse through the text easily. It is also helpful for search engines, because headings highlight the most important parts of the text, providing the search engines with a context bigger than the one provided by the title. Ideally, headings should use keywords, keywords variations, or related phrases.

 

Bold and italic

Just like headings, these highlighting options are helpful ways to mark the most important parts of the text, for both the readers and the search engines. They are usually used within paragraphs to emphasize words or even sentences.

 

Image optimization

If you are using images in the blog article, optimize them through the usage of Alt tags, to provide context for the search engines to understand the image content. Also, make sure you use images of a suitable size (smaller image files are going to load faster).

 

Meta description

Meta descriptions also have an effect on search engine optimization. It is therefore advised, if you want more visibility in the search engines, to write a search engine-optimized meta description for your blog article. The text featured here is what is going to be displayed in the search engine preview (below the title) and what the online users will see when they browse through the search engine result pages.

 

Optimizing links and the anchor text featured in these links is also a part of the content optimization of the blog article. If you include links, both external and internal, make sure you choose the adequate anchor text.

 

The anchor text should be relevant to the resource you are linking to, preferably with the use of relevant keywords. You should also use different link tags (index, no-index, do-follow, no-follow, canonical, etc.) to instruct search engines on how to treat that link.

 

Content distribution

Content distribution is the process of sharing content with online users. This way, a blogger makes the content available by distributing it to multiple platforms. Distribution is done through content distribution channels which include:
Email campaign
• Social networks
• Influencers
• Paid advertising
• Online communities and forums
Any online platform that supports content sharing can be used by bloggers to distribute their content. The higher reach of distributed content increases the potential of that content, maximizing views, interaction, and conversions.

 

Bloggers should explore content distribution in order to optimize the online promotion of their content. What is important to focus on when choosing content distribution channels is the following:

 

Target group – The goal of content distribution is to help you reach your target group, not online users in general. Therefore, when choosing a distribution channel, make sure you can target the content for the audience that will have an interest in such content. For example, even though collaborating with an influencer might be an interesting opportunity, if the target group of that influencer is not also your target group, such content distribution will have poor results.

 

 Cost-efficiency – Content distribution should be a profitable activity for you, regardless if you use free or paid reach. Even if there is no monetary investment with free reach, this kind of content distribution still requires investing time to distribute content. It is also recommended that, if possible, you calculate the costs necessary for content distribution, and compare them with the profit from conversions achieved through this distribution.

 

 Statistics – You should evaluate the performance of content distributed through each channel to determine the most effective ways you can promote your content. Using trackable URLs and website analytics you can examine, where the content is shared, when, and other relevant data that can help you organize future campaigns more efficiently.

 

 

Do you enjoy this article, add Our Posts to your Reading List.

To Get Email Updates when we post new contents, Click Here.

Basic Computer Security Tips To Protect Your Computer

Leave a reply

The security of the computer allows users to use the computer while keeping safe from threats.

 

Computer Security can also be defined as managing all components of computer systems that can provide secrecy, credibility, and availability.
Data, software, firmware, and hardware are among these components.

 

 

Tip 1:  Turn on Application Automatic update

All the applications that we use every day are potentially plagued by security problems. If we’re talking about Windows, Mozilla Firefox, Internet Explorer, the Adobe Flash plugin, Google Chrome, Adobe’s PDF Reader, Microsoft (MS) Office, these security risks are constantly being identified. The list goes on and on.

 

To close these security issue holes, A lot of operating systems and applications are functioning automatically to update modern days.

 

To upgrade your program, You no longer need to press a button or download a file; it can update itself within the background without any input from you.

 

For one cause or another, some people like to turn it off. You may or may not like Windows restarts after an update is installed, or you might not like the change.

 

But from a  computer security viewpoint, automatic updates should always be turned on.
Often, On the second Tuesday of each month, Microsoft offers updates for Windows and related Microsoft products (Defender, Office).

 

 

Tip 2: Try to use Anti-Malware and Antivirus

You can use Microsoft Windows Defender Security. It takes over protection automatically when no other antivirus is detected, and when you install third-party protection, it automatically steps aside.

 

The point is, it really doesn’t compare this built-in antivirus with the best solutions from third parties. They’re far better than Windows Defender, even the best free ones.

 

Don’t count on that; you can find much better.
One thing more. Consider adding a separate layer of protection If your antivirus or security application doesn’t really have malware protection.

 

 

There are several fully free ransomware-specific applications, and there is no excuse not to try any of them and pick the one that better suits you.

 

 

Tip 3: Try to use unique Passwords for login

One of the easiest ways hackers can steal information from one source is to get a batch of usernames and passwords and try the same combinations elsewhere.

 

Let us say that, by breaching an email provider, hackers have your username and password.

 

They can try to log in to banking sites or big online stores with the same username and password combo.
The only best way to avoid a single data breach from creating a domino effect is using a strong, complex password per every single online account you use.

 

 

Creating a complex and powerful password for any account is not a human task. And that is why you like to use a password manager.

 

A variety of really good password managers are available online, and it takes a bit of time to start using one. Paid Password Managers usually have more features available.

 

If you have a password manager, only one password that you will need to recall is the master password that opens the password manager. Once unlocked, the password manager will immediately log you into your internet accounts.

 

Not only does it help to keep you secure, but it also enhances your efficiency, productivity, and basic computer security.

 

You no longer waste hours typing your login or coping with the time-consuming irritation of resetting a lost password.

 

 

Tip 4: Clearing Your Cache data

Never overlook how much the cache of your browser knows about you. Saved cookies, searches, and site history may point to a home address, family details, and other private information.

 

Make sure to delete web cookies and delete your internet history on a daily basis to help protect the information that could be lurking in someone’s browser history.

 

It’s easy. In Chrome, Firefox, Edge, Opera, or Internet Explorer, just press Ctrl+Shift+Del to open a window that lets you select which browser data elements you want to delete.

 

 

Tip 5: Turning Off the ‘Save Password’ Feature  in Web Browsers

Speaking about what your browser could know about you, most browsers have built-in password protection tools. However, we do not suggest them.

 

We agree that it would be better to leave password protection to experts who make password managers. Typically, when you enable a third-party master password manager, you can import your password from your browser’s storage.

 

But since the password manager can do that, you can be sure that any malicious software will do the same thing.

 

In fact, storing your passwords in a single, central master password manager enables you to use passwords across all browsers and computers.

 

 

Tip 6: Try to use Familiar Websites

Whenever it comes to shopping online and internet payments, it is important to use a trustworthy website instead of choosing a random website from a search engine.

 

If you are familiar with the business and the domain, input the URL in the address bar to confirm that you are entering the legitimate website.

 

Final words:
These guidelines can not entirely remove viruses, malware, and other privacy concerns. If you follow these guidelines, you can minimize the risk, but it is important to go beyond and above these tips to achieve maximum Computer Security.

 

Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that because I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include the staff of Dangote Refinery, FCMB, Zenith Bank, and New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training.

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

 

 

 

Fact Check Policy

CRMNAIJA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

 

 

READ THIS   How To Treat Diabetes With STC 30

Become Part Of our Fan Base on Facebook. Click Here.

READ THIS   The Weapons Of Our Warfare. RCCG Sunday School Manual. 21/11/2021

Follow Us on Twitter. Click Here.
Many Crypto. One place. Use Roqqu

Hi, I now use RavenBank to send, receive and save money. I also pay my bills with ease, you should try it out too

 

 

 
Fact Check Policy
Contact Us

 

What You Need To Know About Home Networks

Leave a reply

 

In my previous article, I talked about all that you need to know about networks. In this article, I want to talk about all that you need to know about Home Networks. Follow me as we are going to look at that together in this article. 

 

 

What is A Home Network 

A Home network allows computers to communicate with one another. At times, the term home network is used when a small device is used to connect two or more computers together in an office environment. This is often referred to as the Small Office. Home Office.
If the user has two or more computers in his office, a network can allow them to share:

  • Files and documents
  • Internet connection
  • Printers and scanners
  • Stereo, TV and Game Systems
  • DVD/CD Burners

 

Here are some terms you need to know when it comes to network devices…

#1 Access Point

These are wireless communication hardware that creates a central point of wireless connectivity to a network.

#2 Gateway

A gateway is any device that connects different kinds of network environments. 

#3 Transceiver 

This is any network device that has both the transceiver and receiver together. 

#4 Cable

A cable is used to connect one device to another in a network. 

#5 Terminals 

A Terminal is a hardware device used to enter data into a computer or to display data from the computer. 

#6 Router 

A Router is a device that connects several networks together. 

#7 Hub/Switch

This is normally used to connect different segments of a particular network together.

#8 Converter

A Converter is used to connect several types of cables within an existing network.

#9 Network Adapter 

This is used to physically connect a computer to a network. At times, It is referred to as a Network Interface Card. 

#10 Modems

A modem is used to change digital into analogue to be transmitted across an analogue network medium and then back to digital at the receiving end. 

Steps for Home Networking

  • Note down all computers and hardware
  • Purchase the required hardware
  • Check the network interface on each computer; if not available, fix them
  • Ensure all computers and other devices are connected using cables
  • Select one computer as host and connect it to the internet
  • Connect the rest of the computers to the host using a router or switch
  • Install network adapters through a network setup wizard on all the computers
  • Restart all the computers and start sharing the files and accessing the internet

 

Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that because I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include the staff of Dangote Refinery, FCMB, Zenith Bank, and New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your trainingYou can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training. 

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

 

Fact Check Policy

CRMNIGERIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

 

     
Fact Check Policy
Contact Us

How Nigerian Scam Yahoo Yahoo Works

Leave a reply

 

Before I start writing this article, here is a disclaimer. I am not writing this article to rubbish Nigeria as a country and I am not a Yahoo Boy and I will never in my wildest dream support their nefarious activities. I just wanted ordinary Nigerians and all my esteemed followers outside Nigeria to learn.

 

When we all understand how they work and think, we will be able to know how to stop them and not fall victim to their nefarious activities. Therefore, in this article, I will be talking about how the Nigerian Scam, also known as Yahoo Yahoo works. It is called a Nigerian Scam because it originated from Nigeria. The beauty of it is that it is not only Nigerian citizens that are adopting these methods of scamming people. Some other nations have embraced it. 

 

 

 

A Nigeria Scam is a form of advanced payment of money or money transfer. The scam is called Nigeria scam because it started in Nigeria but it can come from anywhere in the world. 

 

Using this scam, the scammer contacts you by sending an email and offering you a share in a large sum of money. They might say that they want to transfer the money which was trapped during a civil war to your bank account.

 

They may also cite various reasons such as massive inheritance problems, government restrictions, or taxes in the scammer country among other reasons. 
The scammer now asked you to pay money or give them your bank details to help them transfer the money. Here is a typical example:

 

From: Mr Wong Du

Seoul, South Korea. 

I will introduce myself. I am Mr Wong Du a banker working in a bank in South Korea. Until now, I am the Account Officer to most of South Korea government accounts and I have since discovered that most of the account is a dormant account with a lot of money in the account. On further interrogation, I found out that one particular account belongs to the former president of South Korean from 1963-1979 and this particular account has a deposit of $48million with no next of kin. 

My proposal is that since I am an account officer and the money of the account is dormant and there is no next of kin obviously the account owner the former president of South Korea has died a long time ago, that you should provide an account for the money to be transferred. 

The money that is floating in the bank right now is $48million and this is what I want to transfer to your account for our mutual benefits. 

Please if this is okay by you I will advise that you contact me through my direct email address. 

Please this transaction should be kept confidential. For your assistance as the account owner, we shall share the money on an equal basis. 

Your reply will be appreciated. 

Thank you.

Wong Du.

 

Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that because I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include staff of Dangote Refinery, FCMB, Zenith Bank, and New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training. 

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

 

Fact Check Policy

CRMNAIJA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

 

     
Fact Check Policy
Contact Us

 

Network Communications Protocols For Cyber Security: The Facts

Leave a reply

Simply having a wired or wireless physical connection between end devices is not enough to enable communication. For communication to occur, devices must know “how” to communicate. Communication, whether face-to-face or over a network, is governed by rules called protocols. These protocols are specific to the type of communication method occurring.

 

For example, consider two people communicating face-to-face. Prior to communicating, they must agree on how to communicate. If the communication is using voice, they must first agree on the language. Next, when they have a message to share, they must be able to format that message in a way that is understandable. For example, if someone uses the English language, but has poor sentence structure, the message can easily be misunderstood.

Similarly, network protocols specify many features of network communication, as shown in the figure.

Network Protocols

Network protocols provide the means for computers to communicate on networks. Network protocols dictate the message encoding, formatting, encapsulation, size, timing, and delivery options. Networking protocols define a common format and set of rules for exchanging messages between devices. Some common networking protocols are Hypertext Transfer Protocol (HTTP), Transmission Control Protocol (TCP), and Internet Protocol (IP). As a cybersecurity analyst, you must be very familiar with the structure of protocol data and how the protocols function in network communications.
Note: IP in this course refers to both the IPv4 and IPv6 protocols. IPv6 is the most recent version of IP and will eventually replace the more common IPv4.

The TCP/IP Protocol Suite

Today, the TCP/IP protocol suite includes many protocols and continues to evolve to support new services. Some of the more popular ones are shown in the figure.
Click each button for a brief description of protocols at each layer.
Application Layer
Transport layer
Internet Layer
Network Access Layer
Application Layer
Name System
  • DNS – Domain Name System. Translates domain names such as cisco.com, into IP addresses.

Host Config

  • DHCPv4 – Dynamic Host Configuration Protocol for IPv4. A DHCPv4 server dynamically assigns IPv4 addressing information to DHCPv4 clients at start-up and allows the addresses to be re-used when no longer needed.
  • DHCPv6 – Dynamic Host Configuration Protocol for IPv6. DHCPv6 is similar to DHCPv4. A DHCPv6 server dynamically assigns IPv6 addressing information to DHCPv6 clients at start-up.
  • SLAAC – Stateless Address Autoconfiguration. A method that allows a device to obtain its IPv6 addressing information without using a DHCPv6 server.

Email

  • SMTP – Simple Mail Transfer Protocol. Enables clients to send email to a mail server and enables servers to send email to other servers.
  • POP3 – Post Office Protocol version 3. Enables clients to retrieve email from a mail server and download the email to the client’s local mail application.
  • IMAP – Internet Message Access Protocol. Enables clients to access email stored on a mail server as well as maintaining email on the server.

File Transfer

  • FTP – File Transfer Protocol. Sets the rules that enable a user on one host to access and transfer files to and from another host over a network. FTP is a reliable, connection-oriented, and acknowledged file delivery protocol.
  • SFTP – SSH File Transfer Protocol. As an extension to Secure Shell (SSH) protocol, SFTP can be used to establish a secure file transfer session in which the file transfer is encrypted. SSH is a method for secure remote login that is typically used for accessing the command line of a device.
  • TFTP – Trivial File Transfer Protocol. A simple, connectionless file transfer protocol with best-effort, unacknowledged file delivery. It uses less overhead than FTP.

Web and Web Service

  • HTTP – Hypertext Transfer Protocol. A set of rules for exchanging text, graphic images, sound, video, and other multimedia files on the World Wide Web.
  • HTTPS – HTTP Secure. A secure form of HTTP that encrypts the data that is exchanged over the World Wide Web.
  • REST – Representational State Transfer. A web service that uses application programming interfaces (APIs) and HTTP requests to create web applications.

Message Formatting and Encapsulation

When a message is sent from source to destination, it must use a specific format or structure. Message formats depend on the type of message and the channel that is used to deliver the message.
Analogy
A common example of requiring the correct format in human communications is when sending a letter. Click Play in the figure to view an animation of formatting and encapsulating a letter.
An envelope has the address of the sender and receiver, each located at the proper place on the envelope. If the destination address and formatting are not correct, the letter is not delivered.
The process of placing one message format (the letter) inside another message format (the envelope) is called encapsulation. De-encapsulation occurs when the process is reversed by the recipient and the letter is removed from the envelope.

Message Size

Another rule of communication is message size.
Analogy
Click Play in the figure to view an animation of message size in face-to-face communications.
When people communicate with each other, the messages that they send are usually broken into smaller parts or sentences. These sentences are limited in size to what the receiving person can process at one time, as shown in the figure. It also makes it easier for the receiver to read and comprehend.

Message Timing

Message timing is also very important in network communications. Message timing includes the following:

  • Flow Control – This is the process of managing the rate of data transmission. Flow control defines how much information can be sent and the speed at which it can be delivered. For example, if one person speaks too quickly, it may be difficult for the receiver to hear and understand the message. In network communication, there are network protocols used by the source and destination devices to negotiate and manage the flow of information.
  • Response Timeout – If a person asks a question and does not hear a response within an acceptable amount of time, the person assumes that no answer is coming and reacts accordingly. The person may repeat the question or instead, may go on with the conversation. Hosts on the network use network protocols that specify how long to wait for responses and what action to take if a response timeout occurs.
  • Access method – This determines when someone can send a message. Click Play in the figure to see an animation of two people talking at the same time, then a “collision of information” occurs, and it is necessary for the two to back off and start again. Likewise, when a device wants to transmit on a wireless LAN, it is necessary for the WLAN network interface card (NIC) to determine whether the wireless medium is available.

Unicast, Multicast, and Broadcast

A message can be delivered in different ways. Sometimes, a person wants to communicate information to a single individual. At other times, the person may need to send information to a group of people at the same time, or even to all people in the same area.
Hosts on a network use similar delivery options to communicate. These methods of communication are called unicast, multicast, and broadcast.
Unicast
Multicast
Broadcast
A one-to-one delivery option is referred to as a unicast, meaning there is only a single destination for the message.

The Benefits of Using a Layered Model

You cannot actually watch real packets travel across a real network the way you can watch the components of a car being put together on an assembly line. so, it helps to have a way of thinking about a network so that you can imagine what is happening. A model is useful in these situations.
Complex concepts such as how a network operates can be difficult to explain and understand. For this reason, a layered model is used to modularize the operations of a network into manageable layers.
These are the benefits of using a layered model to describe network protocols and operations:
  • Assisting in protocol design because protocols that operate at a specific layer have defined information that they act upon and a defined interface to the layers above and below
  • Fostering competition because products from different vendors can work together
  • Preventing technology or capability changes in one layer from affecting other layers above and below
  • Providing a common language to describe networking functions and capabilities

As shown in the figure, there are two-layered models that are used to describe network operations:

  • Open System Interconnection (OSI) Reference Model
  • TCP/IP Reference Model

The OSI Reference Model

The OSI reference model provides an extensive list of functions and services that can occur at each layer. This type of model provides consistency within all types of network protocols and services by describing what must be done at a particular layer, but not prescribing how it should be accomplished.
It also describes the interaction of each layer with the layers directly above and below.
The TCP/IP protocols discussed in this course are structured around both the OSI and TCP/IP models. The table shows details about each layer of the OSI model. The functionality of each layer and the relationship between layers will become more evident throughout this course as the protocols are discussed in more detail.
OSI Model Layer Description
7 – Application The application layer contains protocols used for process-to-process communications.
6 – Presentation The presentation layer provides for common representation of the data transferred between application layer services.
5 – Session The session layer provides services to the presentation layer to organize its dialogue and to manage data exchange.
4 – Transport The transport layer defines services to segment, transfer, and reassemble the data for individual communications between the end devices.
3 – Network The network layer provides services to exchange the individual pieces of data over the network between identified end devices.
2 – Data Link The data link layer protocols describe methods for exchanging data frames between devices over a common media
1 – Physical The physical layer protocols describe the mechanical, electrical, functional, and procedural means to activate, maintain, and de-activate physical connections for a bit transmission to and from a network device.
Note: Whereas the TCP/IP model layers are referred to only by name, the seven OSI model layers are more often referred to by number rather than by name. For instance, the physical layer is referred to as Layer 1 of the OSI model, the data link layer is Layer 2, and so on.

The TCP/IP Protocol Model

The TCP/IP protocol model for internetwork communications was created in the early 1970s and is sometimes referred to as the internet model. This type of model closely matches the structure of a particular protocol suite. The TCP/IP model is a protocol model because it describes the functions that occur at each layer of protocols within the TCP/IP suite. TCP/IP is also used as a reference model. The table shows details about each layer of the OSI model.
TCP/IP Model Layer Description
4 – Application Represents data to the user, plus encoding and dialog control.
3 – Transport Supports communication between various devices across diverse networks.
2 – Internet Determines the best path through the network.
1 – Network Access Controls the hardware devices and media that make up the network.
The definitions of the standard and the TCP/IP protocols are discussed in a public forum and defined in a publicly available set of IETF request for comment (RFC) documents. An RFC is authored by networking engineers and sent to other IETF members for comments.

Facts About Network Communication Process

Networks of Many Sizes

 

First and foremost, networks come in all sizes. They range from simple networks that consist of two computers to networks connecting millions of devices. Simple home networks let you share resources, such as printers, documents, pictures, and music, among a few local end devices. In this article, I want to discuss some facts about a network communication process.

Small office and home office (SOHO) networks allow people to work from home or a remote office. Many self-employed workers use these types of networks to advertise and sell products, order supplies and communicate with customers.
Businesses and large organizations use networks to provide consolidation, storage, and access to information on network servers. Networks provide email, instant messaging, and collaboration among employees. Many organizations use their network’s connection to the internet to provide products and services to customers.
The internet is the largest network in existence. In fact, the term internet means a “network of networks”. It is a collection of interconnected private and public networks.
In small businesses and homes, many computers function as both servers and clients on the network. This type of network is called a peer-to-peer network.

Small Home Networks

Small home networks connect a few computers to each other and to the internet.

Client-Server Communications

All computers that are connected to a network and that participate directly in network communication are classified as hosts. Hosts are also called end devices, endpoints, or nodes. Much of the interaction between end devices is client-server traffic. For example, when you access a web page on the internet, your web browser (the client) is accessing a server. When you send an email message, your email client will connect to an email server.

 

Servers are simply computers with specialized software. This software enables servers to provide information to other end devices on the network. A server can be single-purpose, providing only one service, such as web pages. A server can be multipurpose, providing a variety of services such as web pages, email, and file transfers.

 

Client computers have software installed, such as web browsers, email clients, and file transfers applications. This software enables them to request and display the information obtained from the server. A single computer can also run multiple types of client software. For example, a user can check email and view a web page while listening to the internet radio.

  • File Server – The file server stores corporate and user files in a central location.
  • Web Server – The web server runs web server software that allows many computers to access web pages.
  • Email Server – The email server runs email server software that enables emails to be sent and received.

Typical Sessions

A typical network user at school, at home, or in the office, will normally use some type of computing device to establish many connections with network servers. Those servers could be located in the same room or around the world. Let’s look at a few typical network communication sessions.

Student

Terry is a high school student whose school has recently started a “bring your own device” (BYOD) program. Students are encouraged to use their cell phones or other devices such as tablets or laptops to access learning resources. Terry has just been given an assignment in language arts class to research the effects of World War I on the literature and art of the time. She enters the search terms she has chosen into a search engine app that she has opened on her cell phone.

 

Terry has connected her phone to the school Wi-Fi network. Her search is submitted from her phone to the school network wirelessly. Before her search can be sent, the data must be addressed so that it can find its way back to Terry. Her search terms are then represented as a string of binary data that has been encoded into radio waves. Her search string is then converted to electrical signals that travel on the school’s wired network until they reach the place at which the school’s network connects to the Internet Service Provider’s (ISP) network. A combination of technologies takes Terry’s search to the search engine website.

 

For example, Terry’s data flow with the data of thousands of other users along with a fibre-optic network that connects Terry’s ISP with several other ISPs, including the ISP that is used by the search engine company. Eventually, Terry’s search string enters the search engine company’s website and is processed by its powerful servers. The results are then encoded and addressed to Terry’s school and her device.
All of these transitions and connections happen in a fraction of a second, and Terry has started on her path to learning about her subject.

Gamer

Michelle loves computer games. She has a powerful gaming console that she uses to play games against other players, watch movies, and play music. Michelle connects her game console directly to her network with a copper network cable.

Michelle’s network, like many home networks, connects to an ISP using a router and a cable modem. These devices allow Michelle’s home network to connect to a cable TV network that belongs to Michelle’s ISP. The cable wires for Michelle’s neighbourhood all connect to a central point on a telephone pole and then connect to a fibre-optic network. This fibre-optic network connects many neighbourhoods that are served by Michelle’s ISP.

All those fibre-optic cables connect to telecommunications services that provide access to high-capacity connections. These connections allow thousands of users in homes, government offices, and businesses to connect to internet destinations around the world.

Michelle has connected her game console to a company that hosts a very popular online game. Michelle is registered with the company, and its servers keep track of Michelle’s scores, experiences, and game assets. Michelle’s actions in her game become data that is sent to the gamer network. Michelle’s moves are broken up into groups of binary data that each consists of a string of zeros and ones. Information that identifies Michelle, the game she is playing, and Michelle’s network location are added to the game data. The pieces of data that represent Michelle’s gameplay are sent at high speed to the game provider’s network. The results are returned to Michelle in the form of graphics and sounds.

All of this happens so quickly that Michelle can compete with hundreds of other gamers in real-time.

Surgeon

Dr Ismael Awad is an oncologist who performs surgery on cancer patients. He frequently needs to consult with radiologists and other specialists on patient cases. The hospital that Dr Awad works for subscribes to a special service called a cloud. The cloud allows medical data, including patient x-rays and MRIs to be stored in a central location that is accessed over the internet. In this way, the hospital does not need to manage paper patient records and X-ray films.

When a patient has an X-ray taken, the image is digitized as computer data. The X-ray is then prepared by hospital computers to be sent to the medical cloud service. Because security is very important when working with medical data, the hospital uses network services that encrypt the image data and patient information. This encrypted data cannot be intercepted and read as it travels across the internet to the cloud service provider’s data centres. The data is addressed so that it can be routed to the cloud provider’s data centre to reach the correct services that provide storage and retrieval of high-resolution digital images.

 

Dr. Awad and the patient’s care team can connect to this special service, meet with other doctors in audio conferences and discuss patient records to decide on the best treatment that can be provided to the patient. Dr Awad can work with specialists from diverse locations to view the medical images and other patient data and discuss the case.

 

All of this interaction is digital and takes place using networked services that are provided by the medical cloud service.

Tracing the Path

We tend to think about the data networks we use in our daily lives as we think about driving a car. We do not really care what happens in the engine as long as the car takes us where we want to go. However, just like a car’s mechanic knows the details of how a car operates, cybersecurity analysts need to have a deep understanding of how networks operate.
When we connect to a website to read social media or shop, we seldom care about how our data gets to the website and how data from the website gets to us. We are not aware of the many technologies that enable us to use the internet. A combination of copper and fibre-optic cables that go over land and under the ocean carry data traffic. High-speed wireless and satellite technologies are also used. These connections connect telecommunications facilities and internet service providers (ISP) that are distributed throughout the world, as shown in the figure.
These global Tier 1 and Tier 2 ISPs connect portions of the internet together, usually through an Internet Exchange Point (IXP). Larger networks will connect to Tier 2 networks through a Point of Presence (PoP), which is usually a location in the building where physical connections to the ISP are made. The Tier 3 ISPs connect homes and businesses to the internet.
Because of different relationships between ISPs and telecommunications companies, traffic from a computer to an internet server can take many paths. The traffic of a user in one country can take a very indirect path to reach its destination. The traffic might first travel from the local ISP to a facility that has connections to many other ISPs. A user’s internet traffic can go many hundreds of miles in one direction only to be routed in a completely different direction to reach its destination. Some of the traffic can take certain routes to reach the destination, and then take completely different routes to return.

 

Cybersecurity analysts must be able to determine the origin of traffic that enters the network and the destination of traffic that leaves it. Understanding the path that network traffic takes is essential to this.

Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that because I have trainned several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trainned include staff of Dangote Refinery, FCMB, Zenith Bank, and New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training. 

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

 

Fact Check Policy

TECHMANIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

 

   
Fact Check Policy
Contact Us

Data Encapsulation In Networking: Highlighting The Facts

Leave a reply

Knowing the OSI reference model and the TCP/IP protocol model will come in handy when you learn about how data is encapsulated as it moves across a network. It is not as simple as a physical letter being sent through the mail system. In this article, I will be talking about some of the facts that you need to know about data encapsulation in Networking. 

 

In theory, a single communication, such as a video or an email message with many large attachments, could be sent across a network from a source to a destination as one massive, uninterrupted stream of bits.
However, this would create problems for other devices needing to use the same communication channels or links.
These large streams of data would result in significant delays. Further, if any link in the interconnected network infrastructure failed during the transmission, the complete message would be lost and would have to be retransmitted in full.

 

A better approach is to divide the data into smaller, more manageable pieces to send over the network. Segmentation is the process of dividing a stream of data into smaller units for transmissions over the network. Segmentation is necessary because data networks use the TCP/IP protocol suite to send data in individual IP packets. Each packet is sent separately, similar to sending a long letter as a series of individual postcards. Packets containing segments for the same destination can be sent over different paths.

This leads to segmenting messages having two primary benefits:

  • Increases speed – Because a large data stream is segmented into packets, large amounts of data can be sent over the network without tying up a communications link. This allows many different conversations to be interleaved on the network called multiplexing.
  • Increases efficiency – If a single segment fails to reach its destination due to a failure in the network or network congestion, only that segment needs to be retransmitted instead of resending the entire data stream.

 

Sequencing

The challenge to using segmentation and multiplexing to transmit messages across a network is the level of complexity that is added to the process. Imagine if you had to send a 100-page letter, but each envelope could only hold one page. Therefore, 100 envelopes would be required, and each envelope would need to be addressed individually. It is possible that the 100-page letter in 100 different envelopes arrives out-of-order. Consequently, the information in the envelope would need to include a sequence number to ensure that the receiver could reassemble the pages in the proper order.

 

In network communications, each segment of the message must go through a similar process to ensure that it gets to the correct destination and can be reassembled into the content of the original message, as shown in the figure. TCP is responsible for sequencing the individual segments.

Protocol Data Units

As application data is passed down the protocol stack on its way to being transmitted across the network media, various protocol information is added at each level. This is known as the encapsulation process.
Note: Although the UDP PDU is called a datagram, IP packets are sometimes also referred to as IP datagrams.
The form that a piece of data takes at any layer is called a protocol data unit (PDU). During encapsulation, each succeeding layer encapsulates the PDU that it receives from the layer above in accordance with the protocol being used. At each stage of the process, a PDU has a different name to reflect its new functions. Although there is no universal naming convention for PDUs, in this course, the PDUs are named according to the protocols of the TCP/IP suite. The PDUs for each form of data is shown in the figure.

Three Addresses

Network protocols require that addresses be used for network communication. Addressing is used by the client to send requests and other data to a server. The server uses the client’s address to return the requested data to the client that requested it.

 

The OSI transport, network, and data link layers all use addressing in some form. The transport layer uses protocol addresses in the form of port numbers to identify network applications that should handle client and server data. The network layer specifies addresses that identify the networks that clients and servers are attached to and the clients and servers themselves. Finally, the data link layer specifies the devices on the local LAN that should handle data frames. All three addresses are required for client-server communication, as shown in the figure.

 

Encapsulation Example

When messages are being sent on a network, the encapsulation process works from top to bottom. At each layer, the upper layer information is considered data within the encapsulated protocol. For example, the TCP segment is considered data within the IP packet.
You saw this animation previously in this module. This time, click Play and focus on the encapsulation process as a web server sends a web page to a web client.

De-encapsulation Example

This process is reversed at the receiving host and is known as de-encapsulation. De-encapsulation is the process used by a receiving device to remove one or more of the protocol headers. The data is de-encapsulated as it moves up the stack toward the end-user application.
You saw this animation previously in this module. This time, click Play and focus on the de-encapsulation process.

 

Understanding Ethernet Encapsulation In Networking

Ethernet Encapsulation

Ethernet and wireless LANs (WLANs) are the two most commonly deployed LAN technologies. Unlike wireless, Ethernet uses wired communications, including twisted pair, fibre-optic links, and coaxial cables. In this article, we are going to talk about ethernet encapsulation in networking. 

 

Ethernet operates in the data link layer and the physical layer. It is a family of networking technologies defined in the IEEE 802.2 and 802.3 standards. Ethernet supports the following data bandwidths:

  • 10 Mbps
  • 100 Mbps
  • 1000 Mbps (1 Gbps)
  • 10,000 Mbps (10 Gbps)
  • 40,000 Mbps (40 Gbps)
  • 100,000 Mbps (100 Gbps)

As shown in the figure, Ethernet standards define both the Layer 2 protocols and the Layer 1 technologies.

Ethernet and the OSI Modes

Ethernet Frame Fields

The minimum Ethernet frame size is 64 bytes and the maximum is 1518 bytes. This includes all bytes from the destination MAC address field through the frame check sequence (FCS) field. The preamble field is not included when describing the size of the frame.

Any frame less than 64 bytes in length is considered a “collision fragment” or “runt frame” and is automatically discarded by receiving stations. Frames with more than 1500 bytes of data are considered “jumbo” or “baby giant frames”.

If the size of a transmitted frame is less than the minimum, or greater than the maximum, the receiving device drops the frame. Dropped frames are likely to be the result of collisions or other unwanted signals. They are considered invalid. However, the Fast Ethernet and Gigabit Ethernet interfaces of some Cisco Catalyst switches can be configured to support larger jumbo frames.

 

Ethernet Frame Fields

 
Field Description
Preamble and Start Frame Delimiter Fields The Preamble (7 bytes) and Start Frame Delimiter (SFD), also called the Start of Frame (1 byte), fields are used for synchronization between the sending and receiving devices. These first eight bytes of the frame are used to get the attention of the receiving nodes. Essentially, the first few bytes tell the receivers to get ready to receive a new frame.
Destination MAC Address Field This 6-byte field is the identifier for the intended recipient. As you will recall, this address is used by Layer 2 to assist devices in determining if a frame is addressed to them. The address in the frame is compared to the MAC address in the device. If there is a match, the device accepts the frame. Can be a unicast, multicast or broadcast address.
Source MAC Address Field This 6-byte field identifies the originating NIC or interface of the frame. A source MAC address can only be a unicast address.
Type / Length This 2-byte field identifies the upper layer protocol encapsulated in the Ethernet frame. Common values are, in hexadecimal, 0x800 for IPv4, 0x86DD for IPv6 and 0x806 for ARP.
Note: You may also see this field referred to as EtherType, Type, or Length.
Data Field This field (46 – 1500 bytes) contains the encapsulated data from a higher layer, which is a generic Layer 3 PDU, or more commonly, an IPv4 packet. All frames must be at least 64 bytes long. If a small packet is encapsulated, additional bits called a pad are used to increase the size of the frame to this minimum size.
Frame Check Sequence Field The Frame Check Sequence (FCS) field (4 bytes) is used to detect errors in a frame. It uses a cyclic redundancy check (CRC). The sending device includes the results of a CRC in the FCS field of the frame. The receiving device receives the frame and generates a CRC to look for errors. If the calculations match, no error occurred. Calculations that do not match are an indication that the data has changed; therefore, the frame is dropped. A change in the data could be the result of a disruption of the electrical signals that represent the bits.

MAC Address Format

Decimal and Binary Equivalents of 0 to F Hexadecimal

An Ethernet MAC address is a 48-bit binary value expressed as 12 hexadecimal digits (4 bits per hexadecimal digit). Hexadecimal digits use the numbers 0 to 9 and the letters A to F. The figure shows the equivalent decimal and hexadecimal values for binary 0000 to 1111. Hexadecimal is commonly used to represent binary data. IPv6 addresses are another example of hexadecimal addressing.

 

 

Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that because I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include the staff of Dangote Refinery, FCMB, Zenith Bank, and New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training. 

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

Fact Check Policy

TECHMANIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

 

   
Fact Check Policy
Contact Us

MAC Addresses And IP Addresses: Highlighting The Facts

Leave a reply

In my previous article, I have talked much about how data travels across the network. In this article, I want to talk more about MAC addresses and IP Addresses. Follow me as we will look at that in this article. There are two primary addresses assigned to a device on an Ethernet LAN:

 

  • Physical address (the MAC address) – This is used for Ethernet NIC to Ethernet NIC communications on the same network.
  • The logical address (the IP address) – This is used to send the packet from the original source to the final destination.

IP addresses are used to identify the address of the original source device and the final destination device. The destination IP address may be on the same IP network as the source or maybe on a remote network.
Note: Most applications use DNS (Domain Name System) to determine the IP address when given a domain name such as www.cisco.com. DNS is discussed in a later module.
Ethernet MAC addresses have different purposes. These addresses are used to deliver the data link frame with the encapsulated IP packet from one NIC to another NIC on the same network. If the destination IP address is on the same network, the destination MAC address will be that of the destination device.

The figure shows the Ethernet MAC addresses and IP addresses for PC-A sending an IP packet to the file server on the same network.
The Layer 2 Ethernet frame contains:

 

  • Destination MAC address – This is the MAC address of the file server’s Ethernet NIC.
  • Source MAC address – This is the MAC address of PC-A’s Ethernet NIC.

The Layer 3 IP packet contains:

  • Source IP address – This is the IP address of the original source, PC-A.
  • Destination IP address – This is the IP address of the final destination, the file server.

Communicating on a Local Network

Destination on Remote Network

When the destination IP address is on a remote network, the destination MAC address will be the address of the host’s default gateway. The default gateway address is the address of the router’s NIC, as shown in the figure. Using a postal analogy, this would be similar to a person taking a letter to their local post office. They only need to leave the letter at the post office. It then becomes the responsibility of the post office to forward the letter towards its final destination.

 

The figure shows the Ethernet MAC addresses and IPv4 addresses for PC-A. It is sending an IP packet to a file server on a remote network. Routers examine the destination IPv4 address to determine the best path to forward the IPv4 packet. This is similar to how the postal service forwards mail based on the address of the recipient.

 

When the router receives the Ethernet frame, it de-encapsulates the Layer 2 information. Using the destination IP address, it determines the next-hop device and then encapsulates the IP packet in a new data link frame for the outgoing interface. Along with each link in a path, an IP packet is encapsulated in a frame specific to the particular data link technology associated with that link, such as Ethernet. If the next-hop device is the final destination, the destination MAC address will be that of the device’s Ethernet NIC.

 

How are the IPv4 addresses of the IPv4 packets in a data flow associated with the MAC addresses on each link along the path to the destination? This is done through a process called Address Resolution Protocol (ARP).

 

Using Ping And Traceroute Utilities

 

Ping-Test Connectivity

In my previous article,  you were introduced to the ping and traceroute (tracert) tools. In this topic, you will learn about the situations in which each tool is used, and how to use them. Ping is an IPv4 and IPv6 testing utility that uses ICMP echo request and echo reply messages to test connectivity between hosts. In this article, we will talk about ways of using ping and traceroute utilities. 

 

To test connectivity to another host on a network, an echo request is sent to the host address using the ping command. If the host at the specified address receives the echo request, it responds with an echo reply. As each echo reply is received, ping provides feedback on the time between when the request was sent and when the reply was received.

This can be a measure of network performance.
Ping has a timeout value for the reply. If a reply is not received within the timeout, ping provides a message indicating that a response was not received. This may indicate that there is a problem, but could also indicate that security features blocking ping messages have been enabled on the network. It is common for the first ping to timeout if address resolution (ARP or ND) needs to be performed before sending the ICMP Echo Request.

After all the requests are sent, the ping utility provides a summary that includes the success rate and average round-trip time to the destination.
Type of connectivity tests performed with ping include the following:

  • Pinging the local loopback
  • Pinging the default gateway
  • Pinging the remote host

Ping the Loopback

Ping can be used to test the internal configuration of IPv4 or IPv6 on the localhost. To perform this test, ping the local loopback address of 127.0.0.1 for IPv4 (::1 for IPv6).
A response from 127.0.0.1 for IPv4, or::1 for IPv6, indicates that IP is properly installed on the host. This response comes from the network layer. This response is not, however, an indication that the addresses, masks, or gateways are properly configured. Nor does it indicate anything about the status of the lower layer of the network stack. This simply tests IP down through the network layer of IP. An error message indicates that TCP/IP is not operational on the host.

Ping the Default Gateway

You can also use ping to test the ability of a host to communicate on the local network. This is generally done by pinging the IP address of the default gateway of the host. A successful ping to the default gateway indicates that the host and the router interface serving as the default gateway are both operating on the local network.
For this test, the default gateway address is most often used because the router is normally always operational. If the default gateway address does not respond, a ping can be sent to the IP address of another host on the local network that is known to be operational.
If either the default gateway or another host responds, then the local host can successfully communicate over the local network. If the default gateway does not respond but another host does, this could indicate a problem with the router interface serving as the default gateway.
One possibility is that the wrong default gateway address has been configured on the host. Another possibility is that the router interface may be fully operational but have security applied to it that prevents it from processing or responding to ping requests.

Ping a Remote Host

Ping can also be used to test the ability of localhost to communicate across an internetwork. The local host can ping an operational IPv4 host of a remote network, as shown in the figure. The router uses its IP routing table to forward the packets.

If this ping is successful, the operation of a large piece of the internetwork can be verified. A successful ping across the internetwork confirms communication on the local network, the operation of the router serving as the default gateway, and the operation of all other routers that might be in the path between the local network and the network of the remote host.

Additionally, the functionality of the remote host can be verified. If the remote host could not communicate outside of its local network, it would not have responded.

Note: Many network administrators limit or prohibit the entry of ICMP messages into the corporate network; therefore, the lack of a ping response could be due to security restrictions.

 

Traceroute – Test the Path

Ping is used to test connectivity between two hosts but does not provide information about the details of devices between the hosts. Traceroute (tracert) is a utility that generates a list of hops that were successfully reached along the path. This list can provide important verification and troubleshooting information. If the data reaches the destination, then the trace lists the interface of every router in the path between the hosts. If the data fails at some hop along the way, the address of the last router that responded to the trace can provide an indication of where the problem or security restrictions are found.
Round Trip Time (RTT)
Using traceroute provides round-trip time for each hop along the path and indicates if a hop fails to respond. The round-trip time is the time a packet takes to reach the remote host and for the response from the host to return. An asterisk (*) is used to indicate a lost or unreplied packet.
This information can be used to locate a problematic router in the path or may indicate that the router is configured not to reply. If the display shows high response times or data losses from a particular hop, this is an indication that the resources of the router or its connections may be overused.

 

IPv4 TTL and IPv6 Hop Limit
Traceroute makes use of a function of the TTL field in IPv4 and the Hop Limit field in IPv6 in the Layer 3 headers, along with the ICMP Time Exceeded message.
Play the animation in the figure to see how the traceroute takes advantage of TTL.
The first sequence of messages sent from traceroute will have a TTL field value of 1. This causes the TTL to time out the IPv4 packet at the first router. This router then responds with an ICMPv4 Time Exceeded message. Traceroute now has the address of the first hop.

 

Traceroute then progressively increments the TTL field (2, 3, 4…) for each sequence of messages. This provides the trace with the address of each hop as the packets time out further down the path. The TTL field continues to be increased until the destination is reached, or it is incremented to a predefined maximum.

After the final destination is reached, the host responds with either an ICMP Port Unreachable message or an ICMP Echo Reply message instead of the ICMP Time Exceeded message.

ICMP Packet Format

ICMP is encapsulated directly into IP packets. In this sense, it is almost like a transport layer protocol, because it is encapsulated into a packet, however, it is considered to be a Layer 3 protocol. ICMP acts as a data payload within the IP packet. It has a special header data field, as shown in the figure.
ICMP uses message codes to differentiate between different types of ICMP messages. These are some common message codes:

 

  • 0 – Echo reply (response to a ping)
  • 3 – Destination Unreachable
  • 5 – Redirect (use another route to your destination)
  • 8 – Echo request (for ping)
  • 11 – Time Exceeded (TTL became 0)

As you will see later in the course, a cybersecurity analyst knows that the optional ICMP payload field can be used in an attack vector to exfiltrate data.

Understanding Internet Control Message Protocol

Although IP is only a best-effort protocol, the TCP/IP suite does provide for messages to be sent in the event of certain errors. These messages are sent using the services of ICMP. The purpose of these messages is to provide feedback about issues related to the processing of IP packets under certain conditions, not to make IP reliable. ICMP messages are not required and are often not allowed within a network for security reasons.

 

ICMP is available for both IPv4 and IPv6. ICMPv4 is the messaging protocol for IPv4. ICMPv6 provides these same services for IPv6 but includes additional functionality. In this course, the term ICMP will be used when referring to both ICMPv4 and ICMPv6.

 

The types of ICMP messages and the reasons why they are sent are extensive. We will discuss some of the more common messages.
ICMP messages common to both ICMPv4 and ICMPv6 include:
  • Host confirmation
  • Destination or Service Unreachable
  • Time exceeded
  • Route redirection

 

Host Confirmation

An ICMP Echo Message can be used to determine if a host is operational. The local host sends an ICMP Echo Request to a host. If the host is available, the destination host responds with an Echo Reply. Click Play in the figure to see an animation of the ICMP Echo Request/Echo Reply. This use of the ICMP Echo messages is the basis of the ping utility.

Destination or Service Unreachable
When a host or gateway receives a packet that it cannot deliver, it can use an ICMP Destination Unreachable message to notify the source that the destination or service is unreachable. The message will include a code that indicates why the packet could not be delivered.
These are some of the Destination Unreachable codes for ICMPv4:
  • 0 – Net unreachable
  • 1 – Host unreachable
  • 2 – Protocol unreachable
  • 3 – Port unreachable

Note: ICMPv6 has similar but slightly different codes for Destination Unreachable messages.

Time Exceeded

An ICMPv4 Time Exceeded message is used by a router to indicate that a packet cannot be forwarded because the Time to Live (TTL) field of the packet was decremented to 0. If a router receives a packet and decrements the TTL field in the IPv4 packet to zero, it discards the packet and sends a Time Exceeded message to the source host.
ICMPv6 also sends a Time Exceeded message if the router cannot forward an IPv6 packet because the packet has expired. IPv6 does not have a TTL field. It uses the hop limit field to determine if the packet has expired.

ICMPv6 RS and RA Messages

The informational and error messages found in ICMPv6 are very similar to the control and error messages implemented by ICMPv4. However, ICMPv6 has new features and improved functionality not found in ICMPv4. ICMPv6 messages are encapsulated in IPv6.
ICMPv6 includes four new protocols as part of the Neighbor Discovery Protocol (ND or NDP).
Messaging between an IPv6 router and an IPv6 device:
  • Router Solicitation (RS) message
  • Router Advertisement (RA) message

Messaging between IPv6 devices:

  • Neighbour Solicitation (NS) message
  • Neighbour Advertisement (NA) message
Router Solicitation
Address Resolution
Duplicate Address Detection (DAD)
  1. RA messages are sent by routers to provide addressing information to hosts using Stateless Address Autoconfiguration (SLAAC). The RA message can include addressing information for the host such as the prefix, prefix length, DNS address, and domain name. A router will send an RA message periodically or in response to an RS message. A host using SLAAC will set its default gateway to the link-local address of the router that sent the RA.
  2. When a host is configured to obtain its addressing information automatically using SLAAC, the host will send an RS message to the router requesting an RA message.

The Need For IPv6 Network Addressing

IPv6 is designed to be the successor to IPv4. IPv6 has a larger 128-bit address space, providing 340 undecillion (i.e., 340 followed by 36 zeroes) possible addresses. However, IPv6 is more than just larger addresses. In this article, I want to discuss the need for IPv6 Network Addressing.

When the IETF began its development of a successor to IPv4, it used this opportunity to fix the limitations of IPv4 and include enhancements. One example is Internet Control Message Protocol version 6 (ICMPv6), which includes address resolution and address autoconfiguration not found in ICMP for IPv4 (ICMPv4).

 

The depletion of IPv4 address space has been the motivating factor for moving to IPv6. As Africa, Asia and other areas of the world become more connected to the internet, there are not enough IPv4 addresses to accommodate this growth. As shown in the figure, four out of the five RIRs have run out of IPv4 addresses.

 

RIR IPv4 Exhaustion Dates

IPv4 has a theoretical maximum of 4.3 billion addresses. Private addresses in combination with Network Address Translation (NAT) have been instrumental in slowing the depletion of IPv4 address space. However, NAT is problematic for many applications, creates latency, and has limitations that severely impede peer-to-peer communications.

 

With the ever-increasing number of mobile devices, mobile providers have been leading the way with the transition to IPv6. The top two mobile providers in the United States report that over 90% of their traffic is over IPv6.

 

Most top ISPs and content providers such as YouTube, Facebook, and NetFlix, have also made the transition. Many companies like Microsoft, Facebook, and LinkedIn are transitioning to IPv6-only internally. In 2018, broadband ISP Comcast reported deployment of over 65% and British Sky Broadcasting over 86%.

 

Internet of Things
The internet of today is significantly different from the internet of past decades. The internet of today is more than email, web pages, and file transfers between computers. The evolving internet is becoming an Internet of Things (IoT). No longer will the only devices accessing the internet be computers, tablets, and smartphones. The sensor-equipped, internet-ready devices of tomorrow will include everything from automobiles and biomedical devices, to household appliances and natural ecosystems.
With an increasing Internet population, a limited IPv4 address space, issues with NAT and the IoT, the time has come to begin the transition to IPv6.

IPv6 Addressing Formats

The first step to learning about IPv6 in networks is to understand the way an IPv6 address is written and formatted. IPv6 addresses are much larger than IPv4 addresses, which is why we are unlikely to run out of them.

IPv6 addresses are 128 bits in length and written as a string of hexadecimal values. Every four bits is represented by a single hexadecimal digit; for a total of 32 hexadecimal values, as shown in the figure. IPv6 addresses are not case-sensitive and can be written in either lowercase or uppercase.

16-bit Segments or Hextets

Preferred Format

The previous figure also shows that the preferred format for writing an IPv6 address is x:x:x:x:x:x:x:x, with each “x” consisting of four hexadecimal values. The term octet refers to the eight bits of an IPv4 address. In IPv6, a hextet is the unofficial term used to refer to a segment of 16 bits, or four hexadecimal values. Each “x” is a single hextet which is 16 bits or four hexadecimal digits.

Preferred format means that you write IPv6 address using all 32 hexadecimal digits. It does not necessarily mean that it is the ideal method for representing the IPv6 address. In this module, you will see two rules that help to reduce the number of digits needed to represent an IPv6 address.
These are examples of IPv6 addresses in the preferred format.

2001 : 0db8 : 0000 : 1111 : 0000 : 0000 : 0000: 0200
2001 : 0db8 : 0000 : 00a3 : abcd : 0000 : 0000: 1234
2001 : 0db8 : 000a : 0001 : c012 : 9aff : fe9a: 19ac
2001 : 0db8 : aaaa : 0001 : 0000 : 0000 : 0000: 0000
fe80 : 0000 : 0000 : 0000 : 0123 : 4567 : 89ab: cdef
fe80 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000: 0001
fe80 : 0000 : 0000 : 0000 : c012 : 9aff : fe9a: 19ac
fe80 : 0000 : 0000 : 0000 : 0123 : 4567 : 89ab: cdef
0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000: 0001
0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000: 0000

Rule 1 – Omit Leading Zeros

The first rule to help reduce the notation of IPv6 addresses is to omit any leading 0s (zeros) in any hextet. Here are four examples of ways to omit leading zeros:

  • 01ab can be represented as 1ab
  • 09f0 can be represented as 9f0
  • 0a00 can be represented as a00
  • 00ab can be represented as ab

This rule only applies to leading 0s, NOT to trailing 0s, otherwise the address would be ambiguous. For example, the hextet “abc” could be either “0abc” or “abc0”, but these do not represent the same value.

 
Type Format
Preferred 
2001 : 0db8 : 0000 : 1111 : 0000 : 0000 : 0000 : 0200
No leading 0s 
2001 :  db8 :    0 : 1111 :    0 :    0 :    0 :  200
Preferred 
2001 : 0db8 : 0000 : 00a3 : ab00 : 0ab0 : 00ab : 1234
No leading 0s 
2001 :  db8 :    0 :   a3 : ab00 :  ab0 :   ab : 1234
Preferred 
2001 : 0db8 : 000a : 0001 : c012 : 90ff : fe90 : 0001
No leading 0s 
2001 :  db8 :    a :    1 : c012 : 90ff : fe90 :    1
Preferred 
2001 : 0db8 : aaaa : 0001 : 0000 : 0000 : 0000 : 0000
No leading 0s 
2001 :  db8 : aaaa :    1 :    0 :    0 :    0 :    0
Preferred 
fe80 : 0000 : 0000 : 0000 : 0123 : 4567 : 89ab : cdef
No leading 0s 
fe80 :    0 :    0 :    0 :  123 : 4567 : 89ab : cdef
Preferred 
fe80 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0001
No leading 0s 
fe80 :    0 :    0 :    0 :    0 :    0 :    0 :    1
Preferred 
0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0001
No leading 0s 
   0 :    0 :    0 :    0 :    0 :    0 :    0 :    1
Preferred 
0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000
No leading 0s 
   0 :    0 :    0 :    0 :    0 :    0 :    0 :    0

Rule 2- Double Colon

The second rule to help reduce the notation of IPv6 addresses is that a double colon (::) can replace any single, contiguous string of one or more 16-bit hextets consisting of all zeros. For example, 2001:db8:cafe:1:0:0:0:1 (leading 0s omitted) could be represented as 2001:db8:cafe:1::1. The double colon (::) is used in place of the three all-0 hextets (0:0:0).
The double colon (::) can only be used once within an address, otherwise there would be more than one possible resulting address. When used with the omitting leading 0s technique, the notation of IPv6 address can often be greatly reduced. This is commonly known as the compressed format.
Here is an example of the incorrect use of the double colon: 2001:db8::abcd::1234.
The double colon is used twice in the example above. Here are the possible expansions of this incorrect compressed format address:
  • 2001:db8::abcd:0000:0000:1234
  • 2001:db8::abcd:0000:0000:0000:1234
  • 2001:db8:0000:abcd::1234
  • 2001:db8:0000:0000:abcd::1234

If an address has more than one contiguous string of all-0 hextets, best practice is to use the double colon (::) on the longest string. If the strings are equal, the first string should use the double colon (::).

 
Type Format
Preferred 
2001 : 0db8 : 0000 : 1111 : 0000 : 0000 : 0000 : 0200
Compressed/spaces 
2001 :  db8 :    0 : 1111 :                    :  200
Compressed 
2001:db8:0:1111::200
Preferred 
2001 : 0db8 : 0000 : 0000 : ab00 : 0000 : 0000 : 0000
Compressed/spaces 
2001 :  db8 :    0 :    0 : ab00 ::
Compressed 
2001:db8:0:0:ab00::
Preferred 
2001 : 0db8 : aaaa : 0001 : 0000 : 0000 : 0000 : 0000
Compressed/spaces 
2001 :  db8 : aaaa :    1 ::
Compressed 
2001:db8:aaaa:1::
Preferred 
fe80 : 0000 : 0000 : 0000 : 0123 : 4567 : 89ab : cdef
Compressed/spaces 
fe80 :                    :  123 : 4567 : 89ab : cdef
Compressed 
fe80::123:4567:89ab:cdef
Preferred 
fe80 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0001
Compressed/spaces 
fe80 :                                         :    1
Compressed 
fe80::0
Preferred 
0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0001
Compressed/spaces 
::                                                  1
Compressed 
::1
Preferred 
0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000 : 0000
Compressed/spaces 
::
Compressed 
::

IPv6 Prefix Length

The prefix, or network portion, of an IPv4 address can be identified by a dotted-decimal subnet mask or prefix length (slash notation). For example, an IPv4 address of 192.168.1.10 with dotted-decimal subnet mask 255.255.255.0 is equivalent to 192.168.1.10/24.
In IPv4 the /24 is called the prefix. In IPv6 it is called the prefix length. IPv6 does not use the dotted-decimal subnet mask notation. Like IPv4, the prefix length is represented in slash notation and is used to indicate the network portion of an IPv6 address.
The prefix length can range from 0 to 128. The recommended IPv6 prefix length for LANs and most other types of networks is /64, as shown in the figure.

IPv6 Prefix Length

It is strongly recommended to use a 64-bit Interface ID for most networks. This is because stateless address autoconfiguration (SLAAC) uses 64 bits for the Interface ID. It also makes subnetting easier to create and manage.

How Router Makes Host Forwarding Decision

 

With both IPv4 and IPv6, packets are always created at the source host. The source host must be able to direct the packet to the destination host. To do this, host end devices create their own routing table. This topic discusses how end devices use routing tables. In this article, I want to talk about how router makes host forwarding decisions.

Another role of the network layer is to direct packets between hosts. A host can send a packet to the following:
  • Itself – A host can ping itself by sending a packet to a special IPv4 address of 127.0.0.1 or an IPv6 address ::/1, which is referred to as the loopback interface. Pinging the loopback interface tests the TCP/IP protocol stack on the host.
  • Local host – This is a destination host that is on the same local network as the sending host. The source and destination hosts share the same network address.
  • Remote host – This is a destination host on a remote network. The source and destination hosts do not share the same network address.

The figure illustrates PC1 connecting to a local host on the same network, and to a remote host located on another network.

 

Whether a packet is destined for a local host or a remote host is determined by the source end device. The source end device determines whether the destination IP address is on the same network that the source device itself is on. The method of determination varies by IP version:

 

  • In IPv4 – The source device uses its own subnet mask along with its own IPv4 address and the destination IPv4 address to make this determination.
  • In IPv6 – The local router advertises the local network address (prefix) to all devices on the network.

In a home or business network, you may have several wired and wireless devices interconnected together using an intermediary device, such as a LAN switch or a wireless access point (WAP). This intermediary device provides interconnections between local hosts on the local network. Local hosts can reach each other and share information without the need for any additional devices.

If a host is sending a packet to a device that is configured with the same IP network as the host device, the packet is simply forwarded out of the host interface, through the intermediary device, and to the destination device directly.

Of course, in most situations we want our devices to be able to connect beyond the local network segment, such as out to other homes, businesses, and the internet. Devices that are beyond the local network segment are known as remote hosts.

When a source device sends a packet to a remote destination device, then the help of routers and routing is needed. Routing is the process of identifying the best path to a destination. The router connected to the local network segment is referred to as the default gateway.

Default Gateway

The default gateway is the network device (i.e., router or Layer 3 switch) that can route traffic to other networks. If you use the analogy that a network is like a room, then the default gateway is like a doorway. If you want to get to another room or network you need to find the doorway.
On a network, a default gateway is usually a router with these features:
  • It has a local IP address in the same address range as other hosts on the local network.
  • It can accept data into the local network and forward data out of the local network.
  • It routes traffic to other networks.

A default gateway is required to send traffic outside of the local network. Traffic cannot be forwarded outside the local network if there is no default gateway, the default gateway address is not configured, or the default gateway is down.

A Host Routes to the Default Gateway

A host routing table will typically include a default gateway. In IPv4, the host receives the IPv4 address of the default gateway either dynamically from Dynamic Host Configuration Protocol (DHCP) or configured manually. In IPv6, the router advertises the default gateway address or the host can be configured manually.
In the figure, PC1 and PC2 are configured with the IPv4 address of 192.168.10.1 as the default gateway.
Having a default gateway configured creates a default route in the routing table of the PC. A default route is the route or pathway your computer will take when it tries to contact a remote network.
Both PC1 and PC2 will have a default route to send all traffic destined to remote networks to R1.

Host Routing Tables

On a Windows host, the route print or netstat -r command can be used to display the host routing table. Both commands generate the same output. The output may seem overwhelming at first, but is fairly simple to understand.
The figure displays a sample topology and the output generated by the netstat –r command.

IPv4 Routing Table for PC1

C:\Users\PC1> netstat -r
(output omitted)
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination         Netmask       Gateway       Interface    Metric
          0.0.0.0           0.0.0.0   192.168.10.1   192.168.10.10       25
        127.0.0.0         255.0.0.0       On-link        127.0.0.1      306
        127.0.0.1   255.255.255.255       On-link        127.0.0.1      306
  127.255.255.255   255.255.255.255       On-link        127.0.0.1      306
     192.168.10.0     255.255.255.0       On-link    192.168.10.10      281
    192.168.10.10   255.255.255.255       On-link    192.168.10.10      281
   192.168.10.255   255.255.255.255       On-link    192.168.10.10      281
        224.0.0.0         240.0.0.0       On-link        127.0.0.1      306
        224.0.0.0         240.0.0.0       On-link    192.168.10.10      281
  255.255.255.255   255.255.255.255       On-link        127.0.0.1      306
  255.255.255.255   255.255.255.255       On-link    192.168.10.10      281
(output omitted)
Note: The output only displays the IPv4 route table.
Entering the netstat -r command or the equivalent route print command displays three sections related to the current TCP/IP network connections:
  • Interface List – Lists the Media Access Control (MAC) address and assigned interface number of every network-capable interface on the host, including Ethernet, Wi-Fi, and Bluetooth adapters.
  • IPv4 Route Table – Lists all known IPv4 routes, including direct connections, local network, and local default routes.
  • IPv6 Route Table – Lists all known IPv6 routes, including direct connections, local network, and local default routes.
 

Address Resolution Protocol: How It Works

Leave a reply

If your network is using the IPv4 communications protocol, the Address Resolution Protocol, or ARP, is what you need to map IPv4 addresses to MAC addresses. This topic explains how ARP works.

Every IP device on an Ethernet network has a unique Ethernet MAC address. When a device sends an Ethernet Layer 2 frame, it contains these two addresses:

  • Destination MAC address – The Ethernet MAC address of the destination device on the same local network segment. If the destination host is on another network, then the destination address in the frame would be that of the default gateway (i.e., router).
  • Source MAC address – The MAC address of the Ethernet NIC on the source host.

The figure illustrates the problem when sending a frame to another host on the same segment on an IPv4 network.

 

To send a packet to another host on the same local IPv4 network, a host must know the IPv4 address and the MAC address of the destination device. Device destination IPv4 addresses are either known or resolved by device name. However, MAC addresses must be discovered.
A device uses Address Resolution Protocol (ARP) to determine the destination MAC address of a local device when it knows its IPv4 address.
ARP provides two basic functions:
  • Resolving IPv4 addresses to MAC addresses
  • Maintaining a table of IPv4 to MAC address mappings
]

ARP Functions

When a packet is sent to the data link layer to be encapsulated into an Ethernet frame, the device refers to a table in its memory to find the MAC address that is mapped to the IPv4 address. This table is stored temporarily in RAM memory and called the ARP table or the ARP cache.

The sending device will search its ARP table for a destination IPv4 address and a corresponding MAC address.

  • If the packet’s destination IPv4 address is on the same network as the source IPv4 address, the device will search the ARP table for the destination IPv4 address.
  • If the destination IPv4 address is on a different network than the source IPv4 address, the device will search the ARP table for the IPv4 address of the default gateway.

In both cases, the search is for an IPv4 address and a corresponding MAC address for the device.

Each entry, or row, of the ARP table binds an IPv4 address with a MAC address. We call the relationship between the two values a map. This simply means that you can locate an IPv4 address in the table and discover the corresponding MAC address. The ARP table temporarily saves (caches) the mapping for the devices on the LAN.
If the device locates the IPv4 address, its corresponding MAC address is used as the destination MAC address in the frame. If there is no entry is found, then the device sends an ARP request.

 

ARP Request

An ARP request is sent when a device needs to determine the MAC address that is associated with an IPv4 address, and it does not have an entry for the IPv4 address in its ARP table.

ARP messages are encapsulated directly within an Ethernet frame. There is no IPv4 header. The ARP request is encapsulated in an Ethernet frame using the following header information:

  • Destination MAC address – This is a broadcast address FF-FF-FF-FF-FF-FF requiring all Ethernet NICs on the LAN to accept and process the ARP request.
  • Source MAC address – This is MAC address of the sender of the ARP request.
  • Type – ARP messages have a type field of 0x806. This informs the receiving NIC that the data portion of the frame needs to be passed to the ARP process.

Because ARP requests are broadcasts, they are flooded out all ports by the switch, except the receiving port. All Ethernet NICs on the LAN process broadcasts and must deliver the ARP request to its operating system for processing. Every device must process the ARP request to see if the target IPv4 address matches its own. A router will not forward broadcasts out other interfaces.

Only one device on the LAN will have an IPv4 address that matches the target IPv4 address in the ARP request. All other devices will not reply.
Click Play in the figure to view a demonstration of an ARP request for a destination IPv4 address that is on the local network.

ARP Operation – ARP Reply

Only the device with the target IPv4 address associated with the ARP request will respond with an ARP reply. The ARP reply is encapsulated in an Ethernet frame using the following header information:

  • Destination MAC address – This is the MAC address of the sender of the ARP request.
  • Source MAC address – This is the MAC address of the sender of the ARP reply.
  • Type – ARP messages have a type field of 0x806. This informs the receiving NIC that the data portion of the frame needs to be passed to the ARP process.

Only the device that originally sent the ARP request will receive the unicast ARP reply. After the ARP reply is received, the device will add the IPv4 address and the corresponding MAC address to its ARP table. Packets destined for that IPv4 address can now be encapsulated in frames using its corresponding MAC address.
If no device responds to the ARP request, the packet is dropped because a frame cannot be created.
Entries in the ARP table are time stamped. If a device does not receive a frame from a particular device before the timestamp expires, the entry for this device is removed from the ARP table.
Additionally, static map entries can be entered in an ARP table, but this is rarely done. Static ARP table entries do not expire over time and must be manually removed.
Note: IPv6 uses a similar process to ARP for IPv4, known as ICMPv6 Neighbor Discovery (ND). IPv6 uses neighbour solicitation and neighbour advertisement messages, similar to IPv4 ARP requests and ARP replies.

ARP Role in Remote Communication

When the destination IPv4 address is not on the same network as the source IPv4 address, the source device needs to send the frame to its default gateway. This is the interface of the local router. Whenever a source device has a packet with an IPv4 address on another network, it will encapsulate that packet in a frame using the destination MAC address of the router.
The IPv4 address of the default gateway is stored in the IPv4 configuration of the hosts. When a host creates a packet for a destination, it compares the destination IPv4 address and its own IPv4 address to determine if the two IPv4 addresses are located on the same Layer 3 network. If the destination host is not on its same network, the source checks its ARP table for an entry with the IPv4 address of the default gateway. If there is not an entry, it uses the ARP process to determine the MAC address of the default gateway.
Click Play to view a demonstration of an ARP request and ARP reply associated with the default gateway.

Removing Entries from an ARP Table

For each device, an ARP cache timer removes ARP entries that have not been used for a specified period of time. The times differ depending on the operating system of the device. For example, newer Windows operating systems store ARP table entries between 15 and 45 seconds, as illustrated in the figure.
Commands may also be used to manually remove some or all of the entries in the ARP table. After an entry has been removed, the process for sending an ARP request and receiving an ARP reply must occur again to enter the map in the ARP table.

ARP Tables on Networking Devices

On a Cisco router, the show ip arp command is used to display the ARP table, as shown in the figure.
R1# show ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.168.10.1            -   a0e0.af0d.e140  ARPA   GigabitEthernet0/0/0
Internet  209.165.200.225         -   a0e0.af0d.e141  ARPA   GigabitEthernet0/0/1
Internet  209.165.200.226         1   a03d.6fe1.9d91  ARPA   GigabitEthernet0/0/1
R1#
On a Windows 10 PC, the arp –a command is used to display the ARP table, as shown in the figure.
C:\Users\PC> arp -a
Interface: 192.168.1.124 --- 0x10
  Internet Address      Physical Address      Type
  192.168.1.1           c8-d7-19-cc-a0-86     dynamic
  192.168.1.101         08-3e-0c-f5-f7-77     dynamic
  192.168.1.110         08-3e-0c-f5-f7-56     dynamic
  192.168.1.112         ac-b3-13-4a-bd-d0     dynamic
  192.168.1.117         08-3e-0c-f5-f7-5c     dynamic
  192.168.1.126         24-77-03-45-5d-c4     dynamic
  192.168.1.146         94-57-a5-0c-5b-02     dynamic
  192.168.1.255         ff-ff-ff-ff-ff-ff     static
  224.0.0.22            01-00-5e-00-00-16     static
  224.0.0.251           01-00-5e-00-00-fb     static
  239.255.255.250       01-00-5e-7f-ff-fa     static
  255.255.255.255       ff-ff-ff-ff-ff-ff     static
C:\Users\PC>
 
Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that because I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include the staff of Dangote Refinery, FCMB, Zenith Bank, and New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training. 

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

 

Fact Check Policy

TECHMANIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

 

   
Fact Check Policy
Contact Us

Examining Transport Layer Characteristics In Networking

Leave a reply

Application layer programs generate data that must be exchanged between the source and destination hosts. The transport layer is responsible for logical communications between applications running on different hosts. This may include services such as establishing a temporary session between two hosts and the reliable transmission of information for an application.
The transport layer has no knowledge of the destination host type, the type of media over which the data must travel, the path taken by the data, the congestion on a link, or the size of the network.
The transport layer includes two protocols:
  • Transmission Control Protocol (TCP)
  • User Datagram Protocol (UDP)

Transport Layer Responsibilities

The transport layer has many responsibilities.
Tracking Individual Conversations
At the transport layer, each set of data flowing between a source application and a destination application is known as a conversation and is tracked separately. It is the responsibility of the transport layer to maintain and track these multiple conversations.
As illustrated in the figure, a host may have multiple applications that are communicating across the network simultaneously.
Most networks have a limitation on the amount of data that can be included in a single packet. Therefore, data must be divided into manageable pieces.

 

Transport Layer Protocols

IP is concerned only with the structure, addressing, and routing of packets. IP does not specify how the delivery or transportation of the packets takes place.
Transport layer protocols specify how to transfer messages between hosts, and are responsible for managing the reliability requirements of a conversation. The transport layer includes the TCP and UDP protocols.
Different applications have different transport reliability requirements. Therefore, TCP/IP provides two transport layer protocols.

Transmission Control Protocol (TCP)

IP is concerned only with the structure, addressing, and routing of packets, from the original sender to the final destination. IP is not responsible for guaranteeing delivery or determining whether a connection between the sender and receiver needs to be established.
TCP is considered a reliable, full-featured transport layer protocol, which ensures that all of the data arrives at the destination. TCP includes fields that ensure the delivery of the application data. These fields require additional processing by the sending and receiving hosts.
Note: TCP divides data into segments.
TCP transport is analogous to sending packages that are tracked from source to destination. If a shipping order is broken up into several packages, a customer can check online to see the order of the delivery.

TCP provides reliability and flows control using these basic operations:

  • Number and track data segments transmitted to a specific host from a specific application
  • Acknowledge received data
  • Retransmit any unacknowledged data after a certain amount of time
  • Sequence data that might arrive in the wrong order
  • Send data at an efficient rate that is acceptable by the receiver

 

In order to maintain the state of a conversation and track the information, TCP must first establish a connection between the sender and the receiver. This is why TCP is known as a connection-oriented protocol.
Click Play in the figure to see how TCP segments and acknowledgments are transmitted between sender and receiver.

 

TCP Header

TCP is a stateful protocol which means it keeps track of the state of the communication session. To track the state of a session, TCP records which information it has sent and which information has been acknowledged. The stateful session begins with the session establishment and ends with the session termination.
A TCP segment adds 20 bytes (i.e., 160 bits) of overhead when encapsulating the application layer data. The figure shows the fields in a TCP header.

TCP Header Fields

The table identifies and describes the ten fields in a TCP header.
TCP Header Field Description
Source Port A 16-bit field used to identify the source application by port number.
Destination Port A 16-bit field used to identify the destination application by port number.
Sequence Number A 32-bit field used for data reassembly purposes.
Acknowledgment Number A 32-bit field used to indicate that data has been received and the next byte expected from the source.
Header Length A 4-bit field known as ʺdata offsetʺ indicates the length of the TCP segment header.
Reserved A 6-bit field that is reserved for future use.
Control bits A 6-bit field that includes bit codes, or flags, which indicate the purpose and function of the TCP segment.
Window size A 16-bit field used to indicate the number of bytes that can be accepted at one time.
Checksum A 16-bit field used for error checking of the segment header and data.
Urgent A 16-bit field used to indicate if the contained data is urgent.

User Datagram Protocol (UDP)

UDP is a simpler transport layer protocol than TCP. It does not provide reliability and flow control, which means it requires fewer header fields.
Because the sender and the receiver UDP processes do not have to manage reliability and flow control, this means UDP datagrams can be processed faster than TCP segments. UDP provides the basic functions for delivering datagrams between the appropriate applications, with very little overhead and data checking.

 

Note: UDP divides data into datagrams that are also referred to as segments.
UDP is a connectionless protocol. Because UDP does not provide reliability or flow control, it does not require an established connection. Because UDP does not track information sent or received between the client and server, UDP is also known as a stateless protocol.

 

 

UDP is also known as a best-effort delivery protocol because there is no acknowledgment that the data is received at the destination. With UDP, there are no transport layer processes that inform the sender of successful delivery.

 

UDP is like placing a regular, nonregistered, letter in the mail. The sender of the letter is not aware of the availability of the receiver to receive the letter. Nor is the post office responsible for tracking the letter or informing the sender if the letter does not arrive at the final destination.

UDP Header

UDP is a stateless protocol, meaning neither the client nor the server, tracks the state of the communication session. If reliability is required when using UDP as the transport protocol, it must be handled by the application.
One of the most important requirements for delivering live video and voice over the network is that the data continues to flow quickly. Live video and voice applications can tolerate some data loss with minimal or no noticeable effect and are perfectly suited to UDP.
The blocks of communication in UDP are called datagrams, or segments. These datagrams are sent as a best effort by the transport layer protocol.
The UDP header is far simpler than the TCP header because it only has four fields and requires 8 bytes (i.e., 64 bits). The figure shows the fields in a UDP header.

 

 

UDP Header Fields

The table identifies and describes the four fields in a UDP header.
UDP Header Field DescriptionSource Port A 16-bit field used to identify the source application by port number. Destination PortA 16-bit field used to identify the destination application by port number. Length A 16-bit field that indicates the length of the UDP datagram header.Checksum A 16-bit field used for error checking of the datagram header and data.
UDP Header Field Description
Source Port A 16-bit field used to identify the source application by port number.
Destination Port A 16-bit field used to identify the destination application by port number.
Length A 16-bit field that indicates the length of the UDP datagram header.
Checksum A 16-bit field used for error checking of the datagram header and data.
 

Socket Pairs

The source and destination ports are placed within the segment. The segments are then encapsulated within an IP packet.
The IP packet contains the IP address of the source and destination. The combination of the source IP address and source port number, or the destination IP address and destination port number is known as a socket.
In the example in the figure, the PC is simultaneously requesting FTP and web services from the destination server.
The socket is used to identify the server and service being requested by the client. A client socket might look like this, with 1099 representing the source port number: 192.168.1.5:1099
The socket on a web server might be 192.168.1.7:80
Together, these two sockets combine to form a socket pair: 192.168.1.5:1099, 192.168.1.7:80
Sockets enable multiple processes, running on a client, to distinguish themselves from each other, and multiple connections to a server process to be distinguished from each other.
The source port number acts as a return address for the requesting application. The transport layer keeps track of this port and the application that initiated the request so that when a response is returned, it can be forwarded to the correct application.

Transport Layer Session Establishment: How It Is Done

Leave a reply

You already know the fundamentals of TCP. Understanding the role of port numbers will help you to grasp the details of the TCP communication process. In this topic, you will also learn about the TCP three-way handshake and session termination processes.
Each application process running on a server is configured to use a port number. The port number is either automatically assigned or configured manually by a system administrator.
An individual server cannot have two services assigned to the same port number within the same transport layer services. For example, a host running a web server application and a file transfer application cannot have both configured to use the same port, such as TCP port 80.
An active server application assigned to a specific port is considered open, which means that the transport layer accepts, and processes segments addressed to that port. Any incoming client request addressed to the correct socket is accepted, and the data is passed to the server application. There can be many ports open simultaneously on a server, one for each active server application.
Clients Sending TCP Requests
Client 1 is requesting web services and Client 2 is requesting email service of the same server.

TCP Connection Establishment

In some cultures, when two persons meet, they often greet each other by shaking hands. Both parties understand the act of shaking hands as a signal for a friendly greeting. Connections on the network are similar.
In TCP connections, the host client establishes the connection with the server using the three-way handshake process.
Click each button for more information about each TCP connection establishment step.
Step 1. SYN
Step 2. ACK and SYN
Step 3. ACK
Step 1. SYN
The initiating client requests a client-to-server communication session with the server.
The three-way handshake validates that the destination host is available to communicate. In this example, host A has validated that host B is available.

Session Termination

To close a connection, the Finish (FIN) control flag must be set in the segment header. To end each one-way TCP session, a two-way handshake, consisting of a FIN segment and an Acknowledgment (ACK) segment, is used.
Therefore, to terminate a single conversation supported by TCP, four exchanges are needed to end both sessions. Either the client or the server can initiate the termination.
In the example, the terms client and server are used as a reference for simplicity, but any two hosts that have an open session can initiate the termination process.
Click each button for more information about the session termination steps.
Step 1. FIN
Step 2. ACK
Step 3. FIN
Step 4. ACK
Step 1. FIN
When the client has no more data to send in the stream, it sends a segment with the FIN flag set.
When all segments have been acknowledged, the session is closed.
 

TCP Three-way Handshake Analysis

Hosts maintain state, track each data segment within a session, and exchange information about what data is received using the information in the TCP header. TCP is a full-duplex protocol, where each connection represents two one-way communication sessions.
To establish the connection, the hosts perform a three-way handshake. As shown in the figure, control bits in the TCP header indicate the progress and status of the connection.
These are the functions of the three-way handshake:
  • It establishes that the destination device is present on the network.
  • It verifies that the destination device has an active service and is accepting requests on the destination port number that the initiating client intends to use.
  • It informs the destination device that the source client intends to establish a communication session on that port number.

 

After the communication is completed the sessions are closed, and the connection is terminated. The connection and session mechanisms enable TCP reliability function.

Control Bits Field

The six bits in the Control Bits field of the TCP segment header are also known as flags. A flag is a bit that is set to either on or off.

The six control bits flags are as follows:

  • URG – Urgent pointer field significant
  • ACK – Acknowledgment flag used in connection establishment and session termination
  • PSH – Push function
  • RST – Reset the connection when an error or timeout occurs
  • SYN – Synchronize sequence numbers used in connection establishment
  • FIN – No more data from sender and used in session termination

Search the internet to learn more about the PSH and URG flags.

 

Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that because I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include staff of Dangote Refinery, FCMB, Zenith Bank, and New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training. 

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

READ THIS   Perilous Times. RCCG Sunday School Manual. 27/07/2021

Fact Check Policy

CRMNIGERIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

 

   
Fact Check Policy
Contact Us

Understanding Dynamic Host Configuration Protocol

Leave a reply

The Dynamic Host Configuration Protocol (DHCP) for IPv4 service automates the assignment of IPv4 addresses, subnet masks, gateways, and other IPv4 networking parameters. This is referred to as dynamic addressing.
The alternative to dynamic addressing is static addressing. When using static addressing, the network administrator manually enters IP address information on hosts.

 

When a host connects to the network, the DHCP server is contacted, and an address is requested. The DHCP server chooses an address from a configured range of addresses called a pool and assigns (leases) it to the host.

 

On larger networks, or where the user population changes frequently, DHCP is preferred for address assignment. New users may arrive and need connections; others may have new computers that must be connected.
Rather than use static addressing for each connection, it is more efficient to have IPv4 addresses assigned automatically using DHCP.

 

DHCP can allocate IP addresses for a configurable period of time, called a lease period. The lease period is an important DHCP setting, When the lease period expires or the DHCP server gets a DHCPRELEASE message the address is returned to the DHCP pool for reuse.
Users can freely move from location to location and easily re-establish network connections through DHCP.

 

Various types of devices can be DHCP servers. The DHCP server in most medium-to-large networks is usually a local, dedicated PC-based server. With home networks, the DHCP server is usually located on the local router that connects the home network to the ISP.
Many networks use both DHCP and static addressing. DHCP is used for general-purpose hosts, such as end-user devices. Static addressing is used for network devices, such as gateway routers, switches, servers, and printers.
DHCP for IPv6 (DHCPv6) provides similar services for IPv6 clients. One important difference is that DHCPv6 does not provide a default gateway address. This can only be obtained dynamically from the Router Advertisement message of the router.

DHCP Operation

As shown in the figure, when an IPv4, DHCP-configured device boots up or connects to the network, the client broadcasts a DHCP discover (DHCPDISCOVER) message to identify any available DHCP servers on the network.
A DHCP server replies with a DHCP offer (DHCPOFFER) message, which offers a lease to the client. The offer message contains the IPv4 address and subnet mask to be assigned, the IPv4 address of the DNS server, and the IPv4 address of the default gateway. The lease offer also includes the duration of the lease.
The client may receive multiple DHCPOFFER messages if there is more than one DHCP server on the local network. Therefore, it must choose between them and sends a DHCP request (DHCPREQUEST) message that identifies the explicit server and leases offer that the client is accepting. A client may also choose to request an address that it had previously been allocated by the server.

 

Assuming that the IPv4 address requested by the client, or offered by the server, is still available, the server returns a DHCP acknowledgement (DHCPACK) message that acknowledges to the client that the lease has been finalized. If the offer is no longer valid, then the selected server responds with a DHCP negative acknowledgement (DHCPNAK) message.

 

If a DHCPNAK message is returned, then the selection process must begin again with a new DHCPDISCOVER message being transmitted. After the client has the lease, it must be renewed prior to the lease expiration through another DHCPREQUEST message.

 

The DHCP server ensures that all IP addresses are unique (the same IP address cannot be assigned to two different network devices simultaneously). Most ISPs use DHCP to allocate addresses to their customers.

 

DHCPv6 has a set of messages that is similar to those for DHCPv4. The DHCPv6 messages are SOLICIT, ADVERTISE, INFORMATION REQUEST, and REPLY.

DHCP Message Format

The DHCPv4 message format is used for all DHCPv4 transactions. DHCPv4 messages are encapsulated within the UDP transport protocol. DHCPv4 messages that are sent from the client use UDP source port 68 and destination port 67. DHCPv4 messages sent from the server to the client use UDP source port 67 and destination port 68. The structure of the DHCPv4 message is shown below.
8
OP Code
(1)		 16
Hardware Type
(1)		 24
Hardware Address Length
(1)		 32
Hops
(1)
Transaction Identifier
Seconds – 2 bytes Flags – 2 bytes
Client IP Address (CIADDR) – 4 bytes
Your IP Address (YIADDR) – 4 bytes
Server IP Address (SIADDR) – 4 bytes
Gateway IP Address (GIADDR) – 4 bytes
Client Hardware Address (CHADDR) – 16 bytes
Server Name (SNAME) – 64 bytes
Boot Filename – 128 bytes
DHCP Options – variable

The fields are explained here:

  • Operation (OP) Code – Specifies the general type of message. A value of 1 indicates a request message; a value of 2 is a reply message.
  • Hardware Type – Identifies the type of hardware used in the network. For example, 1 is Ethernet, 15 is Frame Relay, and 20 is a serial line. These are the same codes used in ARP messages.
  • Hardware Address Length – Specifies the length of the address.
  • Hops – Controls the forwarding of messages. Set to 0 by a client before transmitting a request.
  • Transaction Identifier – Used by the client to match the request with replies received from DHCPv4 servers.
  • Seconds – Identifies the number of seconds elapsed since a client began attempting to acquire or renew a lease. Used by DHCPv4 servers to prioritize replies when multiple client requests are outstanding.
  • Flags – Used by a client that does not know its IPv4 address when it sends a request. Only one of the 16 bits is used, which is the broadcast flag. A value of 1 in this field tells the DHCPv4 server or relay agent receiving the request that the reply should be sent as a broadcast.
  • Client IP Address – Used by a client during lease renewal when the address of the client is valid and usable, not during the process of acquiring an address. The client puts its own IPv4 address in this field if and only if it has a valid IPv4 address while in the bound state; otherwise, it sets the field to 0.
  • Your IP Address – Used by the server to assign an IPv4 address to the client.
  • Server IP Address – Used by the server to identify the address of the server that the client should use for the next step in the bootstrap process, which may or may not be the server sending this reply. The sending server always includes its own IPv4 address in a special field called the Server Identifier DHCPv4 option.
  • Gateway IP Address – Routes DHCPv4 messages when DHCPv4 relay agents are involved. The gateway address facilitates communications of DHCPv4 requests and replies between the client and a server that are on different subnets or networks.
  • Client Hardware Address – Specifies the physical layer of the client.
  • Server Name – Used by the server sending a DHCPOFFER or DHCPACK message. The server may optionally put its name in this field. This can be a simple text nickname or a DNS domain name, such as dhcpserver.netacad.net.
  • Boot Filename – Optionally used by a client to request a particular type of boot file in a DHCPDISCOVER message. Used by a server in a DHCPOFFER to fully specify a boot file directory and filename.
  • DHCP Options – Holds DHCP options, including several parameters required for basic DHCP operation. This field is variable in length. Both client and server may use this field.

The Truth About Domain Name Service

Leave a reply

The webservers that we so often connect to using names like www⋅cisco⋅com, are actually reached by assigning IP addresses to packets.
On the internet, these domain names are much easier for people to remember than an IP address such as 74.163.4.161. If Cisco decides to change the numeric address of www⋅cisco⋅com, it is transparent to the user because the domain name remains the same. The new address is simply linked to the existing domain name and connectivity is maintained.

 

The Domain Name System (DNS) was developed to provide a reliable means of managing and providing domain names and their associated IP addresses.
The DNS system consists of a global hierarchy of distributed servers that contain databases of name to IP address mappings. The client computer in the figure will send a request to the DNS server to get the IP address for www⋅cisco⋅com so that it can address packets to that server.

 

A recent analysis of network security threats discovered that over 90% of malicious software exploits use the DNS system to carry out network attack campaigns.
A cybersecurity analyst should have a thorough understanding of the DNS system and the ways in which malicious DNS traffic can be detected through protocol analysis and the inspection of DNS monitoring information. In addition, malware frequently contacts command-and-control servers by using DNS.
This makes the server URLs indicators of compromise for specific exploits.

DNS Resolves Names to IP Addresses

The DNS Domain Hierarchy

The DNS consists of a hierarchy of generic top-level domains (gTLD) which consist of .com, .net, .org, .gov, .edu, and numerous country-level domains, such as .br (Brazil), .es (Spain), .uk (United Kingdom), etc. At the next level of the DNS hierarchy are second-level domains. These are represented by a domain name that is followed by a top-level domain.

 

Subdomains are found at the next level of the DNS hierarchy and represent some division of the second-level domain. Finally, a fourth level can represent a host in a subdomain.

 

Each element of a domain specification is sometimes called a label. The labels move from the top of the hierarchy downward from right to left. A dot (“.“) at the end of a domain name represents the root server at the top of the hierarchy. The figure illustrates this DNS domain hierarchy.

 

The different top-level domains represent either the type of organization or the country of origin. Examples of top-level domains are the following:

  • .com – a business or industry
  • .org – a non-profit organization
  • .au – Australia
  • .co – Colombia

 

The DNS Lookup Process

To understand DNS, cybersecurity analysts should be familiar with the following terms:

  • Resolver – A DNS client that sends DNS messages to obtain information about the requested domain name space.
  • Recursion – The action taken when a DNS server is asked to query on behalf of a DNS resolver.
  • Authoritative Server – A DNS server that responds to query messages with information stored in Resource Records (RRs) for a domain name space stored on the server.
  • Recursive Resolver – A DNS server that recursively queries for the information asked in the DNS query.
  • FQDN – A Fully Qualified Domain Name is the absolute name of a device within the distributed DNS database.
  • RR – A Resource Record is a format used in DNS messages that is composed of the following fields: NAME, TYPE, CLASS, TTL, RDLENGTH, and RDATA.
  • Zone – A database that contains information about the domain name space stored on an authoritative server.

When attempting to resolve a name to an IP address, a user host, known in the system as a resolver, will first check its local DNS cache. If the mapping is not found there, a query will be issued to the DNS server or servers that are configured in the network addressing properties for the resolver.

 

These servers may be present at an enterprise or ISP. If the mapping is not found there, the DNS server will query other higher-level DNS servers that are authoritative for the top-level domain in order to find the mapping. These are known as recursive queries.

 

 

Because of the potential burden on authoritative top-level domain servers, some DNS servers in the hierarchy maintain caches of all DNS records that they have resolved for a period of time.

 

 

These caching DNS servers can resolve recursive queries without forwarding the queries to higher-level servers. If a server requires data for a zone, it will request a transfer of that data from an authoritative server for that zone. The process of transferring blocks of DNS data between servers is known as a zone transfer.

 

Step 1
The user types an FQDN into a browser application Address field.

DNS Message Format

DNS uses UDP port 53 for DNS queries and responses. DNS queries originate at a client and responses are issued from DNS servers. If a DNS response exceeds 512 bytes, such as when Dynamic DNS (DDNS) is used, TCP port 53 is used to handle the message.
It includes the format for queries, responses, and data. The DNS protocol communications use a single format called a message. This message format shown in the figure is used for all types of client queries and server responses, error messages, and the transfer of resource record information between servers.

The DNS server stores different types of RRs used to resolve names. These records contain the name, address, and type of record. Here is a list of some of these record types:

  • A – An end device IPv4 address
  • NS – An authoritative name server
  • AAAA – An end device IPv6 address (pronounced quad-A)
  • MX – A mail exchange record

 

When a client makes a query, the server’s DNS process first looks at its own records to resolve the name. If it is unable to resolve the name using its stored records, it contacts other servers to resolve the name.

 

After a match is found and returned to the original requesting server, the server temporarily stores the numbered address in the event that the same name is requested again.

 

The DNS Client service on Windows PCs also stores previously resolved names in memory. The ipconfig /displaydns command displays all of the cached DNS entries.
As shown in the figure, DNS uses the same message format between servers, consisting of a question, answer, authority, and additional information for all types of client queries and server responses, error messages, and transfer of resource record information. The table describes each section.
DNS message section Description
Question The question for the server. It contains the domain name to be resolved, the class of domain, and the query type.
Answer The DNS resource record, or RR, for the query including the resolved IP address depending on the RR type.
Authority Contains the RRs for the domain authority.
Additional Relevant to query responses only. Consists of RRs that hold additional information that will make query resolution more efficient
 

Dynamic DNS

DNS requires registrars to accept and distribute DNS mappings from organizations that wish to register domain names and IP address mappings. After the initial mapping has been created, a process that can take 24 hours or more, changes to the IP address that is mapped to the domain name can be made by contacting the registrar or using an online form to make the change.

 

However, because of the time it takes for this process to occur and the new mapping to be distributed in the domain name system, the change can take hours before the new mapping is available to resolvers.

 

In situations in which an ISP is using DHCP to provide addresses to a domain, it is possible that the address that is mapped to the domain could expire and a new address be granted by the ISP. This would result in a disruption of connectivity to the domain through DNS. A new approach was necessary to allow organizations to make fast changes to the IP address that is mapped to a domain.

 

 

 

Dynamic DNS (DDNS) allows a user or organization to register an IP address with a domain name as in DNS. However, when the IP address of the mapping changes, the new mapping can be propagated through the DNS almost instantaneously.
For this to occur, a user obtains a subdomain from a DDNS provider. That subdomain is mapped to the IP address of the user’s server, or home router connected to the internet. Client software runs on either the router or a host PC that detects a change in the internet IP address of the user.

 

When a change is detected, the DDNS provider is immediately informed of the change and the mapping between the user’s subdomain and the internet IP address is immediately updated, as shown in the figure. DDNS does not use a true DNS entry for a user’s IP address. Instead, it acts as an intermediary.

 

The DDNS provider’s domain is registered with the DNS, but the subdomain is mapped to a totally different IP address. The DDNS provider service supplies that IP address to the resolver’s second-level DNS server. That DNS server, either at the organization or ISP, provides the DDNS IP address to the resolver.

 

Dynamic DNS can be abused by threat actors in various ways. Free DDNS services are especially useful to threat actors. DDNS can be used to facilitate the rapid change of IP address for malware command-and-control servers after the current IP address has become widely blocked. In this way, the malware can be coded with a URL rather than a static IP address.

 

DDNS can also be used as a way to exfiltrate data from inside a network because DNS traffic is very common and is frequently considered to be benign. DDNS itself is not malignant, however monitoring DNS traffic that is going to known DDNS services, especially free ones, is very useful for the detection of exploits.

 

The WHOIS Protocol

WHOIS is a TCP-based protocol that is used to identify the owners of internet domains through the DNS system. When an internet domain is registered and mapped to an IP address for the DNS system, the registrant must supply information regarding who is registering the domain.
The WHOIS application uses a query, in the form of a FQDN. The query is issued through a WHOIS service or application. The official ownership registration record is returned to the user by the WHOIS service. This can be useful for identifying the destinations that have been accessed by hosts on a network. WHOIS has limitations, and hackers have ways of hiding their identities.
However, WHOIS is a starting point for identifying potentially dangerous internet locations that may have been reached through the network. An internet-based WHOIS service is called ICANN Lookup can be used to obtain the registration record a URL. Other WHOIS services are maintained by regional internet registries such as RIPE and APNIC.
 

Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include staff of Dangote Refinery, FCMB, Zenith Bank, and New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training. 

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

Fact Check Policy

TECHMANIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

 

    
Fact Check Policy
Contact Us

Roles Of End Devices In The Network Process

Leave a reply

 

The network devices that people are most familiar with are end devices. To distinguish one end device from another, each end device on a network has an address. When an end device initiates communication, it uses the address of the destination end device to specify where to deliver the message.

An end device is either the source or destination of a message transmitted over the network.

Click Play in the figure to see an animation of data flowing through a network.

 

Routers

Routers are devices that operate at the OSI network layer (Layer 3). As shown in the figure, routers are used to interconnect remote sites. They use the process of routing to forward data packets between networks.
The routing process uses network routing tables, protocols, and algorithms to determine the most efficient path for forwarding an IP packet. Routers gather routing information and update other routers about changes in the network. Routers increase the scalability of networks by segmenting broadcast domains.

The Router Connection

Routers have two primary functions: path determination and packet forwarding. To perform path determination, each router builds and maintains a routing table which is a database of known networks and how to reach them. The routing table can be built manually and contain static routes or can be built using a dynamic routing protocol.

 

Packet forwarding is accomplished by using a switching function. Switching is the process used by a router to accept a packet on one interface and forward it out of another interface. A primary responsibility of the switching function is to encapsulate packets in the appropriate data link frame type for the outgoing data link.

 

Play the animation of routers R1 and R2 receiving a packet from one network and forwarding the packet toward the destination network.

 

After the router has determined the exit interface using the path determination function, the router must encapsulate the packet into the data link frame of the outgoing interface.
What does a router do with a packet received from one network and destined for another network? The router performs the following three major steps:1. It de-encapsulates the Layer 2 frame header and trailer to expose the Layer 3 packet.
2. It examines the destination IP address of the IP packet to find the best path in the routing table.
3. If the router finds a path to the destination, it encapsulates the Layer 3 packet into a new Layer 2 frame and forwards that frame out the exit interface.

 

As shown in the figure, devices have Layer 3 IPv4 addresses, while Ethernet interfaces have Layer 2 data-link addresses. The MAC addresses are shortened to simplify the illustration. For example, PC1 is configured with IPv4 address 192.168.1.10 and an example MAC address of 0A-10.

As a packet travels from the source device to the final destination device, the Layer 3 IP addresses do not change. This is because the Layer 3 PDU does not change. However, the Layer 2 data link addresses change at every router on the path to the destination, as the packet is de-encapsulated and re-encapsulated in a new Layer 2 frame.

 
Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on an individual and corporate level, I will be very glad to do that I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained include staffs of Dangote Refinery, FCMB, Zenith Bank, New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training. 

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

 

Fact Check Policy

TECHMANIA is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

 

     
Fact Check Policy
Contact Us