OSI Model

Routing

Connection-oriented/Connectionless

Network Services

Source Destination

Application Layer

Presentation Layer

Session Layer

Transport Layer

Network Layer

Data Link Layer

Physical Layer

Application Layer

Presentation Layer

Session Layer

Transport Layer

Network Layer

Data Link Layer

Physical LayerNetwork

7 - Application Layer

6 - Presentation Layer

5 - Session Layer

4 - Transport Layer

3- Network Layer

2 - Data Link Layer

1- Physical Layer

Supports transmission from services

Uses: ftp, NFS, telnetUnit: message

Provides data translation

Uses: encryption, compressionUnit: message

Maintains connectivity until task completion

Uses: RPC, netBIOSUnit: message

Partitions/reconstructs message

Uses/standards: TCP, UDPUnit: segment

Delivers from logical device to logical device

Uses/standards: IP, IPX, AppletalkUnit: packet

Delivers from physical device to device

Uses/standards: Ethernet, FDDI, T1Unit: frame

Transmits raw data through net equipment

Uses/standards: RS-232, 802.11Unit: bit

IDS

firewall

router

bridgeswitch

repeater

Source: • receive frame from data link• transmit as raw bits

Wires & connections

Signal levels

Repeaters and hubs (amplifiers/splitters)

Frame stupid

Logical link control

Destination: • checks frames for integrity

• reconstruct packet from frame(s)

Media Access Control (MAC) addresses

Bridges and switches (connect by MAC)

Source: • wraps packet within a frame• forward frame to physical layer

FrameFrame

preamble8 bytes to establish start of communication

header14 bytes including sourceMAC, destination MAC, frame length, frame type

data (payload)46 to 1500 bytes

CRC4 byte cyclic redundancy check

MAC address - 6 bytes

this machine: 00:0d:93:87:80:1000:0d:93:87:80:10

broadcast:

Packets find their way through the network

Destination: • packets received only if the logical device address matches the packet• strip away frame header & CRC

Routers select network path based on logical address of destination

Source: • wraps segment into a packet• packet must contain network (IP) address

Bridges vs. Routers

• An IPv4 address consists of 4 octets.

• The range of an octet is 0 through 255.

Class 1st Octet Subnet Mask Available Addresses

A 1 - 127

B 128 - 191

C 192 - 223

D 224 - 255 reserved for broadcast

QuickTime™ and aTIFF (LZW) decompressor

are needed to see this picture.

QuickTime™ and aTIFF (LZW) decompressor

are needed to see this picture.

QuickTime™ and aTIFF (LZW) decompressor

are needed to see this picture.

10.2.2.1 10.2.2.2 10.2.2.1 10.2.3.1

QuickTime™ and aTIFF (LZW) decompressor

are needed to see this picture.

QuickTime™ and aTIFF (LZW) decompressor

are needed to see this picture.

Handles message partitioning/reconstructing

Destination: • gathers together segments identified by their sequence numbers

Examples:TCP - Transport Control ProtocolUDP - User Datagram ProtocolSPX - for IPXATP - for AppleTalk

Source: • accepts message from session layer• partitions message into sequence of

segments (will fit into frame)

Maintains the complete “conversation”

Destination: • listens & directs from port to service• maintains service integrity (e.g. directing to proper window of web browser)

Source: • attaches proper port address

performs encryption/decryption if needed.

note: headers are added later so not encrypted

typical services: SNMP, FTP, telnet, SMTP

A router connects logical networks.

Its purpose is to route packets between subnets.

Routing is performed according to routing tables.

Four types of routers static distance vector link state label switching

Static RoutingStatic RoutingThe routing table is manually configured.The routing table is manually configured.

• simple• efficient routing• good security (if properly configured)• requires the most maintenance

Distance Vector RoutingDistance Vector RoutingThe table is built from Routing Information Protocol.The table is built from Routing Information Protocol.

• oldest, most popular, routing• tables rely upon “advertised” hop information

• distance vector used to determine “best” routes • vulnerable to spoofing

Link State RoutingLink State RoutingThe table is built from Link State Protocol.The table is built from Link State Protocol.

• LSP sends actual hop data.• LSP frames can be requested from other routers• uses some authentication (password & MD)

Label Switching RoutingLabel Switching RoutingThe table is built from Multiprotocol Label SwitchingThe table is built from Multiprotocol Label Switching

• MPLS faster by permitting by using MAC• packets include label(s) of routing info

• route efficiency (not just hop count) is used • standards?

An issue of transport layer “etiquette”

Parties must “shake hands” before communicating.

TCP handshake

Connection-oriented

source dest.

syn = , ack =

syn = , ack =

syn = , ack =

syn flood attack

Q: How could a firewall block incoming traffic & still allow acks? A:

Port/protocol Service Purpose

20 / tcp ftp data transfers file content

21 / tcp ftp transfers ftp commands

22 / tcp ssh secure shell (remote access)

23 / tcp telnet remote computer login

25 / tcp smtp email delivery

43 / tcp whois Internet domain lookup

80 / tcp http web browser

110 / tcp pop pop email service

119 / tcp nntp network news

143 / tcp imap imap email service

161 / udp snmp remote system management

443 / tcp ssl secure socket layer (tunnel)

445 / tcp smb MS network file system

593 /tcp MS-RPC

MS remote procedure call

1433 / tcp MS-SQL MS SQL server

1521 Oracle Oracle SQL server

• Ports 0-1023 statically assigned

• Ports 1024-65535 - upper ports can be dynamically assigned

• Vulnerability: dynamic port assignment

• A defense:

7 - Application Layer

6 - Presentation Layer

5 - Session Layer

4 - Transport Layer

3- Network Layer

2 - Data Link Layer

1- Physical Layer

OSI Model TCP/IP Protocols

HTTP FTP Telnet

TCP UDP

Ethernet radiopacket

point-to-point

IP