Module 3 Flashcards
Learning Unit 3 (34 cards)
Addressing Overview (by OSI Layer)
- layer 2 (MAC Addresses) – The unique street address of each house on a block (local delivery address).
- layer 3 (IPv4/IPv6 Addresses) – The full mailing address including city, state, country (routing across cities).
- layer 4 (Ports) – The specific mailbox or person at that address (e.g., kitchen, office).
- layer 7 (Application Layer) – The content or language of the letter itself (what’s being communicated).
- governance – Postal regulations, laws, and standards that oversee mail delivery
- Data Link Layer (Layer 2):
MAC address—48-bit unique identifier for each NIC; written as 6 hexadecimal pairs separated by colons (e.g., 00:60:8C:00:54:99). Used within local networks. Switches use MAC addresses to forward frames. - Network Layer (Layer 3):
IP address—Identifies interfaces across networks. - IPv4: 32 bits; written in 4 decimal octets (e.g., 192.168.1.1); each octet = 8 bits.
- IPv6: 128 bits; written in 8 blocks of hexadecimal numbers (e.g., 2001:0DB8:…:00CC); each block = 16 bits.
Routers use IP addresses to route packets across networks. - Transport Layer (Layer 4): Port numbers—Used to identify specific applications on a host. o Common examples: Port 80: HTTP (web) Port 443: HTTPS
- Application Layer (Layer 7): FQDN (Fully Qualified Domain Name)—Human-readable name for hosts (e.g., susan.mycompany.com).
- Host name: susan, ftp, www
- Domain name: mycompany.com
- Governance: IANA (Internet Assigned Numbers Authority) assigns MAC OUIs, IP addresses, port numbers, and domain names. IANA is a department of ICANN, which sets global internet standards and policies.
MAC Addresses
- unique house number on a street
- Structure:
o 48 bits total, written as hex pairs (e.g., 00:60:8C:00:54:99)
o First 24 bits = OUI (Organizationally Unique Identifier) → identifies NIC manufacturer Assigned by IEEE (OUI lookup: standards-oui.ieee.org, Wireshark tool)
o Last 24 bits = Extension Identifier (Device ID) → identifies individual NIC - Uniqueness:
o Manufacturers use OUI + Device ID to ensure globally unique MAC addresses. - Switch Functionality:
o Switches (Layer 2 devices) learn MAC addresses by reading source addresses from incoming frames.
o Build a MAC address table (maps MACs to switch ports).
o Table entries expire periodically → enables dynamic learning.
o When a frame is destined for a known MAC, switch uses table to send it directly via correct port.
o Helps efficiently forward traffic and adapt to network changes.
IPv4 Address Structure
- full postal address with sections (network, subnet, host) showing city, neighborhood, house
- IPv4 addresses: 32 bits total, divided into four 8-bit octets (e.g. 192.168.0.1)
- Decimal range for each octet: 0–255
- Binary form of max IPv4 address: 11111111.11111111.11111111.11111111 = 255.255.255.255 * First part = network portion; last part = host portion
- Dividing line depends on addressing method (classful vs. classless)
IPv4 Address Classes
- different types of addresses for different-sized towns or areas (small town vs. big city zones)
- Class A: Range: 1.x.x.x to 126.x.x.x Subnet mask: 255.0.0.0 ~126 networks, ~16 million hosts per network
- Class B: Range: 128.0.x.x to 191.255.x.x Subnet mask: 255.255.0.0 ~16,000 networks, ~65,000 hosts per network
- Class C: Range: 192.0.0.x to 223.255.255.x Subnet mask: 255.255.255.0 ~2 million networks
- Class D: Range: 224–239 (multicast)
- Class E: Range: 240–254 (reserved for research)
Private IPv4 Ranges (RFC1918)
- addresses used inside private neighborhoods where mail doesn’t leave the area
- Class A: 10.0.0.0 – 10.255.255.255
- Class B: 172.16.0.0 – 172.31.255.255
- Class C: 192.168.0.0 – 192.168.255.255
- Private IPs are not routable on the public Internet
- Used within private networks behind routers/NAT
Reserved IPv4 Addresses
- addresses blocked off for special uses, like PO boxes or government offices that aren’t for regular mail
- 255.255.255.255: Broadcast messages within LAN
- 0.0.0.0: Unassigned
- 127.0.0.0 – 127.255.255.255: Loopback (e.g. 127.0.0.1 = local device)
- 169.254.0.1 – 169.254.255.254: APIPA (used when DHCP fails)
Classless Addressing & CIDR
- flexible ways of dividing neighborhoods and streets to optimize mail routes
- Classless addressing allows flexible network/host division
- Subnet mask defines how many bits are used for the network
- CIDR (Classless Interdomain Routing):
o Uses slash notation: e.g. 192.168.0.1/24
o /24 = first 24 bits = network portion
o Called a CIDR block - Enables subnetting and efficient IP address allocation
Dynamic Host Configuration Protocol (DHCP)
- temporary address assignment service, like giving a visiting guest a temporary mailbox number when they arrive
- Assigns IP addresses dynamically to devices when they join the network
- Preferred over static addressing for scalability and manageability
- Devices lease IP addresses from the DHCP server each time they connect
- Replaces the need for manual IP configuration
Address Translation (NAT & PAT)
- translating internal neighborhood addresses into one public PO box address for outside mail
- NAT (Network Address Translation):
o Replaces private IP with a public IP when accessing the Internet
o Conserves public IPs & provides basic security - PAT (Port Address Translation):
o Assigns unique TCP ports to track sessions between private hosts and Internet
o Supports multiple devices using one public IP
NAT Variants
- SNAT: Changing the sender’s address on outgoing mail to a public return address.
- DNAT: Changing the receiver’s address on incoming mail to the correct private house.
- SNAT (Source NAT):
o Same public IP assigned to outgoing requests from internal hosts
o Used in small/home networks with single public IP - DNAT (Destination NAT):
o Incoming requests to a public IP are mapped to internal private IP
o Used to host internal services (e.g. web servers) accessible from the Internet
o Allows service redirection by reassigning internal target in NAT table
IPv6 Address Structure
- new, longer-format postal address system designed to handle more houses and streets
- 128-bit address split into 8 blocks (quartets) of 16-bit hexadecimal numbers
- Written as: 2001:0000:0B80:0000:0000:00D3:9C5A:00CC
- Blocks separated by colons
- Developed to expand IP address availability and improve routing/speed over IPv4
Ports and Sockets
- specific mailboxes or rooms inside the house where mail is delivered
- A port identifies a specific process or service on a device, while an IP address identifies the device itself.
- TCP/UDP ports allow multiple simultaneous connections to be directed to the correct process.
- Example: Port 23 for Telnet.
- A socket is a combination of IP address and port (e.g., 10.43.3.87:23).
- A socket becomes “open” when a session is established and “closed” once it ends.
- Analogy: IP address = street address, Port = apartment number, Socket = full address of the process.
Types of Ports
- different mailbox types for different mail kinds
- Well-known ports (0–1023): Assigned by IANA to common services (e.g., HTTP, FTP, DNS).
- Registered ports (1024–49151): Assigned to user processes or vendors for custom apps. Must register with IANA.
- Dynamic/Private ports (49152–65535):
o Dynamic: Assigned temporarily by client/server when needed.
o Private: Manually assigned, often to obscure the actual service (e.g., using non-standard port instead of port 80 for HTTP). - Used to improve security or support multiple sessions.
Common TCP and UDP Port Numbers
- standard mailbox numbers for popular services
Port Service Protocol Purpose
20 FTP-DATA TCP FTP file transfer (data)
21 FTP TCP FTP control channel
22 SSH / SFTP TCP Secure remote access / Secure file transfer
23 TELNET TCP Unsecure remote access
25 SMTP TCP Sending emails
53 DNS TCP/UDP Domain name resolution
67 DHCP UDP Client → Server (IP lease request)
68 DHCP UDP Server → Client (IP assignment)
69 TFTP UDP Basic file transfer without authentication
80 HTTP TCP/UDP Web traffic
110 POP3 TCP Downloading email
123 NTP UDP Time synchronization
143 IMAP4 TCP Email sync with server (leaves messages)
161 SNMP TCP/UDP Management queries to network devices
162 SNMP Usually UDP SNMP traps (unsolicited messages)
389 LDAP TCP/UDP Directory services access
443 HTTPS TCP Secure HTTP via SSL/TLS
445 SMB TCP Windows file/printer sharing
514 Syslog UDP System logging (UNIX/Linux)
587 SMTP TLS TCP Email with TLS encryption
636 LDAPS TCP/UDP Encrypted LDAP access
993 IMAP4 over SSL TCP/UDP IMAP4 with SSL/TLS
995 POP3 over SSL TCP/UDP POP3 with SSL/TLS
1433 SQL Server TCP MS SQL Server communication
1521 SQLnet / Oracle Net TCP Oracle Database communication
3306 MySQL TCP MySQL database access
3389 RDP TCP Remote Desktop Protocol
5060 SIP UDP Unencrypted VoIP sessions
5061 SIP UDP Encrypted VoIP sessions
TFTP, NTP, LDAP, SMB, Syslog, SQLnet
- specialized postal services for different types of communication (like express, registered, or certified mail).
- TFTP (UDP 69):
o Simplified FTP, used for boot-time config file transfer without user interaction. - NTP (UDP 123):
o Synchronizes device clocks using a hierarchy of “stratum” time servers.
o Stratum-1: Connected to UTC via GPS/Galileo.
o Each hop increases stratum number (up to 16).
o Achieves ~1 millisecond accuracy in well-configured networks. - LDAP (TCP/UDP 389):
o Access to network directories (e.g., Active Directory).
o LDAPS (TCP/UDP 636) = LDAP over SSL. - SMB (TCP 445):
o File/printer sharing on Windows networks.
o UNIX uses Samba to support SMB. - Syslog (UDP 514):
o Logs and stores system messages on UNIX/Linux.
o Doesn’t alert users; just records. - SQLnet (TCP 1521):
o Used by Oracle Databases to communicate with clients or other Oracle DBs.
o Enables distributed apps to interact as if on the same machine.
Ports and Firewalls
- mailbox guards who decide which mail gets in or is blocked for security
- Firewalls control network traffic by filtering IP addresses and ports.
- They block all traffic by default, only allowing what is explicitly approved.
- Example: To allow SQL Server (port 1433) through a firewall, that port must be opened manually.
- Each allowed port increases vulnerability surface, so firewall rules should be minimal and specific.
Domain Names and URLs
- easy-to-remember street names or landmarks instead of long numeric addresses
A URL (Uniform Resource Locator) identifies where to find resources on a network. It includes the protocol (e.g., https://) and the FQDN (Fully Qualified Domain Name).
* FQDN = Host Name + Domain Name (e.g., www.cengage.com)
* Host name: chosen by admin/developer
* Domain name: must be registered with ICANN via an authority
* TLD (Top-Level Domain): last part of FQDN (e.g., .com, .edu)
Common TLDs
- neighborhood types (.com = commercial, .edu = schools, .gov = government)
TLD Use
.ARPA Reverse lookup (special Internet function)
.COM Commercial
.EDU Educational
.GOV Government
.ORG Nonprofits and other organizations
.NET Network (e.g., ISPs)
.MIL U.S. military
.BIZ Businesses
.INFO Unrestricted use
Country-specific TLDs: .us, .eu, .ca, .au
Custom TLDs possible but expensive.
DNS Overview
- postal directory that translates street names to exact addresses
DNS = Domain Name System. It converts FQDNs into IP addresses. It’s an application layer client-server system with:
* Namespace: Distributed collection of names/IPs stored in DNS servers
* Name Servers: Hold databases of FQDN-IP mappings
* Resolvers: DNS clients that send queries to name servers
DNS Namespace & Zones
- different postal districts or zones with their own address books
- Distributed database model (not centralized)
- Organizations maintain their own authoritative DNS servers or use cloud/third-party DNS
- A DNS zone is a portion of namespace managed by an organization (can be split into multiple zones)
Types of DNS Servers
- different post offices handling address lookups — local, regional, and root
- Primary DNS Server
o Authoritative for org’s domains
o Holds main DNS database
o Responds to internal and external queries - Secondary DNS Server
o Backup copy of primary server
o Gets updates via zone transfers - Caching DNS Server
o Resolves names by querying others
o Stores recent queries in cache
o Does not hold zone files or participate in zone transfers - Forwarding DNS Server
o Forwards unresolved queries to other DNS servers
o Maintains its own cache
o Reduces traffic on slow links
Servers can perform multiple roles (e.g., primary + caching), but this is not always recommended for security.
DNS Hierarchy and Resolution Process
- how a mailman finds an address by asking increasingly specific postal offices
DNS servers are arranged in a global hierarchy:
* Root servers (13 clusters) → point to
* TLD servers (e.g., .com, .edu) → point to
* Authoritative name servers for specific domains
Name Resolution Example (www.mdc.edu):
1. Resolver checks local DNS cache
2. If not found, sends recursive query to local DNS server
3. Local DNS queries root server → gets IPs of .edu TLD servers
4. Queries .edu TLD server → gets IP of mdc.edu authoritative server
5. Queries authoritative server → gets IP of www.mdc.edu
6. Local server replies to client → both cache result
Recursive vs. Iterative Lookups
- recursive: post office does all the legwork finding the address for you.
- iterative: postman asks several offices step-by-step to get the address
- Recursive Lookup: Requires full resolution (e.g., client to local DNS server)
- Iterative Lookup: Server provides best info it has; does not guarantee resolution (e.g., local server querying root/TLD/authoritative servers)
Additional Resolution Notes
- extra tips and rules for tricky addresses
- Local caching server ≠ authoritative server
- Queries may pass through ISP or other intermediate name servers
- TLD server may direct to an intermediate server, not the authoritative one
- Process ends once a valid response is found and cached
