April 19, 2018

Please reload

Recent Posts

Fundamentals of Computer Networking

October 18, 2019

1/5
Please reload

Featured Posts

Fundamentals of Computer Networking

October 18, 2019

Fundamentals of Computer Networking

 

Kenneth LaCroix

https://www.linkedin.com/in/ken-lacroix/

contact@kennethlacroix.me

 

Christophe Foulon

https://www.linkedin.com/in/christophefoulon/

 

Abstract—This study analyzes the core fundamentals of what a computer network is and what network topologies, protocols, packet capturing and the OSI model are. Included in this study are examples of using packet capturing tools such as Wireshark and tcpdump in order see network traffic. The intent of this study is to give a basic understanding of computer networking where there is little to no knowledge beforehand.

 

Keywords: TCP; UDP; Packet Capturing; Switches; Router; Networking; Packet, Frame;  Segment; Linux; Wireshark; pfSense; Network Tap; Encryption; tcpdump; Protocol Analyzer

 

Image  ©2019 IDG Communications, Inc.

 

I. WHAT IS A COMPUTER NETWORK?

 

A. Introduction

           A computer network essentially is a group of interconnected devices communicating with each other over a shared medium and language. The Internet is by and large a network of networks. Your connection to the Internet, be it at home, work, school or elsewhere is just this, a network connecting to several other networks. If you are at home, you likely have a very simple network managed by a device called a Router. These days, you might not even have a standard internet connection at home, you might have a mobile hotspot from a cellular device.  

 

B. How did the Internet we use today start and evolve over time?
          The Internet started out as an early network called ARPANET in 1969. The goal was to interconnect the University of California: Los Angeles (UCLA), Stanford University, University of California: Santa Barbara and University of Utah. The Advanced Research Projects Agency (ARPA) was tasked with creating this network with the goal of being able to share research. Interestingly, the first network message from UCLA to Stanford was the word login however, the UCLA system crashed shortly after the first two letters were transmitted. Another try an hour later and the whole word was successful transmitted and received [1].

 

          One common misconception is to think that the Word Wide Web (WWW) and the Internet are one and the same. While the WWW relies on the Internet, the same is not true for the Internet. To put this into a simple concept, the Internet is the road and the WWW is the vehicle that uses the road to go places. Sir Tim Berners Lee created the idea of the WWW in 1989  and in 1990 created the underpinnings including the Hyper Text Transfer Protocol (HTTP) and the Hyper Text Markup Language (HTML) [2]. The WWW was designed to be open and decentralized. For the first time in human history anyone (with access to the technology) could create a web server and web pages. Information could then be disseminated to anyone else, thanks to creators of the first networks and the WWW.

 

           While the Internet does not need the WWW to exist, one could argue that the WWW has done more than any other set of technologies to speed the growth of the Internet over time. The Internet grew from an exclusive research network funded by the United States government to that of a globally connected network of networks that reaches nearly every part of the globe today. Similarly, the WWW's technology has also grown from simple HTML pages with limited multimedia capabilities to that of fully featured websites that are just about endless in the way they can share information with you. The Internet and the WWW form a symbiotic relationship, the growth of one perpetuates the growth of the other. The Internet has grown from being able to barely send the word login to carrying an extraordinarily impressive amount of data that grows by the minute.

 

C. Common Types of Networks

Local Area Network (LAN): The first path from your device out to the Internet. All of your devices sit together behind the router and are generally not directly accessible directly from the internet.

 

Wide Area Network (WAN): Your second path out to the Internet via your Internet Service Providers (ISP) network which then connects to another network and then another and so on. Your ISP actually has their own ISP of sorts.

 

Virtual Private Network (VPN): You might use a VPN to connect securely to another network like to work or school from home. Generally speaking, everything you do while connected to this VPN will still pass over your ISP's network but will show as garbled data to them because the data is encrypted.

 

Peer-to-Peer (P2P):  Upends the traditional model of client-server, nodes on a P2P network can act as a server and client without needing to have a central server.

 

D. Common Networking Components, Devices and Terms

Client: A piece of software that is using your computer hardware, such as a modem, to contact a remote resource on the Internet to request and exchange data with, which is then displayed.

 

Node: Typically denotes a networking device on a network that is capable of communicating with other nodes.

 

Server: Just like the person who brings you food, except a web server sits out on the internet waiting for allowed clients to connect and share information with. Operating System (OS): Your computers runs an OS, it is software that interfaces with the computer’s hardware to make it useful for you.

 

Network Interface Card: A hardware connection to the network, it can be wired or wireless.

 

Router: Typically connected to two or more networks, a router’s job is to move network traffic between those networks. For example, a mobile hotpot built in or as a separate device, acts like a basic router.

 

Gateway: As routers separate and connect to networks, a Gateway acts as a connecting point of entry to those different networks, like a door between hotel rooms. Often times a single device will act as a router, switch, access point and gateway.

 

Switch: Like an extension of a router that allows for more connections to a network. A switch filters data so that only intended recipients on that Switch get the data. A switch is typically used behind a Router/Firewall.

 

Firewall: Just like the one used in buildings to prevent the spread of a fire, Firewalls act as a barrier to keep unwanted network traffic in or out of networks. See Figure 1.

 

Topology: A topology is a logical way to arrange and represent network devices.

 

Wireless Access Points: A hardware radio that facilitates capable clients of communicating over a wireless signal instead of a wired only medium. 2.4 and 5 Ghz are the frequencies that are used in Wi-Fi; however, the latter is better as it offers less congestion and better bandwidth throughout.

 

Multi-function Devices: The modem you might lease from your ISP or cellular provider actually does the job of several devices such as a Router, Switch, Firewall, and Wireless Access Point. The phone in your pocket may be able act as a multi-function device as well.

 

 Fig 1. A Firewall blocking traffic.

 

E. Common Network Topologies

Bus: Imagine a freeway that has many on and off ramps. A bus network shares a single networking cable but branches off to many clients. 

 

Ring: Similar to a bus network except the clients are arranged in a circle and each client has two network connections, one to the client before and after itself. 

 

Star: Probably the most common, all the devices connect directly from themselves to a networking device like a Switch.

 

Mesh: Unlike a Star topology, all of the nodes on a mesh network work to distribute data. The nodes can be any combination of wired or wireless.

 

F. Device Communication 

          Imagine for a second that we are talking out loud about something, say, Bananas. How would we go about this? For starters, we would need a common medium. Spoken word is the vibrations generated by our vocal chords that travels through the air to your ear which then receives and translates those vibrations and is then processed by the brain. But what about language? We would use English or another language. But then what are rules of that language? We both must have roughly the same basic understanding of the syntax for the information transfer about bananas to be successful. Networks are no different as they need a common medium and language for the devices that are talking to be successful. You could not have two computers using different networking languages speaking to each other successfully. 

 

G. Communication Mediums

           Just as the spoken word is the common medium for the conversation about Bananas, networking employs different types of technologies. Ethernet is a series of copper wires twisted into pairs and is terminated with a jack that is inserted into devices. Just like what your cable TV or Cable Modem uses, Coaxial uses a solid core copper strand that is shielded and twists on. Fiber uses light that bounces inside a transparent core made of glass or plastic about the size of a human hair. Microwave and WiFi is often used to connect remote locations where burying a cable is cost prohibitive or unfeasible. Lastly, Satellite networks uses the position of orbital space to be able to reach just about every part of the world however, due to the increased transmission times, Satellite connectivity may not good choice such as real time communication

 

II. THE LANGUAGE OF COMPUTER NETWORKING

 

A. The Open Systems Interconnection (OSI) model

          The OSI model is a way of standardizing the way we conceptualize computer networking. Its individual elements (bits, frames, packets and segments) are constructs of something of a networking language. Those constructs can be likened to nouns, verbs and syllables. The physical connection (wired or wireless) is the medium they talk on. It has seven layers that encompasses everything from the 1's and 0's on the medium (layers 1-4), all the way up to what information you might see on the computer screen, for example this web page (layers 5-7).

 

         At each layer of the model, the type of the information unit (known as the Protocol Data Unit) changes. For example, starting at the Transport Layer, the type of information unit is a Segment or Datagram but as that unit moves down the OSI model to the Network Layer, the information unit is now a Packet as so on. The OSI model and its layers are established in International Telecommunication Union X.200 from 1994, found here. For the scope of this paper, only the first four are discussed. See Figure 2.

 

 Fig 2. The first four layers of the OSI model and their characteristics [3].

 

B. Protocols

          If bits, frames, packets and segments are the constructs of a networking language, then the protocols can be likened to dialects. Protocols are a distinct form of that networking language. Each protocol has separate rules and policies they abide by and have advantages and disadvantages. But the conversations that protocols facilitate are structured so that both sides know exactly what rules to use when communicating. When traversing the medium (wired or wireless) the protocols ride inside of the constructs (bits, frames, packets, segments). 

 

C. Transmission Control Protocol (TCP)

          TCP is known as the reliable protocol. This is because there are checks and balances inside of the protocol to detect errors, redundant and missing messages and also the ability to control the flow of the conversation and so on. You would use TCP when you want to know for sure the message was received correctly and on time, kind if like sending a certified letter in the mail.

 

          The hallmark of a TCP conversation is the way the conversation is started. A TCP 3-way handshake occurs at the start of every TCP conversation between the client and server. It goes something like this: Client: "Hi". Server: "Hello". Client: "We have met, lets start talking". Specifically the three parts of the handshake are SYN, SYN-ACK and ACK. SYN is short for "synchronize" and ACK is for "acknowledged". See Figure 3 for a screenshot of the TCP 3-way handshake capture from a Protocol Analyzer, which we discuss later. 

 

 Fig 3. The TCP 3-way handshake [4]

 

           Going back to our pretend conversation about Bananas, a TCP conversation in English would go something like this: Me: "Hi", You: "Let's talk, I heard your greeting", Me: "Great, we have met each other. I have some information about Bananas". Me: "India,...". You: "Please resend the first word, I heard Indiana" Me: "India" You: "Got it, India. Continue on with the rest of the message". Me: "...believe it or not is the top producer of Bananas in the world due to its temperate climate!".You: "I received every word of the message in full without any errors". Me: "Great, that is all I had for now!". You: Thanks for sharing, I am done receiving!" Me: "It was nice talking to you!". 

 

           After the initial greeting, synchronization and acknowledgements, you would listen to the sentence stream word by word. After every single word you would acknowledge receipt, verify the word is in the proper order and detect for any errors. Then only would the conversation continue on when everything is verified. If you did not receive a word or the word is misheard, you would request that word again. I would end the conversation stream by notifying you that we done. You would then acknowledge to me that we are done talking. I would then finally acknowledge to you that the conversation is over.

 

D. User Datagram Protocol (UDP)

         UDP is known as the unreliable protocol, but not in the same way as say, an unreliable car. By unreliable we just mean that there are little to no checks and balances when sending or receiving the data in the conversation. Imagine you are speaking at the Lincoln Memorial Reflecting Pool in Washington, DC about Net Neutrality. You have very load speakers but its packed with several thousands of people. The people in the back may not hear every word you said, but your message was received with enough information for it to make sense to them. And thus you as the speaker are not burdened with having to repeat words every time someone says "speak up!".

 

          UDP is great for certain types of networking conversations such as video streams. Netflix's aim from a network and opportunity cost perspective is to reduce their own workload and get you the content the quickest it can. If part of that Netflix conversation is missing or damaged, the stream would skip or pause but then continue on as if nothing had happened, you might not even notice. If Netflix were to use a TCP conversation stream, it would work, but at the expense of increased overhead on their servers and networking equipment and potentially more buffering on your end if packets are lost, damaged or delayed due to factors outside of their control such as throttling, network congestion or faulty equipment.

 

E. Hypertext Transfer Protocol (HTTP/S)

          The conversations that HTTP contains are web pages, images, multimedia and so on. It is also fairly rare in that it can use both TCP and UDP but the majority of the time HTTP will use TCP. HTTPS is the secure form of HTTP. HTTPS uses private key encryption in order scramble the conversation. Private Key encryption works where the client is provided a trusted and publicly available certificate that is mathematically compared with a private key only the server knows. If everything checks out, the conversation is secured.  If you notice in Figure 4, the data payload for a file sharing protocol sessions (SMB) shows garbled due to encryption. Note: SMB encryption works differently than HTTPS encryption but the result is the same.

 

 Figure 4. An encrypted data payload of a SMBv3 conversation [5]

 

F. Other Protocols

        There are many other protocols that are vital for networks like the Internet to work properly. Some of the protocols are: Domain Name System (DNS), File Transfer Protocol (FTP), Network Time Protocol (NTP) and so on. These protocols and more and worth investigating but space is limited. Keep in mind, there is an extraordinary amount of things happening under the hood just for you to be able to visit a website or download that picture of a cat doing something crazy, so be aware of that the next time things don't appear to be working correctly. Remember, the entire internet is not likely to be down, probably only your connection to the internet is!

 

III.  PROTOCOL ANALYZERS AND SECURITY IMPLICATIONS

 

  A. The Eye of the Network

           A protocol analyzer is a lot like the person who takes incredibly detailed notes during a meeting. This person creates a file, called a Packet Capture (PCAP), detailing who said what and to whom and what information was shared.The record is so detailed that it includes information on all seven layers of the OSI model inducing the constructs (bits, frames, packets and segments) and the dialects (protocols) of the conversations it was able to hear.

 

          By default, the analyzer will only be able to hear the conversations from the computer or Ethernet cable the analyzer is running on. If two or more people step outside of the meeting, the analyzer will not being to record those conversations.  By default, a network switch is designed to put those people into their own meeting rooms. The most popular analyzer which is also freely available for download is Wireshark. See Figure 5. 

 

Fig 5. A single packet captured in Wireshark.

 

B. Uses of a Protocol Analyzer

           Imagine that you are network administrator and one of your users complains that they cannot access a company website. You check it out and can clearly see that the website is very slow from the users workstation, if it even loads at all. You have checked out the server and it appears fine. You may decide to start a packet sniffing session from the users workstation to the server to see what the conversation traffic looks like. Immediately, you notice that the conversation traffic shows many errors and re-transmissions. Since no one else is reporting issue, you dig a little deeper and find that an Ethernet cable for the workstation was damaged by being pulled to tight from the wall jack. You replace the cable and retest and everything is working it should, good job!

 

C. Security Implications of Protocol Analyzers

          Have you ever started talking to someone and then realized in horror after the fact that they were someone else? What if the recipient of the information you were sharing was recording everything you said in detail? At the lowest levels of the OSI models, computers are very trusting of the information they are given, there is no authentication and only little verification. It is possible for a case of malicious identity theft  on a network. All of the information that was never intended to be received by someone else can be sniffed and analyzed. If all the conversations were encrypted, then only basic information is obtained. But not all protocols are secure as seen in Figure 6. Further, some network switches can be configured to mirror all traffic and shuttle it to a single port where an analyzer slurps up the data and processes it. 

 

Fig. 6 Unencrypted data read by a Protocol Analyzer [6].

 

         

D. Preventing Misuse of Protocol Analyzers

          Naturally, any security conscious person would want to limit the ability to capture raw network data by those who are not authorized to do. There are multiple methods in which this information can be limited. Using network switches is one way because the conversations are not sent to everyone, only those who are the proper recipient. A network hub preceded the switch  and they were inherently inefficient and insecure as all the data was repeated to everyone connected to the hub. Network taps are a bit like someone stealing cable television. Such a device taps into a networking cable and allows all the data to be surreptitiously copied while keeping the traffic flowing to the other end. There is not any good technical control to prevent network taps, so having some amount of physcial security such as man-traps, bio-metrics and so on is imperative

 

IV. Conclusion

 

           In conclusion, this study covered the Internet and the the World Wide Web (WWW). Although both started out with humble beginnings, they have become essential today and in the future. A network is generally defined as a network of networks communicating over a common medium. Each network may have its own logical topology or arrangement, such as a mesh network.  However, networks need a common language to communicate with when versing over that shared medium. Protocols such as TCP and UDP are dialects of a networking language that ride inside of the information unit types of the OSI model. Finally, we talked about Protocol Analyzers, how they can be the eye into a network. The raw data that they can provide can both help in network diagnostics but also  has potential information security implications. 

 

REFERENCES

 

[1] Deffree, S. (2018, October 29). ARPANET establishes 1st computer-to-computer link, October 29, 1969. Retrieved October 18, 2019, from https://www.edn.com/electronics-blogs/edn-moments/4399541/ARPANET-establishes-1st-computer-to-computer-link--October-29--1969.

 

[2] History of the Web. (n.d.). Retrieved from https://webfoundation.org/about/vision/history-of-the-web/.

 

[3] MacMichael, D. (2017, November 16). Windows Network Architecture and the OSI Model - Windows drivers. Retrieved October 18, 2019, from https://docs.microsoft.com/en-us/windows-hardware/drivers/network/windows-network-architecture-and-the-osi-model.

 

[4] TCP 3 way handshaking. (n.d.). Retrieved October 18, 2019, from https://wiki.wireshark.org/TCP_3_way_handshaking.

 

[5] Sample Captures - SMB3 Encryption. (n.d.). Retrieved October 18, 2019, from https://wiki.wireshark.org/SampleCaptures#SMB3_encryption.

 

[6] Sample Captures - Telnet. (n.d.). Retrieved October 18, 2019, from https://wiki.wireshark.org/SampleCaptures#Telnet.

Share on Facebook
Share on Twitter
Please reload

Follow Us