Data Communications

 

Data Communications

Name

Professor

Institution

March 27, 2015

 

Physical Layer

Thephysical layer sends and receives bits. These bits come in values of 1 or 0. This layer communicates with the physical medium. Different media use the bit values differently. These media utilize different protocols to describe the bit patterns and the mechanism of encoding signals to the various connectors. The Physical layer describes the mechanical and electrical, and functional methods to activate and deactivate as well as maintain the physical network between two nodes. This layer is also, where the interface is identified between the data terminal equipment and the data communication equipment (Todd, 2013).

Physical layer creates circuits for moving bits between devices. It Specifies voltage, wire speed, and pinout of cables used for communication.At this layer synchronization, impedance and connector shapes are an important factor. Generally, its functions are responsible for placing communication signals into the communication media and reception of incoming signals from the same media (Todd, 2013).

The different the media types are

  1. Fiber optic cables
  2. Coaxial Cable
  3. Twisted Pair

Devices in this layerinclude LAN hubs and LAN repeater

 

 

 

Data-Link Layer

At this layer, Combination of packets into bytes and bytes into framesoccurs. Its main functions are:

  1. Providing access to the media using MAC addresses
  2. Performing error detection

Encapsulationat this layer and addressing are done to identify the MAC physical addresses.This layer places rules that define when a device can transmit data over the media. Data link layer protocols dictate the format of the header and trailer that will be used for successful sending and receiving data over the media (Todd, 2013).

The Data Link layer provides for the physical transmission of data and handles error notification, network topology, and flow control. Delivery of a message to the intended node is assured using unique MAC addresses.Themessageis converted into frames, and an additionalheader with the physical destination and source addresses (Todd, 2013).

Media Access Control is the data link sub layer thatdescribes how packets are put on the media. Contention based media access is first come first served basis access where everyone shares the same bandwidth. MAC addressing is defined here. Line discipline, error notification without correction, the ordered delivery of frames, and optional flow control can also be used at this sub layer (Todd, 2013).

Logical Link Control identifies the internet protocols and then encapsulating them. An LLC header dictates how the packet will be treated when a frame is received. When a host receives a frame and looks in the LLC header it finds out where the packet is destined. It also performs sequencing and flow control (Todd, 2013).

Devices operating in these layers are LAN switches, wireless access points, and cable or DSL modems

Examples of protocols include HDLC and Ethernet.

 

 

Internet   layers

The internet layer provides several featuresincluding addressing and routing.It provides logical addressing, which routers use for path determination. IP defines that every host computer should have its own unique IP address. In addition, IP defines the process of routing so that routers can forward packets of data so that they are delivered to the intended destinations. The internet layer describeshow the network infrastructure isimplemented suchdata is sent to every node in a network (Todd, 2013).

The internet layer receives a TCP segment from the transport layer. In a process called encapsulation, the internet layer adds IP header information, such as the IP address of the source and destination hosts (Todd, 2013).

The IP header is checked at the destination host. When the IP address in the destination field of the headermatches that of the checking host, the host removes the IP header from the packet. This process is calledde-encapsulation. After the packet is de-encapsulated, the resulting segment is passed up to the transport layer (Todd, 2013).

Two versions of IP exist:

  1. IP Version 4 (IPv4)
  2. IP Version 6 (IPv6)

2 NETWORK DESIGN

  1. Network device details

COMPUTER A

MAC: 62-BA-2A-11-11-11   OUI assigned 3 bytes and vendor assigned 3 bytes

IP ADDRESS: 150.0.0.2    class B address

SOURCE PORT: 4922

DESTINATION PORT: 80

ROUTER 1

MAC: 6C-32-34-11-11-11   OUI assigned 3 bytes (Trek) and vendor assigned 3 bytes

IP ADDRESS: 150.0.0.1    class B address for port connected to network 1

IP ADDRESS: 128.0.0.2    class B address for port connected to ROUTER 3

ROUTER 3

MAC: 6C-32-34-11-11-12   OUI assigned 3 bytes (Trek) and vendor assigned 3 bytes

IP ADDRESS: 128.0.0.1    class B address for port connected to ROUTER 1

IP ADDRESS: 10.0.0.2    class A address for port connected to ROUTER4

ROUTER 4

MAC: 6F-9C-32-11-11-12   OUI assigned 3 bytes (Kirk) and vendor assigned 3 bytes

IP ADDRESS: 10.0.0.1    class A address for port connected to ROUTER 3

IP ADDRESS: 11.0.0.1    class A address for port connected to ROUTER 5

ROUTER 5

MAC: 6F-9C-32-11-11-13   OUI assigned 3 bytes (Kirk) and vendor assigned 3 bytes

IP ADDRESS: 11.0.0.2    class A address for port connected to ROUTER 4

IP ADDRESS: 129.0.0.1    class B address for port connected to ROUTER 2

ROUTER 2

MAC: 6F-9C-32-11-11-14   OUI assigned 3 bytes (Kirk) and vendor assigned 3 bytes

IP ADDRESS: 129.0.0.2    class B address for port connected to ROUTER 5

IP ADDRESS: 192.168.0.1    class C address for port connected to NETWORK 2

COMPUTER B

MAC: A2-D4-C4-11-11-11   OUI assigned 3 bytes and vendor assigned 3 bytes

IP ADDRESS: 192.168.0.2    class C address

SOURCE PORT: 80

DESTINATION PORT: 4922

 

  1. Delivery of the   message   from   Computer A to Computer B, for each step
From-to Source MAC Destination MAC Source IP Destination IP Source PORT Destination

PORT

PDU Encapsulation order
R1-A 62-BA-2A-11-11-11 6C-32-34-11-11-11 150.0.0.2 192.168.0.2 4922 80 Ethernet frame Ethernet frame> IP packet> TCP segment>Data
R3 -R1 6C-32-34-11-11-11 6C-32-34-11-11-12 150.0.0.2 192.168.0.2 4922 80 WAN frame Ethernet frame
R4- R3 6C-32-34-11-11-12 6F-9C-32-11-11-12 150.0.0.2 192.168.0.2 4922 80 WAN frame Ethernet frame
R5- R4 6F-9C-32-11-11-12 6F-9C-32-11-11-13 150.0.0.2 192.168.0.2 4922 80 WAN frame Ethernet frame
R2- R5- 6F-9C-32-11-11-13 6F-9C-32-11-11-14 150.0.0.2 192.168.0.2 4922 80 WAN frame Ethernet frame
B- R2 6F-9C-32-11-11-14 A2-D4-C4-11-11-11 150.0.0.2 192.168.0.2 4922 80 Ethernet frame Data>TCP segment>IP packet>Ethernet frame

Assumption: all ports on one router use the same MAC address.

At the source, the data from computer A is encapsulated into a TCP segment with the source and destination port numbers, the segment is then encapsulated into an IP packet with the respective source and destination IP addresses. The packet is further encapsulated into an Ethernet frame identifying the source and Destination MAC. The frame is encoded into  bits for transmission over the media to the router 1.Along the links between the routers, the frame is encapsulated into different data link frames depending on the underlying technology like PPP, to transport the frame along the WAN link(router to router). At the destination, Computer B, the frame is de-encapsulated into the IP packet to reveal the IP address of destination (and source) host, then de-encapsulated into the TCP segment to reveal the destination (and source) port number or service. Final de-encapsulation is done to produce the data. This process is reversed during the reply.

  1. For the reply from computer B to computer A
From-to Source MAC Destination MAC Source IP Destination IP Source PORT Destination PORT PDU Encapsulation order
B- R2 A2-D4-C4-11-11-11 6F-9C-32-11-11-14 192.168.0.2 150.0.0.2 80 4922 Ethernet frame Data>TCP segment>IP packet>Ethernet frame
R2- R5- 6F-9C-32-11-11-14 6F-9C-32-11-11-13 192.168.0.2 150.0.0.2 80 4922 WAN Ethernet frame Ethernet frame
R5- R4 6F-9C-32-11-11-13 6F-9C-32-11-11-12 192.168.0.2 150.0.0.2 80 4922 WAN Ethernet  frame Ethernet frame
R4- R3 6F-9C-32-11-11-12 6C-32-34-11-11-12 192.168.0.2 150.0.0.2 80 4922 WAN Ethernet frame Ethernet frame
R3 -R1 6C-32-34-11-11-12 6C-32-34-11-11-11 192.168.0.2 150.0.0.2 80 4922 WAN Ethernet frame Ethernet frame
R1-A 6C-32-34-11-11-11 62-BA-2A-11-11-11 192.168.0.2 150.0.0.2 80 4922 Ethernet frame Ethernet frame> IP packet> TCP segment>Data
  1. Some possible security vulnerabilities and threats include:

Man-in-the-middle attacks where someone places themselves between sender and receiver. It involves Packet sniffing where a network interface card is set to promiscuous mode allowing access all network traffic. This might expose some sensitive data including passwords (Todd, 2013).

IP spoofing attack where a host masquerades as a trusted host by presenting an IP address that appears to be from the local network or using another approved external IP address (Todd, 2013).

Port redirection attacks where a hacker breaks into a machine and uses it to produce wonky traffic.

Denial of service (DoS) attack where the network resources are made unavailable to the legitimate network users. Examples include TCP SYN flood and ping of death(Todd, 2013).

MeasuresI would put in place to remove or minimize the vulnerabilities

  1. Placingan intrusion detection system (IDS) intrusion prevention system (IPS) to help prevent attacks with a known signature
  2. Applying Access Control Lists on the network devices to filter the network traffic as desired like filtering and denying ICMP messages repeated pings
  3. Controlling access by only using encrypted protocols like IPsec, SSH
  4. Installing Authentication servers at both network 1 and 2 to authenticate users whenever they want to access network resources.
  5. Installing firewalls especially at the boundary of network 1 and network 2 to filter traffic entering these networks.
  6. Configuring peer authentication between the routers to avoid a rogue routers (Todd, 2013).
  7. Applying network address translation to conceal internal addresses for network 1 and network 2

 

 

Question 3 (5 marks) – IP Addressing

  1. a) What are the subnet masks for the following slash address blocks? (1 mark)
  2. /16 255.255.0.0
  3. /17 255.255.128.0

iii. /28              255.255.255.240

  1. b) Are the following address masks legal? If so, what are their slash forms? If not, why are they not legal? (1 mark)
  2. 255.255.252.0 legal /23
  3. 255.240.252.0 illegal an address mask must fill an octet (ie. 255. All network bits must be set) before moving to the next octet. To be valid it should read 255.255.252

iii. 255.255.255.224               legal /27

  1. 255.255.132.0 illegal. A subnet mask can only be in specific blocks of(128, 192, 224, 240, 248, 252, 254, and 255). 132 is not among these.
  2. c) How many computers are in networks with the following address blocks? (1 mark)

Raising 2 to the number of host bits then subtract 2(one broadcast address and one network address.

  1. /25 2^7-2=126
  2. /26 2^6-2=62

iii. /27              2^5-2=30

  1. d) Your enterprise is assigned a /18 address block starting at 130.45.64.0. Divide this into four Detail each   subnets   network   address   with   the   CIDR   slash   notation,   the subnet masks and the broadcast address. How many usable addresses are in each subnet?

(2 marks)

Creating subnets by borrowing 2 bits from the network portion to have a /18+2 =/20

2^2bits=4 subnets

Subnet address CIDR slash notation Subnet mask Broadcast address
130.45.64.0 /20 255.255.240 130.45.79.255
130.45.80.0 /20 255.255.240 130.45.95.255
130.45.96.0 /20 255.255.240 130.45.111.255
130.45.112.0 /20 255.255.240 130.45.127.255

Usable host addresses are given by:

2^12 host bits -2broadcast and network addresses=4096-2=4094 usable host addresses

Reference

Todd, L. (2013). Routing and Switching. Indianapolis,Indiana:John Wiley & Sons, Inc.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: