March 27, 2015
Thephysical layer sends and receives bits. These bits come in values of 1 or 0. This layer communicates with the physical medium. Different media use the bit values differently. These media utilize different protocols to describe the bit patterns and the mechanism of encoding signals to the various connectors. The Physical layer describes the mechanical and electrical, and functional methods to activate and deactivate as well as maintain the physical network between two nodes. This layer is also, where the interface is identified between the data terminal equipment and the data communication equipment (Todd, 2013).
Physical layer creates circuits for moving bits between devices. It Specifies voltage, wire speed, and pinout of cables used for communication.At this layer synchronization, impedance and connector shapes are an important factor. Generally, its functions are responsible for placing communication signals into the communication media and reception of incoming signals from the same media (Todd, 2013).
The different the media types are
- Fiber optic cables
- Coaxial Cable
- Twisted Pair
Devices in this layerinclude LAN hubs and LAN repeater
At this layer, Combination of packets into bytes and bytes into framesoccurs. Its main functions are:
- Providing access to the media using MAC addresses
- Performing error detection
Encapsulationat this layer and addressing are done to identify the MAC physical addresses.This layer places rules that define when a device can transmit data over the media. Data link layer protocols dictate the format of the header and trailer that will be used for successful sending and receiving data over the media (Todd, 2013).
The Data Link layer provides for the physical transmission of data and handles error notification, network topology, and flow control. Delivery of a message to the intended node is assured using unique MAC addresses.Themessageis converted into frames, and an additionalheader with the physical destination and source addresses (Todd, 2013).
Media Access Control is the data link sub layer thatdescribes how packets are put on the media. Contention based media access is first come first served basis access where everyone shares the same bandwidth. MAC addressing is defined here. Line discipline, error notification without correction, the ordered delivery of frames, and optional flow control can also be used at this sub layer (Todd, 2013).
Logical Link Control identifies the internet protocols and then encapsulating them. An LLC header dictates how the packet will be treated when a frame is received. When a host receives a frame and looks in the LLC header it finds out where the packet is destined. It also performs sequencing and flow control (Todd, 2013).
Devices operating in these layers are LAN switches, wireless access points, and cable or DSL modems
Examples of protocols include HDLC and Ethernet.
The internet layer provides several featuresincluding addressing and routing.It provides logical addressing, which routers use for path determination. IP defines that every host computer should have its own unique IP address. In addition, IP defines the process of routing so that routers can forward packets of data so that they are delivered to the intended destinations. The internet layer describeshow the network infrastructure isimplemented suchdata is sent to every node in a network (Todd, 2013).
The internet layer receives a TCP segment from the transport layer. In a process called encapsulation, the internet layer adds IP header information, such as the IP address of the source and destination hosts (Todd, 2013).
The IP header is checked at the destination host. When the IP address in the destination field of the headermatches that of the checking host, the host removes the IP header from the packet. This process is calledde-encapsulation. After the packet is de-encapsulated, the resulting segment is passed up to the transport layer (Todd, 2013).
Two versions of IP exist:
- IP Version 4 (IPv4)
- IP Version 6 (IPv6)
2 NETWORK DESIGN
- Network device details
MAC: 62-BA-2A-11-11-11 OUI assigned 3 bytes and vendor assigned 3 bytes
IP ADDRESS: 220.127.116.11 class B address
SOURCE PORT: 4922
DESTINATION PORT: 80
MAC: 6C-32-34-11-11-11 OUI assigned 3 bytes (Trek) and vendor assigned 3 bytes
IP ADDRESS: 18.104.22.168 class B address for port connected to network 1
IP ADDRESS: 22.214.171.124 class B address for port connected to ROUTER 3
MAC: 6C-32-34-11-11-12 OUI assigned 3 bytes (Trek) and vendor assigned 3 bytes
IP ADDRESS: 126.96.36.199 class B address for port connected to ROUTER 1
IP ADDRESS: 10.0.0.2 class A address for port connected to ROUTER4
MAC: 6F-9C-32-11-11-12 OUI assigned 3 bytes (Kirk) and vendor assigned 3 bytes
IP ADDRESS: 10.0.0.1 class A address for port connected to ROUTER 3
IP ADDRESS: 188.8.131.52 class A address for port connected to ROUTER 5
MAC: 6F-9C-32-11-11-13 OUI assigned 3 bytes (Kirk) and vendor assigned 3 bytes
IP ADDRESS: 184.108.40.206 class A address for port connected to ROUTER 4
IP ADDRESS: 220.127.116.11 class B address for port connected to ROUTER 2
MAC: 6F-9C-32-11-11-14 OUI assigned 3 bytes (Kirk) and vendor assigned 3 bytes
IP ADDRESS: 18.104.22.168 class B address for port connected to ROUTER 5
IP ADDRESS: 192.168.0.1 class C address for port connected to NETWORK 2
MAC: A2-D4-C4-11-11-11 OUI assigned 3 bytes and vendor assigned 3 bytes
IP ADDRESS: 192.168.0.2 class C address
SOURCE PORT: 80
DESTINATION PORT: 4922
- Delivery of the message from Computer A to Computer B, for each step
|From-to||Source MAC||Destination MAC||Source IP||Destination IP||Source PORT||Destination
|R1-A||62-BA-2A-11-11-11||6C-32-34-11-11-11||22.214.171.124||192.168.0.2||4922||80||Ethernet frame||Ethernet frame> IP packet> TCP segment>Data|
|R3 -R1||6C-32-34-11-11-11||6C-32-34-11-11-12||126.96.36.199||192.168.0.2||4922||80||WAN frame||Ethernet frame|
|R4- R3||6C-32-34-11-11-12||6F-9C-32-11-11-12||188.8.131.52||192.168.0.2||4922||80||WAN frame||Ethernet frame|
|R5- R4||6F-9C-32-11-11-12||6F-9C-32-11-11-13||184.108.40.206||192.168.0.2||4922||80||WAN frame||Ethernet frame|
|R2- R5-||6F-9C-32-11-11-13||6F-9C-32-11-11-14||220.127.116.11||192.168.0.2||4922||80||WAN frame||Ethernet frame|
|B- R2||6F-9C-32-11-11-14||A2-D4-C4-11-11-11||18.104.22.168||192.168.0.2||4922||80||Ethernet frame||Data>TCP segment>IP packet>Ethernet frame|
Assumption: all ports on one router use the same MAC address.
At the source, the data from computer A is encapsulated into a TCP segment with the source and destination port numbers, the segment is then encapsulated into an IP packet with the respective source and destination IP addresses. The packet is further encapsulated into an Ethernet frame identifying the source and Destination MAC. The frame is encoded into bits for transmission over the media to the router 1.Along the links between the routers, the frame is encapsulated into different data link frames depending on the underlying technology like PPP, to transport the frame along the WAN link(router to router). At the destination, Computer B, the frame is de-encapsulated into the IP packet to reveal the IP address of destination (and source) host, then de-encapsulated into the TCP segment to reveal the destination (and source) port number or service. Final de-encapsulation is done to produce the data. This process is reversed during the reply.
- For the reply from computer B to computer A
|From-to||Source MAC||Destination MAC||Source IP||Destination IP||Source PORT||Destination PORT||PDU||Encapsulation order|
|B- R2||A2-D4-C4-11-11-11||6F-9C-32-11-11-14||192.168.0.2||22.214.171.124||80||4922||Ethernet frame||Data>TCP segment>IP packet>Ethernet frame|
|R2- R5-||6F-9C-32-11-11-14||6F-9C-32-11-11-13||192.168.0.2||126.96.36.199||80||4922||WAN Ethernet frame||Ethernet frame|
|R5- R4||6F-9C-32-11-11-13||6F-9C-32-11-11-12||192.168.0.2||188.8.131.52||80||4922||WAN Ethernet frame||Ethernet frame|
|R4- R3||6F-9C-32-11-11-12||6C-32-34-11-11-12||192.168.0.2||184.108.40.206||80||4922||WAN Ethernet frame||Ethernet frame|
|R3 -R1||6C-32-34-11-11-12||6C-32-34-11-11-11||192.168.0.2||220.127.116.11||80||4922||WAN Ethernet frame||Ethernet frame|
|R1-A||6C-32-34-11-11-11||62-BA-2A-11-11-11||192.168.0.2||18.104.22.168||80||4922||Ethernet frame||Ethernet frame> IP packet> TCP segment>Data|
- Some possible security vulnerabilities and threats include:
Man-in-the-middle attacks where someone places themselves between sender and receiver. It involves Packet sniffing where a network interface card is set to promiscuous mode allowing access all network traffic. This might expose some sensitive data including passwords (Todd, 2013).
IP spoofing attack where a host masquerades as a trusted host by presenting an IP address that appears to be from the local network or using another approved external IP address (Todd, 2013).
Port redirection attacks where a hacker breaks into a machine and uses it to produce wonky traffic.
Denial of service (DoS) attack where the network resources are made unavailable to the legitimate network users. Examples include TCP SYN flood and ping of death(Todd, 2013).
MeasuresI would put in place to remove or minimize the vulnerabilities
- Placingan intrusion detection system (IDS) intrusion prevention system (IPS) to help prevent attacks with a known signature
- Applying Access Control Lists on the network devices to filter the network traffic as desired like filtering and denying ICMP messages repeated pings
- Controlling access by only using encrypted protocols like IPsec, SSH
- Installing Authentication servers at both network 1 and 2 to authenticate users whenever they want to access network resources.
- Installing firewalls especially at the boundary of network 1 and network 2 to filter traffic entering these networks.
- Configuring peer authentication between the routers to avoid a rogue routers (Todd, 2013).
- Applying network address translation to conceal internal addresses for network 1 and network 2
Question 3 (5 marks) – IP Addressing
- a) What are the subnet masks for the following slash address blocks? (1 mark)
- /16 255.255.0.0
- /17 255.255.128.0
iii. /28 255.255.255.240
- b) Are the following address masks legal? If so, what are their slash forms? If not, why are they not legal? (1 mark)
- 255.255.252.0 legal /23
- 255.240.252.0 illegal an address mask must fill an octet (ie. 255. All network bits must be set) before moving to the next octet. To be valid it should read 255.255.252
iii. 255.255.255.224 legal /27
- 255.255.132.0 illegal. A subnet mask can only be in specific blocks of(128, 192, 224, 240, 248, 252, 254, and 255). 132 is not among these.
- c) How many computers are in networks with the following address blocks? (1 mark)
Raising 2 to the number of host bits then subtract 2(one broadcast address and one network address.
- /25 2^7-2=126
- /26 2^6-2=62
iii. /27 2^5-2=30
- d) Your enterprise is assigned a /18 address block starting at 22.214.171.124. Divide this into four Detail each subnets network address with the CIDR slash notation, the subnet masks and the broadcast address. How many usable addresses are in each subnet?
Creating subnets by borrowing 2 bits from the network portion to have a /18+2 =/20
|Subnet address||CIDR slash notation||Subnet mask||Broadcast address|
Usable host addresses are given by:
2^12 host bits -2broadcast and network addresses=4096-2=4094 usable host addresses
Todd, L. (2013). Routing and Switching. Indianapolis,Indiana:John Wiley & Sons, Inc.