📚 Network Layer Protocols
📚 Network Layer Description
Network Address Translation - mostly to map local IPs to public ones, but sometimes used to map between two public or local networks.
Static - one to one mapping.
Dynamic - many to many.
Overload - many to one.
Attacks
MAC flooding
Span port
Everytime you receive messages fir these ports (say 1 to 10), also send them to the span port 25. But to turn it on, you need an access to switch’s config. Moreover, some switches are made in a way not to let span port talk, only listen. It’s a useful option for admins (basically turning a switch into some sort of lame hub). CISCO - SPAN (Switched Port Analyser), RSPAN (Remote Switched Port Analyser). RAP (Roving Analysis Port), 3Com switches.
📚 ARP
This article is about ARP protocol. It’s used to map IP addresses to physical (MAC) addresses. Devices usually keep an ARP cache not to send ARP request continuously. Also there are certain attacks on ARP that exploit its internals.
Analogy
If we were to compare a device to a human body, we could say that CPU is a brain 🧠, battery power is a heart ♥️, camera is an eye 👁 and NIC is a mouth 👄 (yeah, let’s forget about microphones 🎤 for a while).
📚 ICMP
ICMP protocol is needed for troubleshooting.
For an TCP/IP stack here is what ICMP request looks like in a frame:
Even though ICMP belongs itself to the network layer.
If there is some problem during any requst (HTTP, FTP or any other request on any other layer), ICMP error response might be sent. Its type can help in troubleshooting.
Message Types
Each message type will have a different header.
📚 IP
This article is about IP protocol (v4, v6 and IPX).
IPv4
Number on top and along the left edge are bits (not bytes). The addresses itselves are 32 bits long.
Reserved Addresses
10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
Fragmentation
Data Transmission Types
Unicast
Only one host can receive and read a message. Other PCs will discard it (unless in a promiscuous mode or on a hub).