Network fundamentals

I did make these notes how ever, I did not make them all my self. Some are from try hack me, and other sites.

Different kinds of firewalls consist of

Firewall appliance: The firewall allows and blocks connections based on a predefined set of rules. It restricts what can enter and what can leave a network.
Intrusion Detection System (IDS) appliance: An IDS detects system and network intrusions and intrusion attempts. It tries to detect attackers’ attempts to break into your network.
Intrusion Prevention System (IPS) appliance: An IPS blocks detected intrusions and intrusion attempts. It aims to prevent attackers from breaking into your network.
Virtual Private Network (VPN) concentrator appliance: A VPN ensures that the network traffic cannot be read nor altered by a third party. It protects the confidentiality (secrecy) and integrity of the sent data.

Source and destination IP addresses: An IP address is a logical address that allows you to communicate over the Internet. One analogy is the postal address; for example, a company needs a valid postal address to send and receive parcels. Think of the IP packet as a mail parcel.

Source and destination port numbers (where applicable): A computer has an IP address; furthermore, each program on the computer needs a port number to communicate over the network. Back to our analogy, a port number would be similar to a room number within a company.

DNS

DNS (Domain Name System) provides a simple way to communicate with devices on the internet without remembering complex numbers. Much like every house has a unique address for sending mail directly to it, every computer on the internet has its unique address to communicate with it called an IP address. An IP address looks like 104.26.10.229, 4 digits ranging from 0 - 255 separated by a period. When you want to visit a website, it's not exactly convenient to remember this complicated set of numbers, and that's where DNS can help.

Root Domain

Everything is under this if it ends with a . then it is under it the root Domain

TLD Domain’s

Top-level domains are your .com .edu. gov. xyz

There are two types of TLD, gTLD (Generic Top Level) and ccTLD (Country Code Top Level Domain). ccTLD was used for geographical purposes, for example, .ca for sites based in Canada, .co.uk for sites based in the United Kingdom and so on

SLD Domain’s

Second level domains are going to be the name for the website you chose.When registering a domain name, the second-level domain is limited to 63 characters + the TLD and can only use a-z 0-9 and hyphens (cannot start or end with hyphens or have consecutive hyphens).

Subdomain

A subdomain is a subdivision of a domain name that allows you to organize your website into different sections or categories. It typically precedes the main domain name and is separated by a dot. For example, in the URL "blog.example.com," "blog" is the subdomain. Subdomains can be used to create distinct areas for different functions, such as 'shop.example.com' for an online store or 'support.example.com' for customer support.

DHCP Protocal

DHCP stands for dynamic host configuration protocol

When a device connects to a network, if it has not already been manually assigned an IP address, it sends out a request (DHCP Discover) to see if any DHCP servers are on the network. The DHCP server then replies back with an IP address the device could use (DHCP Offer). The device then sends a reply confirming it wants the offered IP Address (DHCP Request), and then lastly, the DHCP server sends a reply acknowledging this has been completed, and the device can start using the IP Address (DHCP ACK).

OSI Model

The OSI model (or Open Systems Interconnection Model) is an absolute fundamental model used in networking. This critical model provides a framework dictating how all networked devices will send, receive and interpret data.

7. the application layer is the layer in which protocols and rules are in place to determine how the user should interact with data sent or received.

6. Layer 6 of the OSI model is the layer in which standardisation starts to take place.Security features such as data encryption (like HTTPS when visiting a secure site) occur at this layer.

5. Once data has been correctly translated or formatted from the presentation layer (layer 6), the session layer (layer 5) will begin to create a connection to the other computer that the data is destined for. When a connection is established, a session is created. Whilst this connection is active, so is the session.

4. Transport layer 4 transmits data across the network using either TCP or UDP.

TCP Transmition control protocol

The main aim of tcp is reliability

This protocol reserves a constant connection between the two devices for the amount of time it takes for the data to be sent and received. TCP incorporates error checking into its design. Error checking is how TCP can guarantee that data sent from the packets in the session layer (layer 5) has then been received and reassembled in the same order.

TCP is used for situations such as file sharing, internet browsing or sending an email. This usage is because these services require the data to be accurate and complete

UDP user datagram protocal

any data that gets sent via UDP is sent to the computer whether it gets there or not. There is no synchronisation between the two devices or guarantee; just hope for the best, and fingers crossed.

3. OSPF (Open Shortest Path First) and RIP (Routing Information Protocol). The factors that decide what route is taken is decided by the following:

What path is the shortest? I.e. has the least amount of devices that the packet needs to travel across.
What path is the most reliable? I.e. have packets been lost on that path before?
Which path has the faster physical connection? I.e. is one path using a copper connection (slower) or a fibre (considerably faster)?

At this layer, everything is dealt with via IP addresses such as 192.168.1.100. Devices such as routers capable of delivering packets using IP addresses are known as Layer 3 devices — because they are capable of working at the third layer of the OSI model.

The data link layer focuses on the physical addressing of the transmission. It receives a packet from the network layer (including the IP address for the remote computer) and adds in the physical MAC (Media Access Control) address of the receiving endpoint. Inside every network-enabled computer is a Network Interface Card (NIC) which comes with a unique MAC address to identify it.

Physical connected cables that transfer bytes of data.

3 way hand shake

TCP packets contain various sections of information known as headers that are added from encapsulation

TCP establishing a conection

Any sent data is given a random number sequence and is reconstructed using this number sequence and incrementing by 1. Both computers must agree on the same number sequence for data to be sent in the correct order. This order is agreed upon during three steps:

SYN - Client: Here's my Initial Sequence Number(ISN) to SYNchronise with (0)
SYN/ACK - Server: Here's my Initial Sequence Number (ISN) to SYNchronise with (5,000), and I ACKnowledge your initial number sequence (0)
ACK - Client: I ACKnowledge your Initial Sequence Number (ISN) of (5,000), here is some data that is my ISN+1 (0 + 1)

HTTP

URL? (Uniform Resource Locator)

A URL is predominantly an instruction on how to access a resource on the internet.

scheme: This instructs on what protocol to use for accessing the resource such as HTTP, HTTPS, FTP (File Transfer Protocol).

User: Some services require authentication to log in, you can put a username and password into the URL to log in.

Host: The domain name or IP address of the server you wish to access.

Port: The Port that you are going to connect to, usually 80 for HTTP and 443 for HTTPS, but this can be hosted on any port between 1 - 65535.

Path: The file name or location of the resource you are trying to access.

Query String: Extra bits of information that can be sent to the requested path. For example, /blog?id=1 woulSd tell the blog path that you wish to receive the blog article with the id of 1.

Fragment: This is a reference to a location on the actual page requested. This is commonly used for pages with long content and can have a certain part of the page directly linked to it, so it is viewable to the user as soon as they access the page.

Making a request

This is extremely basic for more your going to want to get more data from the webserver.

Example:

Line 1: This request is sending the GET method ( more on this in the HTTP Methods task ), request the home page with / and telling the web server we are using HTTP protocol version 1.1.

Line 2: We tell the web server we want the website tryhackme.com

Line 3: We tell the web server we are using the Firefox version 87 Browser

Line 4: We are telling the web server that the web page that referred us to this one is https://tryhackme.com

Line 5: HTTP requests always end with a blank line to inform the web server that the request has finished.

Response

A very basic and simple response of this would be something like

Line 1: HTTP 1.1 is the version of the HTTP protocol the server is using and then followed by the HTTP Status Code in this case "200 Ok" which tells us the request has completed successfully.

Line 2: This tells us the web server software and version number.

Line 3: The current date, time and timezone of the web server.

Line 4: The Content-Type header tells the client what sort of information is going to be sent, such as HTML, images, videos, pdf, XML.

Line 5: Content-Length tells the client how long the response is, this way we can confirm no data is missing.

Line 6: HTTP response contains a blank line to confirm the end of the HTTP response.

Lines 7-14: The information that has been requested, in this instance the homepage.