# OSI Model

- Standardized model for connections created in 1970's to explain how a network should work on different layers
    - Uses various protocols at different layers
- Layers:
    - 1 **Physical**
        - Ethernet
        - Transmission and reception of unstructured raw bit strings over a physical medium
    - 2 **Data Link**
        - Switch
        - Provides physical transmission of data, network topology, and flow control
        - Uses MAC addresses
    - 3 **Network**
        - Routers
        - IP (internet)
        - Manages devices addressing, location of devices, and determines best way to move data
        - Communicates with remote networks, and logical addressing to determine the best path for data
        - Types of Packets sent
            - Data packets
                - IPv4 and IPv6
            - Route update packets
                - Updates the network about what devices are connected
            - Network addresses
                - Protocol specific network addresses
                - Keeps track of routing tables for networks
    - 4 **Transport**
        - TCP (internet)
        - Layer responsible for the control of data flow
        - If an error occurs, can reconnect the data and retransmit
    - 5 **Session**
        - Very little focus(?)
        - Keeps application data separated from each other
        - Example: Telephone call - establish a session, exchange a message, terminate the session
    - 6 **Presentation**
        - Present data to the application layer
        - Responsible for data collection and interpreting
        - Data encryption, compression, and translation services also happen here
        - jpg, mp3, gif, etc.
    - 7 **Applicaiton**
        - FTP, TFTP, HTTP, SMTP, DNS, TELNET, SNMP
        - Layer at which most users interact
        - Interfaces between users and machines
        - Client/Server processes happen here
    - Acronyms
        - All People Seem To Need Data Processing
        - People Don't Need Those Stupid Packets Anyway
        
# Protocols

**SSH**
- **S**ecure **Sh**ell is a cryptographic network protocol for operating networking services securely over an unsecured network
- PuTTY is an old SSH connector on the application layer used in Windows
**FTP**
- File Transfer Protocol
- Allows for the transfer of files over a network
- Not a secure network service
**SFTP**
- Secure File Transfer Protocol
    - Incorporates an SSH connection to FTP to create a secure connection  
**SMTP**
- Secure Mail Transport Protocol
- Securely transfers and detects mail for a network
**TLS**
- Transport Layer Security
- Cryptographic protocols for transferring data over a network
**SNMP**
- Simple Network Management Protocol
**HTTP**
- Hypertext Transfer Protocol
- Manages communications between browsers and web servers to open the right resource when clicking a link
**HTTPS**
- Secure version of HTTP
**DNS**
- Domain Name Service
- Resolves hostnames, associating internet names to the IP address
- "Makes our lives easier", due to changing IP addresses we can use the "name" to still find the website
**DHCP**
- Dynamic Host Control Protocol
- Assigns IP addresses to hosts with information provided by a server
- Routers are the most common form of hardware that use DHCP
- Can provide
    - IP Addresses
    - Subnet Mask
    - Domain Name
    - Default Gateway
    - DNS
- Client sends a DHCP discover message to receive an IP address as a broadcast message
- Four Step Process
    1. Client Server broadcast DHCP discover
    2. Server sends a unicast DHCP offer
    3. Client broadcast DHCP request
    4. Server Unicast DHCP ack
    

**UDP**
- User Datagram Protocol
- Fabulous at transporting information that doesn't require reliable delivery
- Doesn't take up a lot of bandwidth on a network
- Used when reliability is not as important
- Does not sequence the segments and does not care what order thse gments arrive in at the destination
- Many DoS attacks use UDP
    - Sends large numbers of UDP packets to random ports on a remote host
    - Victim will be forced into sending many ICMP packets, eventually leading it to be unreachable by other clients
    - Attacker may also spoof the IP address of UDP packets, so that ICMP return packets do not return

### Transmission Control Protocol (TCP)
- Four layers of TCP/IP model
1. Process/Application Layer
2. Host-to-host Layer
    - End to end communication
    - TCP/UDP
3. Internet Layer
    - Logical tranmission of packets over a network
    - Routing of packets
4. Network Access Layer

- Uses a Three Way Handshake
    - host sends a synchronize packet to the server, server replies with a synch and acknolwedgement, then host replies with an acknowledgement
- A service is connection-oriented if:
1. Uses a three-way handshake
2. Uses sequencing
3. Uses Acknowledgements
4. Uses flow control
    
**ICMP**
- Internet Control Message Protocol
- Works at the network layer and is used by IP
- Messages are carried as packets and are encapsulated within an IP datagram
- PING uses an ICMP echo request and reply messages to check the physical and logical connectivity of machines on an internetwork
- Traceroute uses IP packet time-to-live time outs to discover the path a packet takes as it traverses the internetwork
- Block ICMP at firewalls and routers which disables a ping response
    - Doing this would be for security purposes so that a ping cannot reach and trasmit data from your IP
    
**ARP**
- Address resolution protocol
- Finds the hardware address of a host from a known IP address
- Man-in-the-middle attack could be accomplished by spoofing a domain name
- ARP translates the software IP address into a hardware address

### Ports
- Provides the rules by which computers communicate on a network and where information is sent
- Ports 1023 and below are all assigned and defined in the RFC 3232
- Ports greater than 1023 
- Four categories of ports
1. Connectivity - Connecting devices
2. Encryption - Encryption of data in transit
3. Application - Application layer of OSI
4. Email - SMPT, POP3, IMAP4
