### OSI Model

Open Systems Interconnection (OSI) is a conceptual model for how computer networks communicate and exchange information. It was developed by the International Organization for Standardization (ISO) in the 1980s, and consists of seven layers, each with a specific function in the network communication process.

The seven layers of the OSI model are as follows:

1. Physical layer: This is the lowest layer of the OSI model, and is concerned with the transmission of raw data bits over a physical communication channel, such as a cable or wireless connection.
2. Data link layer: This layer provides error-free transfer of data frames between two nodes on the same network segment. It ensures that data is transmitted reliably and efficiently.
3. Network layer: This layer provides logical addressing and routing of data packets between different networks. It defines the protocols and procedures that allow data to be transmitted between networks.
4. Transport layer: This layer provides end-to-end communication between applications on different hosts. It is responsible for ensuring that data is delivered reliably and in the correct order.
5. Session layer: This layer manages the communication sessions between applications on different hosts. It establishes, maintains, and terminates communication sessions as required.
6. Presentation layer: This layer is responsible for data representation and translation, such as the conversion of ASCII text to EBCDIC, or the compression and encryption of data.
7. Application layer: This layer provides high-level services to applications, such as email, file transfer, and remote login

how the OSI model can be applied to real-world network protocols and services:

1. The Ethernet protocol operates at the physical and data link layers of the OSI model. It uses physical layer technologies, such as copper or fiber optic cabling, to transmit data packets between devices on the same network segment. The data link layer of Ethernet adds a header and a trailer to each data packet, which includes the source and destination MAC addresses of the devices.
2. The Internet Protocol (IP) operates at the network layer of the OSI model. It is responsible for addressing and routing data packets between different networks. IP provides logical addressing through the use of IP addresses, which are assigned to each network device. The routing of IP packets is handled by routers, which use routing protocols to determine the best path for each packet to reach its destination.
3. The Transmission Control Protocol (TCP) operates at the transport layer of the OSI model. It provides end-to-end communication between applications running on different hosts. TCP establishes a reliable, connection-oriented session between two hosts, and ensures that data is delivered in the correct order and without errors.
4. The Hypertext Transfer Protocol (HTTP) operates at the application layer of the OSI model. It provides a standard way for web browsers to communicate with web servers over the internet. HTTP is used to request and receive web pages, and can also be used to transmit other types of data, such as images, videos, and documents.
5. The Simple Mail Transfer Protocol (SMTP) operates at the application layer of the OSI model. It is used to transmit email messages between mail servers and mail clients. SMTP defines the format of email messages, as well as the protocols and procedures for transferring them between different email servers

### NETSTAT

Netstat (short for network statistics) is a command-line tool that displays various network-related statistics on a computer running on Linux, Unix, and Windows operating systems. It provides information about active network connections, network protocols, network interfaces, routing tables, and other network-related information. The netstat command can be used to troubleshoot network-related issues and to monitor network activity on a system.

Here are some of the commonly used options with the netstat command:

- "-a": Displays all active connections and the listening sockets.
- "-n": Displays the numerical addresses and port numbers instead of resolving the hostnames and service names.
- "-p": Displays the process ID (PID) and the name of the process associated with each connection.
- "-r": Displays the kernel routing table.
- "-s": Displays the statistics for each protocol.
- "-t": Displays only the TCP connections.
- "-u": Displays only the UDP connections.
- "-c": Continuously displays the output every few seconds.

Some of the common use cases of the netstat command are:

- To check the current network connections on a system.
- To identify the ports used by various services and applications.
- To troubleshoot network connectivity issues.
- To monitor network activity and traffic.
- To analyze network performance and usage.

Note that some of the options available with the netstat command may differ depending on the operating system and the version of the command

### What is localhost/127.0.01, 0.0.0.0, /etc/hosts

- **`localhost/127.0.0.1`**:
    - **`localhost`** and **`127.0.0.1`** both refer to the loopback address of a machine. This is a special IP address that points back to the same machine it is used on. When a program tries to connect to **`localhost`** or **`127.0.0.1`**, it is actually connecting to itself. This can be useful for testing network services or running server applications locally.
- **`0.0.0.0`**:
    - **`0.0.0.0`** is a special IP address that represents all IPv4 addresses on the local machine. When a program listens on **`0.0.0.0`**, it is effectively listening on all available network interfaces.
- **`/etc/hosts`**:
    - **`/etc/hosts`** is a file in Unix-based operating systems that maps hostnames to IP addresses. It is commonly used to override DNS resolution or to define local hostnames for development or testing purposes. When a program looks up a hostname, the system first checks the **`/etc/hosts`** file for a matching entry before attempting to resolve the hostname through DNS.
- To display your machine’s active network interfaces, you can use the **`ifconfig`** command on Unix-based systems or the **`ipconfig`** command on Windows. These commands will show you information about each active network interface, including its IP address, netmask, and status. You can also use the **`netstat -i`** command to display a list of active network interfaces, along with information about the amount of data that has been transmitted and received on each interface.

## [?? 0x09. Web infrastructure design](https://intranet.alxswe.com/projects/302)

### [DNS](https://intranet.alxswe.com/concepts/12)

DNS (Domain Name System) is a hierarchical naming system that is **used to translate human-friendly domain names (such as **[www.example.com](http://www.example.com/)**) into IP addresses** that computers can use to identify and communicate with each other over the internet. DNS is essential to the functioning of the internet, as it enables users to access websites and other online resources using easy-to-remember domain names instead of numerical IP addresses.

There are several types of DNS records that are used to provide different types of information about a domain or subdomain. Here are some of the most common types of DNS records:

1. **A record:** This record **maps a domain name to an IP address**. use `dig A api.dnsimple.com` to query an A record
```
When you dig www.oretech.tech for example you will get:
    ;; ANSWER SECTION:
    oretech.tech.           300     IN      A       18.209.152.209

    This DNS query response is telling us that:
    - The domain name that was queried is "oretech.tech".
    - The resource record type is "A", which stands for "Address", indicating that the DNS server is returning an IPv4  address for the domain name.
    - The "IN" means "Internet" and is the class of the resource record.
    - The TTL value is "300", which specifies the amount of time in seconds that the DNS resolver can cache the   response before it must query the DNS server again for fresh information.
    - The IPv4 address for "oretech.tech" is "18.209.152.209".
```
2. **AAAA record:** This record **maps a domain name to an IPv6 address**.
3. **CNAME record:** Canonical Name. This record **creates an alias for a domain name**. It is often used to point a subdomain to a different domain name. Example
   ```
   dig CNAME ww.example.com

   www.example.com.  3600   IN  CNAME   example.com.

   This indicates that the DNS server is responding with a canonical name record that indicates that the www.example.com subdomain is an alias for the example.com domain.

   ```
4. **MX record:** This record **specifies the mail servers that are responsible for receiving email messages** for a domain.

```
example.com.      3600   IN  MX  10 mail.example.com.

This indicates that the DNS server is responding with a mail exchange (MX) record that specifies that email for the example.com domain should be delivered to the mail.example.com server, with a priority of 10.

```
5. **NS record:** This record **specifies the name servers that are authoritative for a domain**. `dig NS oretech.tech`
6. **PTR record:** This record **maps an IP address to a domain name**.
7. **SOA record:** This record **provides information about the domain name's zone**, including the primary name server, the email address of the administrator responsible for the zone, and other information.


### [Monitoring](https://intranet.alxswe.com/concepts/13)

Just as the heart monitor in a hospital that is making sure that a patient’s heart is beating and at the right beat, software monitoring will watch computer metrics, record them, and emit an alert if something is unusual or that could make the computer not work properly happens.

`You cannot fix or improve what you cannot measure` is a famous saying in the tech industry. In the age of the data-ism, monitoring how our software systems are doing is an important thing.

Web stack monitoring can be broken down into 2 categories:

- Application monitoring: getting data about your running software and making sure it is behaving as expected
- Server monitoring: getting data about your virtual or physical server and making sure they are not overloaded (could be CPU, memory, disk or network overload)

Here are a few famous monitoring tools: NewRelic, DataDog, Nagios, Wavefront

### [Web Server](https://intranet.alxswe.com/concepts/17) and [Server](https://intranet.alxswe.com/concepts/67)
  A web server is a s**oftware that delivers web pages**. A server is an **actual computer**.

  A **web server** is a program that runs on a computer and accepts requests from web browsers, processes them, and sends back responses to the clients. In other words, it is responsible for serving web pages to users who access the website through their web browsers.

  On the other hand, a **server** is a computer system or a program that provides services to other programs or devices, typically over a network. It can be a file server, database server, or application server. A web server is just one type of server that provides web-related services.

### [Network basics](https://intranet.alxswe.com/concepts/33)

  A **protocol** is a __set of rules that governs the communication between two or more devices__. In the context of computer networking, protocols define how data is transmitted and received across a network. For example, the Hypertext Transfer Protocol (HTTP) is a protocol used for transmitting data over the World Wide Web.

  An **IP address** is a <u>numerical label assigned to each device connected to a computer network</u> that uses the Internet Protocol for communication. An IP address serves two main functions: __identifying the host or network interface and providing the location of the host in the network topology__. For example, the IP address of a computer on a local network might be "192.168.1.10".

  TCP/IP (Transmission Control Protocol/Internet Protocol) is a set of protocols that are used for communication over the internet. TCP is responsible for ensuring reliable delivery of data packets between devices, while IP is responsible for routing the data packets between different networks. TCP/IP is the foundation of the internet, allowing devices all over the world to communicate with each other.

  An Internet Protocol (IP) port is a number that identifies a specific process or service running on a device. When data is sent over a network, the IP address identifies the device, and the IP port identifies the specific process or service on that device that should receive the data. For example, port 80 is used for HTTP traffic, while port 443 is used for HTTPS traffic

### [Load balancer](https://intranet.alxswe.com/concepts/46)

![image.png](attachment:image.png)

A **load balancer** is a device or software that distributes incoming network traffic across multiple servers to ensure that no single server is overwhelmed with too much traffic. Load balancing improves the availability and scalability of applications, allowing them to handle more users and traffic without becoming unresponsive.

There are several load balancing algorithms used to distribute traffic across servers. Here are some of the most common ones:

1. **Round Robin -** This algorithm **distributes traffic equally among servers** in a cyclical manner. Each server is given a turn to receive requests.
2. **Least Connections** - This algorithm **directs traffic to the server with the least number of active connections** at the time. It ensures that incoming traffic is spread evenly across servers, regardless of their processing power.
3. **IP Hash** - This algorithm **calculates a hash value based on the client's IP address** and then uses this value to determine which server to send the request to. This ensures that a specific client's requests are always directed to the same server.
4. **Weighted Round Robin** - This algorithm assigns different weights to each server based on its **processing power**, memory, and other factors. Servers with higher weights receive more traffic.
5. **Least Time** - This algorithm **measures the response time of each server** and directs traffic to the server that responds the fastest. This ensures that users are always directed to the server that can process their requests the fastest.

These load balancing algorithms are designed to ensure that traffic is distributed evenly across servers, minimizing downtime and improving the performance of web applications.

## ??265 0x0D. Web stack debugging

## [0x0C. Web server](https://intranet.alxswe.com/projects/266)

## ??244 0x0B. SSH

## - `299` [0x10. Python - Network #0](https://intranet.alxswe.com/projects/299)

## - `300` [0x11. Python - Network #1](https://intranet.alxswe.com/projects/300)

## [276 0x10. HTTPS SSL](https://intranet.alxswe.com/projects/276)

Objectives
- What is HTTPS SSL 2 main roles
- What is the purpose encrypting traffic
- What SSL termination means

Sure, I'd be happy to explain those concepts in more detail with some examples:

#### HTTPS SSL 2 main roles:
HTTPS (HyperText Transfer Protocol Secure) is a protocol for <u>secure communication over the internet</u>. It uses SSL (Secure Sockets Layer) or TLS (Transport Layer Security) encryption to protect the data that is transmitted between a client (such as a web browser) and a server (such as a web server).

The two main roles of HTTPS SSL are:

- **Authentication**: SSL ensures that the client is communicating with the intended server, and not an imposter. This is done through the use of __digital certificates__, which are issued by trusted third-party **Certificate Authorities (CAs)**. The certificate contains information about the server, such as its domain name, and is used to verify its identity.
- **Encryption**: SSL encrypts the data that is transmitted between the client and the server, making it unreadable to anyone who intercepts it. This helps to protect sensitive information such as passwords, credit card numbers, and other personal data.

For example, when you enter your credit card information on a website that uses HTTPS SSL, the data is encrypted before it is sent over the internet. This ensures that if someone intercepts the data, they won't be able to read it.

#### What is the purpose of encrypting traffic?
The purpose of encrypting traffic is to __protect the confidentiality__ and integrity of the data that is transmitted over the internet. Encryption scrambles the data so that it cannot be read by anyone who intercepts it, except for the intended recipient who has the key to decrypt it.

Encryption is important because the internet is inherently insecure. Data is transmitted over a network of routers, switches, and other devices that can potentially intercept and read it. Without encryption, sensitive information such as passwords, credit card numbers, and personal data would be vulnerable to interception and theft.

For example, when you log in to your bank's website, your username and password are transmitted over the internet. If this information were not encrypted, anyone who intercepted the traffic could potentially steal your login credentials and access your account. Encryption protects this information by scrambling it so that it cannot be read by anyone who intercepts it.

#### What does SSL termination mean?
SSL termination refers to the process of __decrypting encrypted traffic (HTTPS) received by a server, and forwarding the unencrypted traffic to another destination__. This is typically done at a **load balancer, proxy server**, or other network device that sits between the client and the server.

SSL termination is often used to offload SSL processing from the server, which can improve performance by reducing the CPU overhead required for SSL decryption. It can also provide additional security features such as the ability to inspect and filter traffic for security threats, such as malware or DDoS attacks.

For example, let's say you have a web server that receives a large amount of traffic. You may decide to use a load balancer to distribute the traffic across multiple servers for better performance. If you also enable SSL termination at the load balancer, the load balancer will handle the SSL/TLS encryption and decryption, and forward the unencrypted traffic to the web servers. This can reduce the workload on the web servers, and improve overall performance.