# Daily Blog #49 - Networking Survival Guide (Final's Edition)
### June 18, 2025

### **Part 1: Network Layer and Routing Fundamentals**

This section covers the OSI Network Layer, router operations, IP protocol characteristics, and basic router configuration.

### **1.1 The OSI Network Layer**

The network layer, or OSI Layer 3, provides services to allow end devices to exchange data across a network. Its primary services are:

- **Addressing:** Provides end devices with a unique network identifier, such as an IP address.
- **Encapsulation:** Encapsulates the transport layer Protocol Data Unit (PDU) into a packet, adding a Layer 3 header with source and destination IP addresses.
- **Routing:** Directs packets toward the destination host. Routers use the destination IP address to make forwarding decisions.
- **De-encapsulation:** At the destination host, the Layer 3 header is removed, and the Layer 4 PDU is passed up to the transport layer.

### **1.2 Router Operations**

- **Packet Forwarding:** Routers use the **destination IP address** in a packet's header to determine the best path to forward the packet. When multiple routes to a destination exist, the router chooses the path with the **lower metric value**.
- **Routing Table:** A router maintains a routing table to make forwarding decisions. Key entries include:
    - **Directly-connected routes:** These are networks directly attached to one of the router's interfaces. They do not have a next-hop address.
    - **Remote routes:** These are networks that are not directly connected. These entries will have a next-hop IP address, which is the address of the next router to send the packet to.
    - **Default Route:** Also known as the gateway of last resort, it's used when there is no specific route for a destination network in the routing table.
- **Packet Processing:** When a router receives a frame, it performs the following steps:
    1. De-encapsulates the Layer 2 frame to expose the Layer 3 packet.
    2. Examines the destination IP address of the packet.
    3. Looks up the destination network in its routing table to find the exit interface.
    4. Creates a new Layer 2 Ethernet frame for the outgoing interface and forwards the packet.
- **Host Routing:** A host also has its own local routing table. This table typically contains:
    - A route to the loopback interface (`127.0.0.1`).
    - A route to its local network.
    - A remote default route, which points to its default gateway for all remote traffic.

### **1.3 The IP Protocol**

The Internet Protocol (IP) is the primary Layer 3 protocol.

- **Characteristics:**
    - **Connectionless:** IP does not establish a connection with the destination before sending packets.
    - **Best-Effort (Unreliable):** IP does not guarantee packet delivery. It doesn't perform error control for out-of-order or missing packets.
    - **Media Independent:** IP can operate over different types of network media.
- **Reliance on Other Layers:** IP relies on upper-layer services, like TCP, to handle reliability, error control, and sequencing. It also relies on Layer 2 protocols for transmission error control.

### **1.4 IPv4 and IPv6 Headers**

- **Key IPv4 Header Fields:**
    - **Version:** A 4-bit field set to `0100` for IPv4.
    - **Time-to-Live (TTL):** An 8-bit field that limits the lifetime of a packet. Each router that processes the packet decrements the TTL by one. If it reaches zero, the packet is discarded.
    - **Protocol:** An 8-bit field that identifies the upper-layer protocol being carried (e.g., TCP is 6, UDP is 17).
    - **Source IPv4 Address:** The 32-bit address of the sending device.
    - **Destination IPv4 Address:** The 32-bit address of the receiving device.
    - **Header Checksum:** Used to detect corruption in the IPv4 header.
- **IPv6 Advantages:**
    - **Larger Address Space:** The vast number of available public IPv6 addresses eliminates the need for Network Address Translation (NAT).
    - **Simplified Header:** The IPv6 header is simpler, leading to more **efficient packet handling**. It removes the checksum field, relying on other layers for error checking.
    - **Flow Label:** A field that can be used to inform routers to maintain the same path for packets in the same real-time application stream (e.g., video, audio).

### **1.5 Basic Device Configuration & Management**

- **Router Boot Process:**
    1. Perform the POST (Power-On Self-Test) and load the bootstrap program.
    2. Locate and load the Cisco IOS software.
    3. Locate and load the startup configuration file from NVRAM. If no startup-config is found, the router enters setup mode.
- **Memory Types:**
    - **NVRAM (Non-Volatile RAM):** Stores the startup configuration file. Its contents are retained when power is removed.
    - **RAM:** Stores the running configuration file.
    - The `copy running-config startup-config` command saves the current configuration from RAM to NVRAM.
- **Default Gateway on a Switch:** A switch is a Layer 2 device, but it can be configured with an IP address and a default gateway. The `ip default-gateway` command is used to allow the switch to be remotely managed from a host on another network. It does **not** provide routing services for PCs connected to the switch.

---

### **Part 2: IP Addressing and Subnetting**

This section explores IPv4 subnetting, address types, and the fundamentals of IPv6 addressing.

### **2.1 IPv4 Subnetting**

Subnetting divides a larger network into smaller, more manageable subnetworks.

- **Prefix Notation:** The subnet mask can be represented by a prefix length, which is the number of `1`s in the mask. For example, `255.255.255.224` in binary is `11111111.11111111.11111111.11100000`, which has 27 ones, so its prefix is `/27`.
- **Calculating Hosts:** The number of usable host addresses in a subnet is calculated with the formula `$2^h - 2$`, where `$h$` is the number of host bits.
    - A `/26` mask has `$32 - 26 = 6$` host bits. This provides `$2^6 - 2 = 64 - 2 = 62$` valid host addresses.
- **Calculating Subnets:** To determine how many subnets can be created, use the formula `$2^n$`, where `$n$` is the number of bits borrowed from the host portion. To create 4 subnetworks from a `/24` network, you need to borrow 2 bits (`$2^2 = 4$`), making the new mask `/26`.

### **2.2 IPv4 Address Types**

- **Private Addresses (RFC 1918):** These addresses are not routable on the public internet and are reserved for use in internal networks. The ranges are:
    - `$10.0.0.0 /8$` (10.0.0.0 to 10.255.255.255)
    - `$172.16.0.0 /12$` (172.16.0.0 to 172.31.255.255)
    - `$192.168.0.0 /16$` (192.168.0.0 to 192.168.255.255)
- **Public Addresses:** Globally routed addresses. Any address not in the private, loopback, or other reserved ranges is a public address.
- **Loopback Address:** `$127.0.0.1$` is a special address used to ping the local TCP/IP stack to verify it is functioning correctly.
- **Link-Local Addresses (APIPA):** In the `$169.254.0.0/16$` range. These are automatically assigned by an OS when a device cannot contact a DHCP server.
- **Broadcast Messages:**
    - **Limited Broadcast (`255.255.255.255`):** Sent to all hosts on the *local* network.
    - **Directed Broadcast:** Sent to all hosts on a specific *remote* network.
- **Multicast Addresses:** The Class D range `$224.0.0.0$` to `$239.255.255.255$` is reserved for multicast traffic, sent to a specific group of subscribing hosts.

### **2.3 IPv6 Addressing**

IPv6 uses a 128-bit address, providing a massive address space.

- **Address Compression Rules:**
    1. Omit leading zeros in any 16-bit hextet.
    2. Use a double colon (`::`) to replace one contiguous string of all-zero hextets. This can only be used once per address.
    - Example: `2001:0db8:0000:0000:0000:a0b0:0008:0001` compresses to `2001:db8::a0b0:8:1`.
- **IPv6 Unicast Address Types:**
    - **Global Unicast (GUA):** Publicly routable addresses, similar to public IPv4 addresses.
    - **Link-Local Unicast (LLA):** Automatically configured on every IPv6-enabled interface. They are in the `$FE80::/10$` range and are used for communication between devices on the same link. They are not routable.
    - **Loopback:** The address `::1` is the IPv6 loopback address.
- **IPv6 Multicast Addresses:**
    - `$FF02::1$`: All-nodes multicast address. Packets sent here are received by all IPv6-enabled devices on the local link.
    - `$FF02::2$`: All-routers multicast address.
- **Dynamic Address Assignment:**
    - **SLAAC (Stateless Address Autoconfiguration):** Allows a host to create its own GUA by using ICMPv6 Router Advertisement messages to learn the network prefix.
    - **DHCPv6 (Stateful/Stateless):** A server-based method for address assignment.
- **Interface ID Creation (EUI-64):** An interface ID can be created from the 48-bit MAC address of the interface by inserting `FF:FE` in the middle of the MAC address.

---

### **Part 3: Transport and Application Layers**

This section covers the roles of the transport layer (TCP and UDP) and the various protocols of the application layer.

### **3.1 Transport Layer Functions**

The transport layer is responsible for:

- Tracking individual communication streams between applications on source and destination hosts.
- Segmenting data and reassembling it at the destination.
- Identifying the proper application using port numbers.
- Meeting the reliability requirements of applications.

### **3.2 TCP (Transmission Control Protocol)**

TCP is a reliable, connection-oriented protocol.

- **Features:**
    - **Reliable Delivery:** Guarantees that all data arrives intact.
    - **Ordered Delivery:** Uses **sequence numbers** to reassemble segments in the correct order.
    - **Flow Control:** Uses **window size** to manage the amount of data sent before requiring an acknowledgment. The window size is determined by how much data the destination can process at one time.
- **Session Establishment (3-Way Handshake):**
    1. The client sends a `SYN` (Synchronize) segment to the server.
    2. The server replies with a `SYN-ACK` (Synchronize-Acknowledge) segment.
    3. The client sends an `ACK` (Acknowledge) segment back to the server.
- **Session Termination:**
    1. Client sends `FIN` (Finish).
    2. Server sends `ACK`.
    3. Server sends `FIN`.
    4. Client sends `ACK`.
- **TCP Header:** Includes fields for Sequence Number, Acknowledgment Number, Window Size, and Control Bits (flags like `SYN`, `ACK`, `FIN`).

### **3.3 UDP (User Datagram Protocol)**

UDP is a simple, connectionless protocol that provides basic transport functions with low overhead.

- **Features:**
    - **Connectionless:** No handshake is performed. It just sends the datagrams.
    - **Unreliable:** No acknowledgments, sequencing, or flow control.
    - **Fast:** Low overhead makes it suitable for applications that are delay-sensitive.
- **Best for:**
    - Applications that can tolerate some data loss but require little delay (e.g., VoIP, video streaming).
    - Applications that handle reliability themselves.
- **UDP Header:** Contains only Source Port, Destination Port, Length, and Checksum.

### **3.4 Port Numbers**

Port numbers are used to identify the source and destination applications or processes.

- **Well-Known Ports (0-1023):** Reserved for common services.
    - FTP: `20`, `21`
    - SSH: `22`
    - Telnet: `23`
    - SMTP: `25`
    - DNS: `53`
    - DHCP: `67`, `68`
    - TFTP: `69`
    - HTTP: `80`
    - POP3: `110`
    - HTTPS: `443`
- **Registered Ports (1024-49151):** Assigned by IANA to specific applications.
- **Dynamic/Private Ports (49152-65535):** Used as temporary source ports by clients.

### **3.5 Application Layer**

The application layer of the TCP/IP model provides the interface between applications and the network. It performs the functions of the OSI Application, Presentation, and Session layers.

- **Network Models:**
    - **Client/Server:** A dedicated server provides services (e.g., file storage, web hosting) to clients. A workstation making a DNS request is an example.
    - **Peer-to-Peer (P2P):** Devices can act as both clients and servers, sharing resources without a dedicated server. P2P applications include BitTorrent and Gnutella.
- **Key Protocols:**
    - **DNS (Domain Name System):** Resolves domain names to IP addresses. It uses UDP for client queries and TCP for server-to-server zone transfers. An MX record maps a domain name to a mail exchange server.
    - **DHCP (Dynamic Host Configuration Protocol):** Automatically assigns IP addresses and other configuration to hosts. The process is Discover (client broadcast), Offer (server unicast), Request, Acknowledge.
    - **HTTP/HTTPS (Hypertext Transfer Protocol):** Used for web communication. HTTP uses TCP for reliable delivery. HTTPS adds encryption. Common messages are GET (request data), POST, and PUT (upload data).
    - **Email Protocols:** SMTP is used to *send* email. POP3 and IMAP are used to *retrieve* email.
    - **SMB (Server Message Block):** A file and print sharing protocol where clients establish a long-term connection to servers.

---

### **Part 4: Network Security and Troubleshooting**

This section covers common network threats, security best practices, and essential troubleshooting commands and methodologies.

### **4.1 Network Security Threats**

- **Types of Attacks:**
    - **Reconnaissance:** An attacker gathers information about a network to find vulnerabilities, often using tools like `nslookup` and `fping`.
    - **Access Attacks:** An attempt to gain unauthorized access, such as cracking a password.
    - **Denial of Service (DoS):** An attempt to make a machine or network resource unavailable to its intended users.
    - **Man-in-the-Middle (MITM):** An attacker intercepts communication between two endpoints.
- **Malicious Code (Malware):**
    - **Virus:** Attaches to a legitimate program and requires user intervention to spread.
    - **Worm:** Self-replicates and spreads automatically by exploiting vulnerabilities. The most effective mitigation is to download security updates and patch all systems.
    - **Trojan Horse:** Malicious code disguised as a legitimate application.

### **4.2 Security Mitigation Techniques**

- **AAA Security:**
    - **Authentication:** Requires users to prove their identity (e.g., with a password).
    - **Authorization:** Determines what resources an authenticated user can access.
    - **Accounting:** Tracks the actions of a user.
- **Firewalls:** A component designed to protect against unauthorized communications. Firewall filtering types include:
    - **Packet Filtering:** Based on source/destination IP or MAC addresses.
    - **Application Filtering:** Based on source/destination port numbers.
    - **URL Filtering:** Based on web addresses or keywords.
    - **Stateful Packet Inspection:** Ensures incoming traffic is a legitimate response to requests from internal hosts.
- **IPS (Intrusion Prevention System):** A dedicated device that detects and blocks attacks in real-time.
- **Secure Management:**
    - **SSH (Secure Shell):** Provides a secure (encrypted) remote management connection, making it superior to Telnet, which sends data in plaintext.
    - **SSH Configuration Steps:**
        1. Configure a unique hostname.
        2. Configure an IP domain name (`ip domain-name <domain>`).
        3. Create a local user database (`username <name> secret <password>`).
        4. Generate RSA keys (`crypto key generate rsa`).
        5. Configure VTY lines for SSH (`line vty 0 4`, `login local`, `transport input ssh`).
- **Password Security:**
    - **Strong Passwords:** Use a mix of upper/lower case letters, numbers, and special characters, with a length of at least 10. Avoid dictionary words or personal information.
    - **Weak Passwords:** Easily guessable words (`password`), default passwords (`admin`), number sequences (`12345678!`), or personal info (`Feb121978`).
    - **Mitigating Attacks:** Use the `login block-for <seconds> attempts <num> within <seconds>` command to thwart brute-force password attacks.

### **4.3 Network Troubleshooting Methodology**

A structured approach is crucial for efficient problem-solving.

1. **Identify the Problem:** Gather information from the user.
2. **Establish a Theory of Probable Causes.**
3. **Test the Theory to Determine the Cause.**
4. **Establish a Plan of Action to Resolve the Issue.**
5. **Verify Full System Functionality.**
6. **Document Findings, Actions, and Outcomes.**

### **4.4 Troubleshooting Commands**

- **`ping`:** Tests end-to-end Layer 3 connectivity.
    - **Output Indicators:**
        - `!`: Success
        - `.`: Request timed out
        - `U`: Destination unreachable (a router on the path did not have a route)
    - An **extended ping** (issued without a destination IP on a router) allows specifying parameters like the source IP address.
- **`tracert` (Windows) / `traceroute` (IOS):** Identifies the path a packet takes, showing each hop. It's useful for locating where a packet was lost or delayed.
    - The `6` option in Windows forces the trace to use IPv6.
- **`ipconfig` (Windows):** Displays the IP configuration of a PC, including IP address, subnet mask, and default gateway.
    - An address in the `$169.254.x.x` range indicates the PC was configured for DHCP but could not contact a DHCP server.
- **`nslookup`:** Used to troubleshoot DNS name resolution issues.
- **`show ip route`:** Displays the IPv4 routing table on a router, which is used to determine the exit interface for remote networks.
- **`show cdp neighbors detail`:** Verifies Layer 1/2 connectivity and displays detailed information (hostname, IP address, IOS version) about directly connected Cisco devices.
- **`show version`:** Displays the router's IOS version and the configuration register value.
- **`terminal monitor`:** Used on a router/switch to display log and debug messages on a remote VTY session (Telnet/SSH).

---