<a href="https://colab.research.google.com/github/brendanpshea/intro_to_networks/blob/main/Networks_01_Basics_OSI.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

# Networks All Around Us: Understanding the Connected World
##### Brendan Shea, PhD


Computer networking is the practice of connecting computers together to share resources and communicate with each other. Networks are the foundation of our digital world, enabling everything from web browsing to video streaming to online gaming.

A computer network consists of several key components:

* **Nodes** - Any device connected to a network (computers, printers, servers, smartphones)
* **Links** - Physical or wireless connections between nodes
* **Protocols** - Rules that govern how data is transmitted across a network
* **Network devices** - Hardware that facilitates network connections (routers, switches, etc.)

Understanding networking fundamentals helps us diagnose problems, improve performance, and create secure connections. As we explore networking concepts in this chapter, we'll build a foundation that will help you understand how the internet works and how data moves from one place to another.

## The OSI Reference Model: A Layered Approach to Networking

When you send a text message to a friend, your phone performs many complex tasks to make this happen. The **Open Systems Interconnection (OSI) model** helps us understand these tasks by dividing network communication into seven logical layers. Think of it as a way to organize the chaos of network communication into manageable pieces.

### Why Layers Matter

Imagine building a house—you wouldn't try to do everything at once. You'd lay the foundation, build the frame, add walls, install plumbing and electrical, and finally paint and decorate. Each step builds on the previous one, and specialists can work on different parts.

Network communication works the same way. By dividing the process into layers:
* Each layer has a specific job
* Layers can be developed and updated independently
* Problems can be isolated to a specific layer

### The Seven Layers Explained

The OSI model organizes network communication from physical connections (bottom) to applications (top):

* **Layer 7: Application** - What users actually interact with (web browsers, email)
* **Layer 6: Presentation** - Formats data so both sides understand it (encryption, compression)
* **Layer 5: Session** - Manages the ongoing conversation between devices
* **Layer 4: Transport** - Ensures all data arrives completely and in order
* **Layer 3: Network** - Finds the best path between different networks (like GPS navigation)
* **Layer 2: Data Link** - Handles direct device-to-device communication
* **Layer 1: Physical** - The actual cables, radio signals, and hardware

| Layer | Real-world Analogy | Example |
|-------|-------------------|---------|
| Application | Writing a letter | Web browser requesting a page |
| Presentation | Translating to a shared language | Converting an image to JPEG format |
| Session | Having a phone conversation | Keeping your banking session active |
| Transport | Ensuring all pages of a document arrive | Breaking data into packets and reassembling |
| Network | Postal service routing a package | Router finding the best path to a website |
| Data Link | Addressing an envelope | Adding MAC addresses to data frames |
| Physical | Mail carrier delivering mail | Sending electrical signals through a cable |

To remember the layers from top to bottom, try the mnemonic: "**All People Seem To Need Data Processing**" (Application, Presentation, Session, Transport, Network, Data Link, Physical).

In [None]:
# @title
## @title
### @title
%%html
<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <title>OSI Network Layer Visualization</title>
  <style>
    body {
      font-family: Arial, sans-serif;
      margin: 20px;
      background-color: #f0f2f5;
    }
    .layer {
      margin: 10px 0;
      padding: 15px;
      border: 2px solid #ccc;
      border-radius: 5px;
      display: none;
      background-color: white;
      box-shadow: 0 2px 4px rgba(0,0,0,0.1);
    }
    .active {
      display: block;
    }
    .layer h2 {
      margin: 0;
      font-size: 18px;
      color: #2c3e50;
    }
    .buttons {
      margin-bottom: 20px;
      display: flex;
      flex-wrap: wrap;
      gap: 10px;
    }
    .buttons button {
      padding: 10px;
      background-color: #007bff;
      color: white;
      border: none;
      border-radius: 5px;
      cursor: pointer;
      transition: background-color 0.3s;
    }
    .buttons button:hover {
      background-color: #0056b3;
    }
    .visualization {
      margin-top: 20px;
      padding: 15px;
      border-radius: 5px;
      background-color: #f8f9fa;
    }
    .packet-wrapper {
      margin: 20px 0;
      position: relative;
    }
    .packet {
      border: 2px solid;
      padding: 10px;
      border-radius: 5px;
      font-family: monospace;
      font-size: 14px;
      flex-shrink: 0;
    }
    .data {
      background-color: #e3f2fd;
      border-color: #2196f3;
    }
    .segment {
      background-color: #f3e5f5;
      border-color: #9c27b0;
    }
    .network {
      background-color: #e8f5e9;
      border-color: #4caf50;
    }
    .frame {
      background-color: #fff3e0;
      border-color: #ff9800;
    }
    .bits {
      background-color: #fafafa;
      border-color: #9e9e9e;
      font-family: monospace;
    }
    .encapsulation {
      display: flex;
      flex-direction: column;
      gap: 10px;
      padding: 20px;
      background: #fff;
      border-radius: 8px;
      box-shadow: 0 2px 4px rgba(0,0,0,0.1);
    }
    .layer-data {
      padding: 10px;
      margin: 5px;
      border-radius: 5px;
      position: relative;
      display: flex;
      flex-wrap: wrap;
      gap: 10px;
      align-items: center;
    }
    .arrow {
      position: absolute;
      left: 50%;
      bottom: -20px;
      transform: translateX(-50%);
      font-size: 20px;
      color: #666;
    }
  </style>
</head>
<body>

<h1>OSI Network Layer Visualization</h1>
<p>Explore data encapsulation through OSI layers in a home network.</p>

<div class="buttons">
  <button onclick="showLayer('application')">Application Layer (📱)</button>
  <button onclick="showLayer('presentation')">Presentation Layer (🎨)</button>
  <button onclick="showLayer('session')">Session Layer (🛠️)</button>
  <button onclick="showLayer('transport')">Transport Layer (📦)</button>
  <button onclick="showLayer('network')">Network Layer (🌐)</button>
  <button onclick="showLayer('data-link')">Data Link Layer (📶)</button>
  <button onclick="showLayer('physical')">Physical Layer (🔌)</button>
</div>

<div id="application" class="layer">
  <h2>Application Layer (📱)</h2>
  <p>User data begins here.</p>
  <div class="encapsulation">
    <div class="layer-data">
      <span class="packet data">GET /index.html HTTP/1.1</span>
      <div class="arrow">↓</div>
    </div>
  </div>
</div>

<div id="presentation" class="layer">
  <h2>Presentation Layer (🎨)</h2>
  <p>Data is encrypted and formatted.</p>
  <div class="encapsulation">
    <div class="layer-data">
      <span class="packet data">🔒 Encrypted[GET /index.html]</span>
      <div class="arrow">↓</div>
    </div>
  </div>
</div>

<div id="session" class="layer">
  <h2>Session Layer (🛠️)</h2>
  <p>Session information added.</p>
  <div class="encapsulation">
    <div class="layer-data">
      <span class="packet segment">Session-ID: ABC123</span>
      <span class="packet data">🔒 Encrypted[GET /index.html]</span>
      <div class="arrow">↓</div>
    </div>
  </div>
</div>

<div id="transport" class="layer">
  <h2>Transport Layer (📦)</h2>
  <p>TCP/UDP headers added.</p>
  <div class="encapsulation">
    <div class="layer-data">
      <span class="packet segment">TCP{SrcPort:1234, DestPort:80}</span>
      <span class="packet segment">Session-ID: ABC123</span>
      <span class="packet data">🔒 Encrypted[GET /index.html]</span>
      <div class="arrow">↓</div>
    </div>
  </div>
</div>

<div id="network" class="layer">
  <h2>Network Layer (🌐)</h2>
  <p>IP headers added.</p>
  <div class="encapsulation">
    <div class="layer-data">
      <span class="packet network">IP{Src:192.168.1.2, Dest:8.8.8.8}</span>
      <span class="packet segment">TCP{SrcPort:1234, DestPort:80}</span>
      <span class="packet segment">Session-ID: ABC123</span>
      <span class="packet data">🔒 Encrypted[GET /index.html]</span>
      <div class="arrow">↓</div>
    </div>
  </div>
</div>

<div id="data-link" class="layer">
  <h2>Data Link Layer (📶)</h2>
  <p>MAC addresses and frame structure added.</p>
  <div class="encapsulation">
    <div class="layer-data">
      <span class="packet frame">MAC{Src:AA:BB:CC, Dest:DD:EE:FF}</span>
      <span class="packet network">IP{Src:192.168.1.2, Dest:8.8.8.8}</span>
      <span class="packet segment">TCP{SrcPort:1234, DestPort:80}</span>
      <span class="packet segment">Session-ID: ABC123</span>
      <span class="packet data">🔒 Encrypted[GET /index.html]</span>
      <div class="arrow">↓</div>
    </div>
  </div>
</div>

<div id="physical" class="layer">
  <h2>Physical Layer (🔌)</h2>
  <p>Data converted to binary signals.</p>
  <div class="encapsulation">
    <div class="layer-data">
      <span class="packet bits">1010110001101...</span>
    </div>
  </div>
</div>

<script>
  function showLayer(layerId) {
    const layers = document.querySelectorAll('.layer');
    layers.forEach(layer => layer.classList.remove('active'));
    document.getElementById(layerId).classList.add('active');
  }

  // Show application layer by default
  document.getElementById('application').classList.add('active');
</script>

</body>
</html>

### Layer 1 - Physical: The Foundation of Network Communication

Imagine trying to have a conversation without any way to transmit your voice—impossible, right? The **Physical layer** serves this fundamental role in networking by providing the actual physical medium for data transmission. As the first and lowest layer of the OSI model, it's where networking gets tangible—the cables, radio waves, and hardware that carry your data.

Think of the Physical layer as the delivery truck for your data. It doesn't care what's inside the packages (the data content), it just makes sure the packages get from one place to another.

### What the Physical Layer Does

The Physical layer converts the digital data (1s and 0s) from your device into signals that can travel across a physical medium:

* **In copper cables**: Electrical signals (voltage changes)
* **In fiber optic cables**: Light pulses
* **In wireless networks**: Radio waves through the air

### Key Physical Layer Components

* **Transmission media** - The physical pathways that carry your data:
  * **Wired options**: Ethernet cables, fiber optic cables
  * **Wireless options**: Wi-Fi, Bluetooth, cellular networks

* **Physical devices** - Hardware that operates at this layer:
  * **Network Interface Cards (NICs)** - Connect your computer to the network
  * **Hubs** - Simple connection points that share all data with all connected devices
  * **Repeaters** - Boost signals to extend network distance

* **Communication patterns**:
  * **Full-duplex** - Data can flow in both directions simultaneously (like a phone call)
  * **Half-duplex** - Data flows in both directions, but only one direction at a time (like a walkie-talkie)

When your internet isn't working, the Physical layer is often the first place to check: Is the cable connected? Is the Wi-Fi turned on? Is the router powered on? These simple physical checks solve many networking problems.

#### Graphic: Layer 1 ("Physical") Network Diagram

In [None]:
# @title
## @title
import base64
from IPython.display import Image, display

def mm(graph):
    graphbytes = graph.encode("utf8")
    base64_bytes = base64.urlsafe_b64encode(graphbytes)
    base64_string = base64_bytes.decode("ascii")
    display(Image(url="https://mermaid.ink/img/" + base64_string))

mm("""
graph TD

SW1[Physical Switch
Operates at **Layer 1**
Handles electrical and light signals]:::switch

AP[Wireless Access Point
Bridges WiFi to physical network]:::switch

Shaggy[PC Shaggy
Connection: Copper - uses **electrical pulses**]:::user

Velma[Laptop Velma
Connection: WiFi - uses **radio waves**]:::user

Fred[PC Fred
Connection: Fiber Optic - uses **light pulses**]:::user

Daphne[Laptop Daphne
Connection: Copper - uses **electrical pulses**]:::user

SW1 -->|Copper Cable| Shaggy
SW1 -->|Copper Cable| Daphne
SW1 -->|Fiber Optic Cable| Fred
SW1 -->|Fiber Optic Cable| AP
AP -->|WiFi Signal| Velma

classDef user fill:#FFE4B5
classDef switch fill:#87CEEB
""")



## Layer 2 - Data Link: Framing and Error Detection

If the Physical layer is about sending raw electrical signals, the **Data Link layer** is about organizing those signals into meaningful chunks of data called "frames." Think of this layer as putting your data into properly addressed envelopes before sending them through the mail system.

### What the Data Link Layer Does

The Data Link layer ensures reliable delivery between devices that are directly connected to each other (like two computers on the same network). It performs three main functions:

* **Packaging data into frames** - Adding header and trailer information around your data
* **Physical addressing** - Using MAC addresses to identify the specific devices sending and receiving data
* **Error detection** - Checking if data was corrupted during transmission

### MAC Addresses: The Physical ID

Every network device has a unique **MAC address** (Media Access Control address) burned into its hardware. This is like the device's fingerprint—a 48-bit address usually written as six pairs of hexadecimal numbers (like 00:1A:2B:3C:4D:5E).

Unlike IP addresses, which can change when you move networks, MAC addresses are permanent and tied to the physical hardware.

### Data Link Devices

The most important device at this layer is the **switch**, which:
* Connects multiple devices on a local network
* Learns which MAC addresses are connected to each port
* Forwards data only to the specific port where the destination device is connected
* Creates a more efficient network than older hub technology

### Real-World Example

When you send an email to someone in the same office building, the Data Link layer handles the direct connections between:
* Your computer and the office switch
* The switch and the destination computer

It ensures your data arrives uncorrupted and reaches the correct physical device, even before higher-level addressing (like email addresses) comes into play.

## Layer 3 - Network: Routing and Addressing

While the Data Link layer handles communication between directly connected devices, the **Network layer** enables communication between devices on different networks, potentially located across the world from each other. This is where the internet's true power begins.

### What the Network Layer Does

Imagine you're mailing a package to someone in another country. It needs to travel through multiple postal facilities, cross borders, and find its way to the right neighborhood. The Network layer performs this role in data networking by:

* **Finding the best path** through multiple networks to reach a destination
* **Addressing devices** with unique IP addresses that identify both the network and the specific device
* **Breaking data into packets** that can be routed independently

### IP Addresses: The Logical Map

The Network layer uses **IP addresses** to identify devices. Unlike MAC addresses (which are like permanent serial numbers), IP addresses are:

* Logical addresses that can be assigned and changed
* Hierarchical, with network and host portions
* Available in two main versions:
  * **IPv4**: 32-bit addresses written as four numbers (like 192.168.1.1)
  * **IPv6**: 128-bit addresses that provide many more possible addresses

### The Router: Network Layer's Key Device

The most important device at this layer is the **router**, which:
* Connects different networks together
* Maintains routing tables showing available paths
* Makes decisions about the best path for data
* Acts as the gateway between your local network and the wider internet

### Real-World Example

When you visit a website, your data might travel through dozens of routers:
1. From your home network to your internet service provider
2. Through various internet backbone networks
3. To the network hosting the website

The Network layer ensures your data finds its way there and back, even when the path changes due to network congestion or outages.

#### Layer 3 ("Logical") Network Diagram

In [None]:
# @title
## @title
### @title
import base64
from IPython.display import Image, display
import matplotlib.pyplot as plt

def mm(graph):
    graphbytes = graph.encode("utf8")
    base64_bytes = base64.urlsafe_b64encode(graphbytes)
    base64_string = base64_bytes.decode("ascii")
    display(Image(url="https://mermaid.ink/img/" + base64_string))
mm("""
graph LR
    subgraph Mystery_Inc_Office[Mystery Inc Office Network]
        Shaggy[PC Shaggy 192.168.1.10]:::user
        Velma[Laptop Velma 192.168.1.11]:::user
    end

    subgraph Police_Station[Police Station Network]
        Fred[PC Fred 192.168.2.10]:::user
        Daphne[Laptop Daphne 192.168.2.11]:::user
    end

    Router[Router
    Routes traffic between networks
    Makes forwarding decisions using IP addresses]:::router

    Shaggy --- Router
    Velma --- Router
    Router --- Fred
    Router --- Daphne

    %% Gateway information
    Shaggy -.- |Gateway 192.168.1.1| Router
    Velma -.- |Gateway 192.168.1.1| Router
    Router -.- |Gateway 192.168.2.1| Fred
    Router -.- |Gateway 192.168.2.1| Daphne

    classDef user fill:#FFE4B5
    classDef router fill:#98FB98""")

## Layer 4 - Transport: End-to-End Communication

The **Transport layer** acts as the delivery service that ensures your data not only reaches the correct destination network and device, but also gets to the specific application that needs it. It adds reliability and quality control to network communications.

### What the Transport Layer Does

Imagine ordering a delicate glass vase online. The Transport layer is responsible for:

* Making sure all pieces arrive (even if they come in separate boxes)
* Ensuring they arrive in the correct order
* Verifying nothing is broken along the way
* Making sure the package gets to the right department in the building

### Two Main Approaches: TCP and UDP

The Transport layer has two primary protocols, each with different priorities:

* **TCP (Transmission Control Protocol)**:
  * Like sending a package with delivery confirmation
  * Ensures all data arrives completely and in order
  * Re-sends anything that gets lost
  * Establishes a connection before sending data
  * Best for: Web browsing, email, file downloads

* **UDP (User Datagram Protocol)**:
  * Like sending a postcard—simple and fast
  * No guarantee all data will arrive
  * No connection setup required
  * Best for: Live streaming, online gaming, VoIP calls

### Ports: Addressing Specific Applications

While IP addresses get data to the right computer, **port numbers** get data to the right application. Common examples:

* Web browsing: Port 80 (HTTP) or 443 (HTTPS)
* Email: Port 25 (SMTP) or 110 (POP3)
* File transfers: Port 21 (FTP)

### Real-World Example

When you check your email, the Transport layer ensures:
1. All parts of all emails arrive at your computer
2. The data goes specifically to your email application (not your web browser)
3. If a piece of an email doesn't arrive, it gets re-sent automatically

##### Graphic TCP Packet

In [None]:
# @title
## @title


mm("""
---
title: "TCP Packet"
---
packet-beta
0-15: "Source Port: 2356. Indicates the sender's port number."
16-31: "Destination Port: 80. Identifies the receiving port on the server."
32-63: "Sequence Number: 42. Tells the receiver how to reassemble data in the correct order."
64-95: "Acknowledgment Number: 0. Shows which byte of data is expected next."
96-99: "Data Offset: 5. Specifies where the payload starts."
100-111: "Flags (URG, ACK, etc.). Controls connection state."
112-127: "Window: 1024. The amount of data that can be sent before acknowledgment."
128-143: "Checksum: 0xABCD. Detects corruption."
144-159: "Urgent Pointer: 0. Marks the end of urgent data."
160-191: "Options and Padding. May set extra parameters like maximum segment size."
192-255: "Data: GET /scoobydoo HTTP/1.1. The actual request message."

""")

##### Graphic: UDP Packet

In [None]:
# @title
## @title
### @title
mm("""
---
title: "UDP Packet"
---
packet-beta
0-15: "Source Port: 9876. Identifies the sender's port."
16-31: "Destination Port: 53. Used for DNS in this example."
32-47: "Length: 24. Size of the entire datagram, header plus payload."
48-63: "Checksum: 0x1234. Ensures data integrity."
64-127: "Data: Scooby says Ruh-roh, Shaggy says Zoinks. The actual payload."
""")

## Layer 5 - Session: Managing Connections

The **Session layer** is like the conversation manager between applications. It establishes, maintains, and terminates the dialog between programs running on different devices. Think of it as setting up a phone call, keeping the line open during the conversation, and properly hanging up when you're done.

### What the Session Layer Does

Imagine you're on a video call with a friend. The Session layer handles:

* **Starting the conversation** - Setting up the initial connection
* **Keeping it going** - Maintaining the connection during pauses
* **Taking turns** - Determining when each side can transmit
* **Checkpointing** - Marking important positions so you can resume if disconnected
* **Ending properly** - Closing the connection when finished

### Why Session Management Matters

Without proper session management:
* Applications would need to restart from the beginning if connections briefly fail
* Systems wouldn't know whether connections are still active or abandoned
* There would be no way to organize multiple conversations between the same devices

### Real-World Session Examples

Session layer functionality appears in many everyday technologies:

* **Website logins** - When you log into a website, a session is created that remembers who you are as you navigate different pages
* **Video streaming** - If your internet connection drops while watching a movie, the session allows you to resume from where you left off
* **Online banking** - Sessions time out after periods of inactivity for security reasons
* **Multiplayer games** - Session management keeps track of all players in the game

### Dialog Control

The Session layer can set up communication in three modes:

* **Simplex** - One-way communication only (like a radio broadcast)
* **Half-duplex** - Two-way communication, but only one direction at a time (like a walkie-talkie)
* **Full-duplex** - Two-way communication simultaneously (like a phone call)

While not as visible as other layers, the Session layer plays a crucial role in making network communications feel seamless and persistent.

## Layer 6 - Presentation: Data Translation and Encryption

The **Presentation layer** is the translator and security guard of the OSI model. It ensures that data sent by one system can be read by another, and it handles encryption to keep your information private. Think of it as both a language interpreter and a document security service.

### What the Presentation Layer Does

Imagine sending a document to someone who speaks a different language and needs it to be confidential. The Presentation layer:

* **Translates** the document into a language the recipient understands
* **Encrypts** the content so only the intended recipient can read it
* **Compresses** the file to make it smaller for faster transmission

### Data Translation Functions

The Presentation layer handles several types of data conversion:

* **Character encoding** - Ensuring text is properly displayed (ASCII, Unicode, UTF-8)
* **Data formatting** - Converting between different file formats
* **Data structures** - Organizing information so both systems understand it

### Security Functions

This layer is crucial for security through:

* **Encryption** - Scrambling data so only authorized recipients can read it
* **Authentication** - Verifying the identity of communication partners
* **Digital certificates** - Providing proof of identity in secure communications

### Common Examples

The Presentation layer is at work when:

* Your web browser displays a secure padlock icon (using SSL/TLS encryption)
* You view images online (converted to standard formats like JPEG or PNG)
* You watch videos (compressed using formats like MPEG or H.264)
* Your phone displays emoji properly (using Unicode character encoding)

| Function | What It Does | Example |
|----------|--------------|---------|
| Encryption | Protects data privacy | HTTPS websites |
| Compression | Reduces file size | ZIP files, JPEG images |
| Translation | Converts between formats | Text encoding between systems |

Without the Presentation layer, computers would struggle to understand each other's data formats, and secure communications would be impossible.

## Layer 7 - Application: User Interface to Network Services

The **Application layer** is the part of the network that you actually see and interact with. It's the top layer of the OSI model and provides the interface between your software applications and the network. Think of it as the storefront of a business—the part designed for customer interaction.

### What the Application Layer Does

The Application layer:

* **Provides network services** directly to end-users
* **Creates the interface** between software and the network
* **Identifies** communication partners
* **Determines** resource availability
* **Synchronizes** communication between applications

### Common Application Layer Protocols

You use Application layer protocols every day, often without realizing it:

* **Web Browsing**
  * HTTP (Hypertext Transfer Protocol) - For viewing web pages
  * HTTPS - Secure version of HTTP for sensitive information

* **Email**
  * SMTP (Simple Mail Transfer Protocol) - For sending email
  * POP3/IMAP - For receiving email

* **File Transfer**
  * FTP (File Transfer Protocol) - For uploading/downloading files
  * SMB - For shared access to files, printers, etc.

### Applications vs. Application Layer

It's important to understand that the Application layer doesn't include the software applications themselves, but rather the protocols and services these applications use to communicate. For example:

* Your web browser (Chrome, Firefox) is a software application
* HTTP/HTTPS are the Application layer protocols your browser uses to communicate

### Real-World Examples

When you interact with networks, you're usually working directly with the Application layer:

* Typing a URL in your browser uses HTTP/HTTPS and DNS
* Checking your email uses SMTP, POP3, or IMAP
* Printing to a network printer often uses SMB

The Application layer is where "the network" transforms from a technical infrastructure into useful services that people actually use to communicate, share information, and conduct business.

## Networking Hardware: Switches, Routers, and Other Appliances

Networks rely on various physical devices to connect computers and enable data transmission. Just like a postal system needs mailboxes, sorting facilities, and delivery trucks to function, computer networks need specialized hardware to move data from one place to another. These hardware components perform specific functions that align with different layers of the OSI model.

Think of networking hardware as the physical infrastructure that makes communication possible. Each device has a specific job, and understanding what each one does helps us build networks that are fast, reliable, and secure. In your home network, you might only see a router and maybe a switch, but larger networks like those in your school have many more components working together behind the scenes.

### Key Networking Hardware Devices:

* **Network Interface Card (NIC)** - A hardware component that allows a computer to connect to a network and operates at the Physical and Data Link layers (Layers 1-2).
  * Every device that connects to a network needs a NIC
  * In modern devices, NICs are usually built into the motherboard
  * Wireless NICs (Wi-Fi adapters) serve the same purpose for wireless connections
  * Each NIC has a unique MAC address (like a device fingerprint) burned into it

* **Hub** - A basic networking device that operates at the Physical layer (Layer 1) and simply passes all data to every connected device.
  * Forwards all data to all connected devices (like shouting in a room where everyone can hear)
  * No filtering capabilities - all connected computers see all traffic
  * Creates a single collision domain, meaning only one device can transmit at a time
  * Outdated and rarely used in modern networks due to inefficiency
  * Historical importance helps understand the evolution of networking

* **Switch** - A more intelligent device that operates at the Data Link layer (Layer 2).
  * Uses MAC addresses to forward data to specific destinations (like a postal worker delivering mail to specific addresses)
  * Creates separate collision domains for each port, allowing multiple simultaneous conversations
  * Maintains a MAC address table (also called a CAM table) to keep track of which device is on which port
  * Much more efficient than hubs since traffic is only sent where needed
  * The backbone of modern local networks

* **Router** - A sophisticated networking device that operates at the Network layer (Layer 3).
  * Connects different networks together (like a traffic controller between different neighborhoods)
  * Makes decisions based on IP addresses rather than MAC addresses
  * Creates separate broadcast domains, improving network efficiency
  * Maintains routing tables to determine the best path for data to travel
  * Often includes firewall capabilities for security
  * The device that connects your home or school network to the internet
  * Your home "router" is usually a combination router, switch, access point, and firewall

* **Firewall** - Security device that operates across multiple layers (typically Layers 3-7).
  * Monitors and filters traffic based on security rules (like a security guard checking IDs)
  * Protects networks from unauthorized access and malicious traffic
  * Can be hardware or software-based (Windows Defender includes a software firewall)
  * Basic firewalls check source/destination addresses and ports
  * More advanced firewalls examine traffic at the Application layer (Layer 7)
  * Essential for network security in both home and business environments

* **Wireless Access Point (WAP)** - Connects wireless devices to a wired network.
  * Operates primarily at Layers 1-2
  * Translates between wireless and wired data formats
  * Enables smartphones, tablets, and laptops to connect without cables
  * Often combined with routers in home environments
  * Enterprise environments typically use multiple access points for better coverage

### Comparison of Common Networking Devices

| Device | OSI Layer(s) | Primary Function | Network Scope |
|--------|-------------|------------------|---------------|
| Hub | Layer 1 | Simple signal repeating | Single network segment |
| Switch | Layer 2 | Forwarding based on MAC address | Single network/LAN |
| Router | Layer 3 | Connects different networks | Multiple networks/WAN |
| Firewall | Layers 3-7 | Security filtering | Network perimeter |
| Load Balancer | Layers 4-7 | Distributes traffic across servers | Server farms |


Understanding which networking hardware to use in different situations is crucial for building efficient, secure, and reliable networks. When you connect to your school's Wi-Fi or plug your computer into a network jack, you're becoming part of a carefully designed system of these interconnected devices.

## Networking Software: Applications and Protocols in Action

Network functionality isn't just about hardware—software components are equally essential. If networking hardware is like the postal system's physical infrastructure (trucks, sorting facilities, mailboxes), then networking software is like the rules, procedures, and services that make the system work (addressing standards, delivery schedules, tracking systems).

Networking software includes protocols, services, and applications that define how data moves through the network and what users can do with it. When you open a web browser and visit a website, you're using application software that relies on many underlying protocols and services to function correctly.

Think of protocols as languages that devices use to communicate with each other. Just as humans need to speak the same language to understand each other, computers need to follow the same protocols to exchange information successfully. Each software component typically works at specific OSI layers, though many span multiple layers.

### Essential Networking Software Components:

* **Protocol** - A set of rules that determines how data is transmitted between devices on a network.
  * Each OSI layer has specific protocols
  * Protocols work together in "stacks" or "suites"
  * Establishes rules for format, timing, sequencing, and error handling
  * Examples include HTTP (for web browsing), SMTP (for email), and IP (for addressing)
  * Without protocols, devices couldn't understand each other - like speaking different languages

* **TCP/IP Suite** - The most common collection of networking protocols used today.
  * Named after its two most important protocols: Transmission Control Protocol (TCP) and Internet Protocol (IP)
  * Includes protocols at multiple OSI layers
  * Forms the foundation of the Internet - every internet-connected device uses TCP/IP
  * Simpler than the full OSI model (4 layers instead of 7)
  * Developed in the 1970s by the US Department of Defense
  * More practical and implementation-focused than the theoretical OSI model

* **Network Operating System (NOS)** - Software that enables a computer to provide network services to client computers.
  * Manages network resources and security
  * Examples include Windows Server, Linux-based systems, and Cisco IOS
  * Controls access to shared resources like files, printers, and applications
  * Includes tools for network management and monitoring
  * Handles user authentication and permissions
  * The "brain" of a network server

* **Client Software** - Programs that allow end-user devices to access network services.
  * Web browsers (Chrome, Firefox, Safari) for accessing websites
  * Email clients (Outlook, Gmail) for sending and receiving messages
  * File transfer apps (FTP clients) for moving files between computers
  * Chat applications (Discord, Teams) for real-time communication
  * Operates primarily at the Application layer (Layer 7)
  * The software you interact with most directly as a network user

* **Network Services** - Programs that provide specific functionality to network users.
  * **DHCP (Dynamic Host Configuration Protocol)** - Assigns IP addresses automatically
    * Without DHCP, you would need to manually configure network settings on each device
    * When your device connects to a network, it requests an IP address from the DHCP server
    * Makes network administration much easier, especially for large networks
  * **DNS (Domain Name System)** - Translates domain names to IP addresses
    * Works like a phone book for the internet
    * Allows you to type "www.google.com" instead of "172.217.164.68"
    * Hierarchical system with root servers at the top
  * **File and Print Services** - Allow sharing of resources across networks
    * Enable users to access files stored on other computers
    * Allow multiple users to share a single printer
    * Form the foundation of collaborative work environments

* **Security Software** - Applications that protect network data and resources.
  * Antivirus and anti-malware programs detect and remove malicious software
  * Intrusion detection systems monitor networks for suspicious activity
  * Virtual Private Network (VPN) clients create secure connections over public networks
  * Essential for protecting sensitive information from unauthorized access
  * Increasingly important as cyber threats become more sophisticated

### Common Protocols by OSI Layer

| OSI Layer | Common Protocols | Primary Function |
|-----------|------------------|------------------|
| Application (7) | HTTP, SMTP, FTP, DNS | End-user services |
| Presentation (6) | SSL/TLS, JPEG, MPEG | Data formatting, encryption |
| Session (5) | NetBIOS, SIP, PPTP | Connection management |
| Transport (4) | TCP, UDP | End-to-end delivery |
| Network (3) | IP, ICMP, OSPF | Routing between networks |
| Data Link (2) | Ethernet, Wi-Fi, PPP | Local delivery, addressing |
| Physical (1) | USB, Bluetooth, DSL | Bit transmission |

**Network Application** refers to any software program that communicates over a network. Modern applications usually interact with multiple layers of the OSI model, but their primary user interfaces operate at Layer 7 (the Application layer).

When you use a network application like a web browser or video conferencing tool, a lot is happening behind the scenes:

1. At Layer 7 (Application), your browser requests a webpage
2. At Layer 6 (Presentation), data might be compressed or encrypted
3. At Layer 5 (Session), a connection is established with the web server
4. At Layer 4 (Transport), TCP ensures all data arrives completely and in order
5. At Layer 3 (Network), IP determines the best route to the destination
6. At Layer 2 (Data Link), the data is formatted into frames for transmission
7. At Layer 1 (Physical), electrical signals carry your data across the network medium

Understanding the relationship between networking software and the OSI model helps troubleshoot problems and design effective network solutions. For example, if websites won't load but your network connection shows as active, you might have a DNS problem (Layer 7), rather than a physical connection issue (Layer 1).

## Conclusion: The OSI Model in Modern Networks

While the OSI model was developed in the late 1970s, it remains a vital conceptual framework for understanding network communications today. Modern networks don't strictly follow the seven-layer model in implementation, but the principles and organization it provides continue to be invaluable for network professionals and students alike.

Imagine trying to understand how a car works without breaking it down into systems like the engine, transmission, electrical system, etc. Similarly, the OSI model gives us a way to break down the complex process of network communication into manageable pieces. This makes it easier to learn networking concepts, troubleshoot problems, and develop new technologies.

Real-world networks typically use the TCP/IP model, which has fewer layers than OSI. However, network professionals still use OSI terminology and concepts because they provide a more detailed way to discuss and analyze network functions. Learning the OSI model is like learning the fundamental grammar of networking—once you understand it, you can apply it to any networking situation.


### Case Study: Velma Debugs Mystery Manor's Network

It was movie night at Mystery Manor, and the gang had gathered to stream their favorite detective films. Fred had just made his famous popcorn, and Shaggy and Scooby had prepared a tower of sandwiches that defied the laws of physics.

"Like, zoinks!" Shaggy exclaimed, staring at his laptop. "The streaming site won't load! And I can't even print the recipe for my new sandwich creation!"

"Ruh roh," Scooby added helpfully.

Fred tried his own laptop. "Looks like none of us can get online. Velma, this seems like a job for your networking expertise!"

Velma adjusted her glasses with a smile. "This is why I love networking problems – they're just like our mysteries. Instead of chasing suspects in masks, we're tracking down technical issues. And just like our mysteries, we solve them by following clues and using a systematic approach!"

#### The Troubleshooting Methodology

"First," Velma explained to the gang as she pulled out her laptop, "we need to treat this like any good investigation. No random guessing or jumping to conclusions!"

She wrote out their process on a notepad:
1. **Identify the Symptoms**: Like gathering clues at a crime scene
2. **Form a Hypothesis**: Develop a theory about what's wrong
3. **Test the Hypothesis**: Look for evidence to prove or disprove our theory
4. **Implement a Solution**: Catch the culprit!
5. **Verify the Fix**: Make sure the mystery is really solved

"And just like we start at the base of a haunted mansion and work our way up," Velma continued, "we'll check our network from the Physical Layer up. One floor at a time!"

#### Problem #1: No Internet Access

##### Step 1: Identify Symptoms
Daphne helped list out what they knew:
- Nobody could access any websites
- All devices were affected
- Even local network sharing wasn't working
- The gang's group chat wasn't working either

"Like, how will I share my sandwich pics?" Shaggy moaned.

##### Step 2: Initial Hypothesis
"When EVERYTHING stops working at once," Velma explained, "it's usually something fundamental. Just like when the gang's van won't start – we check the basics first, not the radio or the air conditioning!"

She suspected a basic connectivity issue and headed for the network closet, flashlight in hand.

##### Step 3: Testing
In the dimly lit closet, Velma found their first real clue:
- The router's power light was dark
- A small backup power supply was beeping sadly
- Everything else seemed to have power

"Just as I suspected," Velma declared. "The router lost power. It's like trying to solve mysteries in the dark – first, we need to turn on the lights!"

##### Step 4: Solution
"Luckily," Velma said, "this is an easy fix. We just need to:
1. Switch to the backup power supply
2. Replace the failed power unit
3. Reconnect the router"

"You know what this reminds me of?" Fred added. "That time we caught the Ghost of Electricity who was really just the janitor accidentally flipping breaker switches!"

##### Step 5: Verification
As the router's lights blinked back to life, the gang checked their devices:
- Internet access restored
- Websites loading
- Group chat notifications starting to pop up

"Like, we're back online!" Shaggy cheered. "Now about that printer..."

#### Problem #2: Printer Issues

##### Step 1: Identify Symptoms
While the internet was fixed, they still had another mystery to solve:
- The printer was powered on, with fresh paper and ink
- Print jobs disappeared into the digital void
- The printer's screen showed it was ready
- But nothing would print

"This is like when we're chasing a ghost," Daphne observed, "and it keeps disappearing through walls!"

##### Step 2: Initial Hypothesis
"Since the printer has power but isn't being seen by our computers," Velma explained, "we can skip the Physical Layer. The printer's network settings might be wrong – it's like having the wrong address for a haunted house!"

##### Step 3: Testing
Velma connected directly to the printer and discovered:
```
ping printer
> Destination host unreachable
```
Checking the printer's display revealed the issue:
- Printer IP: 192.168.2.100
- Network: 192.168.1.x

"Aha!" Velma exclaimed. "The printer thinks it's on a different network! It's like trying to deliver mail to the wrong street!"

##### Step 4: Solution
"Time to give our printer its correct address," Velma said as she adjusted the settings:
- Updated IP to 192.168.1.100
- Fixed the subnet mask
- Confirmed the gateway address

##### Step 5: Verification
Success! The printer sprang to life:
- Status changed to "Ready"
- Test page printed perfectly
- Shaggy's sandwich recipe emerged

#### Lessons Learned

Over victory snacks (Shaggy and Scooby somehow still had room), Velma reviewed what they'd learned:

1. **Systematic Approach**
   "Just like solving our mysteries," Velma explained, "networking problems need a methodical approach. We don't randomly chase suspects, and we don't randomly try fixes!"

2. **Layer-by-Layer Investigation**
   "Start at the bottom and work up," Fred added. "Like checking each floor of a haunted house!"

3. **Documentation**
   "Always keep records," Velma advised, updating their network notebook. "Both of what went wrong and how we fixed it. It's like keeping a mystery journal!"

"You know gang," Daphne reflected, "networking isn't so different from our regular mysteries. It's all about following clues, testing theories, and not giving up until we solve the case!"

"Like, yeah!" Shaggy agreed, starting to print multiple copies of his sandwich recipe. "And now I can finally share my culinary masterpiece with the world!"

"Reehee-hee-hee!" Scooby laughed, already eyeing the fresh batch of thank-you Scooby Snacks Velma had earned.

Movie night was back on, the printer was working, and another technical mystery was solved – all thanks to systematic troubleshooting and the power of teamwork!

### Packet Analysis with Shaggyshark

We're going to use a tool called "Shaggyshark" to look at network traffic (it's a very simplified clone of **Wireshark**, an important real world tool). Think of it like being a detective, but for computers! We'll learn how data moves across networks and what all those numbers and words mean.

**What you'll need:**

* The "Shaggyshark" app (it's in your browser!)
* Your brain!

1.  Use the protocol filter (a protocol is a set of rules governing data communication) to list all the different protocols present in the captured packets. Which protocols are most common?
2.  Find a packet and identify its source and destination IP addresses (IP addresses are numerical labels assigned to each device participating in a computer network for communication). What do these addresses tell you?
3.  Select a packet (a packet is a formatted unit of data carried by a network) and note its packet number, timestamp (the time the packet was captured), length (the size of the packet), and info (a summary of the packets contents). What does each of these fields represent?
4.  Filter for only "TCP" packets (TCP, Transmission Control Protocol, is a reliable, connection-oriented protocol). How does the table change? How does the graph change?
5.  Filter for packets from source IP "192.168.0.10". What destinations are these packets going to?
6.  Filter for packets going to destination IP "8.8.8.8" (8.8.8.8 is a public DNS server provided by Google). What protocol is being used most?
7.  Examine the traffic graph (the traffic graph represents the volume of network packets over time). At what time of day is there the most network traffic? Why might this be?
8.  Filter for "DNS" packets (DNS, Domain Name System, translates domain names to IP addresses). What information is contained in the "Info" column of these packets? What is the destination port of DNS packets? (Port 53 is the standard port for DNS.)
9.  Filter for "HTTP" packets (HTTP, Hypertext Transfer Protocol, is the foundation of data communication for the World Wide Web). What type of information is in the info column? What is the destination port of HTTP packets? (Port 80 is the standard port for HTTP.)
10. Filter for "ARP" packets (ARP, Address Resolution Protocol, resolves IP addresses to MAC addresses). What is the difference between an ARP request and an ARP reply?
11. Filter for "POP3" packets (POP3, Post Office Protocol version 3, is used to retrieve email from a server). What is the destination port of POP3 packets? (Port 110 is the standard port for POP3.)
12. Filter for "IMAP" packets (IMAP, Internet Message Access Protocol, is used to access email on a server). What is the destination port of IMAP packets? (Port 143 is the standard port for IMAP.)
13. Find a packet with a large length. What protocol is it using? Why might some packets be longer than others?
14. By clicking on the table rows, find examples of packets that use TCP and UDP (UDP, User Datagram Protocol, is a connectionless, unreliable protocol. TCP and UDP operate at the Transport Layer (Layer 4) of the OSI model). What are the source and destination ports of those packets?
15. By clicking on the table rows, find the source and destination MAC addresses (MAC, Media Access Control, addresses are hardware addresses assigned to network interfaces. They operate at the Data Link Layer (Layer 2) of the OSI model) of a packet. What layer of the OSI model uses MAC addresses?
16. What frame type (frames are Data Link Layer (Layer 2) protocol data units) is being used? What layer of the OSI model does this relate to?
17. What is the difference between a source and destination port (port numbers identify specific applications or services running on a device)? Why are port numbers important?
18. What layer of the OSI model do IP addresses (IP addresses operate at the Network Layer (Layer 3) of the OSI model) relate to?
19. What layer of the OSI model do HTTP, DNS, POP3, and IMAP (HTTP, DNS, POP3, and IMAP operate at the Application Layer (Layer 7) of the OSI model) relate to?
20. Combine multiple filters (e.g., protocol and source IP) to narrow down the packet list. What kind of information can you gather by combining filters?


In [None]:
# @title
## @title
%%html
<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8"/>
  <title>Shaggy-Shark (Simple Wireshark Emulator)</title>
  <style>
    body {
      background-color: #f3f3f3;
      font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif;
      margin: 20px;
    }
    h1 {
      font-size: 24px;
      color: #333;
    }
    .container {
      max-width: 1200px;
      margin: auto;
      background: #fff;
      padding: 20px;
      box-shadow: 0px 2px 5px rgba(0,0,0,0.1);
    }
    .filters, .help-container, .pagination {
      margin-bottom: 20px;
      display: flex;
      align-items: center;
      gap: 15px;
      flex-wrap: wrap;
    }
    .filters label {
      font-weight: bold;
    }
    .filters input[type="text"],
    .filters select {
      padding: 6px;
      border: 1px solid #ccc;
      border-radius: 3px;
      font-size: 14px;
    }
    button {
      background-color: #007acc;
      border: none;
      padding: 8px 12px;
      color: #fff;
      border-radius: 3px;
      cursor: pointer;
      font-size: 14px;
    }
    button:hover {
      background-color: #005fa3;
    }
    .table-container {
      max-height: 300px;
      overflow-y: auto;
      border: 1px solid #ddd;
    }
    table {
      width: 100%;
      border-collapse: collapse;
      font-size: 14px;
    }
    th, td {
      border: 1px solid #ddd;
      padding: 10px;
      text-align: left;
    }
    th {
      background-color: #e2e2e2;
      position: sticky;
      top: 0;
      z-index: 1;
    }
    tr:hover {
      background-color: #f9f9f9;
      cursor: pointer;
    }
    #packetDetails {
      border: 1px solid #ccc;
      margin-top: 20px;
      padding: 15px;
      background-color: #fafafa;
      white-space: pre-wrap;
      font-family: monospace;
      font-size: 13px;
    }
    .help-text {
      background-color: #fffbe6;
      border: 1px solid #ffe58f;
      padding: 10px;
      border-radius: 3px;
      font-size: 14px;
      line-height: 1.5;
      width: 100%;
    }
    .pagination {
      justify-content: center;
      gap: 10px;
    }
    canvas {
      background-color: #fff;
      border: 1px solid #ccc;
      margin-top: 20px;
      display: block;
      width: 100%;
      height: 200px;
    }
  </style>
</head>
<body>
<div class="container">
  <h1>Shaggy-Shark (Simple Wireshark Emulator)</h1>
  <p>This simulation presents randomly generated <strong>packets</strong> from Shaggy’s computer. Packets have timestamps spanning 24 hours; however, some hours are busier than others. We aggregate packets by hour and draw a <strong>line graph</strong> showing traffic levels over time. Use the filters below, paginate the table, and refer to the graph to analyze network traffic like Wireshark's statistics.</p>

  <div class="filters">
    <div>
      <label for="protocolFilter"><strong>Protocol:</strong></label>
      <select id="protocolFilter">
        <option value="">All</option>
        <option value="HTTP">HTTP</option>
        <option value="DNS">DNS</option>
        <option value="SMTP">SMTP</option>
        <option value="IMAP">IMAP</option>
        <option value="UDP">UDP</option>
        <option value="TCP">TCP</option>
        <option value="ARP">ARP</option>
      </select>
    </div>
    <div>
      <label for="sourceFilter"><strong>Source IP:</strong></label>
      <input type="text" id="sourceFilter" list="sourceIPs" placeholder="e.g., 192.168.0.10">
      <datalist id="sourceIPs">
        <option value="192.168.0.10">
        <option value="192.168.0.11">
        <option value="192.168.0.12">
        <option value="192.168.0.13">
      </datalist>
    </div>
    <div>
      <label for="destFilter"><strong>Destination IP:</strong></label>
      <input type="text" id="destFilter" list="destIPs" placeholder="e.g., 8.8.8.8">
      <datalist id="destIPs">
        <option value="8.8.8.8">
        <option value="8.8.4.4">
        <option value="172.217.164.110">
        <option value="93.184.216.34">
        <option value="192.168.0.254">
        <option value="192.168.0.25">
        <option value="192.168.0.1">
        <option value="192.168.0.15">
      </datalist>
    </div>
    <button id="helpBtn">Help</button>
  </div>

  <div id="helpText" class="help-text" style="display: none;">
    <strong>Usage Instructions:</strong><br>
    1. <strong>Packet</strong>: A small unit of network data including source/destination IPs, a protocol, length, a payload, and a timestamp.<br><br>
    2. <strong>Packet Analyzer</strong>: A tool for inspecting, filtering, and visualizing packets. Timestamps order network events, and aggregated views reveal traffic trends.<br><br>
    3. <strong>Filtering:</strong> Use the dropdown for protocol and type in the IP fields to narrow your packet list. Filtering is case-insensitive.<br><br>
    4. <strong>Pagination:</strong> Only 10 packets are shown per page. Use the buttons below the table to navigate.<br><br>
    5. <strong>Traffic Graph:</strong> The line graph below shows the number of packets per hour over a 24‑hour period, highlighting busier time periods.<br><br>
    6. <strong>Viewing Details:</strong> Click a table row for complete packet details.
  </div>

  <div class="table-container">
    <table id="packetTable">
      <thead>
        <tr>
          <th>Packet #</th>
          <th>Timestamp</th>
          <th>Source IP</th>
          <th>Destination IP</th>
          <th>Protocol</th>
          <th>Length</th>
          <th>Info</th>
        </tr>
      </thead>
      <tbody>
        <!-- Populated via JavaScript -->
      </tbody>
    </table>
  </div>

  <div class="pagination">
    <button id="prevBtn">Previous</button>
    <span id="pageInfo"></span>
    <button id="nextBtn">Next</button>
  </div>

  <div id="packetDetails">Click a row to view packet details.</div>
  <canvas id="trafficCanvas"></canvas>
</div>

<script>
  /**
   * Packet Generation:
   * We now generate 1000 packets over the past 24 hours.
   * Busy hours are simulated by biasing the timestamp generation.
   * The simulation now uses only these protocols: HTTP, DNS, SMTP, IMAP, UDP, TCP, and ARP.
   */
  const protocols = ["HTTP", "DNS", "SMTP", "IMAP", "UDP", "TCP", "ARP"];
  const sourceIPs = ["192.168.0.10", "192.168.0.11", "192.168.0.12", "192.168.0.13"];
  const destIPs = ["8.8.8.8", "8.8.4.4", "172.217.164.110", "93.184.216.34", "192.168.0.254", "192.168.0.25", "192.168.0.1", "192.168.0.15"];

  // Scooby‑Doo themed domains.
  const scoobyDomains = ["www.scoobydoo.com", "www.mysterymachine.net", "www.zoinks.org", "www.ruhrohdude.com"];

  // Global session variable to simulate continuity (e.g., one website handling multiple requests).
  let currentDomain = null;
  function getSessionDomain() {
    if (currentDomain && Math.random() < 0.7) {
      return currentDomain;
    } else {
      currentDomain = scoobyDomains[Math.floor(Math.random() * scoobyDomains.length)];
      return currentDomain;
    }
  }

  // Global variable to track the protocol of the previous packet.
  let previousProtocol = null;

  // Transition matrix for realistic sequencing.
  const transitionMatrix = {
    HTTP: { HTTP: 0.5, DNS: 0.1, SMTP: 0.05, IMAP: 0.05, UDP: 0.1, TCP: 0.15, ARP: 0.05 },
    DNS:  { DNS: 0.4, HTTP: 0.2, SMTP: 0.05, IMAP: 0.05, UDP: 0.2, TCP: 0.05, ARP: 0.05 },
    SMTP: { SMTP: 0.5, DNS: 0.1, HTTP: 0.1, IMAP: 0.05, UDP: 0.15, TCP: 0.05, ARP: 0.05 },
    IMAP: { IMAP: 0.4, HTTP: 0.1, DNS: 0.1, SMTP: 0.05, UDP: 0.1, TCP: 0.15, ARP: 0.1 },
    UDP:  { UDP: 0.4, DNS: 0.1, HTTP: 0.1, SMTP: 0.1, IMAP: 0.05, TCP: 0.15, ARP: 0.1 },
    TCP:  { TCP: 0.5, HTTP: 0.1, DNS: 0.1, SMTP: 0.05, IMAP: 0.1, UDP: 0.05, ARP: 0.1 },
    ARP:  { ARP: 0.6, DNS: 0.05, HTTP: 0.05, SMTP: 0.05, IMAP: 0.05, UDP: 0.1, TCP: 0.1 }
  };

  // Function to select a protocol based on destination IP and previous packet.
  function selectProtocol(currentDestination) {
    if ((currentDestination === "8.8.8.8" || currentDestination === "8.8.4.4") && Math.random() < 0.9) {
      return "DNS";
    }
    if ((currentDestination === "172.217.164.110" || currentDestination === "93.184.216.34") && Math.random() < 0.85) {
      return "HTTP";
    }
    if (currentDestination === "192.168.0.254" && Math.random() < 0.9) {
      return "SMTP";
    }
    if (currentDestination === "192.168.0.25" && Math.random() < 0.9) {
      return "IMAP";
    }
    if (currentDestination === "192.168.0.1" && Math.random() < 0.7) {
      return "ARP";
    }
    if (previousProtocol && transitionMatrix[previousProtocol]) {
      let rand = Math.random();
      for (const proto in transitionMatrix[previousProtocol]) {
        rand -= transitionMatrix[previousProtocol][proto];
        if (rand < 0) return proto;
      }
    }
    return protocols[Math.floor(Math.random() * protocols.length)];
  }

  // Generate a random timestamp over the past 24 hours with bias.
  function randomTimestamp24H() {
    const now = Date.now();
    const twentyFourHours = 24 * 3600 * 1000;
    const startTime = now - twentyFourHours;
    let randomTime = Math.random();
    if(randomTime > 0.5 && randomTime < 0.7) {
      randomTime = 0.5 + (randomTime - 0.5) / 2;
    }
    return new Date(startTime + randomTime * twentyFourHours);
  }

  function getRandomElement(arr) {
    return arr[Math.floor(Math.random() * arr.length)];
  }

  // Packet generator with protocol-specific details.
  function generatePacket(id) {
    const source = getRandomElement(sourceIPs);
    const destination = getRandomElement(destIPs);
    const protocol = selectProtocol(destination);
    previousProtocol = protocol;  // update state

    const length = Math.floor(Math.random() * 100) + 40;
    let info = "";
    let transport = "";
    let srcPort = "";
    let dstPort = "";

    // For protocols involving a website session, reuse the domain.
    if (protocol === "HTTP" || protocol === "DNS" || protocol === "SMTP" || protocol === "IMAP") {
      var domain = getSessionDomain();
    }

    switch (protocol) {
      case "HTTP": {
        info = "HTTP " + (Math.random() < 0.5 ? "GET /index.html" : "200 OK from " + domain);
        transport = "TCP";
        srcPort = Math.floor(Math.random() * (65535 - 1024)) + 1024;
        dstPort = 80;
        break;
      }
      case "DNS": {
        info = "DNS query for '" + domain + "'";
        transport = Math.random() < 0.8 ? "UDP" : "TCP";
        srcPort = Math.floor(Math.random() * (65535 - 1024)) + 1024;
        dstPort = 53;
        break;
      }
      case "SMTP": {
        const emailDomain = domain.replace("www.", "");
        info = "SMTP MAIL FROM:<shaggy@" + emailDomain + ">";
        transport = "TCP";
        srcPort = Math.floor(Math.random() * (65535 - 1024)) + 1024;
        dstPort = 25;
        break;
      }
      case "IMAP": {
        const emailDomain = domain.replace("www.", "");
        info = "IMAP login for user@" + emailDomain;
        transport = "TCP";
        srcPort = Math.floor(Math.random() * (65535 - 1024)) + 1024;
        dstPort = 143;
        break;
      }
      case "UDP": {
        const r = Math.random();
        info = r < 0.5 ? "UDP data packet from Mystery Machine" : "UDP keepalive from Scooby Snacks";
        transport = "UDP";
        srcPort = Math.floor(Math.random() * (65535 - 1024)) + 1024;
        dstPort = Math.floor(Math.random() * (65535 - 1024)) + 1024;
        break;
      }
      case "TCP": {
        const r = Math.random();
        if(r < 0.5) {
          info = "TCP SYN";
        } else if(r < 0.75) {
          info = "TCP SYN-ACK";
        } else {
          info = "TCP ACK";
        }
        transport = "TCP";
        srcPort = Math.floor(Math.random() * (65535 - 1024)) + 1024;
        dstPort = Math.floor(Math.random() * (65535 - 1024)) + 1024;
        break;
      }
      case "ARP":
        info = Math.random() < 0.5 ? "ARP request" : "ARP reply";
        break;
    }

    function randomMAC() {
      const hexDigits = "0123456789ABCDEF";
      let mac = "";
      for (let i = 0; i < 6; i++) {
        mac += hexDigits.charAt(Math.floor(Math.random() * 16));
        mac += hexDigits.charAt(Math.floor(Math.random() * 16));
        if (i !== 5) mac += ":";
      }
      return mac;
    }

    return {
      id: id,
      timestamp: randomTimestamp24H(),
      source: source,
      destination: destination,
      protocol: protocol,
      length: length,
      info: info,
      transport: transport,
      srcPort: srcPort,
      dstPort: dstPort,
      frame: {
        srcMAC: randomMAC(),
        dstMAC: randomMAC(),
        frameType: "Ethernet II"
      },
      rawData: "Raw packet data for packet #" + id + " ..."
    };
  }

  // Display packet details.
  function displayPacketDetails(packet) {
    const timeStr = packet.timestamp.toLocaleString();
    let extraDetails = "";
    extraDetails += "Frame Type: " + packet.frame.frameType + "\n";
    extraDetails += "Source MAC: " + packet.frame.srcMAC + "\n";
    extraDetails += "Destination MAC: " + packet.frame.dstMAC + "\n";
    if (packet.transport) {
      extraDetails += "Transport Protocol: " + packet.transport + "\n";
      extraDetails += "Source Port: " + packet.srcPort + "\n";
      extraDetails += "Destination Port: " + packet.dstPort + "\n";
    }
    packetDetails.textContent =
      "Packet #" + packet.id + "\n" +
      "Timestamp: " + timeStr + "\n" +
      "Source IP: " + packet.source + "\n" +
      "Destination IP: " + packet.destination + "\n" +
      "Protocol: " + packet.protocol + "\n" +
      "Length: " + packet.length + "\n" +
      "Info: " + packet.info + "\n\n" +
      extraDetails + "\n" +
      "Raw Data:\n" + packet.rawData;
  }

  // Generate 1000 packets.
  const packets = [];
  for (let i = 1; i <= 1000; i++) {
    packets.push(generatePacket(i));
  }

  // Pagination: 10 packets per page.
  const packetsPerPage = 10;
  let currentPage = 1;
  let filteredPackets = packets.slice();

  const tableBody = document.querySelector("#packetTable tbody");
  const pageInfo = document.getElementById("pageInfo");
  const prevBtn = document.getElementById("prevBtn");
  const nextBtn = document.getElementById("nextBtn");
  const protocolFilter = document.getElementById("protocolFilter");
  const sourceFilter = document.getElementById("sourceFilter");
  const destFilter = document.getElementById("destFilter");
  const helpBtn = document.getElementById("helpBtn");
  const helpText = document.getElementById("helpText");
  const packetDetails = document.getElementById("packetDetails");
  const trafficCanvas = document.getElementById("trafficCanvas");
  const ctx = trafficCanvas.getContext("2d");

  function resizeCanvas() {
    trafficCanvas.width = trafficCanvas.clientWidth;
    trafficCanvas.height = trafficCanvas.clientHeight;
  }
  window.addEventListener("resize", resizeCanvas);
  resizeCanvas();

  function updateFilters() {
    const protVal = protocolFilter.value.toLowerCase();
    const srcVal = sourceFilter.value.toLowerCase();
    const dstVal = destFilter.value.toLowerCase();
    filteredPackets = packets.filter(packet =>
      packet.protocol.toLowerCase().includes(protVal) &&
      packet.source.toLowerCase().includes(srcVal) &&
      packet.destination.toLowerCase().includes(dstVal)
    );
    currentPage = 1;
    populateTable();
    drawTrafficGraph();
  }

  function populateTable() {
    tableBody.innerHTML = "";
    const startIndex = (currentPage - 1) * packetsPerPage;
    const pagePackets = filteredPackets.slice(startIndex, startIndex + packetsPerPage);
    pagePackets.forEach(packet => {
      const timeStr = packet.timestamp.toLocaleTimeString();
      const row = document.createElement("tr");
      row.innerHTML = `
        <td>${packet.id}</td>
        <td>${timeStr}</td>
        <td>${packet.source}</td>
        <td>${packet.destination}</td>
        <td>${packet.protocol}</td>
        <td>${packet.length}</td>
        <td>${packet.info}</td>
      `;
      row.addEventListener("click", () => displayPacketDetails(packet));
      tableBody.appendChild(row);
    });
    const totalPages = Math.ceil(filteredPackets.length / packetsPerPage) || 1;
    pageInfo.textContent = `Page ${currentPage} of ${totalPages}`;
    prevBtn.disabled = currentPage === 1;
    nextBtn.disabled = currentPage === totalPages;
  }

  prevBtn.addEventListener("click", () => {
    if (currentPage > 1) {
      currentPage--;
      populateTable();
    }
  });
  nextBtn.addEventListener("click", () => {
    if (currentPage < Math.ceil(filteredPackets.length / packetsPerPage)) {
      currentPage++;
      populateTable();
    }
  });

  protocolFilter.addEventListener("change", updateFilters);
  sourceFilter.addEventListener("input", updateFilters);
  destFilter.addEventListener("input", updateFilters);

  helpBtn.addEventListener("click", () => {
    helpText.style.display = helpText.style.display === "none" ? "block" : "none";
  });

  function drawTrafficGraph() {
    resizeCanvas();
    ctx.clearRect(0, 0, trafficCanvas.width, trafficCanvas.height);
    const hourlyCounts = new Array(24).fill(0);
    filteredPackets.forEach(packet => {
      const hour = packet.timestamp.getHours();
      hourlyCounts[hour]++;
    });
    const maxCount = Math.max(...hourlyCounts);
    const margin = 40;
    const width = trafficCanvas.width - 2 * margin;
    const height = trafficCanvas.height - 2 * margin;
    const pointSpacing = width / 23;
    ctx.strokeStyle = "#333";
    ctx.lineWidth = 1;
    ctx.beginPath();
    ctx.moveTo(margin, trafficCanvas.height - margin);
    ctx.lineTo(trafficCanvas.width - margin, trafficCanvas.height - margin);
    ctx.moveTo(margin, trafficCanvas.height - margin);
    ctx.lineTo(margin, margin);
    ctx.stroke();
    ctx.strokeStyle = "#007acc";
    ctx.lineWidth = 2;
    ctx.beginPath();
    for (let hour = 0; hour < 24; hour++) {
      const count = hourlyCounts[hour];
      const x = margin + hour * pointSpacing;
      const y = trafficCanvas.height - margin - (count / maxCount) * height;
      if (hour === 0) {
        ctx.moveTo(x, y);
      } else {
        ctx.lineTo(x, y);
      }
    }
    ctx.stroke();
    for (let hour = 0; hour < 24; hour++) {
      const count = hourlyCounts[hour];
      const x = margin + hour * pointSpacing;
      const y = trafficCanvas.height - margin - (count / maxCount) * height;
      ctx.beginPath();
      ctx.arc(x, y, 3, 0, 2 * Math.PI);
      ctx.fillStyle = "#007acc";
      ctx.fill();
    }
    ctx.font = "10px Arial";
    ctx.fillStyle = "#333";
    ctx.textAlign = "center";
    for (let hour = 0; hour < 24; hour++) {
      const x = margin + hour * pointSpacing;
      ctx.fillText(hour, x, trafficCanvas.height - margin + 12);
    }
    ctx.textAlign = "right";
    ctx.fillText(maxCount, margin - 5, margin + 5);
  }

  updateFilters();
</script>
</body>
</html>


Packet #,Timestamp,Source IP,Destination IP,Protocol,Length,Info


### Loop of the Recursive Dragon (Review Game)
I've written a "quiz" game to help you review each chapter's content. I hope you enjoy it--let me know if you notice any problems!

https://brendanpshea.github.io/LotRD/index?set=nw_01_osi.json

### Review With Quizlet

In [None]:
%%html
<iframe src="https://quizlet.com/1011697290/learn/embed?i=psvlh&x=1jj1" height="600" width="100%" style="border:0"></iframe>

### Glossary


| Term | Definition |
|------|------------|
| Network | A collection of computing devices connected together to share resources and communicate with each other. |
| Local Area Network (LAN) | A computer network that connects devices within a limited area such as a home, school, or office building. |
| Wide Area Network (WAN) | A computer network that extends over a large geographical area, typically connecting multiple LANs across cities, countries, or continents. |
| Application Layer | The highest layer in the OSI model that provides network services directly to end-users and applications, such as web browsing and email. |
| Hypertext Transport Protocol (HTTP) | The foundation of data communication on the World Wide Web, used for transferring web pages and other content from servers to browsers. |
| Domain Name System (DNS) | A hierarchical and decentralized naming system that translates human-readable domain names into IP addresses. |
| SMTP (Simple Mail Transfer Protocol) | A communication protocol for electronic mail transmission, used to send and relay outgoing emails between servers. |
| Presentation Layer | Responsible for data translation, encryption, and compression between the application layer and lower layers, ensuring data is in a usable format. |
| Session Layer | Establishes, manages, and terminates connections between local and remote applications, providing synchronization services and dialog control. |
| Transport Layer | Responsible for end-to-end communication between devices, providing reliable data transfer, error recovery, and flow control. |
| Ports (Transport Layer) | Numerical identifiers that specify which application or process should receive data packets on a computer or server. |
| Transport Control Protocol (TCP) | A connection-oriented protocol that guarantees the delivery of data packets in the same order they were sent with error checking. |
| Three-way-handshake | The process used by TCP to establish a connection between a client and server, consisting of SYN, SYN-ACK, and ACK messages. |
| User Datagram Protocol (UDP) | A connectionless transport protocol that provides a simple, unreliable message service without guaranteeing delivery or packet order. |
| Network Layer | Handles routing of data packets between different networks, determining the best path for data to travel from source to destination. |
| Internet Protocol (IP) Address | A numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication. |
| Router | A networking device that forwards data packets between computer networks, directing traffic and connecting LANs to larger networks. |
| Packet | A formatted unit of data carried by networks, containing both control information and user data. |
| Data Link Layer | Provides node-to-node data transfer between two directly connected nodes, handling physical addressing and error detection. |
| Frame | A data transmission unit in the data link layer that includes addressing and error-checking information along with the actual data. |
| Carrier Sense Multiple Access (CSMA) | A network access method where devices verify the absence of other traffic before transmitting on a shared medium. |
| MAC Address | A unique identifier assigned to a network interface controller for use as a network address in communications within a network segment. |
| Switch | A networking device that connects devices on a computer network by using packet switching to receive and forward data to the intended recipient. |
| Cyclic Redundancy Check (CRC) | An error-detecting code used to detect accidental changes to raw data in digital networks and storage devices. |
| Physical Layer | The lowest layer in the OSI model that transmits raw bit streams over a physical medium, dealing with electrical, optical, or radio signals. |
| Bit | The most basic unit of information in computing and digital communications, representing a logical state with one of two possible values. |
| Byte | A unit of digital information consisting of eight bits, capable of representing a single character of text. |
| Network Interface Card | Hardware component that connects a computer to a network, providing the physical interface and low-level addressing. |
| Hub | A basic networking device that connects multiple Ethernet devices together, making them act as a single network segment. |