# A brief summary of *Networks*
<br>
<div style="opacity: 0.8; font-family: Consolas, Monaco, Lucida Console, Liberation Mono, DejaVu Sans Mono, Bitstream Vera Sans Mono, Courier New; font-size: 12px; font-style: italic;">
    ────────
    for more from the author, visit
    <a href="https://github.com/hazemanwer2000">github.com/hazemanwer2000</a>.
    ────────
</div>

## Table of Contents
* [The OSI Model](#)
    * [The Physical Layer](#)
    * [The Data Link Layer](#)
    * [The Network Layer](#)
    * [The Transport Layer](#)
    * [Other Layers](#)
* [Topologies](#)
* [Cabling](#)
    * [Copper Cables](#)
        * [Co-axial Cable](#)
        * [Twisted Pair](#)
    * [Fibre-optic Cable](#)
* [Ethernet Networks](#)
    * [*10Base-T*](#)
        * [*CSMA/CD*](#)
        * [Complex Networks](#)
        * [Spanning Tree Protocol](#)
    * [*100Base-T*](#)
    * [Other Ethernet Standards](#)

<hr>

## The OSI Model

The *Open Systems Interconnect (OSI)* model is compromised of seven layers, where the many parts of a network reside at one, or more layers.

| No. | Layer |
| :---: | --- |
| **7** | *Application* |
| **6** | *Presentation* |
| **5** | *Session* |
| **4** | *Transport* |
| **3** | *Network* |
| **2** | *Data Link* |
| **1** | *Physical* |

### The Physical Layer

At the *physical* layer, any part that moves data from one system to another resides (e.g: copper cabling, fiber optics and radio waves).

A *hub* is a multi-port repeater. When it receives a signal on one port, it floods all other ports with the same signal, hence it operates at the physical layer as well.

### The Data Link Layer

At the *data link layer*, the *Network Interface Card (NIC)* resides. Inside every NIC, there's ROM memory with special firmware, containing a unique identifier called the *Media Access Control (MAC) Address*.

A MAC address is compromised of six bytes, where the first three bytes denote the *Organizationally Unique Idenitifier (OUI)*, that is unique to every manufacturer of NICs. The second three bytes are commonly referred to as the *device identifier*.

*Note:* The MAC address space is commonly referred to as *MAC-48*, as well as *EUI-48 (Extended Unique IDentifier)*.

*Note:* Use the `ipconfig /all` command on Windows OS, to find out the MAC address of your NIC. On Linux OS, Type in `ip a` instead.

*Note:* MAC addresses are also known as *physical addresses*.

Every network transmits data in discrete chunks, called *frames*. A frame encapsulates information about the recipient's MAC Address, the sender's, the type of data encapsulated, and the data itself.

A *Frame Check Sequence (FCS)*, of four bytes, is appended to each frame, and is computed using *Cyclic Redundancy Check (CRC)* math on the data. If the recipient's calculated FCS matches the sender's, then the data is uncorrupted.

<img src="jupyter/img/1_frame.png" width="550"/>

*Note:* The exact structure of a frame, as well as the size of the data field, are dependent on the type of network (e.g: Ethernet, etc).

*Note:* A *Protocol Data Unit (PDU)* is the unit of exchange between communicating systems, at a specific layer. The frame is the PDU at the data link layer.

*Note:* A preamble, consisting of eight bytes, the last byte called *start frame delimiter*, always precedes a frame. It gives a receiving NIC time to realize a frame is coming, and to know exactly where it starts.

When a hub repeats a frame from one NIC to all others, only the NIC with the recipient's MAC address accepts the frame, while all others drop it.

A *switch*, unlike a hub, learns which ports are associated with which MAC addresses, maintaining a *MAC address table* with a timeout period for each entry, and directs signals accordingly. Hence, switches operate at the data link layer.

*Note:* The NIC's functionality is compromised of two sub-layers: *Media Access Control (MAC)* and *Logical Link Control (LLC)*. The MAC sub-layer creates and reads frames. It performs checks (e.g: CRC) on the data in the frame. The LLC sub-layer communicates with the OS, via a device driver.

*Note:* Some people consider the NIC to reside at both, the physical and data link layers.

### The Network Layer

At the *network layer*, *logical addressing* is used instead of physical addressing. In logical addressing, the hardware is ignored and instead, a software-assigned address is used.

A *network protocol* has to create unique identifiers for each system in the network. Most used, is the *Internet Protocol (IP)*, which assigns a unique IP address to every system on a network. Additionally, it enables the division of a network into *subnets*, using *subnet masks* which denote the *network portion* of an IP address.

At the network layer, *packets* are sent and received, encapsulated within the data field of a frame. The source IP address, and the destination IP address are placed in the header, and data follows.

<img src="jupyter/img/1_packet.png" width="400"/>

Every system is configured with an IP address, a subnet mask, and a *default gateway* IP address:

* When a system wants to communicate with an IP address within its subnet, it sends a *broadcast*, as opposed to a *unicast*, with the destination MAC address `FFFF:FFFF:FFFF`, asking for the MAC address of the IP address in question. This is called an *ARP request*. The system with the matching IP address responds with its MAC address, and communication can proceed henceforth.

* When the system wants to communicate with an IP address outside of its subnet, it first identifies the MAC address of its default gateway, then sends a frame with the destination MAC address of the default gateway, and a packet destination IP address of the IP address in question. 

* The default gateway, a *router*, routes packets from one subnet to another. A packet, passing through a router, remains intact. However, assuming two subnets only, the sender MAC address becomes the router, and the receiver MAC address becomes the MAC address of the system with the destination IP address.

*Note:* In a hypothetical scenario, a frame is received by a system. The frame is received with a matching MAC address. It is accepted by the NIC, and passed to the OS as a packet. The network stack in the OS checks the destination IP address. It is not a match, and is dropped.

*Note:* Dividing a network into subnets lowers the effects of broadcasts when querying for MAC addresses, since broadcasts affect only systems within the same subnet as the broadcasting system.

*Note:* Applying a bitwise-*AND* operation between an IP address and its subnet mask, reveals the *network ID*, unique to the subnet the IP address belongs to. The rest of the IP address is called the *host ID*.

*Note:* With a subnet mask of *255.255.255.0*, only *254* systems may be assigned unique IP addresses in the network, since the *X.X.X.255* IP address is reserved for *Directed Broadcasts*. Directed broadcasts are packets sent from one system on a network, to all systems on another network.

*Note:* On Windows OS, use the `arp -a` command to reveal the system's *ARP* cache.

### The Transport Layer

At the *transport layer*, a protocol, e.g: *Transmission Control Protocol (TCP)*, built on-top of a network protocol, e.g: TCP is built on-top of IP, is responsible for the segmentation and re-assembly of large chunks of data. Hence, data encapsulated within a packet, is called a *segment*.

*Note:* For example, TCP adds a sequence number and an acknowledgement number in its segment header. Unacknowledged sequences are re-transmitted.

*Note:* TCP has a software port number in its segment header. The OS uses this port number to route data encapsulated within segments to running processes, each associated with one or more port numbers.

*Note:* TCP is a *connection-oriented* protocol. It establishes a connection with the system, before sending data. UDP, also built on-top of IP, is a *connection-less* protocol.

*Note:* While TCP segments and re-assembles large chunks of data, UDP *datagrams* are simply sent over, delegating the segmentation and re-assembly processes to applications.

### Other Layers

The *session* layer in an OS manages sessions of communication with different systems, typically associated with connection-oriented protocols.

The *presentation* layer in an OS is concerned with the translation of data from lower layers to upper layers (e.g: encryption protocols).

The *application* layer in an OS refers to the *Application Programming Interfaces (APIs)* that programmers can utilize to make use of the built-in network stack.

*Note:* Use `netstat -n` on Windows OS, to reveal information about the currently active sessions. 

## Topologies

A *bus topology* network is where all systems are connected to a single cable. Terminators at both ends of the cable are required, to prevent signals from reflecting at the ends of the cable.

<img src="jupyter/img/2_bus.png" width="470"/>

A *ring topology* is where each system is connected to the system before it, and the system after it. Frames are forwarded from one device to the next, in a unidirectional loop.

<img src="jupyter/img/2_ring.png" width="300"/>

A *star* topology is where each system is connected to a central networking device (e.g: switch). It has the added benefit of providing *fault tolerance*. That is, if one of the cables broke, all the other systems could still communicate.

<img src="jupyter/img/2_star.png" width="280"/>

*Note:* A star topology is the most popular today.

*Hybrid* topologies arose, that had differing *physical* and *logical* topologies:

* A *star-ring* topology has the physical topology of a star, but logically, is still a ring.

* Similarly, a *star-bus* topology has the physical topology of a star, but logically, is still a bus.

<img src="jupyter/img/2_star-ring.png" width="330"/>

<img src="jupyter/img/2_star-bus.png" width="350"/>

*Note:* A hub connecting multiple systems is a network with a hybrid star-bus topology.

In wireless technology, systems usually connect in a *mesh topology*, where every system connects to every other system via two or more routes.

<img src="jupyter/img/2_mesh.png" width="550"/>

## Cabling

### Copper Cables

#### Co-axial Cable

*Co-axial cable* transmits data through a central wire, that is insulated and shielded to reduce *Electro-Magnetic Interference (EMI)* from the environment.

Different types of connectors are used at the end of co-axial cables, most popular are the *F-type*, found in TV cable, and *BNC* connectors.

The *Radio Guide (RG)* rating issues a standarized measure of a co-axial cable, on parameters such as the impedance of the cable, and its ability to reduce EMI (e.g: RG-59 and RG-6 are two popular ratings).

<img src="jupyter/img/2_co-axial.png" width="350"/>

*Note:* *Twinaxial* cable transmits data through two central copper wires. It is usually used as a substitute for short fiber connections. In such uses, it is commonly referred to as *direct attached cable (DAC)*.

#### Twisted Pair

*Twisted pair* cable involves one, or more twisted pairs of cables, bundled together into a common jacket. Each pair transmits and receives data.

The more twists per unit length of cable, the less *crosstalk* there is, a specific type of EMI, occuring due to unwanted coupling between two signals flowing next to each other, in parallel.

*Category (Cat)* rating measures the maximum frequency and bandwidth a twisted pair cable can handle (e.g: *Cat 5* is rated at *100 Mhz* and *100 Mbps*).

*Note*: *Cat 5e* is rated at 100 Mhz, with a bandwidth of *1 Gbps*. This is due to *bandwidth-efficient encoding schemes*.

*Note:* *Twisted pair* cable may be *shielded (STP)* or *unshielded (UTP)*, with STP cable handling higher bandwidths.

Landline telephones use *RJ-11* connectors, designed to support up to two twisted pairs. Today, wired networks use *8 position 8 contact (8P8C)* connectors, commonly referred to as *RJ-45* rather erroneously.

### Fiber-optic Cable

*Fiber-optic* cable transmits light rather than electricity, making it able to support high-EMI regions and long-distance transmissions.

A fiber-optic cable has four components: the *core*, made of fiber glass, in which light is reflected, the *cladding* that reflects light down the core, the *buffer* material that gives the cable its strength, and the *insulating jacket*.

A fiber-optic cable that uses lasers is known as *single-mode fiber (SMF)*, and that uses LEDs is known as *multi-mode fiber (MMF)*. SMF cable does not experience *modal distortion*, where signals sent at the same time do not arrive at the same time.

<img src="jupyter/img/2_fiber.png" width="275"/>

*Note:* Connectors commonly employed with fiber-optic cable are *ST*, *SC*, *LC* and *MT-RJ*. *LC* and *MT-RJ* can connect up to two glass fibers per connector.

*Note:* Along with connector types, there are *contact types* associated with each fiber optic cable. *Physical contacts (PCs)* replaced flat-surface contacts, with slightly spherical and highly polished surfaces. *Ultra-physical contacts (UPCs)* offered superior finish. *Angled-physical contacts (APCs)* added an 8-degree angle to the curved end, further reducing the signal loss, and reducing degradation due to repeated insertions.

*Note:* Fiber-optic cable is standarized with *OM* and *OS* ratings, denoting multi-mode and single-mode fiber cable, respectively. For example, *OM3* withstands higher bandwidth than *OM1*. Each rating is color-coded for easy identification.

## Ethernet Networks

Standards, published by the *Institute of Electrical and Electronics Engineers (IEEE)*, define different types of networks, specifying all the details of all relevant constituents.

*Ethernet* standards specify the requirements and limitations of different types of Ethernet networks, the most popular type of network today.

### *10Base-T*

One of the earliest Ethernet standards published was *10Base-T*. It specified a speed of transfer of *10 Mbps*, requiring Cat 3 or higher, two TPs cable with 8P8C connectors.

#### *CSMA/CD*

Hub-based networks worked in *half-duplex* mode. This meant that, even though there were two pairs, a receiving and a sending pair, a node (or, system) could not send and receive at the same time, due to constraints placed by the logical bus topology.

10Base-T NICs devised a clever way of operation, called *Carrier-sense Multiple Access with Collision Detection (CSMA/CD)*.

* *Carrier-sense* meant that each node checked if there was traffic in the network before sending out its frames. If there was, the node waited a constant period of time before checking again. Once free, the node sent out its frame.

* *Multiple Access* meant that each node had equal, shared-access to the network, regardless of its functionality.

* *Collision Detection* occured when two nodes sent out two frames at the same time. Both nodes would sense the overlapping signals, and wait a random period of time, before re-trying.

*Note:* Unlike hub-based networks, switch-based networks could work in *full-duplex* mode, with no risk of collision.

*Note:* While a hub-based network is a *single collision domain*, each connection of a node to a switch, in a switch-based network, is its own collision domain.

*Note:* Modern NICs and networking devices are able to negotiate the duplex mode when first connecting to a network, whether *half-duplex* or *full-duplex*.

#### Complex Networks

Hubs and switches may be connected in any order to create a complex network. The ports on NICs are labelled *Medium-Dependent Interface (MDI)*, while the ports on a switch or a hub are labelled *MDI Crossover (MDI-X)*. *Straight-through* cable connects an MDI port and an MDI-X port, while *cross-over* cable connects two similar ports.

An *up-link* port, on a switch or a hub, is an MDI port, that eliminates the need for cross-over cable, when connecting one networking device to another.

*Note:* Modern switches eliminate the need for cross-over cable with the *auto-sensing* feature in ports, adjusting to MDI or MDI-X according to the connected device.

#### Spanning Tree Protocol

*Spanning Tree Protocol (STP)* is an Ethernet-specific protocol, meant to identify and deal with accidental loops in switch-based networks. Using *bridge protocol data units (BPDUs)*, switches communicate with each other.

*Note:* A bridge is similar to a switch. It processes frames in software, while switches use *Application-Specific Integrated Circuits (ASICs)*.

*Configuration BPDUs* establish the topology by electing a switch as the *root bridge*. All other switches attempt to maintain a loop-free topology, by placing certain ports in a blocked state, using the root bridge as reference.

*Topology Change Notification (TCN) BPDUs* enable switches to re-work themselves around a failed switch, or port (also known as, interface).

*Note:* A switch port connected directly to a system should never participate in STP, to avoid the delay STP introduces when an interface first comes up. 

### *100Base-T*

*100Base-T* (also known as, *FastEthernet*) superceded *10Base-T*, with a speed of transfer of *100 Mbps*, requiring Cat 5 cable or better.

Multi-speed auto-sensing NICs and networking devices allowed newer equipment to be backwards compatible.

*Note:* For example, a *10/100Base-T* switch would negotiate with a *10Base-T* NIC and a *10/100Base-T* NIC first, agreeing to work at *10 Mbps* and *100 Mbps*, respectively.

### Other Ethernet Standards

*1000BaseT* (also known as, *GigabitEthernet*) used four pair TP cabling, instead of just two, to achieve a speed of *1000Mbps*.

*Note:* Ethernet standards based on fibre cable include *10Base-F*, *100Base-FX*, *1000Base-LX*, and *10GBase-LR*, supporting speeds ranging from *10 Mbps* upto *100 Gbps*.

## Routing

A router routes packets between at least two distinct networks. It maintains a *routing table*, with each entry listing a single route.

<img src="jupyter/img/3_routing-table.png" width="700"/>

In the above routing table, belonging to a home router, as an example, there are four entries:

1. *Route packets destined to IP address **76.30.4.1** through port **eth0**, perform an ARP request with the IP address directly*.

2. *Route packets destined to network **76.30.4.0/24** through port **eth0**, perform an ARP request with the IP address directly*.

3. *Route packets destined to network **10.12.14.0/24** through port **br0**, perform an ARP request with the IP address directly*.

4. *Route packets destined to any other network through port **eth0**, perform an ARP request with the gateway's IP address*.

*Note:* This is an example of a home network, where there's what is commonly referred to as a *Local Area Network (LAN)* and a *Wide Area Network (WAN)*. The WAN consists of more than one network, and hence, when a packet arrives that is destined to a network other than the two directly connected on ports *eth0* and *br0*, the router performs an ARP request for a gateway, another router.

When comparing equally viable routes, the lower the *metric* field in a routing table, the more priotrized a route is. Factors that contribute to a lower metric value include:
* *Hop count*, the number of routers that a packet must go through to reach its destination.
* *Bandwidth*, denoting the average throughput through a route.
* *Delay*, denoting the average latency through a route.

*Note:* Routes in a routing table may be configured manually. However, a *dynamic routing protocol* (e.g: *Open Shortest Path First, or OSPF)* specifies how routers should communicate to automatically build each other's routing tables, reaching *convergence* in the least amount of time.

### Network Address Translation

Due to *IPv4* addresses running out, *IANA* introduced *private addresses*, several ranges of *IPv4* addresses, of which packets containing are automatically dropped by routers.

To be used only within LANs, these ranges are:
* *10.0.0.0/8*
* *172.16.0.0/16*
* *192.168.0.0/16*

For packets from a *private LAN*, a LAN residing within these ranges, to pass through a router, it requires *Network Address Translation (NAT)*, a technology that most modern routers support.

The most common form of NAT is *Port Address Translation (PAT)*. For example, a packet sent out of a LAN with a private address and a port number, is mapped to a router's WAN's interface's public address and a unique port.

<img src="jupyter/img/3_pat.png" width="700"/>

When a packet is received, the router compares the destination port number to cached entries in a NAT table, to determine which destination LAN IP address and port number to put back on the packet.

*Note:* *Port Forwarding*, on the other hand, associates a LAN private address and port number with a router's WAN's interface's public address statically, allowing a system on a WAN to initiate contact (e.g: hosting a web server in a LAN, to be accessible from a system on a WAN).

### Loopback Interfaces

IANA designates the *127.0.0.0/8* range of IP addresses as *loopback* addresses, which means any packet destined to an address within this range is routed internally to the system, and not handed to the system's NIC.

Systems maintain their own routing tables, which clearly list entries that route packets destined to addresses within the loopback range, or matching the system's assigned IP address, to a *loopback interface*.

<img src="jupyter/img/3_routing-table-of-system.png" width="650"/>

*Note:* Use the `route print` command on Windows OS to display the system's routing table.

## Application Layer Protocols

An *Application Layer Protocol* is an implementation of a protocol by network-enabled applications, usually ontop of either TCP or UDP.

### *DHCP*

### *DNS*

*Domain Name System (DNS)* is a hierarchal and distributed naming system, that is meant to translate, on a one-to-one basis, between an IP address and a human-readable alias.

On top of this hierarchy is a *DNS resolver*, the server clients issue their requests to. This server, then, delegates the name look-up process to a hierarchy of other servers (e.g: *root-level* nameserver, *top-level domain* nameserver, etc). When it gets a response, it relays it to the client.

*Note:* Every OS has a way to configure IP addresses for multiple DNS resolvers.