### Week # 3 - IP Addressing and Intro to Networking: 
[Link to reference used: W3schools](https://www.w3schools.com/cybersecurity/cybersecurity_network_layer.php)

##### IP - Internet Protocol

IP is used to communicate across networks, not just across physical links, but between networks of routers. The addressing scheme in use is either IPv4 ("IP Version 4") or IPv6 ("IP Version 6").

IP networks can be broken into different sections, often called subnets. This is accomplished by adding an extra piece of information, together with the IP address, called a netmask. The netmask dictates how large a network is and which packet is routed within the network and which should be routed outside of the network.

Netmasks can be represented via decimal numbers or with a slash notation.

RFC1918 Addresses are IP addressed that are reserved for internal organizational use meaning they should not be routed on thee internet.

CIDR Notation or Classless Inter-Domain Routing

Method for allocating ID addresses for IP routing. Classless Inter-Domain Routing (CIDR) is a method of IP address allocation and IP routing that allows for more efficient use of IP addresses. CIDR is based on the idea that IP addresses can be allocated and routed based on their network prefix rather than their class, which was the traditional way of IP address allocation.

CIDR addresses are represented using a slash notation, which specifies the number of bits in the network prefix. For example, an IP address of 192.168.1.0 with a prefix length of 24 would be represented as 192.168.1.0/24. This notation indicates that the first 24 bits of the IP address are the network prefix and the remaining 8 bits are the host identifier.

Several Advantages of the Traditional Class-Based Addressing System of CIDR

1. Efficient use of IP addresses: CIDR allows for more efficient use of IP addresses by allowing the allocation of IP addresses based on their network prefix rather than their class.
2. Flexibility: CIDR allows for more flexible IP address allocation, as it allows for the allocation of arbitrary-sized blocks of IP addresses.
3. Better routing: CIDR allows for better routing of IP traffic, as it allows routers to aggregate IP addresses based on their network prefix, reducing the size of routing tables.
4. Reduced administrative overhead: CIDR reduces administrative overhead by allowing for the allocation and routing of IP addresses in a more efficient and flexible way.

In summary, CIDR is a method of IP address allocation and routing that allows for more efficient use of IP addresses and better routing of IP traffic. It has several advantages over the traditional class-based addressing system, including greater flexibility, better routing, and reduced administrative overhead.


Advantages of CIDR

1. Efficient use of IP addresses: CIDR allows for more efficient use of IP addresses, which is important as the pool of available IPv4 addresses continues to shrink.
2. Flexibility: CIDR allows for more flexible allocation of IP addresses, which can be important for organizations with complex network requirements.
3. Better routing: CIDR allows for more efficient routing of IP traffic, which can lead to better network performance. 
4. Reduced administrative overhead: CIDR reduces administrative overhead by allowing for easier management of IP addresses and routing.

Disadvantages of CIDR

1. Complexity: CIDR can be more complex to implement and manage than traditional class-based addressing, which can require additional training and expertise.
2. Compatibility issues: Some older network devices may not be compatible with CIDR, which can make it difficult to transition to a CIDR-based network.
3. Security concerns: CIDR can make it more difficult to implement security measures such as firewall rules and access control lists, which can increase security risks.

Overall, CIDR is a useful and efficient method of IP address allocation and routing, but it may not be suitable for all organizations or networks. It is important to weigh the advantages and disadvantages of CIDR and consider the specific needs and requirements of your network before implementing CIDR.

Classless Inter-Domain Routing. which is also known as Classless addressing. 

In Classful addressing the no of Hosts within a network always remains the same depending upon the class of the Network.

Class A network contains 224(IP addresses) or 224 - 2 Hosts,
Class B network contains 216(IP addresses) or 216 - 2 Hosts,
Class C network contains 28(IP addresses) or 28 - 2 Hosts

Now, let's suppose an Organization requires 214 hosts, then it must have to purchase a Class B network. In this case, 49150 Hosts will be wasted. This is the major drawback of Classful Addressing. In order to reduce the wastage of IP addresses a new concept of Classless Inter-Domain Routing is introduced. Nowadays IANA is using this technique to provide IP addresses. Whenever any user asks for IP addresses, IANA is going to assign that many IP addresses to the User.


Rules for forming CIDR Blocks:

All IP addresses must be contiguous.

Block size must be the power of 2 (2n). If the size of the block is the power of 2, then it will be easy to divide the Network. Finding out the Block Id is very easy if the block size is of the power of 2.

Example: If the Block size is 25 then, Host Id will contain 5 bits and Network will contain 32 - 5 = 27 bits. 


First IP address of the Block must be evenly divisible by the size of the block. in simple words, the least significant part should always start with zeroes in Host Id. Since all the least significant bits of Host Id is zero, then we can use it as Block Id part.

Example: Check whether 100.1.2.32 to 100.1.2.47 is a valid IP address block or not?

All the IP addresses are contiguous.
Total number of IP addresses in the Block = 16 = 24.
1st IP address: 100.1.2.00100000 Since, Host Id will contains last 4 bits and all the least significant 4 bits are zero. Hence, first IP address is evenly divisible by the size of the block.
All three rules are followed by this Block. Hence, it is a valid IP address block.



IP segments can be further broken up into smaller and more granular networks.

Each network has a reserved address for broadcasting traffic to every host in the network, this is called the broadcast address. Broadcasting data means sending data to everyone on the network instead of sending to just a single host. There are many applications and protocols which rely on broadcasting traffic in order for them to work.

For each network segment the broadcast is always last IP address in the network. For example in the network 192.168.0.0/24 network, the broadcast address is 192.168.0.255.

The smallest netmask possible is 255.255.255.255, represented as /32. This network only has one IP address.

If traffic needs to be sent back to the host, e.g. for communications between applications, it is sent to the localhost address. This address is always 127.0.0.1 and is a /8 network.

In IP networks the traffic is routed by a router. A router is a networking device which understands the IP format and can forward packets between networks. This is different than a switch as the switch forwards data within a network, while the router forwards between networks.

Packets on the network has headers which describe many of the important details we already discussed within the IP protocol.
You can check your IP address on Windows by running the command ipconfig within a Command Line Window. On Linux this is done with the ip addr show or ifconfig command.

When a computer needs to communicate to something which can not be found on the LAN, it sends traffic to the default gateway as per how the system is configured. The default gateway being a router which is capable of forwarding the traffic to the destination IP address.

##### NAT ("Network Address Translation")

NAT allows a system accepting connections on a public IP address to map those requests to an internal RFC 1918 IP address or vice versa. Systems which do NAT'ing are typically firewalls and routers.
A typical implementation of NAT is where the external IP address is used as a front for multiple internal IP addresses, and the destination port number is used to decide which server the data should be sent to. This allows internal IP addresses to receive traffic from external systems.

Another very common implementation is allowing internal IP addresses to access the internet with an external IP address. The NAT keeps track of connections from internal to destination addresses and forwards traffic across the connections.
Note: NAT allows network engineers to be more flexible with their deployments, allowing many different use-cases to unfold.


##### IPv6 - IP Version 6

IP version 6 is the latest standard for IP and was made to support more IP addresses. Instead of using 32 bits of addressing for IP addresses, 128 bits is used. This allows for enough IP addresses for the foreseeable future while IPv4 has already run out.

IPv6 addresses uses 8 groups of of 4 hexadecimal numbers. An IPv6 address look like this: 2a00:1450:400f:80a::200e:. Notice it does not have have the 8 groups of 4 hexadecimal numbers. This is because IPv6 addresses can be shortened via simple rules:

- Leading 0's can be shortened
- Double colon (::) can be used to represent a continuous string of 0's.

The expanded IPv6 address is: 2a00:1450:400f:080a:0000:0000:0000:200e.

The localhost can be reduced into ::1 and ::.

IPv6 has networks, i.e. subnets, just like IPv4 has.
IPv6 is used more and more, and there is built in support for this protocol in many tools. For example with ping we can switch between IPv4 and IPv6 with the -4 and -6 flag respectively.

Run ipconfig and see if you see any IPv6 addresses. If you have IPv6 enabled, try ping -6 google.com and ping -4 google.com. See how the command allows us to use either IPv4 or IPv6?

##### ICMP

ICMP is often associated with Ping and Traceroute. ICMP can be used for other things, such as ask a node for its time referred to as an ICMP Timestamp request. An ICMP Timestamp request simply allows e.g. a Router to ask another Router to synchronize their time, an important attribute in network communications.

A common tactic for attackers to check if systems are available on a network, is to conduct a Ping Sweep. The goal of such activity is to make the target device in a network range reply to ping requests so that the attacker knows it is available. This approach is naive as many systems by default block incoming pings.

##### Traceroute

Tracerouting is a way to determine which routers are involved in sending a packet from system A to B. Knowing which routers our packets take can be useful both better understanding our networks and also in understanding the attack surface. A router is responsible for routing the package in the right direction. Imagine this as driving on a road, where road signs at intersections guide you to the destination. These signs at intersections  represent routers. Traceroute identify these signs and intersections and tells you how far away they are, measured in milliseconds (ms).

The IPv4 TTL and IPv6 Hop Limit headers have the same function. Every router who routes a packet will decrement this value by 1, and if the value reaches 0 the router will discard the packet and return an ICMP Time Exceeded packet to the sender.
To perform a traceroute on Windows:
tracert google.com
Linux:
traceroute google.com


The process of tracerouting via these tools is simple:

The operating system sends a packet google.com, the TTL value is set to 1.
The packet is routed on the network, and the first router decrements the TTL by 1, leaving it at 0. This causes the router to drop the packet and send "ICMP Time Exceeded" back to the source.
The client increases the TTL 1, allowing the packet to be routed through one additional hop.
This process is repeated, increasing the TTL with 1 until the destination has been reached.



##### DNS ("Domain Name System")

DNS is used to map applications, via names, to IP addresses. For example if you want to use your browser to visit http://google.com, the browser must first make a request to a DNS server to resolve the IP address behind google.com

Systems are typically configured with a primary and secondary domain name server. These settings can be configured manually or be provided by a DHCP server. This allows our computer systems to reach a DNS server for it to resolve for us.

The DNS server is then responsible for resolving the request. It will then proceed to check its own cache to see if it already knows the answer. Each DNS answer can be cached, that is stored temporarily to speed up future requests, for a certain TTL ("Time To Live"). The TTL is typically set to a couple of minutes, for example 10 minutes.

If a DNS server does not have a answer in its cache it will then proceed to check who is responsible for giving the answer. This is done via a recursive process which involves asking a hierarchical system of name servers which inevitably will make the DNS request to end up at the Authoritative Name Server.

You can try to do a DNS lookup with Windows or Linux now. From a command line terminal on Windows type nslookup w3schools.com , or on Linux type dig w3schools.com.

The Authoritative Name Server is the DNS server which is responsible for giving the definitive answer to a question. For example the IP address of google.com will be answered by their authoritative name server, and we can see this server by querying for it:

Finding authoritative name server on Windows: nslookup -type=SOA google.com
Linux: dig -t SOA google.com

##### DHCP ("Dynamic Host Configuration Protocol")

As the name implies, the DHCP protocol allows any system on a network to reach out to a server and receive a configuration. Such configuration typically implies receiving IP address and network range, default gateway and DNS servers.

DHCP allows for easy management of clients joining and leaving a network.

If you are curious if you are using DHCP right now you can type ipconfig /all on a Windows system and look for "DHCP Enabled: Yes" in the output. Your computer might have multiple network interfaces

##### VPN ("Virtual Private Network")

A VPN is a system which enables two system to establish encrypted forms for communication, enabling network traffic to be encrypted in transit. Many VPN's is a client to server architecture, allowing the client to access multiple services behind the VPN. VPN's hosted by your work place is also likely to provide access to resources otherwise only accessible from the inside.
Some VPN services are designed for user privacy and encryption for data in transit. These services enables users to send network data via the VPN, effectively masquerading the users IP address when navigating the Internet.

It is generally good practice to use VPN's to secure your network communications, however we should not use any kind of VPN service. Free VPN services can sometimes be malicious, inspecting, reading and storing your sensitive data.

#### What is routing?
[Link to reference](https://www.geeksforgeeks.org/computer-networks/what-is-routing/)

The process of choosing a path across one or more networks is known as Network Routing. Routing chooses the routes along which Internet Protocol (IP) packets get from their source to their destination in packet-switching networks.

Router

Routers are specialized pieces of network hardware that make these judgments about Internet routing. It is a networking device that forwards data packets between computer networks. Also, it helps to direct traffic based on the destination IP address. It ensures that data reaches its intended destination.

As the router connects different networks, it manages data traffic between them. The Router operates at Layer 3 (the network layer) of the OSI Model. It is also responsible for determining the best path for data to travel from one network to another.


Routing refers to the process of directing a data packet from one node to another. It is an autonomous process handled by the network devices to direct a data packet to its intended destination. Note that, the node here refers to a network device called - 'Router'.

Routing is a crucial mechanism that transmits data from one location to another across a network (Network type could be any like LAN, WAN, or MAN). The process of routing involves making various routing decisions to ensure reliable & efficient delivery of the data packet by finding the shortest path using various routing metrics which we will be discussing in this article.

Routing of a data packet is done by analyzing the destination IP Address of the packet.
 - The Source Node (Sender) sends the data packet on the network, embedding the IP in the header of the data packet.
 - The nearest router receives the data packet, and based on some metrics, further routes the data packet to other routers.
 - Step 2 occurs recursively till the data packet reaches its intended destination.

What are Different Types of Routing?
Routing is typically of 3 types, each serving its purpose and offering different functionalities.

1. Static Routing

Static routing is also called as "non-adaptive routing". In this, routing configuration is done manually by the network administrator. Let's say for example, we have 5 different routes to transmit data from one node to another, so the network administrator will have to manually enter the routing information by assessing all the routes. This has human intervention.

     - A network administrator has full control over the network, routing the data packets to their concerned destinations
    - Routers will route packets to the destination configured manually by the network administrator.
    - Although this type of routing gives fine-grained control over the routes, it may not be suitable for large-scale enterprise networks.

2. Dynamic Routing

Dynamic Routing is another type of routing in which routing is an autonomous procedure without any human intervention. Packets are transmitted over a network using various shortest-path algorithms and pre-determined metrics. This type of routing is majorly preferred in modern networks as it offers more flexibility and versatile functionality.

    - It is also known as adaptive routing.
    - In this, the router adds new routes to the routing table based on any changes made in the topology of the network.
    - The autonomous procedure of routing helps in automating every routing operation from adding to removing a route upon updates or any changes made to the network.

3. Default Routing

Default Routing is a routing technique in which a router is configured to transmit packets to a default route that is, a gateway or next-hop device if no specific path is defined or found. It is commonly used when the network has a single exit point. The IP Router has the following address as the default route: 0.0.0.0/0.

What is the Working Principle of Routing?

Routing works by finding the shortest path from the source node to the destination node across a network. 

Step by step:
1. Communication Initiation - The first step that typically happens is, one node (client or server) initiates a communication across a network using HTTP protocols.
2. Data Packets - The source device now breaks a big chunk of information into small data packets for reliable and efficient transmission. This process is called de-assembling and encapsulating the data payload. Then each data packet is labeled with the destination node's IP address.
3. Routing Table - The Routing table is a logical data structure used to store the IP addresses and relevant information regarding the nearest routers. The source node then looks up the IP addresses of all the nodes that can transmit the packet to its destination selects the shortest path using the shortest path algorithm and then routes accordingly. The Routing Table is stored in a router, a network device that determines the shortest path and routes the data packet.
4. Hopping procedure - In the procedure or routing, the data packet will undergo many hops across various nodes in a network till it reaches its final destination node. Hop count is defined as the number of nodes required to traverse through to finally reach the intended destination node.
This hopping procedure has certain criteria defined for every data packet, there's a limited number of hops a packet can take if the packet exceeds that, then it's considered to be lost and is retransmitted.
5. Reaching the destination node - Once all the data packets reach their intended destination node, they re-assemble and transform into complete information that was sent by the sender (source node). The receiver will perform various error-checking mechanisms to verify the authenticity of the data packets.
Overall, the data packet will be transmitted over the least hop-count path as well as the path on which there is less traffic to prevent packet loss.

What are the Main Routing Protocols?

1. RIP (Routing Information Protocol): It is a distance-vector protocol that uses hop count as a metric.
2. OSPF (Open Shortest Path First): OSPF is a link-state protocol that finds the shortest path using the Dijkstra algorithm.
3. EIGRP (Enhanced Interior Gateway Routing Protocol): It is a hybrid protocol that combines features of distance-vector and link-state.
4. BGP (Border Gateway Protocol): It is a path-vector protocol that is used for routing between different autonomous systems on the internet.
5. IS-IS (Intermediate System to Intermediate System): It is a link-state protocol that is primarily used in large networks like ISPs.

What are Different Routing Metrics?

The purpose of routing protocols is to learn about all the available paths to route data packets, build routing tables, and make routing decisions based on specified metrics. There are two primary types of routing protocols rest of them ideate from these two only.

1. Distance Vector Routing

In this type of routing protocol, all the nodes that are a part of the network advertise their routing table to their adjacent nodes (nodes that are directly connected) at regular intervals. With each router getting updated at regular intervals, it may take time for all the nodes to have the same accurate network view.

    - Uses fixed length sub-net, not suitable for scaling.
    - Algorithm used: Bellman Ford Algorithm to find the shortest path.
2.  Link State Routing

Link State Routing is another type of dynamic routing protocol in which routes advertise their updated routing tables only when some new updates are added. This results in the effective use of bandwidth. All the routers keep exchanging information dynamically regarding different links such as cost and hop count to find the best possible path.

    - Uses a variable length subnet mask, which is scalable and uses addressing more effectively.
    - The algorithm used: Dijkstra's Algorithm to find the shortest path.


Let's look at the metrics used to measure the cost of travel from one node to another:-

1. Hop Count: Hop count refers to the number of nodes a data packet has to traverse to reach its intended destination. Transmitting from one node to another node counts as 1 - hop count. The goal is to minimize the hop count and find the shortest path.
2. Bandwidth Consumption: Bandwidth is the ability of a network to transmit data typically measured in Kbps (Kilobits per second), Mbps (Megabits per second), or Gbps (Gigabits per second). The bandwidth depends on several factors such as - the volume of data, traffic on a network, network speed, etc. Routing decision is made in a way to ensure efficient bandwidth consumption.
3. Delay: Delay is the time it takes for a data packet to travel from the source node to its destination node. There are different types of delay such as - propagation delay, transmission delay, and queuing delay.
4. Load: Load refers to the network traffic on a certain path in the context of routing. A data packet will be routed to the path with a lesser load so that it reaches its destination in the specified time.
5. Reliability: Reliability refers to the assured delivery of the data packet to its intended destination although there are certain other factors, the data packet is routed in such a way that it reaches its destination. The stability and availability of the link in the network are looked over before routing the data packet from a specific path.

What are the Advantages of Routing?

- Overall routing can be done in various ways its important to know the requirements and use the one that fits right for our specific needs, hence automated routing is typically preferred as the routing of packets is done by the algorithms defined and the manually configurable routing can give us a fine-grained control over the network.
- Routing is a highly scalable operation for transmitting data that is, in a large-scale enterprise network it becomes crucial to manage information related to all the nodes that may be sharing sensitive and confidential information regarding the organization.
- Load Balancing is also one of the crucial aspects taken care of by routing data packets off the routes that are generally busy as sending data through those routes will only put our data at risk of getting lost.

What are the Disadvantages of Routing?

Every type of routing comes with some pros and cons here are some of the disadvantages for specific types of routing :

- Static Routing: This type of routing is appropriate only for smaller networks where the network administrator has an accurate view of the network & good knowledge of topology else it might raise some security concerns and complex configuration issues.
- Dynamic Routing: Everything is done automatically by the algorithms, providing less control over the network that may not be suitable for every kind of network. It is also computationally expensive and consumes more bandwidth.
- Default Routing: The path on which the packets are to be transmitted by default is configurable but can be a complex procedure if not defined clearly.


Routing is a fundamental concept in computer science that allows every network device across the world to share data across the internet. Here, the shortest path is selected by the routing algorithms when routing a data packet. So, the Routing Algorithms select the shortest path based on metrics like - hop count, delay, bandwidth, etc.
