Monday, May 21, 2018

OSI model

  • Not every network uses all of the model’s layers.  ISO’s intent in creating the OSI model
wasn’t to describe every network but to give protocol designers a map to follow to aid in
design.  This model is useful  for conceptualizing network components to demonstrate
how they fit together to help the computers within the network communicate.
The OSI reference model was formulated as a template for the structure of communications systems.  It was not intended that there should be stand
ard protocols associated with each layer.  Instead, a number of different protocols have been developed each offering a different functionality


Physical layer. Nmap unavoidably uses this layer, though it is not usually concerned with it. It doesn't matter if you are using Cat 5 cable, 2.4 GHz radio, or coaxial cable—you can't use a network without having a physical layer. Nmap has no idea what it is, either; the firmware in your network card handles that.

Data link layer. Here again, Nmap has to use this layer or nothing gets sent to the destination. But there are some cases where Nmap is aware of what layer-2 protocols are in use. These all require root privileges to work:
    On Windows, Nmap can't send raw IP packets (more on this in the next layer), so it falls back to sending raw Ethernet (layer 2) frames instead. This means that it can only work on Ethernet-like data links—WiFi is fine, but PPTP doesn't work.
    There are some NSE scripts that probe layer-2 protocols: lltd-discovery, broadcast-ospf2-discovery, sniffer-detect, etc.
    If the target is on the same data link, Nmap will use ARP to determine if the IP address is responsive. It will then report the MAC address of the target. For IPv6 targets, Neighbor Discovery packets are used instead.

Network layer. Nmap supports both IPv4 and IPv6 network layer protocols. For port scans (except -sT TCP Connect scan), Nmap builds the network packet itself and sends it out directly, bypassing the OS's network stack. This is also where --traceroute happens, by sending packets with varying small Time To Live (TTL) values to determine the address where each one expires. Finally, part of the input into OS detection comes from the network layer: initial TTL values, IP ID analysis, ICMP handling, etc.


Transport layer. This is where the "port scanner" core of Nmap works. A port is a transport layer address; some of them may be used by services on the target ("open" ports), and others may be unused ("closed" ports). Nmap can scan 3 different transport layers protocols: TCP, UDP, and SCTP. The majority of inputs to OS detection come from here: TCP options, sequence number analysis, window size, etc.

Application layer. This is where version detection (-sV) takes over, sending various strings of data (probes) to open services to get them to respond in unique ways. SSL/TLS is handled specially, since other services may be layered over it (in which case it provides something like an OSI Session Layer). This is also where the vast majority of NSE scripts do their work, probing services like HTTP, FTP, SSH, RDP, and SMB.

Obviously layer 1 packets are sent, but nmap isn't really aware of them
When on the same local network, nmap pays attention to MAC addresses and ARP. This helps with vendor detection, as well as giving you network distance information
layer 3 (network layer) is used for sending packets, for detecting whether the host is up.
the transport layer (layer 4) is used for things like SYN scans, and to detect which ports are open. Sequence number detection, which happens at layer 4 is important to OS detection.
https://stackoverflow.com/questions/47210759/which-layer-in-the-osi-model-does-a-network-scan-work-on


Trace route works on network layer of OSI Model.firstly i try to explain how trace route work.
traceroute and tracert, is a utility that maps the path between the tested hosts. The results are then displayed as a list of hops. The information provided could be used to identify a weak link along the route. If the test fails at a certain point, the IP address of the last router that responded properly is known, so the problem could then be identified more easily.
Its uses ICMP packets and relies on a function called TTL – (Time to Live) in the header of this Layer 3 protocol. The value is used to set the maximum number of hops a packet can travel. When a packet is received on a router, the TTL value is lowered by 1. When the TTL reaches 0, the packet is dropped.
The Windows command is tracert and the Linux one is traceroute.

https://www.quora.com/What-trace-route-works-on-which-layer



OSI Model Explained | Real World Example

  • Connection-Oriented and Connectionless Protocols in TCP/IP


Looking again at TCP/IP, it has two main protocols that operate at the transport layer of the OSI Reference Model. One is the Transmission Control Protocol (TCP), which is connection-oriented; the other, the User Datagram Protocol (UDP), is connectionless. TCP is used for applications that require the establishment of connections (as well as TCP’s other service features), such as FTP

Even though a TCP connection can be used to send data back and forth between devices, all that data is indeed still being sent as packets; there is no real circuit between the devices. This means that TCP must deal with all the potential pitfalls of packet-switched communication, such as the potential for data loss or receipt of data pieces in the incorrect order. Certainly, the existence of connection-oriented protocols like TCP doesn't obviate the need for circuit switching technologies

The principle of layering also means that there are other ways that connection-oriented and connectionless protocols can be combined at different levels of an internetwork.
Just as a connection-oriented protocol can be implemented over an inherently connectionless protocol, the reverse is also true
a connectionless protocol can be implemented over a connection-oriented protocol at a lower level. In a preceding example, I talked about Telnet (which requires a connection) running over IP (which is connectionless). In turn, IP can run over a connection-oriented protocol like ATM.
http://www.tcpipguide.com/free/t_ConnectionOrientedandConnectionlessProtocols-3.htm

  • a basic understanding of the layered nature of modern networking architecture,The Open System Interconnection (OSI) Reference Model

Even though packets may be used at lower layers for the mechanics of sending data, a higher-layer protocol can create logical connections through the use of messages sent in those packets.

Circuit-switched networking technologies are inherently connection-oriented, but not all connection-oriented technologies use circuit switching. Logical connection-oriented protocols can in fact be implemented on top of packet switching networks to provide higher-layer services to applications that require connections.
http://www.tcpipguide.com/free/t_ConnectionOrientedandConnectionlessProtocols-2.htm

Data Encapsulation OSI TCPIP

 
OSI Encapsulation
 
Understanding the OSI Reference Model: Cisco Router Training 101
  • What is OSI model?



OSI stands for = Open Systems Interconnection (OSI) model
OSI model is a reference model containing 7 layers such as physical layer, data link layer, network layer, transport layer, session layer, presentation layer and application layer.
It is a prescription of characterizing and standardizing the functions of a communications system in terms of abstraction layers. Similar communication functions are grouped into logical layers. A layer serves the layer above it and is served by the layer below it




What is TCP/IP model?


    TCP/IP model is an implementation of OSI reference model. It has five layers. They are: Network layer, Internet layer, Transport layer and Application layer.




    What are the differences between OSI and TCP/IP model?


      Important differences are:

      OSI is a reference model and TCP/IP is an implementation of OSI model.

      OSI has 7 layers whereas TCP/IP has only 4 layers The upper 3 layers of the OSI model is combined on the TCP/IP model.

      OSI has: physical layer, data link layer, network layer, transport layer, session layer, presentation layer and application layer

      TCP/IP has : Network layer, Internet layer, transport layer and application layer.




      Explain in detail the process of sending a piece of information from a host on subnet A to a host on subnet B.


        What I'm looking for:

        Some knowledge of the OSI model

        The concept of layers, layer units, and encapsulation.

        The concept of MTU/fragmentation (not required, but nice if they know it)

        The address resolution process at layer 3 (DNS)

        The determination of local vs. non-local addresses (subnet masks/what are subnets/when to use a default gateway)

        The address resolution process at layer 2 (ARP)

        At least a vague understanding of layer 1 and associated issues


        Protocols according to layers


          Data Link Layer
          ARP/RARP Address Resolution Protocol/Reverse Address

          Network Layer
          DHCP Dynamic Host Configuration Protocol
          ICMP/ICMPv6 Internet Control Message Protocol
          IP Internet Protocol version 4
          IPv6 Internet Protocol version 6

          Transport Layer
          TCP Transmission Control Protocol
          UDP User Datagram Protocol


          Session Layer
          DNS Domain Name Service
          NetBIOS/IP NetBIOS/IP for TCP/IP Environment
          LDAP Lightweight Directory Access Protocol



          Application Layer
          FTP File Transfer Protocol
          HTTP Hypertext Transfer Protocol
          IMAP4 Internet Message Access Protocol rev 4
          NTP Network Time Protocol
          POP3 Post Office Protocol version 3
          SMTP Simple Mail Transfer Protocol
          SNMP Simple Network Management Protocol
          SOCKS Socket Secure (Server)
          TELNET TCP/IP Terminal Emulation Protocol




          References:
          http://rancidtaste.hubpages.com/hub/OSI-Reference-Model-and-TCP-IP-Model-Interview-Questions-and-Answers
          http://www.protocols.com/pbook/tcpip1.htm

          1. please-physical layer-Bits-Hubs,Repeater live
          2. do-Data link layer-Frames-Switches,Bridges live-MAC,Physical addressing
          3. not -Network layer-Packets-Routers live,IP Addressing,logical addressing
          4. throw-Transport layer-Segments-TCP,UDP
          5. sausage-Session Layer-data
          6. pizza-presentation layer-data
          7. away-application layer-data
          • OSI Model Explained CCNA - Part 1
          1. please-physical layer-Bits-Hubs,Repeater
          2. do-Data link layer-Frames-atm,frame relay,switches,
          3. not -Network layer-Packets or Datagrams-IP,IPV4,IPV6,IPSEC,IPX,routers
          4. throw-Transport layer-Segments-TCP,UDP
          5. sausage-Session Layer-data-sessions between local and remote hosts
          6. pizza-presentation layer-data-ascii,jpeg,mpeg etc deals with data formating
          7. away-application layer-data- ftp,http,telnet,dns,dhcp etc deals with protocols
          OSI Model quick and dirty
          • Problems with TCP/IP
          2.1 Built for the Wide Area

          TCP/IP was originally designed, and is usually implemented, for wide-area networks. While TCP/IP is usable on a local-area network, it is not optimized for this domain. For example, TCP uses an in-packet checksum for end-to-end reliability, despite the presence of per-packet CRC's in most modern network hardware. But computing this checksum is expensive, creating a bottleneck in packet processing. IP uses header fields such as `Time-To-Live' which are only relevant in a wide-area environment. IP also supports internetwork routing and in-flight packet fragmentation and reassembly, features which are not useful in a local-area environment. The TCP/IP model assumes communication between autonomous machines that cooperate only minimally. However, machines on a local-area network frequently share a common administrative service, a common file system, and a common user base. It should be possible to extend this commonality and cooperation into the network communication software.

          2.2 Multiple Layers
          Standard implementations of the Sockets interface and the TCP/IP protocol suite separate the protocol and interface stack into multiple layers. The Sockets interface is usually the topmost layer, sitting above the protocol. The protocol layer may contain sub-layers: for example, the TCP protocol code sits above the IP protocol code. Below the protocol layer is the interface layer, which communicates with the network hardware. The interface layer usually has two portions, the network programming interface, which prepares outgoing data packets, and the network device driver, which transfers data to and from the network interface card (NIC).
          This multi-layer organization enables protocol stacks to be built from many combinations of protocols, programming interfaces, and network devices, but this flexibility comes at the price of performance. Layer transitions can be costly in time and programming effort. Each layer may use a different abstraction for data storage and transfer, requiring data transformation at every layer boundary. Layering also restricts information transfer. Hidden implementation details of each layer can cause large, unforeseen impacts on performance.Also, the number of programming interfaces and protocols is small: there are two programming interfaces (Berkeley Sockets and the System V Transport Layer Interface) and only a few data transfer protocols (TCP/IP and UDP/IP) in widespread usage. This paucity of distinct layer combinations means that the generality of the multi-layer organization is wasted. Reducing the number of layers traversed in the communications stack should reduce or eliminate these layering costs for the common case of data transfer.

          2.3 Complicated Memory Management

          Current TCP/IP implementations use a complicated memory management mechanism. This system exists for a number of reasons. First, a multi-layered protocol stack means packet headers are added (or removed) as the packet moves downward (or upward) through the stack. This should be done easily and efficiently, without excessive copying. Second, buffer memory inside the operating system kernel is a scarce resource; it must be managed in a space-efficient fashion.
          https://www.usenix.org/legacy/publications/library/proceedings/ana97/full_papers/rodrigues/rodrigues_html/node2.html

          • The term PDU is used to refer to the packets in different layers of the OSI model. Thus PDU gives an abstract idea of the data packets. The PDU has a different meaning in different layers still we can use it as a common term. To give a clear picture:-

              The PDU of Transport Layer is called as a Segment.
              The PDU of Network Layer is called as a Packet.
              The PDU of the Data-Link Layer is called Frames.
          https://www.geeksforgeeks.org/difference-between-segments-packets-and-frames/
















          No comments:

          Post a Comment