Basic Networking Concepts Explained

My Shecodeafrica Cloud Devops Learning Path) Assessment: Level 2

2. 1 Describe hub, switch and Router

Hubs, switches, and routers are all computer networking devices with varying capabilities. Simply put, they are all devices that lets you connect one or more computers to other computers, networked devices, or even other networks. Each of them has two or more connectors called ports, into which you plug the cables to make the connection.

Hubs: A hub connects multiple wires/networks coming from different branches to all connected devices, in simple terms, Hubs are unintelligent network devices that pass on anything received on one connection to all other connections, without the ability to filter as such, it sends data packets to all connected devices.

Its job is very simple: anything that comes in one port is sent out to all other connected devices. That’s it. For instance, If a message comes in destined for computer “A”, that message is sent out to all the other ports, regardless of which computer “A” is. When computer “A” responds, its response also goes out to every other port on the hub. Every computer connected to the hub “sees” everything every other computer on the hub does. It’s up to the computers themselves to decide if a message is for them and whether or not it should be paid attention to. The hub itself is blissfully ignorant of the data being transmitted. A hub is the least expensive, least intelligent, and least complicated of the three.

Switch: A switch in my opinion is a more intelligent hub, because it basically does what a hub does, but more efficiently by paying attention to the traffic that comes across it, it learns which computers are connected to which port. Initially, a switch knows nothing, and simply sends on incoming messages to all ports just like a regular hub, but after accepting the first message, however, the switch learns and understands which connection the sender of the message is located. Thus, when device “A” responds to the message, the switch only needs to send that message out to the one connection i.e. device A. Switches learn the location of the devices they are connected to almost immediately. The result is, most network traffic only goes where it is needed rather than to every port. On busy networks, this can make the network significantly faster.

Router: A router is the smartest and most complicated of the three. A router is an advanced networking device that can be programmed to understand, accept and manipulate the data it handles. Routers help you to connect with multiple networks. It enables you to share a single internet connection with multiple devices and saves money. It also allows devices on your network to communicate with each other, as well as with other networks. This networking component of the router acts as a dispatcher, which allows you to analyze data sent across a network. This feature works automatically to select the best route for data to travel to and fro the network.

1.2 What is OSI Model

OSI stands for Open Systems Interconnection. It is a conceptual framework used to describe the functions of a networking system. The OSI model characterizes computing functions into a universal set of rules and requirements in order to support interoperability between different products and software. It is also a reference model which allows you to specify standards for communications. Simply put: The OSI model describes seven layers that computer systems can use to communicate over a network.

2.2 The 7 levels of the OSI Model Explained

We’ll describe OSI layers “top down” from the application layer that directly serves the end user, down to the physical layer.

7. Application Layer

The application layer is used by end-user softwares such as web browsers (eg google chrome) and email clients (eg yahoo mail and microsoft outlook). It provides protocols that allow softwares to send and receive information as well as other meaningful data to users. A few examples of application layer protocols are the hypertext transfer protocol (HTTP), File Transfer Protocol (FTP), Post Office Protocol (POP), Simple Mail Transfer Protocol (SMTP), and Domain Name System (DNS).

6. Presentation Layer

As suggested by the name itself, the presentation layer will present the data to its end users in the form in which it can easily be understood. Hence, this layer takes care of the syntax, as the mode of communication used by the sender and receiver may be different. It plays the role of a translator so that the two systems come on the same platform for communication and will easily understand each other. The data which is in the form of characters and numbers are split into bits before transmission by the layer. It translates the data for networks in the form in which they require it and for devices like phones, PC, etc in the format they require it.
The presentation layer prepares data for the application layer. It defines how two devices should encode, encrypt, and compress data so it is received correctly on the other end. The presentation layer takes any data transmitted by the application layer and prepares it for transmission over the session layer.
In summary; the layer basically performs data translation, compression and encryption at the sender’s end and data decryption at the receiver’s end.

5. Session Layer

The session layer creates communication channels, called sessions, between devices. It is responsible for opening sessions, ensuring they remain open and functional while data is being transferred, and closing them when communication ends. The session layer can also set checkpoints during a data transfer — if the session is interrupted, devices can resume data transfer from the last checkpoint. The session layer sets up, coordinates and terminates conversations between applications. Its services include authentication and reconnection after an interruption. This layer determines how long a system will wait for another application to respond. Examples of session layer protocols include Zone Information Protocol (ZIP) and Session Control Protocol (SCP)

4. Transport Layer

This layer guarantees an end to end error-free connection between the two different hosts or devices of networks. This is the first one which takes the data from the upper layer i.e. the application layer, and then splits it into smaller packets called the segments and dispenses it to the network layer for further delivery to the destination host. It ensures that the data received at the host end will be in the same order in which it was transmitted. It provides an end to end supply of the data segments of both inter and intra sub-networks. For an end to end communication over the networks, all devices are equipped with a Transport service access point (TSAP) and are also branded as port numbers.
A host will recognize its peer host at the remote network by its port number.
The two transport layer protocols include:

• Transmission control protocol (TCP)
• User Datagram Protocol (UDP)

In summary; the transport layer takes data transferred in the session layer and breaks it into “segments” on the transmitting end. It is responsible for reassembling the segments on the receiving end, turning it back into data that can be used by the session layer. The transport layer carries out flow control, sending data at a rate that matches the connection speed of the receiving device, and error control, checking if data was received incorrectly and if not, requesting it again.

3. Network Layer

The network layer has two main functions. One is breaking up segments into network packets, and reassembling the packets on the receiving end. The other is routing packets by discovering the best path across a physical network. The network layer uses network addresses (typically Internet Protocol addresses) to route packets to a destination node.

2. Data Link Layer

The data link layer establishes and terminates a connection between two physically-connected nodes on a network. It breaks up packets into frames and sends them from source to destination. This layer is composed of two parts — Logical Link Control (LLC), which identifies network protocols, performs error checking and synchronizes frames, and Media Access Control (MAC) which uses MAC addresses to connect devices and define permissions to transmit and receive data.

1. Physical Layer

The physical layer is responsible for the physical cable or wireless connection between network nodes. It defines the connector, the electrical cable or wireless technology connecting the devices, and is responsible for transmission of the raw data, which is simply a series of 0s and 1s, while taking care of bit rate control. The physical layer helps you to define the electrical and physical specifications of the data connection. This level establishes the relationship between a device and a physical transmission medium. The physical layer is not concerned with protocols or other such higher-layer items. Examples of hardware in the physical layer are network adapters, ethernet, repeaters, networking hubs, etc.

2.4 What is TCP/IP Model

The TCP/IP model refers to transmission control protocol and Internet protocol.

These protocols are simply a combination of the rules which regulate each communication over the network. These, in turn, decide the path to be followed for communication between the source and destination or the internet.

The TCP/IP Model consists of four layers which conclude the overall communication process.
The TCP/IP model is a concise version of the OSI model. It contains four layers, unlike seven layers in the OSI model. The layers are:

1. Process/Application Layer
2. Host-to-Host/Transport Layer
3. Internet Layer
4. Network Access/Link Layer

1. Network Access Layer –

This layer corresponds to the combination of Data Link Layer and Physical Layer of the OSI model. It looks out for hardware addressing and the protocols present in this layer allows for the physical transmission of data.

2. Internet Layer –

This layer parallels the functions of OSI’s Network layer. It defines the protocols which are responsible for logical transmission of data over the entire network. The main protocols residing at this layer are :

1. IP — stands for Internet Protocol and it is responsible for delivering packets from the source host to the destination host by looking at the IP addresses in the packet headers. IP has 2 versions:
   IPv4 and IPv6. IPv4 is the one that most of the websites are using currently. But IPv6 is growing as the number of IPv4 addresses are limited in number when compared to the number of users.
2. ICMP — stands for Internet Control Message Protocol. It is encapsulated within IP datagrams and is responsible for providing hosts with information about network problems.
3. ARP — stands for Address Resolution Protocol. Its job is to find the hardware address of a host from a known IP address. ARP has several types: Reverse ARP, Proxy ARP, Gratuitous ARP and Inverse ARP.

3. Host-to-Host Layer –

This layer is analogous to the transport layer of the OSI model. It is responsible for end-to-end communication and error-free delivery of data. It shields the upper-layer applications from the complexities of data. The two main protocols present in this layer are :

1. Transmission Control Protocol (TCP) — It is known to provide reliable and error-free communication between end systems. It performs sequencing and segmentation of data. It also has acknowledgment features and controls the flow of the data through flow control mechanism. It is a very effective protocol but has a lot of overhead due to such features. Increased overhead leads to increased cost.
2. User Datagram Protocol (UDP) — On the other hand does not provide any such features. It is the go-to protocol if your application does not require reliable transport as it is very cost-effective. Unlike TCP, which is a connection-oriented protocol, UDP is connectionless.

4. Application Layer –
This layer performs the functions of the top three layers of the OSI model: Application, Presentation and Session Layer. It is responsible for node-to-node communication and controls user-interface specifications. Some of the protocols present in this layer are: HTTP, HTTPS, FTP, TFTP, Telnet, SSH, SMTP, SNMP, NTP, DNS, DHCP, NFS, X Window, LPD.

1. HTTP and HTTPS — HTTP stands for Hypertext transfer protocol.
2. SSH — SSH stands for Secure Shell. It is a terminal emulation software similar to Telnet. The reason SSH is more preferred is because of its ability to maintain the encrypted connection. It sets up a secure session over a TCP/IP connection.
3. NTP — NTP stands for Network Time Protocol. It is used to synchronize the clocks on our computer to one standard time source. It is very useful in situations like bank transactions. Assume the following situation without the presence of NTP. Suppose you carry out a transaction, where your computer reads the time at 2:30 PM while the server records it at 2:28 PM. The server can crash very badly if it’s out of sync.

2.5 What is HTTP, UDP and TCP?

HTTP (Hypertext Transfer Protocol): is an application protocol for distributed, collaborative, hypermedia information systems that allows users to communicate data on the World Wide Web. It was invented alongside HTML to create the first interactive, text-based web browser: the original World Wide Web. Today, the protocol remains one of the primary means of using the Internet ( It is used by the World Wide Web to manage communications between web browsers and servers).
HTTPS stands for HTTP-Secure. It is a combination of HTTP with SSL(Secure Socket Layer). It is efficient in cases where the browser needs to fill out forms, sign in, authenticate and carry out bank transactions.
As a request-response protocol, HTTP gives users a way to interact with web resources such as HTML files by transmitting hypertext messages between clients and servers. HTTP clients generally use Transmission Control Protocol (TCP) connections to communicate with servers. HTTP utilizes specific request methods in order to perform various tasks. All HTTP servers use the GET and HEAD methods, but not all support the rest of these request methods:

• GET requests a specific resource in its entirety
• POST adds content, messages, or data to a new page under an existing web resource
• PUT directly modifies an existing web resource or creates a new URI if need be
• DELETE gets rid of a specified resource
• TRACE shows users any changes or additions made to a web resource
• OPTIONS shows users which HTTP methods are available for a specific URL
• CONNECT converts the request connection to a transparent TCP/IP tunnel
• PATCH partially modifies a web resource

TCP (Transmission Control Protocol): is a connection-oriented and reliable protocol. In this protocol, the connection is (first of all) established between the two hosts of the remote end, only then the data is sent over the network for communication. The receiver always sends an acknowledgment of the data received or not received by the sender once the first data packet is transmitted.
After receiving the acknowledgment from the receiver, the second data packet is sent over the medium. It also checks the order in which the data is to be received otherwise data is retransmitted. This layer provides an error correction mechanism and flow control. It also supports client/server model for communication.

UDP (User Datagram Protocol): is a connectionless and unreliable protocol. Once data is transmitted between two hosts, the receiver host doesn’t send any acknowledgment of receiving the data packets. Thus the sender will keep on sending data without waiting for an acknowledgment.
This makes it very easy to process any network requirement as no time is wasted in waiting for acknowledgment. The end host will be any machine like a computer, phone or tablet.
This type of protocol is widely used in video streaming, online games, video calls, voice over IP where when some data packets of video are lost then it doesn’t have much significance, and can be ignored as it doesn’t make much impact on the information it carries and doesn’t have much relevance.

2.6 What is a Firewall

A firewall is a (network security) device that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules. Its purpose is to establish a barrier between your internal network and incoming traffic from external sources (such as the internet) in order to block malicious traffic like viruses and hackers.

How Firewalls work:

Firewalls carefully analyze incoming traffic based on pre-established rules and filter traffic coming from unsecured or suspicious sources to prevent attacks. Firewalls guard traffic at a computer’s entry point, called ports, which is where information is exchanged with external devices. For example, “Source address 172.18.1.1 is allowed to reach destination 172.18.2.1 over port 22.”

IP addresses can be viewed as houses, and port numbers as rooms within the house. Only trusted people (source addresses) are allowed to enter the house (destination address) at all — then it’s further filtered so that people within the house are only allowed to access certain rooms (destination ports), depending on if they’re the owner, a child, or a guest. The owner is allowed into any room (any port), while children and guests are allowed into a certain set of rooms (specific ports).

Types of Firewalls

Firewalls can either be software or hardware, though it’s best to have both. A software firewall is a program installed on each computer and regulates traffic through port numbers and applications, while a physical firewall is a piece of equipment installed between your network and gateway.
Packet-filtering firewalls: the most common type of firewall, examine packets and prohibit them from passing through if they don’t match an established security rule set. This type of firewall checks the packet’s source and destination IP addresses. If packets match those of an “allowed” rule on the firewall, then it is trusted to enter the network.

Packet Filtering Firewalls: are divided into two categories: stateful and stateless. Stateless firewalls examine packets independently of one another and lack context, making them easy targets for hackers. In contrast, stateful firewalls remember information about previously passed packets and are considered much more secure.
While packet-filtering firewalls can be effective, they ultimately provide very basic protection and can be very limited — for example, they can’t determine if the contents of the request that’s being sent will adversely affect the application it’s reaching. If a malicious request that was allowed from a trusted source address would result in, say, the deletion of a database, the firewall would have no way of knowing that. Next-generation firewalls and proxy firewalls are more equipped to detect such threats.

Next-Generation Firewalls: combine traditional firewall technology with additional functionality, such as encrypted traffic inspection, intrusion prevention systems, anti-virus, and more. Most notably, it includes deep packet inspection (DPI). While basic firewalls only look at packet headers, deep packet inspection examines the data within the packet itself, enabling users to more effectively identify, categorize, or stop packets with malicious data.

Proxy firewalls: filter network traffic at the application level. Unlike basic firewalls, the proxy acts as an intermediary between two end systems. The client must send a request to the firewall, where it is then evaluated against a set of security rules and then permitted or blocked. Most notably, proxy firewalls monitor traffic for layer 7 protocols such as HTTP and FTP, and use both stateful and deep packet inspection to detect malicious traffic.

Network address Translation (NAT): firewalls allow multiple devices with independent network addresses to connect to the internet using a single IP address, keeping individual IP addresses hidden. As a result, attackers scanning a network for IP addresses can’t capture specific details, providing greater security against attacks. NAT firewalls are similar to proxy firewalls in that they act as an intermediary between a group of computers and outside traffic.

Stateful Multi-Layer Inspection(SMLI): They are firewalls filter packets at the network, transport, and application layers, comparing them against known trusted packets. Like NGFW firewalls, SMLI also examines the entire packet and only allows them to pass if they pass each layer individually. These firewalls examine packets to determine the state of the communication (thus the name) to ensure all initiated communication is only taking place with

2.7. Explain DNS

The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through domain names, like nytimes.com or espn.com. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources. Each device connected to the Internet has a unique IP address which other machines use to find the device. DNS servers eliminate the need for humans to memorize IP addresses such as 192.168.1.1 (in IPv4), or more complex newer alphanumeric IP addresses such as 2400:cb00:2048:1::c629:d7a2 (in IPv6).

2.7.1 How does DNS work?
The process of DNS resolution involves converting a hostname (such as www.example.com) into a computer-friendly IP address (such as 192.168.1.1). An IP address is given to each device on the Internet, and that address is necessary to find the appropriate Internet device — like a street address is used to find a particular home. When a user wants to load a webpage, a translation must occur between what a user types into their web browser (example.com) and the machine-friendly address necessary to locate the example.com webpage. In order to understand the process behind the DNS resolution, it’s important to learn about the different hardware components a DNS query must pass between. For the web browser, the DNS lookup occurs “ behind the scenes” and requires no interaction from the user’s computer apart from the initial request.

** There are 4 DNS servers involved in loading a webpage:

i. DNS Recursor :- The recursor can be thought of as a librarian who is asked to go find a particular book somewhere in a library. The DNS recursor is a server designed to receive queries from client machines through applications such as web browsers. Typically the recursor is then responsible for making additional requests in order to satisfy the client’s DNS query.

ii. Root Nameserver :- The root server is the first step in translating (resolving) human readable host names into IP addresses. It can be thought of like an index in a library that points to different racks of books — typically it serves as a reference to other more specific locations.

iii. TLD Nameserver:- The top level domain server (TLD) can be thought of as a specific rack of books in a library. This nameserver is the next step in the search for a specific IP address, and it hosts the last portion of a hostname (In example.com, the TLD server is “com”).

iv. Authoritative Nameserver:- This final nameserver can be thought of as a dictionary on a rack of books, in which a specific name can be translated into its definition. The authoritative nameserver is the last stop in the nameserver query. If the authoritative name server has access to the requested record, it will return the IP address for the requested hostname back to the DNS Recursor (the librarian) that made the initial request.

2.7 Define Latency
Latency is the time that passes between a user action and the resulting response. Network latency refers specifically to delays that take place within a network, or on the Internet. In practical terms, latency is the time between a user action and the response from the website or application to this action — for instance, the delay between when a user clicks a link to a webpage and when the browser displays that webpage.

2.8 Define Caching
Caching is defined as the process of storing copies of files in a cache, or temporary storage location, so that they can be accessed more quickly. A cache is a temporary storage area, for instance the files you automatically request by looking at a Web page are stored on your hard disk in a cache subdirectory under the directory for your browser. When you return to a page you’ve recently looked at, the browser can get those files from the cache rather than the original server, saving you time and saving the network the burden of additional traffic.
Technically, a cache is any temporary storage location for copies of files or data, but the term is often used in reference to Internet technologies. Web browsers cache HTML files, JavaScript, and images in order to load websites more quickly, while DNS servers cache DNS records for faster lookups and CDN servers cache content to reduce latency.

2.9 Explain Wireless Access Point
Wi-Fi is a wireless communication technology (or a networking device) that uses radio frequency waves to connect mobile devices to the internet and to allow communication between them without using actual cables. It’s like a wireless local area network that transmits and receives radio waves within devices based on IEEE 802.11 network standards. Wi-Fi operates on the traditional 2.4 GHz radio frequency band to connect devices within a fixed range. It is one of the most popular means of wireless communication and the best example of the wifi closeby. The router receives the signal coming from outside the network like your ISP and transmits it back to your mobile devices such as mobile or laptop.
It may be used to provide network connectivity in office environments, allowing employees to work anywhere in the office and remain connected to a network. In addition, WAPs provide wireless Internet in public places, like coffee shops, airports and train stations. Wireless access points are most commonly thought of in the context of the 802 series of wireless standards, commonly known as Wi-Fi.