RITx: Cybersecurity Fundamentals, Unit 4&5— Course notes


Xavier Briand
Mar 4, 2019 · 4 min read
OSI Layer 1&2: Ethernet

Ethernet is a family of networking technologies used for wired LAN and WAN networks.

An Ethernet packet (Layer 1) contains a Ethernet frame (Layer 2). An Ethernet frame is made of a MAC destination, a MAC source, a payload and a CRC error detecting code.

Ethernet was created for devices to communicate over a shared cable (think collision-prone radio systems). Since the communication happens on a same wire, any information sent is received by all; though the Network Interface Controller/Card (NIC) would only interrupt the CPU if it’s the packet’s recipient. The shared wired also means shared bandwidth.
Modern Ethernet networks connect devices to switches and use full-duplex. This create a fast, collision-free, star-shaped switched network.
Switched networks suffer from single point of failure, as they don’t allow for physical loops. Shortest Path Bridging (SPB) technology allows for physical loop while keeping the logical topology loop-free, thus enabling redundant and load-balanced mesh networks.

VLAN are an other example of logical segmentation of a same physical network.

Media Access Control (MAC) address


OSI Layer 3: Internet Protocol (IP)

IP address

IPv4 addresses

There is two notation to “extract” the network prefix:

  • Classless Inter-Domain Routing (CIDR) notation, adds a /followed by the bit-length of the prefix (eg.
  • Subnet mask (aka netmask) is a bitmask that when applied by a bitwise AND operation to an IP address yield the routing prefix (eg. and

Private Address ranges:;;

IPv6 addresses

In the case where IPv6 addresses map IPv4 address the following notation can be used: ::ffff: to represent IPv6 address ::ffff:c0a8:000A.

IPv6 networks use group of addresses with a size that is a power of two. They use CIDR notation.

Subnet communication

IPv4: Address Resolution Protocol (ARP)

The source broadcasts a request message on the network using the ARP protocol. If one of the recipient is the intended destination, it return a response message using unicast.

IPv6: Neighbor Discovery Protocol (NDP)

IP routing

The router has a routing table that contains information about the topology of the network immediately around it. The routing table associate network prefix with one of its NIC or an other router IP address (the next hop) to forward a message to.
Routing tables can be statically configured (eg. default route) and/or dynamically configured via routing protocols, like Interior Gateway Protocol (IGP).

In case of error (eg. no route associated to the destination’s network prefix), the router uses the Internet Control Message Protocol (ICMP) to send back an error message to the source of the message.

From a layer 2 perspective, each time a packet go through a router, its previous Ethernet frame gets thrown away and rebuilt.

Autonomous Systems (AS)

Within an autonomous system, routers share routing information and infer metrics to eventually decide what is the best way to forward a packet using IGP.
See Open Shortest Path First (OSPF) and Cisco’s Enhanced Interior Gateway Routing Protocol (EIGRP).

Exterior Gateway Protocol (EGP) enables routing from different autonomous system to exchange routing information with each other. Internet uses Border Gateway Protocol (BGP).

Network Address Translation (NAT)

OSI Layer 4: TCP/UDP

User Datagram Protocol (UDP): Connectionless (no flow-control)

Both ensure order of segments/datagrams.

