Basic Networking & Cyber Security Training designed for beginners

1. Networking & Cyber Security
SagarWalvekar
Sales & Service Manager
@ BackboneTechnologies (India) Private Limited
9326979672
1

2. Computer Networks
2

3. Use of Computer Network
3

4. History
• 1948 – 1st Commercial Computer Installed in UNIVAC
• 1958 – 1st Communication Satellite by USA
• 1964 – SABRE Air Lines reservation system on Packet
Switching Network.
• 1969 – ARPANET- Advance Research Project Agency
Network, 1st Packet Switching NW begins Operational
• 1971 – 1st Computer chip with 4 bits & 2300 Transistors
4

5. History
• 1972 – Ethernet Specification Formulated
• 1974 – IBM Introduces SNA (System NW Architecture)
• 1975 – Altair 8800 1st Commercial Microprocessor sold as a kit
• 1975 – Microsoft wrote BASIC language Interpreter for Altair
• 1976 – Steve Job`s & Woznaik built APPLE & APPLE computer
formulated
• 1979 –VISICALC 1st Commercial Spread sheet introduced
• 1981 IBM Introduces IBM PC with floppy drive
5

6. • 1983 – TCP /IP becomes the official protocol on
ARPANET
• 1984 – Apple Introduces GUI with Apple MAC
• 1986 – LAPTOP Introduced
• 1988 – OS2 Shipped 1st Multitasking OS
• 1989 – Intel 486 Introduces
• 1989 – NSF (National Science Foundation) replaces
ARPANET as internet Backbone
• 1991 – WWW invented by CERN – (Team Bareness Lee)
• 1992 – Mosaic releases 1st GUI Web Browser
• 1995 – Netscape goes from startup to $2.5 BN in 1 year
• 2000 - .COM Melt down
6

7. What is bit , Byte, Kilo , Mega, Giga,
Bit b 0 or 1
Byte B 8 Bits
Kilo K 2^10 1000
Mega M 2^20 10000
Giga G 2^30 100000
Tera T 2^40 1000000
Peta P 2^50 10000000
Exa E 2^60 100000000
Zetta Z 2^70 1000000000
Yotta Y 2^80 10000000000 7

8. Definition of Network
• Connection of Two or More Computers with each
other. Which can be geographically located any
where.
• There are many components that can be part of
network .
Example –
Hosts-Nodes (Computers , Servers, Printers)
Networking Devices (Switches, Routers )
Shared Peripherals (Printers , Cameras , Scanners)
Media ( Cabling, Wireless)
8

9. Networking Components
9

10. Networking Components
• Host`s – (Nodes) – It is generic term for most of end user devices
they sends & receives traffic directly Across the Network. They have
an IP address. e.g. -> PC, Server, NW Printer
• Shared Peripherals – They are not directly connected to the
Network but are connected with the host`s & rely on the hosts to
perform all operations . e.g. ->Local Printer`s Scanner`s
• Networking Devices – These devices connects to other devices ,
mainly host`s these devices moves & control`s the traffic . e.g. ->
Hub, Switch , Router`s
• Networking Media - It Provides connection between Host`s &
Networking Devices. . e.g. -> Wire (Copper / Fiber) , Wireless
(Radio Waves)
10

11. Networking Media - Cables
Coaxial Cable
11

12. • Coaxial Cable –
It has a single copper conductor in the center. A plastic
layer provides insulation between the center conductor
& braided metal shield. The metal shield helps to block
any out side interference. This is encapsulated in the
Plastic Jacket. Uses BNC Connector`s
Use in Bus Topology. Thinnet & Thicknet
• Thinnet – 10Base2 => 10 Mbps Max Distance 200 Meters.
• Thicknet – 10Base5 => 10Mbps- Max Distance 500 Meters.
Commonly used in Cable Network`s
12

13. UTP - CABLE
13

14. • Each Cable has a copper conductor separately
insulated wire.
• A pair of 2 cables is twisted together to reduce
EMI & Cross Talk
• More the twist lesser the EMI & Cross Talk
• Often bundled into 2 or 4 Pairs of twisted cable
• 4 Pair cable (8 Cables) is used in Networking.
• General Colors are as Follows
Orange White / Orange
Green White / Green
Blue White / Blue
Brown White /Brown
14

15. Types Of UTP Cable
(Categories – CAT)
Category Max. Data Rate Usage
CAT 1 Less Than 1 Mbps Used for analog telephone communication. Not
suitable for transmitting the Data
CAT 2 4 Mbps Mainly Used in IBM Token ring Networks
CAT 3 10 Mbps Used in 10Mbps Network
CAT 4 16 Mbps Used in Token Ring Networks
CAT 5 100 Mbps Used in 100 Mbps Network
CAT 5e 1000Mbps Used in 100/1000 Mbps Network
CAT 6 1000Mbps Used in 100/1000 Mbps Network, Fastest till the
date. There is a separator between the cable pairs
CAT 7 1000 Mbps + Immerging.(Under Testing)
15

16. Fiber Optic Cable.
16

17. Fiber Optic Cable
• Glass or plastic core Optical Fiber of 2 to 125 µm
• Cladding is an insulating material
• Jacket is protective Cover
• Laser Light or LED is a Light source for the
Transmission
• Used in long distance communication.
• Grater capacity
• Lower Attenuation, No EMI affects
17

18. Types of Fiber Optic Cable
1. Multimode –
Multimode fibers have large cores, usually either
50μ or 62.5μ
Designed to carry multiple light ray`s or mode at
the same time. Each ray at slightly different
reflection angle within the optical fiber core.
They are able to carry more data than single
mode fibers though they are best for shorter
distances (500 Meters)because of their higher
attenuation levels.
18

19. 19

20. 2. Single Mode –
Single Mode fibers have a small glass core,
typically around 9μ.
Designed to carry single Light ray at a time.
Single Mode fibers are used for high speed
data transmission over long distances.
They are less susceptible to attenuation than
multimode fibers so carries data for longer
distance. (Many KM`s)
20

21. Single Mode Fiber
21

22. • The term wireless networking refers to technology
that enables two or more computers to
communicate using standard network protocols,
but without network cabling.
• Radio waves are used as carrier.
• Typical indoor ranges are 150-300 feet, but can be
shorter if the building construction interferes with
radio transmissions. Longer ranges are possible, but
performance will degrade with distance.
• Outdoor ranges are quoted up to 1000 feet, but
again this depends upon the environment.
Wireless (Radio Waves)
22

23. Types of Wireless
• Base Station : all communication through an
access point .Other nodes can be fixed or mobile.
• Infrastructure Wireless : base station network is
connected to the wired Internet.
• Ad hoc Wireless :: wireless nodes communicate
directly with one another.
• MANETs (Mobile Ad Hoc Networks) :: ad hoc
nodes are mobile.
23

24. Types of Wireless NW
ad-hoc
• The Computer with wireless cards are directly
connected with each other.
24

25. Wireless with Base station
All wireless Nodes are connected to a Access Point
(Wireless Switch / Router)
25

26. Mixed- Hybrid Network
26

27. Wireless Standards
• 802.11a offers speeds with a theoretically
maximum rate of 54Mbps in the 5 GHz band
• 802.11b offers speeds with a theoretically
maximum rate of 11Mbps at in the 2.4 GHz
spectrum band
• 802.11g is a new standard for data rates of up
to a theoretical maximum of 54 Mbps at 2.4
GHz.
27

28. Wireless Network Standards
28

29. 29

30. Network Topologies
The Representation of computers
connected in the Network
Three Common Topologies –
1. Bus
2. Ring
3. Star
4. Mesh
30

31. BUS Topology
31

32. BUS Topology
• Point to Point Network.
• Shared Broad Cast Link
• Each Pair of communicating node uses the ink
for a short time, other nodes ignores the
communication.
• Computers must be synchronized to allow
only one computer to transmit at a time.
• Information sent from node travels along the
backbone till it reaches to destination node
• Each end must be terminated.
32

33. 1. Thin Ethernet –
10Base2 (10 Mbps up-to 200 Meters)
Maximum no of connection per segment - 30 devices
2.Thick Ethernet –
10Base5 (1o Mbps up-to 500 Meters)
Maximum no of connection per segment - 100
ADVANTAGES DISADVANTAGES
Inexpensive to install Backbone breaks whole network
down
Easy to add stations Limited number of devices can be
attached
Uses Less cable than other
topologies
Difficult to isolate the problems
Used for smaller Networks Sharing same cable slows the speed
33

34. Star Topology
34

35. – Each Node is connected to the central device
(Switch / Hub), Which is a junction which joins all
different nodes together.
– The Switch takes the signal from the incoming
node & passes to the other node on the network
Advantages Disadvantages
Easy to install and wire. Requires more cable length than a Bus
topology.
No disruptions to the network when
connecting or removing devices.
If the hub, switch, or concentrator fails,
nodes attached are disabled.
Centralized management helps in
monitoring the network & Easy to detect
faults
More expensive than linear bus topologies
because of the cost of the hubs, etc.
As compared to Bus topology it gives far
much better performance, signals don’t
necessarily get transmitted to all the
workstations.
Performance and as well number of nodes
which can be added is depended on
capacity of central device.
35

36. Extended Star Topology
36

37. Ring Topology
37

38. • In a ring topology network computers are
connected by a single loop of cable, the data
signals travel around the loop in one direction,
passing through each computer.
• One method of transmitting data around a
ring is called token passing. The token is
passed from computer to computer until it
gets to a computer that has data to send.
When the data reaches to the destination the
data is taken out & the empty token is passed
to another device to use
38

39. Double Ring
• If there is a line break,
or if you are adding or
removing a device
anywhere in the ring
this will bring down the
network, so double ring
is used if one ring goes
down other is used
39

40. ADVANTAGES DISADVANTAGES
Data is quickly transferred
without a 'bottle neck'
Because all stations are wired
together, to add a station you must
shut down the network temporarily.
The transmission of data is
relatively simple as packets
travel in one direction only
Data packets must pass through every
computer between the sender and
recipient Therefore this makes it
slower.
All devices have equal access.
It prevents network collisions
Not commonly used Less Devices are
available. Used in WAN
40

41. Mesh Topology
41

42. A Mesh topology Provides each device with a point-to-point
connection to every other device in the network. These are
most commonly used in WAN's, which connect networks over
telecommunication links. Mesh topologies use routers to
determine the best path.
Mesh networks provide redundancy, in the event of a link
failure, meshed networks enable data to be routed through
any other site connected to the network. Because each device
has a point-to-point connection to every other device,
mesh topologies are the most expensive and difficult to
maintain. Mesh networks are self-healing: the network can
still operate even when a node breaks down or a connection
goes bad. As a result, a very reliable network
42

43. ADVANTAGES DISADVANTAGES
Improves Fault tolerance Expensive
Carries More Data Difficult to install & Maintain
Used in WAN
43

44. Topologies Overview
• Bus – Easier to Install But Not Reliable. As if a
cable cut whole network goes down.
• Ring – more data speed due to
synchronization, but goes down if a cable cut.
or a host is down.
• Star – Easier to manage & more robust so it`s
a more commonly used in LAN. Disadvantage
is it requires more cable
• Mesh topology – Used in WAN
44

45. 45
Fiber Optic Cable Connectors

46. Cabling Standard
46

47. Straight Through & Cross Cabling
• Straight Through Cable is
used to connect devices.(E.g.
Switch to computer)
47
• Cross Over Cable is used to
connect two similar types of
Devices (e.g. Computer to
Computer)

48. UTP Network Tools
CABLE Tester /LAN Tester : This tool is Used for Testing the Cable for
Faulty cable, It allow you to verify connection from Point to Point &
Verify The correct pin-out. By making sure all of the LED`s glows in
proper Manner
Crimping Tool used to Crimp the connectors.
Punch Down Tool : Used to Punch the Cable in IO Connector.
48

49. Fiber Network Tools
time-domain reflectometer When you need to accurately find the
length of any cable; a short, a break or an open fault in a very long
cable; a cable that is buried or a cable that is energized, look no
further than the Snap Shot.
Finds cable length or distance to fault from one end up to 3000 feet
Easily measures cable distance on spool
An optical time-domain reflectometer (OTDR) is
an optoelectronic instrument used to characterize an optical fiber. An
OTDR is the optical equivalent of an electronic time domain
reflectometer. It injects a series of optical pulses into the fiber under
test and extracts, from the same end of the fiber, light that is
scattered (Rayleigh backscatter) or reflected back from points along
the fiber. The scattered or reflected light that is gathered back is used
to characterize the optical fiber.
49

50. Network Devices
• Network Interface Card (NIC / LAN Card)
• Repeater
• Hub
• Bridge
• Switch
• Router
• Gateway
• Transceivers
• Modem
• ISDN (Integrated Service Digital Network)
• Firewall 50

51. Network Card
(LAN Card/ Network Interface Controller)
51

52. • Network Interface Card, or NIC is a hardware card installed in a
computer so it can communicate on a network. The network adapter
provides one or more ports for the network cable to connect to, and
it transmits and receives data onto the network cable.
• Every Ethernet network device has a unique 48-bit serial number
called a MAC Address .which is stored in read only memory
• MAC – Media Access Controller Address – It is a is the hardware
address of a device
• 48-bits Address written as 12 hexadecimal digits. Format varies:
00-05-9A-3C-78-00, 00:05:9A:3C:78:00, or 0005.9A3C.7800.
• 00-05-9A-3C-78-00, The 1st three Numbers are given by the
Manufacturer & remaining three are given by the IEEE
• MAC Address is also known as Physical Address , Ethernet Hardware
Address (EHA)
52

53. Repeater
53

54. Repeater - Physical layer - (layer 1) device
• The Signal Sent over the Network gets weaken after
traveling the long distance.
• Repeaters repeat signals - Clean and boost digital
transmission
• Cannot reformat, resize, or manipulate the data
• repeater helps to extend network reach by
regenerating weak signals,
54

55. HUB – Layer 1 Device
55

56. -HUB -
• Connect several networking devices together with
the cable.
• Different devices are connected with the hub to
the individual ports.
• Hubs can be considered multiport repeaters.
• When one computer transmits a digital signal onto
the network media, the signal is amplified and
transmitted (Broadcasted) to all other devices that
are plugged into the hub
56

57. Types of HUB
1) Passive Hubs - do not amplify the electrical signal of
incoming packets before broadcasting them out to
the network they just receives the information and
forwards it with out any change
2) Active Hubs – Amplifies the incoming signal before
broadcasting them on the network. These are called
as multiport Repeater
3) Intelligent Hub - Provides with the ability to manage
the network from one central location it contains
remote management software to help determine
possible network problems and isolate them via
SNMP (Simple Network Management Protocol)
support. 57

58. Bridges – Layer 2 – Data Link Layer
58

59. Bridge
• A network bridge is a hardware device used to
create a connection between two separate
computer networks or to divide one network
into two. Both networks usually use the same
protocol.
• Bridges inspect incoming traffic and decide
whether to forward or discard it. Routing table
is built to record the segment no. of address
• If destination address is in the same segment as
the source address, stop transmit
• Otherwise, forward to the other segment
59

60. Advantages & Disadvantages of Bridge
• Advantages
 Extend physical network
 Reduce network traffic with
minor segmentation
 Creates separate collision
domains
 Reduce collisions
• Disadvantages
 Slower that repeaters
due to filtering
 More expensive than
repeaters
 Do not filter broadcasts
60

61. Switches - Data Link layer
61

62. Switches – works at Layer 2, Data Link layer
• Switches are core of the Network
• Increase network performance
• Virtual circuits between source and destination
these Multiple virtual circuits are called “switched
bandwidth”
• switches can run in full-duplex mode. This means
that the computer and switch can both transmit and
receive simultaneously.
• The biggest difference between a switch and a hub
is that when a computer transmits a digital signal to
a hub, it’s then sent to all ports attached to that
hub, whereas a switch will send it only to the
specific port where the destination MAC address is
located. 62

63. Switches basically perform three tasks:
• Learning-The switch learns MAC addresses by
examining the source MAC address of each frame
it receives. By learning, the switch can make good
forwarding choices in the future.
• Forwarding or filtering-The switch decides when to
forward a frame or when to filter (not forward) it
based on the destination MAC address. The switch
looks at the previously learned MAC addresses in
an address table to decide where to forward the
frames.
• Loop prevention-The switch creates a loop-free
environment with other bridges by using Spanning
Tree Protocol (STP).
63

64. Switches -
• Switches Provides Micro-Segmentation
Switches divides a network into several isolated channels.
called as collision domains. A switch creates a dedicated
path for sending and receiving transmissions with each
connected host. Each host then has a separate collision
domain and a dedicated bandwidth and need not be
shared with other channels.
• Benefits of Micro segmentation
o Multiple data streams passes simultaneously.
o Ethernet LAN switch improves bandwidth by separating
collision domains and selectively forwarding traffic to the
appropriate segments. 64

65. Collision Domain
65

66. Collision Domains
66

67. Working of Switch
• Switches reduce network overhead by forwarding traffic from one
segment to another only when necessary. To decide whether to
forward a frame, the switch uses a dynamically built table called a
bridge table or MAC address table.
• When The switch receives the frame it examines the address table
to decide whether it should forward or filter the frame.
• The filter-versus-forward decision works best when the switch
knows where all the MAC addresses are in the network. Switches
dynamically learn the MAC addresses in the network to build its
MAC address table. With a full, accurate MAC address table, the
switch can make accurate forwarding and filtering decisions.
Switches build the MAC address table by listening to incoming
frames and examining the frame’s source MAC address. If a frame
enters the switch, and the source MAC address is not in the
address table, the switch creates an entry in the table. The MAC
address is placed in the table, along with the interface in which the
frame arrived.
67

68. • The following list provides a quick review of the basic
logic a switch uses:
• A frame is received.
• If the destination is a broadcast or multicast, forward
on all ports except the port on which the frame was
received.
• If the destination is a unicast, and the address is not
in the address table, forward on all ports except the
port on which the frame was received.
• If the destination is a unicast, and the address is in
the address table, and if the associated interface is
not the interface on which the frame arrived, forward
the frame out the one correct port.
• Otherwise, filter (do not forward) the frame.
68

69. Forwarding -
• When PC G sends the Data
to PC B. With destination
MAC Address
33:34:35:BA:BC:BD
• The Hub sends the data to
all ports. The Switch also
receives the data on Port
FE 1. It decides to forward
the frame to Port FE 3
where PC B is located
69

70. Filtering -
• When PC G sends the Data
to PC F. With destination
MAC Address
55:B1:E4:D6:F7:E3
• The Hub sends the data to
all ports. The Switch also
receives the data. The
Switch decides to filter (Not
to forward) it as received
the frame on Port FE1, and
it knows PC F located on the
same Hub on Port FE1 &
already has received the
frame
70

71. Types of Switches
• Unmanaged Switches
It's not designed to be configured they are
automatically configured. Unmanaged switches
have less network capacity than managed
switches. You'll usually find unmanaged switches
in home networking equipment.
Speed - in 10/100 Mbps switch all the ports will
work on either 10 Mbps or 100 Mbps. It will
automatically detect the speed & set the port
speed.
71

72. Managed switch
• allows you to set configuration things like Speed, Duplexing, VALN, QoS etc..
• The switch monitor and control various aspects of the switch’s operation
from a remote computer. The switch can alert you when something goes
wrong with the network, and it can keep performance statistics so that you
can determine which parts of the network are heavily used and which aren't
• Managed : Configurable, allow to set configuration - VLAN.Speed,Duples,QoS
• Speed- Each Port is configurable to certain speed, You can set a port speed to
10/100/1000
• Duplex - Can be configurable to Half/Full Duplex e.g 100Mbps Half DUplex or
100 Mbps Full Duplex
• Trunk: The Ports used to connect the multiple switches. These are other than
your normal ports. they have speed up to 10Gbps.
• VLAN - its Only Possible to create VALN on Managed Switches
72

73. VLAN
A LAN is Local area Network and its defined as all the
devices are in same broadcast domain
VLAN is Virtual LAN – it’s a broadcast domain created by
switches, VALN1 default VALN of the switch & all the ports
are in the same VALN i.e. in same broadcast domain. VLAN
can only be configured on Managed Switches.
VLAN's allow logically segment a LAN into different
broadcast domains(It allows you to separate the ports on
switch into different networks), Since this is a logical
segmentation and not a physical one, workstations do not
have to be physically located together. Users on different
floors of the same building, or even in different buildings
can now belong to the same LAN.
73

74. • Devices in the different VLAN`s cannot
communicate to each other unless there is a
router or layer 3 switch in between.
• VALN`s offer higher performance because they
limit broadcast. VALN`s also provides security as
you are putting the devices on different VALN`s
• Trunk Ports – When there is a link between two
switches or a Router & a switch that carries the
traffic of more than one VALN that port is a
trunk port , the Trunk port must run special
trunking protocol
74

75. Advantages & Disadvantages of Switch
Advantages
• Hardware-based bridging
[application specific integrated
circuits (ASIC)]
• Low latency
• Increase available network
bandwidth
• Reduced workload, computers
only receive packets intended
for them specifically
• Increase network performance
• Smaller collision domains
• Disadvantages –
 More expensive than
hubs and bridges
 Does not filter broadcast
traffic
75

76. TRUNK PORTS
• If multiple switches are connected in the
network they connect using the trunk ports if
any computer sends data & it on the same
switch it sends to the trunk ports to send it to
other switch on the network.
• They can communicate up to 10Gbps
• They usually use a Fiber SFP (Small Form
Factor Pluggable) Moduls.
76

77. 77

78. LAN
• LANs are designed to operate within limited geographical area
• Allow multi-access to high bandwidth media
• Control the network privately under local administration
• Provide full-time connectivity to local services
• Connects physically adjacent devices
• Uses Following NW Devices
78

79. WAN
• WANs are designed to operate in large geographical area
• Operating under lower speed
• Connects devices separated over wide , even global areas
• Uses following NW devices
79

80. Bandwidth
• A range of frequencies within a given band, in particular that used for
transmitting a signal.
• Bandwidth represents the capacity of a network connection for
supporting data transfers.
• Computer network bandwidth is measured in units of bits per second
(bps).Kilobits per Second (kbps) , Megabits Per Second (Mbps),
Gigabits Per Second (Gbps)
80

81. Transmission Modes
Transmission Modes
Simplex Half Duplex Full Duplex
81

82. Half Duplex
• It uses only one wire pair with a digital signal running in
both directions on the wire.
• It also uses the CSMA/CD protocol to help prevent collisions
and to permit retransmitting if a collision does occur.
• If a hub is attached to a switch, it must operate in half-
duplex mode because the end stations must be able to
detect collisions.
• Half-duplex Ethernet—typically 10BaseT—is only about 30
to 40 percent efficient because a large 10BaseT network
will usually only give you 3 to 4Mbps—at most
82

83. Full Duplex
• Full duplex means you can send and receive at
the same time
• 4 Pair Cable is used in Full Duplex , 1 pair of
conductors is used to send data and the other to
receive data. Each pair are also twisted around
• full duplex will give you a performance boost
because you no longer have to wait for 1 host to
finish sending before you start to send your data
83

84. Type Of Transmission
Transmission Modes
Unicast Broadcast Multicast
84

85. 85

86. TCP/IP
TCP/IP Protocol is made up of TCP & IP Protocol (TCP/IP is a
protocol suit which has multiple protocols working in it) IP
controls the routing of information to different devices in
Network. So it is called as IP Address. IP works on LAYER 3 in OSI
Model & TCP on Layer 4
The IP Protocol is Routable protocol it allows to divide huge
network in to smaller sub networks. By using the router you can
connect multiple smaller networks. IP does the work of finding
the devices on the network, where TCP controls the
communication between them.
86

87. 87

88. 88

89. OSI MODEL - Protocols
89

90. The physical layer defines electrical and physical specifications for
devices.
It defines the relationship between a device and a transmission
medium, such as a copper or optical cable or wireless.
This includes cable specifications, PIN layouts , Electric Impulses ,
Conversion of DATA to SIGNAL / SIGNAL to DATA takes place on this
layer
Network Cards, works on Layer 1 (Physical Layer)
PDU : bits
Layer -1-Physical Layer
90

91. Layer-2-Data Link Layer
This is a Second Level in 7 layer OSI Model, Layer 2 specifies the
transmission of frames between connected nodes on the physical layer.
(Point to Point),
MAC Addresses are used to Transfer the data in Layer 2
As its name suggests, this layer is concerned with the linkages and
mechanisms used to move data about the network, Topology, such as
Ethernet or Token Ring, and deals with the ways in which data is reliably
transmitted.
PPP (Point to Point Protocol), HDLC (High Level Data Link Control) , &
Token Ring Protocols works on Layer 2
Hubs, Repeaters, Layer 2 Switches Works on Layer 2
PDU : Frames
91

92. MAC Address
• Media Access Control Address is globally unique Address.
• MAC Address is 48-bits Address written as 12 hexadecimal digits, e.g
00:05:9A:3C:78:00
• it is generally written as It is a string of six sets of two-digits or characters,
Separated by colons. (Writing formats varies: 00-05-9A-3C-78-00, or
0005.9A3C.7800.
• A MAC address is given to a network adapter when it is manufactured it is
hard coded in the Network Interface Controller (NIC) (Ethernet Card).
Example in MAC ID 00:05:9A:3C:78:00, The first 24 Bits (1st Three Numbers ,
1st 3 Octets, first 3-bytes ) are called as OUI (Organization Unique
Identifier) these are assigned by IEEE to the Manufacturer, he remaining
three Bits are given by the Manufacturer.
• It is also called as Physical Address, Hardware Address
92

93. This layer is also called as IP Layer as IP address are used to transfer
the data in this Layer. IP addresses are logical addresses bind with the
MAC Addresses. They can be changed any time.
Functional mean of layer3 is to transfer DATA through one or more
networks. In layer 3 also we are sending DATA to single Point but
Layer 3 allows us to take that DATA & route it to different Network.
This is the layer on which routing takes place. The Network layer
defines the processes used to route data across the network and the
structure and use of logical addressing.
Routers , Layer 3 Switch , IP Protocols , work on Layer 3
PDU : Packet
Layer-3-Network Layer
93

94. DATA Communicating In Layer 1-3
94

95. DATA FLOW THROUGH NETWORK
95

96. Layer-4-Transport Layer
This layer provides Management & Control the Data packets received , the
Packets are segmented on Layer 4
The transport layer provides transparent transfer of data providing reliable data
transfer services to the upper layers, as well as the disassembly and assembly
of the data before and after transmission. The transport layer controls the reliability of
a given link through flow control
TCP(Transfer Control Protocol) & UDP (User Datagram Protocol) are the Protocols are
used in Transport Layer. TCP is connection oriented Protocol & UPD is connection less
Network Protocol.
TCP:- HTTP,HTTPS,SSL,SSH
UDP:- IP Telephony, VC, Video Streaming.
All the Protocols are based on TCP or UDP
,
96

97. This layer is the traffic control layer, Layer 1 to 4 are
dealing with sending DATA, layer 5 the Session layer
Manages that particular data string we this layer
Establishes, Manages & Terminates the connection
between computers (Local and remote)
IT regulates the communication, i.e. who can send
how much can send this way its coordinates the
communication
Layer-5-Session Layer
97

98. Layer-6-Presentation Layer
This layer is concerned with data representation and
code formatting. It transforms data into the form
that the application accepts.
This layer formats and encrypts/decrypts the data to
be sent across a network
This is Independent from different DATA
Representations
98

99. It is network Access Layer, It helps to synchronize the
communication. It Determines the network resources
The Application layer provides services to the software
through which the user requests network services e.g.->
SMTP: for Sending receiving the mails
HTTP : Browsers for Browsing the Web Pages
FTP clients ,Mail clients
Layer-7- Application Layer
99

100. OSI Layers -Open Systems Interconnect
100

101. All People Seem To Need Data
Processing
• Application All
• Presentation People
• Session Seem
• Transport To
• Network Need
• Datalink Data
• Physical Processing
101

102. PLEASE DO NOT TELL SECRET
PASSWORDS ANYTIME
• Physical Please
• Datalink Do
• Network Not
• Transport Tell
• Session Secret
• Presentation Password
• Application Anytime
102

103. Windowing Process
• The DATA is sent in form of the Packets over the network. When the two devices found each other on
network . The computer A sends one Packet on the Network to the Server Labeled as Packet 1.
• The Server Reply with the acknowledgement that he received the Packet 1. As the computer now knows
that he can communicate with the server. He will send Packet No 2 & 3 to server , the server acknowledge
that It has receive the 2 packets & last packet received is 3
• Now the Computer A will double the number of Packets & will send packet No 4,5,6 & 7 . The server
receives the packets & acknowledge that he received 4 Packers & last packet he received is 7. So as long as
the communication is occurring the Computer will keep doubling the packets each time. If something
occurs in between & Server acknowledges that the last packet he received is not in sequence the Computer
A will start the windowing process again by sending single Packet at time.
103

104. IP Address
• An Internet Protocol address (IP address) is a numerical label assigned to
each device on a computer network. IT uses Internet Protocol for
communication. These are logical addresses either given statically or
provided by a DHCP server.
• An IP address serves two functions: host or network
Interface identification and location addressing.
• IP address is a 32 bit binary address e.g. 192.168.1.1 , computers does not
understand the number 192.168.1.1, as they only can understand electrical
signals. They only can understand on or off .1 or 0 in binary language.
• On in Binary is represented by 1 & Off by 0. IP Addresses are string of 0`s &
1`s written in Binary format e.g as IP 4 is 32 bit address you have 32 1`s &
0`s like this : 010110100 010110100 010110100 010110100
• These 32bits are divided into four sections called octets, this is because
each section has eight numbers. IP addresses are usually written and
displayed in human-readable notations, such as 172.16.254.1
104

105. Components of IP Address :
Every computer on the network needs an IP Address 192.168.1.10
,202.54.10.18,10.2.5.1,
IP Address have 2 Portions 1- Network Portion & 2 - Host Portion, The Subnet Mask
separates the Network Address & Host Address. When an IP address is configured
sunbet mask is assigned along with the IP address
Subnet Mask: it way to logically subnet a Network, Subnet Mask separates the IP
Address & logical Address.i t signifies which part of IP address id Network ID & which Is
Host ID
E.g. 255.255.0.0,255.255.255.0,255.0.0.0.
Default Gateway : this is a router of your network, its used for go out of your local
network.
DNS Address : it is used for maps Domain Names to IP Address
Eg. google.com - 172.217.166.174
105

106. IP Address Class
• IP addresses are divided into number of ranges which are as follows
127.0.0.1 Range is called as a Loop Back Adapter A loopback address is a type of IP
address that is used to test the communication or transportation medium on a local
network card and/or for testing network applications.
106
CLASS Range Network &
Host Part
Default Subnet
mask
Total # Of Bits
For Network
ID / Host ID
Number of Possible
Network IDs
# Of Host IDs Per
Network ID
A 1-126
e.g. 126.0.0.1
0XXXXXXX
N.H.H.H 255.0.0.0 8 / 24 27-2 = 126 224-2 =
16,277,214
B 128-191
e.g. 128.9.25.12
10XXXXXXX
N.N.H.H 255.255.0.0 16 / 16 214 = 16,384 216-2 = 65,534
C 192-223
e.g. 192.168.1.1
110XXXXX
N.N.N.H 255.255.255.0 24 / 8 221 = 2,097,152 28-2 = 254
D 224-239 Not in used commercially used to special purpose
E 240.255

107. Public & Private IP Address
• All hosts that are directly connected to internet requires a unique
public IP Address
• Because of limited number of 32bit IP addresses are available there
is risk of running out of IP addresses.
• Some IP addresses are reserved for use extensively inside the
organization, these are called as Private IP Addresses , this allows
hosts to communicate inside the organization without need of
public IP addresses
107
CLASS No. of Network No,
Reserved
Network Addressees
A 1 10.0.0.0 to 10.255.255.255
B 16 172.16.0.0 to 172.31.255.255
C 256 192.168.0.0 to 192.168.255.255

108. Networking Commands
It is useful to know the network commands to analyse or configure your TCP/IP networks
1) PING : Packet Internet Groper : Ping is a Function That Uses ICMP Protocol, Ping Is Used
In Networking To Check The Reachability or Connectivity. Device Sends An ICMP (Internet
Control Message Protocol) Echo Message To The Destination For Which, We Are Trying To
Check The Reachability. If an ICMP Echo Reply Comes Back Then Devices Knows That There
Is Bi-Directional Reachability
Example : - C:> ping 192.168.0.1 or C:> ping admin.local
108

109. Ping Command Swathes:
C:> ping 192.168.0.1 - t
The -t option to ping continuously until Ctrl-C is pressed.(it is used to check the up & downtime)
C:> ping 192.168.0.1 - l 1024 192.168.1.1
This command is also useful to generate network load by specifying the size of the packet
with the -l option and the packet size in bytes
109

110. Ping Command Swathes:
If pinging the host name & did not get any response, but for the same device if we ping
with IP address & we get response its a some problem with DNS
C:> ping –a 192.168.0.1 it resolves thee IP to host Name will give you the computer name
of the IP (if DNS Server is present)
C:> ping –n 500 192.168.0.1
-n < count > Sets number of echo requests to send.
C:> ping –s 3 192.168.0.1
-s < count> Timestamp for count hops. (1-4)
110

111. TRACERT
This command is used for used for check if we able to connect to destination , traceroute is
a computer network diagnostic tool for displaying the route (path) and measuring transit
delays of packets from source to destination
C:>tracert 4.2.2.2
TRACERT Switches
C:>tracert -h 5 4.2.2.2 (This will limit the hop count to Max 30)
111

112. TRACERT
Some time with get atrix (*) in place of IP this means these devises are configured not to
show the IP information for security reason,
C:>tracert -d 4.2.2.2 (This will not resolve IP to host name. it saves time )
112

113. Netstat
• Netstat command is used for getting the information on open connections on your local computer
(Ports/Protocols being used etc.) , incoming & outgoing of data & also the ports of remote systems to which
one is connected, netstat gets all this information by reading the kernel routing table in the memory.
• Netstat / Switches –a,-b,-c,-e, o,-n,-s
• Netstat –a
• -a option is used to check the open ports on the local system ,it also returns the remote system to which we
are connected to
• In above TCP Protocol is using on local system 192.168.1.2 local port 27605 is opened & used to connect the
remote system 192.168.1.4 on Port 3431 & connection is established.
• Netstat – n works the same function only it does not resolve the name.
113

114. • -b option is gives the Process ID or the Application name which is running on the Open Port.
• Eg. On TCP Protocol is running on 192.168.1.2 on Port no 52310 is connected with bom7.xxxx
with HTTP protocol the connection is established & Chrome.exe is using that port
114

115. • -p option is gives the details about specific protocol
• -e option is gives interface statistics
115

116. • - r shows the active routing table.
116

117. Allway use computr by user, if at lall any attak
offense it will be limited to resources allocate
to that particular usr & admin can patch that
part or otherwise , user can be deleted but if
you use the admin login attack happens entire
system security compromise
117

118. 118
Protocol TCP/UDP Port
No.
Description
File Transfer
Protocol (FTP)
TCP 20/21 FTP is File Transfer Protocols FTP control is handled
on TCP port 21 and its data transfer can use TCP
port 20 as well as dynamic ports depending on the
specific configuration.
Secure Shell
(SSH)
TCP 22 SSH is the primary method used to manage network
devices securely at the command level. It is typically
used as a secure alternative to Telnet which does
not support secure connections.
Telnet TCP 23 Telnet is the primary method used to manage
network devices at the command level it simply
provides a basic unsecured connection.
Simple Mail
Transfer
Protocol
(SMTP)
TCP 25 SMTP is used for two primary functions, it is used to
transfer mail (email) from source to destination
between mail servers
Domain Name
System (DNS)
TCP/UDP 53 The DNS is used widely on the public internet and
on private networks to translate domain names into
IP addresses
Common Protocols and Their Port Numbers

119. Common Protocols and Their Port Numbers
119
Dynamic Host
Configuration
Protocol
(DHCP)
UDP 67/68 DHCP is used to Automatically Provide IP Addresses
to the devices on the network.
Trivial File
Transfer
Protocol (TFTP)
UDP 69 TFTP stands for Trivial File Transfer Protocol. It is
defined in RFC783. It is simpler than FTP, does file
transfer between client and server process but does
not provide user authentication and other useful
features supported by FTP
Hypertext
Transfer
Protocol
(HTTP)
TCP 80 HTTP is the main protocol that is used by web
browsers and is thus used by any client that uses
files located on these servers.
Post Office
Protocol (POP)
version 3
TCP 110 POP version 3 is one of the two main protocols used
to retrieve mail from a server. POP3 allows client to
retrieve the complete contents of a server mailbox
and then deleting the contents from the server.
Internet
Message
Access
Protocol
TCP 143 IMAP version3 is the second of the main protocols
used to retrieve mail from a server. but it keeps
copy of the mail on the server & allows users to
make a folders & keep mails in the Folder.

120. Common Protocols and Their Port Numbers
120
Simple
Network
Management
Protocol
(SNMP)
TCP/UDP 161/162 SNMP is used by network administrators as a
method of network management. SNMP has a
number of different abilities including the ability to
monitor, configure and control network devices
Hypertext
Transfer
Protocol over
SSL/TLS
(HTTPS)
TCP 443 HTTPS is used in conjunction with HTTP to provide
the same services but doing it using a secure
connection which is provided by either SSL or TLS.
RDP TCP 3389 Remote Desktop Protocol, to Manage the desktops
remotely
In computer networking, a port is an endpoint of communication in an operating system.
While the term is also used for physical devices, in software it is a logical construct that
identifies a specific process or a type of network service..There are 65,536 ports. The ports
from 0 to 1023 are considers “system ports” and are generally where you will find common
services like DNS, SMTP and HTTP. Higher number ports are considered “dynamic” and will
be assigned on an as needed basis (or are assigned by the program needing network
services).

121. Malware/Virus
• Malware – Malicious Software : software designed to destroy your data
Types of Malware 1) Viruses 2) Worm 3) Trojans
• Virus Definition : Malicious code or program written to alter the way a
computer operates and that is designed to spread from one computer
to another.
• Virus Attacks to file when you execute the file the virus gets activates. is
designed to spread from host to host and has the ability to replicate
itself .
• A virus operates by inserting or attaching itself to a legitimate program
or document that supports macros in order to execute its code
• A virus can be spread by opening an email attachment, clicking on
an executable file, visiting an infected website or viewing an infected
website advertisement. It can also be spread through infected
removable storage devices, such USB drives. Once a virus has infected
the host, it can infect other system software or resources, modify or
disable core functions or applications, as well as copy, delete
or encrypt data. Some viruses begin replicating as soon as they infect
the host, while other viruses will lie dormant until a specific trigger
causes malicious code to be executed by the device or system.
• Antivirus is used to stop & remove the virus 121

122. Virus
• There are five recognized types of viruses:
1) File infector viruses : File infector viruses infect program files. These viruses normally infect executable code, such
as .com and .exe files. The can infect other files when an infected program is run Many of these viruses are memory
resident. After memory becomes infected, any uninfected executable that runs becomes infected. Examples of known
file infector viruses include Jerusalem and Cascade.
2) Boot sector viruses : Boot sector viruses infect the system area of a disk--that is, the boot record on hard disks
Examples of boot sector viruses are Form, Disk Killer, Michelangelo, and Stoned.
3) Master boot record viruses : Master boot record viruses are memory resident viruses that infect disks in the same
manner as boot sector viruses Examples of master boot record infectors are NYB, AntiExe, and Unashamed.
4) Multipartite viruses : Multipartite (also known as polypartite) viruses infect both boot records and program files.
These are particularly difficult to repair. If the boot area is cleaned, but the files are not, the boot area will be
reinfected. The same holds true for cleaning infected files. If the virus is not removed from the boot area, any files
that you have cleaned will be reinfected. Examples of multipartite viruses include One_Half, Emperor, Anthrax and
Tequilla.
5)Macro viruses : These types of viruses infect data files. They are the most common and have cost corporations the
most money and time trying to repair. With the advent of Visual Basic in Microsoft's Office 97, a macro virus can be
written that not only infects data files, but also can infect other files as well. Macro viruses infect Microsoft Office
Word, Excel, PowerPoint and Access files, Examples of macro viruses include W97M.Melissa, WM.NiceDay, and
W97M.Groov.
122

123. Worms
• this malicious program category is exploiting operating system vulnerabilities
to spread itself. In its design worm is quite similar to a virus Worm does not
attached to any file they get , they does not require any human interaction to
spread on the network worms can reproduce/duplicate and spread by itself -
during this process worm does not require to attach itself to any existing
program or executable. In other words it does not require any interaction for
reproduction process - this capability makes worm especially dangerous as
they can spread and travel across network having a devastating effect on both
the host machines, servers as well consuming network bandwidth.
• The most common categorization of worms relies on the method how they
spread:
• email worms: spread through email massages - especially through those with
attachments
• internet worms: spread directly over the internet by exploiting access to open
ports or system vulnerabilities
• network worms: spread over open, unprotected network shares
• multivector worms: having two or more various spread capabilities
• Eg. Sobing,Iloveyou,Blaster,Sasser
123

124. Trojans
• Trojan Horse hides malware in what appears to be a normal file, Most Trojans are
typically aimed at taking control of a user’s computer, stealing data and inserting
more malware on to a victim’s computer.
• Trojans can look like just about anything, if you download any thing from a un rusted
website, any program, game, movie, song file anything. Even an advertisement
might try to install something on your computer.
• Backdoor Trojan - These Trojans can create a “backdoor” on a users’ computer,
allowing the attacker access to the machine in order to control it, upload stolen data
and even download more malware onto the computer.
• Downloader Trojan - The main purpose of these Trojans are to download additional
content onto the infected computer, such as additional pieces of malware.
• Info stealer Trojan - This Trojan’s main objective is to steal data from the infected
computer.
• Remote Access Trojan - This Trojan is designed to give the attacker full control over
the computer.
• Distributed Denial of Service (DDoS) Attack Trojan - This Trojan performs DDoS
attacks, which are designed to take down a network by flooding it with traffic.
124

125. Adware / Spyware
• Adware :
• Advertising Software : when you visit any website as an onslaught of
advertisements either pops up, slides in from the side, or otherwise inserts itself to
interrupt and even redirect your intended activity. And no matter how much you
click to close those windows, they keep buzzing you advertisement. redirect your
search requests to advertising websites and collect marketing-type data about you –
for example, the types of websites that you visit – so that customized adverts can be
displayed. It generates revenue for its developer by automatically generating online
advertisements in the user interface .Some Popups insert malware in your system
• To stop this Disable Popups
• Spyware
• Spying Software : Spyware is software that is installed on a computing device
without the end user's knowledge. Spyware is software that aims to gather
information about a person or organization without their knowledge, that may send
such information to another entity without the consumer's consent. That includes
capturing keystrokes, screen shots, authentication credentials, personal email
addresses, web form data, Internet usage information, and other personal
information, such as credit card numbers.
125