Workshops - TCP/IP architecture and infrastructure analysis

This course would help the audience to understand TCP/IP architecture in real time. A detailed analysis of the stack is performed coupled with design and architecture of common networking components including switches, routers and hubs involved in a TCP/IP infrastructure. This course would enable the audience to have a through understanding of traffic flow with associated protocols and components in a TCP/IP environment.

The training would involve real time scenarios condensed as questions and answers for the audience to be accustomed to situations in real time environments.

Layered Architecture

  • What is ISO ?
  • OSI v/s TCP/IP layers.
  • Who uses TCP/IP and OSI layers?
  • Definition of a protocol.
  • Functionality of protocol.
  • PDU at different layers.
  • Functionality at different layers.

Exploring the TCP/IP Network Interface layer architecture

  • Functionality of Network Interface layer
  • Protocols used in Network Interface layer
  • Definition and working of Ethernet.
  • Half duplex, full duplex and Fast Ethernet technologies
  • Mac-address- Functionality
  • Types of Mac-address – Unicast, Multicast and broadcast.
  • Dissecting an Ethernet Frame.

Exploring the TCP/IP Internet layer architecture

  • Functionality of Internet Layer
  • Protocols used in Internet Layer
  • IP protocol - Usage and architecture
  • IP address subnetting, network address derivation, CIDR and VLSM concepts concepts
  • Types of IP address – Unicast, Multicast and broadcast IP address.

Exploring the TCP/IP Transport layer architecture

  • Functionality of Transport layer.
  • Protocols used in the Transport Layer.
  • Reliable and Unreliable functionality.
  • Overheads involved.

Exploring the TCP/IP Application layer architecture

  • Functionality of the Application layer
  • Protocols used in the Application layer
  • Application programming Interface

Components in a network environment

Hubs

  • Hub Architecture – Internal implementation
  • Data in hubs.
  • How do hubs works - CSMA/CD process, back-off algorithm
  • Hubs, duplex and speeds.
  • Issues with Hubs
  • Interconnecting hubs.

Switch - Layer 2

  • Switch v/s Hubs
  • Switch architecture – Different types.
  • How does a switch process incoming data?
  • Input and output buffers in switches.
  • Layer 2 Frame receipt process and lookup in a switch.
  • Handling invalid frames.
  • Mac-address learning process – Creation of the MAC- Table
  • When does a switch flood frames
  • How is unicast, multicast and broadcast packets handled on a switch.
  • How do switches handle same mac-address from different clients
  • Layer 2 Loops and mitigation with STP
  • STP – Functionality and working.
  • Interconnecting switches
  • Interconnecting switches with hubs – Mac-learning process revisited.
  • Frames in transit.
  • VLAN – Definition
  • Controlling broadcast with VLAN
  • VLAN types – Tagging with 802.1q
  • Handling of tagged and untagged packets on a switch port
  • Trunk ports – Definition and usage.

Routers and Switches - Layer 3

  • Router architecture
  • Definition of a route
  • Route table creation on a router
  • Frame processing on a router.
  • Route lookup process.
  • The longest prefix situation
  • Frame discarding and addition
  • IP packet forwarding process
  • IP packet before and after passing through a router – Changes.
  • Types of routing – Static and Dynamic
  • Route metrics
  • Default routing and the default gateway
  • Routing v/s Layer 3 switching - Differences
  • Intervlan communication with routers and layer 3 switches.

Packet level analysis of common protocols with usage and functionality

  • ARP
  • ICMP
  • IP
  • TCP
  • UDP
  • FTP
  • DNS

Analysis of real time scenarios

1. Two PC’s are connected to an Ethernet switch. PC1 pings PC2. Analyze the traffic flow

  • Ping application data transfer to IP header
  • PC1 route lookup process on the local route table
  • ARP or not to ARP
  • Construction of IP packet on PC1
  • Construction of Frame on PC1
  • Frame processing on the switch port
  • Frame forwarding process
  • Frame receipt on PC2
  • PC2 frame processing
  • IP layer receipt of data
  • ICMP processing on PC2
  • Route lookup on PC2
  • IP packet creation PC2
  • ICMP response packet generation.on PC2

2. Two PC’s are connected to two different Ethernet switches. One switch is connected to LAN 1 interface of a router and the second switch to LAN 2 interface of a router. PC1 Telnets PC2. Analyze the traffic flow

  • Telnet application data transfer to TCP header
  • TCP 3 way handshake initiation.
  • PC1 route lookup process on the local route table
  • ARP to default gateway
  • Construction of IP Packet
  • Construction of Frame
  • Frame processing on switch and router port
  • The route lookup process on the router
  • ARP to PC2 from router
  • PC2 frame processing
  • IP Layer receipt of data
  • TCP Syn packet processing
  • Maintain state in TCP table
  • TCP Syn/Ack response to PC1.
  • IP packet creation for response

3. A PC is connected to an internet router. The user tries to access the website http://www.networkinterfaze.com. Analysis the traffic flow.

  • User types http://www.networkinterfaze.com
  • DNS Server entry verification
  • DNS cache verification
  • Route lookup process
  • The default route
  • DNS request packet
  • IP Packet creation
  • ARP to the default gateway
  • Frame creation process
  • Route lookup on the internet router
  • Packet traversal to DNS Server
  • DNS response packet from server
  • IP packet creation on server
  • Frame creation on Server
  • Packet processing on the PC
  • Http request packet generation request and response flow.
  • Socket creation process

Firewall

  • Firewall functionality
  • Types of Firewalls- Network layer and application layer based firewalls
  • Analyzing traffic flow through a firewall
  • Router as a firewall
  • Stateful and stateless firewalls – Functionality and implementation
  • Firewall placement in a network

VPN

  • Tunnel functionality
  • Basic and advanced tunneling
  • Types of VPN – IPSec and SSL
  • IPSec basic operation – transport and tunnel mode
  • Advantages and disadvantages of different tunnel types

NAT and Proxy servers

  • NAT functionality
  • Different types of NAT- Static, Dynamic, PAT
  • Proxy server functionality
  • Proxy server limitation.
  • Usage guidelines in a network

Network based Attacks

  • Spoofing attacks – Mac-based and IP based
  • ARP cache poisoning attacks
  • MITM attacks
  • DOS, DDOS
  • Live demonstration of certain attack types