How does the network and transport layer work with other layers to communicate data? Explain the...

1.)

From the perspective of network applications, the transport layer is the underlying communication infrastructure. Of course, there is more to the communication infrastructure than just the transport layer. For example, the network layer lies just below the transport layer in the protocol stack. Whereas a transport layer protocol provides logical communication between processes running on different hosts, a network layer protocol provides logical communication between hosts. This distinction is subtle but important. Let's examine this distinction with the aid of a household analogy.

In this example, the postal service provides logical communication between the two houses - the postal service moves mail from house to house, not from person to person. On the other hand, Alice and Bob provide logical communication between the cousins - Alice and Bob pick up mail from and deliver mail to, their brothers and sisters. Note that, from the cousins' perspective, Alice and Bob are the mail service, even though Alice and Bob are only a part (the end system part) of the end-to-end delivery process. This household example serves as a nice analogy for explaining how the transport layer relates to the network layer:

• hosts (also called end systems) = houses
• processes = cousins
• application messages = letters in envelope
• network layer protocol = postal service (including mail persons)
• transport layer protocol = Alice and Bob

The Internet, and more generally a TCP/IP network, makes available two distinct transport-layer protocols to the application layer. One of these protocols is UDP (User Datagram Protocol), which provides an unreliable, connectionless service to the invoking application. The second of the these protocols is TCP (Transmission Control Protocol), which provides a reliable, connection-oriented service to the invoking application. When designing a network application, the application developer must specify one of these two transport protocols.

Before preceding with our brief introduction of UDP and TCP, it is useful to say a few words about the Internet's network layer. The Internet's network-layer protocol has a name - IP, which abbreviates "Internet Protocol". IP provides logical communication between hosts. The IP service model is a best-effort delivery service. This means that IP makes its "best effort" to deliver segments between communicating hosts, but it makes no guarantees. In particular, it does not guarantee segment delivery, it does not guarantee orderly delivery of segments, and it does it guarantee the integrity of the data in the segments. For these reasons, IP is said to be an unreliable service. As we that every host has an IP address. we need only keep in mind that each host has a unique IP address.

Having taken a glimpse at the IP service model, let's now summarize the service model of UDP and TCP. The most fundamental responsibility of UDP and TCP is to extend IP's delivery service between two end systems to a delivery service between two processes running on the end systems. Extending host-to-host delivery to process-to-process delivery is called application

multiplexing and demultiplexing. UDP and TCP also provide integrity checking by including error detection fields in its header. These two minimal transport-layer services - host-to-host data delivery and error checking - are the only two services that UDP provides! In particular, like IP, UDP is an unreliable service - it does not guarantee data sent by one process will arrive in tact to the destination process.

TCP, on the other hand, offers several additional services to applications. First and foremost, it provides reliable data transfer. Using flow control, sequence numbers, acknowledgments and timers. TCP's guarantee of reliable data transfer ensures that data is delivered from sending process to receiving process, correctly and in order. TCP thus converts IP's unreliable service between end systems into a reliable data transport service between processes. TCP also uses congestion control. Congestion control is not so much a service provided to the invoking application as it is a service for the Internet as a whole - a service for the general good. In loose terms, TCP congestion control prevents any one TCP connection from swamping the links and switches between communicating hosts with an excessive amount of traffic. In principle, TCP permits TCP connections traversing a congested network link to equally share that link's bandwidth. This is done by regulating the rate at which an the sending-side TCPs can send traffic into the network. UDP traffic, on the other hand, is unregulated. A an application using UDP transport can send traffic at any rate it pleases, for as long as it pleases.

A protocol that provides reliable data transfer and congestion control is necessarily complex. We will need several sections to cover the principles of reliable data transfer and congestion control, and additional sections to cover the TCP protocol itself.

2.)

The Address Resolution Protocol (ARP) is a communication protocol used for discovering the link layer address, such as a MAC address, associated with a given internet layer address, typically an IPv4 address. This mapping is a critical function in the Internet protocol suite.

ARP is responsible for resolving the logical IP address into the hardware address for the network layer. (Note that an ARP packet is not an IP packet, and works below that layer.) If the destination IP address is on the same subnet as the source host, then IP will use ARP to determine the hardware address of the destination host. If the destination IP address is on a remote subnet, then ARP will be used to determine the hardware address of the default gateway. The ARP cache, a table of translations between IP address and hardware, stores its entries dynamically and flushes them after a short period of time.

The Data Link Layer

ARP flooding is another ARP Cache Poisoning technique aimed at network switches. While not effective on all switches, some will drop into a hub-like mode when the CAM table is flooded. This occurs because the switch is too busy to enforce its port security features and broadcasts all network traffic to every computer in the network. This technique is particularly useful in MITM attacks, where the goal is to impersonate one of the hosts in a connection. In WinArpAttacker, conducting an ARP flood is as simple as clicking the checkboxes next to the host you wish to flood, clicking on the attack icon in the toolbar, and selecting the Flood option.

The network layer performs two key functions: routing (determining the packet path) and addressing. The network layer address provides a transparency to allow different data link "networks" to be inter-networked (hence the name). To facilitate internetworking, most LANs have a dedicated computer (a gateway) to handle messages to and from the outside world. Gateways (or routers) exchange information to help determine the best path to use to send data. Determining the best route is a complicated process based on such factors as distance, bandwidth, and cost. To help simplify the process, a number of protocols have been developed to standardize the process including (RIP, OSPF, and BGP).

IP addresses act a bridge between human-readable addresses and hardware-readable addresses. Changing IP addresses into data link addresses is known as address resolution protocol (ARP). At present, two varieties of IP are in use, IPv4 and the newer IPv6. There are also network messages for transmitting to multiple computers (IGMP) and sending status information (ICMP).

The transport layer performs three key functions: packetizing, addressing (determining which application should receive the data/response), and "session" management (negotiating and updated transmission rates to accommodate both sender and receiver).

Packetizing is necessary to ensure that the application layer messages are compatible with the data link protocol in terms of size. For example, Ethernet has a maximum data size of 1500 bytes, so sending a 3MB file will require that the file be split up into parts.

TCP addresses, in conjunction with IP addresses, allow multiple instances of the same application (e.g., two Internet Explorer Windows) to communicate properly. On the client side, the transport layer creates a new ID for each application instance (the port number) so that each application can be uniquely identified. This allows you to run an email client and a Web browser using the same IP address. On the server side, these port numbers let the server know which of its running applications is being addressed.

Finally, session management includes a number of methods of "structuring" the conversation between the sending and receiving computers. For example, if some data loss is acceptable (for instance, streaming audio), then the receiver doesn't need to waste time asking for that missing packet. In this case UDP can be used instead of TCP. The transport layer includes functions for adjusting transmission rates so that the receiving computer is not "overrun" by data during the conversation.

While each network interface card (NIC) has a permanent data link layer address, each computer connected to the Internet also has a network [IP] address assigned by the network. Network addressing is very similar to post office mail. In TCP/IP networks, 4 network "addresses" are needed for successful communications.

1. The computer's own network [IP] address (the proper "return address" for receiving replies)
2. The subnet mask so the computer knows whether a destination address is inside or outside of its subnet (similar to a ZIP code to determine whether to use the "local" or "out of town" mailbox).
3. The gateway's network [IP] address for messages with destinations outside of the subnet (i.e., the location of the "out of town" mailbox)
4. The Domain Name Server (DNS) address for looking up unknown addresses (similar to business "Yellow pages").

IP Name Resolution

• IPconfig /displaydns to display the server name resolution table; IPconfig /flushdns to clear the table.
• arp -a to display the the data link layer address resolution table.

Some importance of static vs dynamic addressing

Dynamic IP addresses are assigned by DHCP server of the access point. Static IP addresses are usually assigned manually. Static IP addresses are useful if you run a server type content on your device which need to be accessed remotely. You can still access those content with a Dynamic IP address but that address may change every time you re-establish the connection. But usually, the same address is assigned almost every time in practical situation. However it cannot be guaranteed to have the same address all the time. If you need to run a very reliable service this is not ideal. An static address will be a better choice. Also there are some services called dynamic DNS which monitors the change of IP address, and update in their database. So you can access your server other without knowing the real IP address. But your device should support Dynamic DNS service to do this. Until recently, the Dynamic DNS service was free but they recently decided to charge a subscription fee. Anyway it's not expensive than having a static IP address.

Since the arrival of IPV6 everyone can have a static IP address totally free. Unfortunately most of the ISP networks still run on IPV4 and we can't expect that luxury for some long time. Also some IPSs keep relying on IPV4 eventhough their network is capable of IPV6 because they can earn extra money by selling static IP addresses.

Some IPSs use a method called ' natting' to assign an IP address to your device. These IP addresses are not public addresses and you can't access your server from internet eventhough you know your IP address.

Static IP addresses doesn't have any other special advantage.

Hope this helped!