Data link layer + Network layer connections - networking

I'm reading up on networking and there is something about the layer 2+3 OSI model interaction i don't get. I want first to understand the basics so feel free to keep it simple.
Lets say we have a LAN - 5 computers all connected to a router which is connected to an ISP router.
1.
one of the PC on the LAN wishes to send a message to another PC on the same LAN(they are both connected to the local router but not to each other directly) -
is there layer 3 encapsulation in use here?
if not - and we only use the layer 2 information, what is the path the message will go through? is it PC1->PC2 , or PC1->Router->PC2.
if it is going through the router - what information is added in each message transaction?
and if not - do PC's on the same LAN (connected to the same router in some layer 2 protocol) aware of each other? can they message each other although they are not connected directly
2.
one of the PC on the LAN wishes to send a message to a PC outside the LAN (way way outside).
i understand it goes PC1->Router->ISP Router -> ......... -> recipient local router -> recipient
which entity adds the layer 3 data? is it the router? PC1? ISP router?
when will this information be needed? since all single transaction is connected by devices who can talk between them self's in layer 2 protocols? (PC1 talks to it's router in level 2 protocol, so does Router to ISP router... etc?)
any further information worth adding will be appreciated.
Thanks!

Is there layer 3 encapsulation in use here? Yes it is! The two computers are connected in a network created by your router, which is a Network Layer Device. When the sender sends a packet it doesn't know where is the receiver (in LAN or in Internet), so it prepares to send the packet as usually. Then the router checks his table and knows that the receiver is connected with it, but until this happened everything was going on normally. So, the thing you have to understand is this: while it is a communication between two machines, all the protocols of each layer must be accomplished. If the computers would be connected with a switch, a Data Link Layer device, the authentication would be made with their MAC addresses instead of their IPs, so there is not a Network Layer here(obviously no layer 3 encapsulation ) but this is not your case.
That's a long story to tell how the packets travel from sender to receiver. But in general, there are two important information that each packet should have: the address of the destination machine(Network Layer), and an identifier of the process that should receive the packet in the destination machine (Transport Layer). If it is the first time that the machines communicate with each other, the router connected with the sender broadcasts that packet in all its outbound lines, and so on with the routers which receive this packet, until the destination is reached. After the first packet has been sent the routers keep records on their tables how to locate each machine in the best way possible. This will make broadcast unnecessary next times. So, the packet reached the destination. The receiver probably has a lot of processes opened in that time (open your Task Manager -> Processes to see what I'm talking about). This is where T.L protocols appear. They use the identifier in the head of the packet to address the packet in the right process. And than the communications goes on with Application Layer Protocols.
I hope that this is a useful information for you. If you really want to study this things I would suggest you Computer Networks of Andrew Tanenbaum.

If I understand OSI right - it's just an abstraction. http://en.wikipedia.org/wiki/OSI_model#Description_of_OSI_layers Your messages send in packets which is Transport layer. Those messages are built by means of Network layer. If there wasn't this layer packages data(information you send) wouldn't know how to encapsulate into a package.
if it is going through the router - what information is added in each message transaction
Each package consist service fields http://en.wikipedia.org/wiki/Transmission_Control_Protocol#TCP_segment_structure
Each time it passes throw a router, router adds information to a header (IP ...) to let the package receiver know where it came from ( it's network layer, because you don't add this information by yourself, it does network for you)

Related

How exactly does an ethernet switch work?

I understand that it's different than a hub in that instead of packets being broadcasted to all devices connected to the device, it knows exactly who requested the packet by looking at the MAC layer.
However, is it still possible to use a packet sniffer like Wireshark to intercept packets meant for other users of the switch? Or is this only a problem with ethernet hubs that doesn't affect switches due to the nature of how a switch works?
On a slightly off topic side note, what exactly is classified as a LAN? For example, imagine two separate ethernet switches are hooked up to a router. Would each switch be considered a separate LAN? What is the significance of having multiple LAN's within the same network?
it knows exactly who requested the packet by looking at the MAC layer.
More exactly, the switch uses the MAC destination address to forward a frame to the port associated with that address. Addresses are automatically learned by looking at the MAC source address on received frames.
A switch is stateless, ie. is has no memory who requested which data. A layer-2 switch also has no understanding of IP packets, addresses or protocols. All a basic switch does is learn source addresses and forward by destination address.
is it still possible to use a packet sniffer like Wireshark to intercept packets meant for other users of the switch?
Yes. You'll need a managed switch supporting port mirroring or SPANning. This doesn't intercept frames, it just copies them to the mirror port. If you need to actually intercept frames you have to put your interceptor in between the nodes (physically or logically).
With a repeater hub, every bit is repeated to every node in the collision domain, making monitoring effortless.
what exactly is classified as a LAN?
This depends on who you ask and on the context. A LAN can be a layer-1 segment/bus aka collision domain (obsolete), a layer-2 segment (broadcast domain), a layer-3 subnet (mostly identical with an L2 segment) or a complete local network installation (when contrasted with SAN or WAN).
Adding to #Zac67:
Regarding this question:
is it still possible to use a packet sniffer like Wireshark to
intercept packets meant for other users of the switch?
There are also active ways in which you can trick the Switch into sending you data that is meant for other machines. By exploiting the Switch's mechanism, one can send a frame with a spoofed source MAC, and then the Switch will transfer frames destined to this MAC - to the sender's port (until someone else sends a frame with that MAC address).
This video discusses this in detail:
https://www.youtube.com/watch?v=YVcBShtWFmo&list=PL9lx0DXCC4BMS7dB7vsrKI5wzFyVIk2Kg&index=18
In general, I recommend the following video that explains this in detail and in a visual way:
https://www.youtube.com/watch?v=Youk8eUjkgQ&list=PL9lx0DXCC4BMS7dB7vsrKI5wzFyVIk2Kg&index=17
what exactly is classified as a LAN?
So indeed this is one of the least-well-defined terms in Computer Networks. With regards to the Data Link Layer, a LAN can be defined as a segment, that is - a broadcast domain. In this case, two devices are regarded as part of the same segment iff they are one hop away from one another - that is, they can switch frames in the second layer.

OSI Layer 2 encryption

I'm currently for a side project trying to setup a VPN with 2 linux box doing the encryption/decryption.
At the moment, I work on layer 3 with the linux framework xfrm (IP packets from host 1 are transformed into ESP when passing through the first box before being sent to host 2, decryption being done on the second box).
I'd like to act directly on layer 2 so I can remove the IP address of my boxes. I think I can do that by setting up ethernet bridges on each box, using netfilters hooks to redirect frames to a socket where a userspace program would do the encryption of the ethernet frames payload (transform the IP packets into ESP).
|Host 1|==|Ethernet Bridge|==Router --- (network not secure) --- Router==|Ethernet Bridge|==|Host 2|
Problem I have with this implementation lies in throughput as I think all these actions would greatly reduce it. Are there other ways I could implement what I'm looking for ?
Layer-2 only works from host-to-host (your router is just a host to layer-2) on a LAN. layer-2, including layer-2 encryption, does not cross a layer-3 device, e.g. router. MACsec (IEEE 802.1AE) is used for layer-2 encryption.
Layer-3 is used to connect LANs, and if you want end-to-end encryption from one LAN to another LAN, you need to encrypt on a layer higher than layer-2. Routers strip layer-2 frames from the packets, switch the packets, then create a new frame for the next hop. The next hop may not use MAC addresses; PPP is common for ISP connections, it doesn't use MAC addresses, and the frames are very different than ethernet. Unless you control all the links between the LANs, you need to encrypt at a high layer.
You're right, deploying a layer 2 VPN is costly (in the sense that you have to pay for internet bandwidth) and most of the time useless, since there are few applications that won't work without being on the same LAN.
What you will get with a layer 2 VPN is mostly broadcasts, things like SMB out-of-the-box name resolution (does not apply if you have to connect to an AD server or have a WINS server), DLNA, SPX/IPX or LAN-only games will work seamlessly, on the other hand your perception on having to relay lots of possibly useless information will also be correct.
Maybe the solution you're looking for is to use ebtables , which is a layer 2 firewall akin to iptables relating to layer 3 in such way that you can drop some packets while accepting others before relaying it over VPN/internet/etc.
PPP just one layer 2 protocol, there's nothing special about it, some VPN gateway use it (namely PPtP VPNs), others don't.

Writing client-server application in global network

I know, how to write a C# application that works through a local network.
I mean I know, how to make my client-side application access my server-side application in a single local network.
But I wonder: How do such apps, as Skype, TeamViewer, and many other connect via global network?
I apologise, if this question is simple or obvious, but I couldn't find any information about this stuff.
Please, help me, I'll be very grateful. Any information is accepted - articles, plain info, books,and so on...
Question is very wide and I try to do short overview.
Following major difference between LAN (Local Area Network) and WAN (Wide Area Network):
Network quality:
LAN is more or less stable, WAN can be with network issues like:
Packet loss (you need use loss-tolerant transport like TCP or UDP with retransmits or packet loss concealment)
Packet jitter (interpacket intervals may differ a lot from sending part). Most common thing is packets bursts.
Packet reordering
Packet duplication
Network connectivity
WAN is less stable than LAN. So you need properly handle all things like:
Connection stale
Connection loss
Errors in the middle of the connection (if you use UDP for example)
Addresses:
In WAN you deal with different network equipment between client and server (or peers in case of peer-to-peer communication). You need to take in account:
NATs - most of the clients are behind NAT and you need to pass them through. According technics are called "NAT traversal"
Firewalls - may ISP has own rules what client can do or can't. So if you do something specific like custom transport protocol you may bump into ISP firewalls.
Routing - especially multicast and broadcast communication. In common case multicast is not possible to route. Broadcasts are never routed. So you need to avail this type of communication if you want to use WAN.
May be I forgot something. But these points are major. You can read many articles about any of them.

Capturing data packets in closed LAN

In my college lab, all the PCs are connected via a hub. I want to capture data packets using Wireshark, but it only displays the interface of my own PC. How can I capture the packets of other PCs?
I've tried all the interfaces, and I can't get it to work.
Odds are you're connected to a switch rather than a hub. The problem there is that only packets intended for your network card's hardware (MAC) address and broadcast packets will be sent to your PC. The switch remembers the hardware address of devices plugged into it and performs packet forwarding based on those addresses. This vastly increases the potential bandwidth of your network segment, but makes snooping on other traffic more difficult. You will need to perform what's called ARP cache poisoning. Basically you need to trick every other computer connected to the switch to send its traffic to you rather than its true destination. You will then need to forward those packets not actually for you onto the correct destination otherwise it will take down the entire segment you're on and people will get nosy.
This type of redirection is possible, but it seems like you'll need to do quite a bit more research and understand exactly what is going on before attempting it. To get started, look into the Address Resolution Protocol; understand what a "layer 2" switch is doing; find out how to inject and reroute packets on the network; think about the consequences of getting caught.
If you're serious about moving forward, check out http://www.admin-magazine.com/Articles/Arp-Cache-Poisoning-and-Packet-Sniffing for some starting tips.

C: packet send to a specific device (mobile devices)

How is a packet received by a wireless devices with thousands of users/devices connected to the same network?
If we are using UDP, will it send the packets to all the devices such that only the authenticated devices will accept the packets and others would reject?
How does the situation change if we use TCP instead of UDP?
UDP and TCP are the same as they are higher layer protocols.
Majorly simplified, but the device opens a tunnel to a GSN (Gateway Serving Node) which is a server installed at the carrier. Which GSN to use is based on the APN (Access Point Name) supplied when the tunnel (PDP context) is requested. The tunnel is assigned an IP address at the GSN and that is the address used for IP communication. Packets will be filtered at the GSN and routed to the specific device. Traffic is tunneled between the GSN and the device using telecom specific protocols. Packets are not broadcast out to all devices and then filtered there.
Ps. I phrased the answer using GPRS terms. Other 2.5/3/4G protocols use the same structure but sometimes have different names.
what you mean by authenticated user?
are you concentrating in application level ? or at lower layers of the n/w?
even it is UDP , it should be thought of sending it to specific IP.even in complex n/w each s/m is an unique entity
Rohith Gowda , actually if you are concentrating on udp packets at Application level (either java, c# ...) u creates the packets for specific ip and sends to an IP,( which is the recivers ip) and the reciver have to grab it , i think you actually want this right? and no need to fear about others with different ip than what you are sending to, because you are in abstracted APP Layer, your doubt will be look after by lower layers.if you want an additional snooping proof just encode the data that you want to send
one Example is (in java)
DatagramPacket (UDP) can be created by invoking a new instance of
DatagramPacket(packet data [],offset ,length ,address* ,port* )
look at the last 2 params they specify the SeverAddress and the Port of transmit to the server
i think you are now clear that the destination server with the ip (Sever-address) listening at the particular port can grab it.

Resources