301d8 read notes 01 - carlosjorr/reading-notes GitHub Wiki

What does “OSI” stand for?

"OSI" stands for Open Systems Interconnection. It is a conceptual framework that standardizes the functions of a communication system into seven different layers. Each layer has specific responsibilities and interacts with the layers above and below it to facilitate data communication between networked devices.

List the 7 layers of the OSI model and what each one is responsible for.

Physical Layer (Hardware layer):

Responsible for the transmission and reception of raw bit streams over a physical medium. Deals with physical connections, voltage levels, data rates, and other physical attributes of communication.

Data Link Layer (Hardware and Software layer):

Provides error-free transmission of data frames between nodes over the physical layer. Handles framing, error detection and correction, flow control, and access to the physical medium.

Network Layer (Software layer):

Establishes and manages logical connections between devices in different networks. Performs routing, addressing, and packet forwarding to ensure data reaches its intended destination.

Transport Layer (Software layer):

Provides reliable end-to-end delivery of data between applications running on different hosts. Handles segmentation, sequencing, flow control, and error recovery to ensure data integrity and completeness.

Session Layer (Software layer):

Establishes, manages, and terminates communication sessions between applications. Facilitates synchronization, checkpointing, and recovery of data exchange between applications.

Presentation Layer (Software layer):

Translates, encrypts, or compresses data in a format that can be understood by the application layer. Handles data representation, encryption, and compression to ensure interoperability between different systems.

Application Layer (Software layer):

Provides a network interface to applications for accessing network services. Supports application-specific protocols and enables users to interact with network services.

Distinguish which layers are the “hardware layers”, and which layers are the “software layers”. What does that even mean?

In the OSI model, the physical layer and the data link layer are considered hardware layers because they involve the physical components and electrical signaling of the network infrastructure. The remaining layers (network, transport, session, presentation, and application) are considered software layers because they involve protocols, software implementations, and logical processes that enable communication.

How can the OSI model be used in troubleshooting?

The OSI model can be used in troubleshooting network issues by providing a structured approach to problem-solving. It allows network administrators to isolate and identify problems at different layers of the model. By understanding the responsibilities of each layer, troubleshooting can be focused on the specific layer where the issue is occurring. For example, if there are physical connectivity problems, the focus would be on the physical layer, while if there are issues with application-specific functionality, the application layer would be investigated. Using the OSI model as a reference, network professionals can systematically analyze and resolve network-related problems.

What is Wireshark?

Wireshark is a popular and powerful network protocol analyzer. It is an open-source tool that allows users to capture and analyze network traffic in real-time. Wireshark supports various platforms and provides detailed information about network protocols, packet-level data, and network behavior.

What is a packet?

A packet is a unit of data that is transmitted over a network. It consists of a header, which contains control information, and payload, which carries the actual data being transmitted. Packets are the fundamental building blocks of network communication, and they contain information such as source and destination addresses, protocol information, error detection codes, and the actual data being transmitted.

What 3 high-level things does Wireshark accomplish? How could these be used for nefarious purposes? For benevolent purposes? Three high-level things that Wireshark accomplishes are:

Packet Capture: Wireshark captures network packets as they traverse the network interface of the machine running the software. It can capture packets from various network protocols, including Ethernet, Wi-Fi, and others.

Packet Analysis: Once captured, Wireshark provides a powerful interface to analyze the captured packets. It decodes the packets and displays detailed information about each packet, such as source and destination IP addresses, port numbers, protocol information, packet timing, and data payloads. This analysis helps in understanding network behavior, troubleshooting network issues, and diagnosing network performance problems.

Protocol Dissection: Wireshark has the ability to dissect and interpret a wide range of network protocols. It can decode protocols at different layers of the OSI model, including the physical, data link, network, transport, and application layers. This feature allows users to examine the structure and content of each packet, helping in protocol debugging, identifying abnormalities, and analyzing specific network interactions.

Regarding nefarious purposes, Wireshark, like any powerful network analysis tool, can potentially be misused in unauthorized ways. For example:

Unauthorized Data Capture: Wireshark can be used to capture sensitive data, including usernames, passwords, and confidential information, from unencrypted network traffic. Attackers may exploit this by intercepting network packets and analyzing them to obtain valuable information.

Network Reconnaissance: Wireshark can be used to perform network reconnaissance to gather information about a target network. By capturing and analyzing packets, attackers can identify network devices, services, vulnerabilities, and potential entry points for further exploitation.

Exploiting Protocol Weaknesses: Wireshark's protocol dissection capabilities can be used to identify vulnerabilities or weaknesses in network protocols. Attackers can leverage this knowledge to develop and execute targeted attacks against specific network systems.

On the other hand, Wireshark can also be used for benevolent purposes, such as:

Network Troubleshooting: Wireshark is an invaluable tool for diagnosing and troubleshooting network issues. It can help identify network misconfigurations, faulty devices, performance bottlenecks, and communication errors, leading to more efficient network management and problem resolution.

Network Security Analysis: Wireshark aids in detecting and analyzing network security incidents. It can be used to monitor network traffic for signs of unauthorized access, malware infections, or suspicious activity. By examining captured packets, security professionals can identify potential threats and take appropriate mitigation measures.

Protocol Development and Testing: Wireshark is widely used by developers and researchers to analyze and test network protocols. It allows them to examine the behavior of protocols in real-world scenarios, identify protocol flaws, and validate protocol implementations. This helps in developing robust and secure network protocols.