2.4.8 Comparing the OSI Model with the TCP/IP Model
Page 1:
The protocols that make up the TCP/IP protocol suite can be described in terms of the OSI reference model. In the OSI model, the Network Access layer and the Application layer of the TCP/IP model are further divided to describe discreet functions that need to occur at these layers.
At the Network Access Layer, the TCP/IP protocol suite does not specify which protocols to use when transmitting over a physical medium; it only describes the handoff from the Internet Layer to the physical network protocols. The OSI Layers 1 and 2 discuss the necessary procedures to access the media and the physical means to send data over a network.
The key parallels between the two network models occur at the OSI model Layers 3 and 4. OSI Model Layer 3, the Network layer, almost universally is used to discuss and document the range of processes that occur in all data networks to address and route messages through an internetwork. The Internet Protocol (IP) is the TCP/IP suite protocol that includes the functionality described at Layer 3.
Layer 4, the Transport layer of the OSI model, is often used to describe general services or functions that manage individual conversations between source and destination hosts. These functions include acknowledgement, error recovery, and sequencing. At this layer, the TCP/IP protocols Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) provide the necessary functionality.
The TCP/IP Application layer includes a number of protocols that provide specific functionality to a variety of end user applications. The OSI model Layers 5, 6 and 7 are used as references for application software developers and vendors to produce products that need to access networks for communications.
Display Media Text Transcript | Display Visual Media
2.4.8 - Comparing the O S I Model with the TCP/IP Model
The diagram depicts the O S I and TCP/IP models. It compares the layers of the seven-layer O S I model to those of the four-layer TCP/IP model. The key parallels between the two models are in the Transport and Network Layers. The functions of O S I Layers 5, 6, and 7 are included in the TCP/IP Application Layer. O S I Layer 4 is comparable to the TCP/IP Transport Layer. O S I Layer 3 is comparable to the TCP/IP Internet Layer. The functions of O S I Layers 1 and 2 are included in the TCP/IP Network Access Layer.
O S I Layer 7. Application relates to TCP/IP Layer 4 Application.
O S I Layer 6. Presentation relates to TCP/IP Layer 4 Application.
O S I Layer 5. Session relates to TCP/IP Layer 4 Application.
O S I Layer 4. Transport relates to TCP/IP Layer 3 Transport.
O S I Layer 3. Network relates to TCP/IP Layer 2 Internet.
O S I Layer 2. Data Link relates to TCP/IP Layer 1 Network Access.
O S I Layer 1. Physical relates to TCP/IP Layer 1 Network Access.
Page 2:
In this activity, you will see how Packet Tracer uses the OSI Model as a reference to display the encapsulation details of a variety of the TCP/IP protocols.
Click the Packet Tracer icon for more details.
Display Media Text Transcript | Display Visual Media
2.4.8 - Comparing the O S I Model with the TCP/IP Model
Link to Packet Tracer Activity: Use of the TCP/IP Protocols and the O S I Model in Packet Tracer
In this activity, you see how Packet Tracer uses the O S I Model as a reference to display the encapsulation details of several TCP/IP protocols.
2.5 Network Addressing
2.5.1 Addressing in the Network
Page 1:
The OSI model describes the processes of encoding, formatting, segmenting, and encapsulating data for transmission over the network. A data stream that is sent from a source to a destination can be divided into pieces and interleaved with messages traveling from other hosts to other destinations. Billions of these pieces of information are traveling over a network at any given time. It is critical for each piece of data to contain enough identifying information to get it to the correct destination.
There are various types of addresses that must be included to successfully deliver the data from a source application running on one host to the correct destination application running on another. Using the OSI model as a guide, we can see the different addresses and identifiers that are necessary at each layer.
Display Media Text Transcript | Display Visual Media
2.5.1 - Addressing in the Network
The diagram depicts functions and addressing at each layer of the O S I model. Layers 5, 6, and 7 are grouped together and referred to as Upper Layers.
- Upper Layers - Encoded Application Data
- Transport - Destination and Source Process Number (ports)
- Network - Destination and Source Logical Network Addresses
- Data Link - Destination and Source Physical Addresses
- Physical - Timing and Synchronization Bits
2.5.2 Getting the Data to the End Device
Page 1:
During the process of encapsulation, address identifiers are added to the data as it travels down the protocol stack on the source host. Just as there are multiple layers of protocols that prepare the data for transmission to its destination, there are multiple layers of addressing to ensure its delivery.
The first identifier, the host physical address, is contained in the header of the Layer 2 PDU, called a frame. Layer 2 is concerned with the delivery of messages on a single local network. The Layer 2 address is unique on the local network and represents the address of the end device on the physical media. In a LAN using Ethernet, this address is called the Media Access Control (MAC) address. When two end devices communicate on the local Ethernet network, the frames that are exchanged between them contain the destination and source MAC addresses. Once a frame is successfully received by the destination host, the Layer 2 address information is removed as the data is decapsulated and moved up the protocol stack to Layer 3.
Display Media Text Transcript | Display Visual Media
2.5.2 - Getting the Data to the End Device
The diagram depicts two PC's connected by a cloud labeled "Network". The PDU header contains device address fields: the destination device address, source device address, and the data from the source device. These are Layer 2 device hardware addresses.
2.5.3 Getting the Data through the Internetwork
Page 1:
Layer 3 protocols are primarily designed to move data from one local network to another local network within an internetwork. Whereas Layer 2 addresses are only used to communicate between devices on a single local network, Layer 3 addresses must include identifiers that enable intermediary network devices to locate hosts on different networks. In the TCP/IP protocol suite, every IP host address contains information about the network where the host is located.
At the boundary of each local network, an intermediary network device, usually a router, decapsulates the frame to read the destination host address contained in the header of the packet, the Layer 3 PDU. Routers use the network identifier portion of this address to determine which path to use to reach the destination host. Once the path is determined, the router encapsulates the packet in a new frame and sends it on its way toward the destination end device. When the frame reaches its final destination, the frame and packet headers are removed and the data moved up to Layer 4.
Display Media Text Transcript | Display Visual Media
2.5.3 - Getting the Data through the Internetwork
The diagram depicts an IP phone labeled "Source end device" (IP address 209.165.202.130), which is connected through three routers to a PC destination device (IP address 209.165.200.230). In addition to the Layer 2 addresses, the PC and IP Phone PDU's also contain the Layer 3 IP source and destination addresses, each of which consists of a network portion and a host (device) portion. A PDU is shown above the diagram with a destination IP network address of 209.165.200 and device (host) address of .230 for the PC. (These two combined create the PC IP address). The IP phone has a source network address of 209.165.202 and device (host) address of 130. (These two combined create the IP phone IP address). The IP address of the router interface for the source network is 209.165.202.145, and the IP address of the router interface for the destination network is 209.165.200.226.
2.5.4 Getting the Data to the Right Application
Page 1:
At Layer 4, information contained in the PDU header does not identify a destination host or a destination network. What it does identify is the specific process or service running on the destination host device that will act on the data being delivered. Hosts, whether they are clients or servers on the Internet, can run multiple network applications simultaneously. People using PCs often have an e-mail client running at the same time as a web browser, an instant messaging program, some streaming media, and perhaps even a game. All these separately running programs are examples of individual processes.
Viewing a web page invokes at least one network process. Clicking a hyperlink causes a web browser to communicate with a web server. At the same time, in the background, an e-mail client may be sending and receiving email, and a colleague or friend may be sending an instant message.
Think about a computer that has only one network interface on it. All the data streams created by the applications that are running on the PC enter and leave through that one interface, yet instant messages do not popup in the middle of word processor document or e-mail showing up in a game.
This is because the individual processes running on the source and destination hosts communicate with each other. Each application or service is represented at Layer 4 by a port number. A unique dialogue between devices is identified with a pair of Layer 4 source and destination port numbers that are representative of the two communicating applications. When the data is received at the host, the port number is examined to determine which application or process is the correct destination for the data.
Display Media Text Transcript | Display Visual Media
2.5.4 - Getting the Data to the Right Application
The animation depicts a PC connected to a server. The server is running three services: file transfer, terminal session, and e-mail. File-transfer data from the PC is directed to the file transfer service port number, and terminal session data from the PC is directed to the terminal session service port number. Electronic mail from the PC is directed to the email service port number. The caption states: "At the end device, the service port number directs the data to the correct conversation."
2.5.5 Warriors of the Net
Page 1:
An entertaining resource to help you visualize networking concepts is the animated movie "Warriors of the Net" by TNG Media Lab. Before viewing the video, there are a few things to consider. First, in terms of concepts you have learned in this chapter, think about when in the video you are on the LAN, on WAN, on intranet, on Internet; and what are end devices versus intermediate devices; how the OSI and TCP/IP models apply; what protocols are involved.
Second, some terms are mentioned in the video which may not be familiar. The types of packets mentioned refers to the type of upper level data (TCP, UDP, ICMP Ping, PING of death) that is encapsulated in the IP Packets (everything is eventually converted into IP Packets). The devices the packet encounters on its journey are router, proxy server, router switch, corporate intranet, the proxy, URL, firewall, bandwidth, hosts, web server.
Third, while port numbers 21, 23, 25, 53, and 80 are referred to explicitly in the video, IP addresses are referred to only implicitly - can you see where? Where in the video might MAC addresses have been involved?
Finally, though all animations often have simplifications in them, there is one outright error in the video. About 5 minutes in, the statement is made "What happens when Mr. IP doesn't receive an acknowledgement, he simply sends a replacement packet." As you will find out in later chapters, this is not a function of the Layer 3 Internet Protocol, which is an "unreliable", best effort delivery protocol, but rather a function of the Transport Layer TCP Protocol.
By the end of this course you will have a much better understanding of the breadth and depth of the concepts depicted in the video. We hope you enjoy it.
Download the movie from http://www.warriorsofthe.net
Display Media Text Transcript | Display Visual Media
2.5.5 - Warriors of the Net
The diagram depicts a screenshot from the Warriors of the Net video showing the router directing traffic.
2.6 Chapter Labs
2.6.1 Lab: Topology Orientation and Building a Small Network
Page 1:
This lab begins by having you construct two small networks. It then shows how they are connected to the larger hands-on lab network used throughout the course. This network is a simplified model of a section of the Internet and will be used to develop your practical networking skills.
The following sequence of labs will introduce the networking terms below. This networking terminology will be studied in detail in subsequent chapters.
Straight-through Cable: Unshielded twisted pair (UTP) copper cable for connecting dissimilar networking devices
Crossover Cable: UTP copper cable for connecting similar networking devices
Serial Cable: Copper cable typical of wide area connections
Ethernet: Dominant local area network technology
MAC Address: Ethernet Layer 2, physical address
IP Address: Layer 3 logical address
Subnet Mask: Required to interpret the IP address
Default Gateway: The IP address on a router interface to which a network sends traffic leaving the local network
NIC: Network Interface Card, the port or interface that allows an end device to participate in a network
Port (hardware): An interface that allows a networking device to participate in network and to be connected via networking media
Port (software): Layer 4 protocol address in the TCP/IP suite
Interface (hardware): A port
Interface (software): A logical interaction point within software
PC: End device
Computer: End device
Workstation: End device
Switch: Intermediate device which makes decision on frames based on Layer 2 addresses (typical Ethernet MAC addresses)
Router: Layer 3, 2, and 1 device which makes decisions on packets based on Layer 3 addresses (typically IPv4 addresses)
Bit: Binary digit, logical 1 or zero, has various physical representations as electrical, optical, or microwave pulses; Layer 1 PDU
Frame: Layer 2 PDU
Packet: Layer 3 PDU
Click the Lab Icon for more details.
Display Media Text Transcript | Display Visual Media
Page 2:
In this activity, you will use Packet Tracer to complete the Topology Orientation and Building a Small Network lab.
Click the Packet Tracer icon to launch the Packet Tracer activity.
Display Media Text Transcript | Display Visual Media
2.6.1 - Topology Orientation and Building a Small Network
Link to Packet Tracer Activity: Topology Orientation and Building a Small Network
In this activity, you use Packet Tracer to complete the Topology Orientation and Building a Small Network lab.
2.6.2 Lab: Using Wireshark™ to View Protocol Data Units
Page 1:
In this lab, you will learn to use the very powerful Wireshark tool by capturing ("sniffing") traffic off of the model network.
Click the Lab Icon for more details.
Display Media Text Transcript | Display Visual Media
2.6.2 - Using Wireshark to View Protocol Data Units
Link to Hands-on Lab: Using Wireshark to View Protocol Data Units
In this lab, you learn to use the very powerful Wireshark tool by capturing (sniffing) traffic off of the model network.
Page 2:
In this activity, you will use Packet Tracer's Simulation mode to capture and analyze packets from a ping from a PC's command prompt and a web request using a URL.
Click the Packet Tracer icon to launch the Packet Tracer activity.
Display Media Text Transcript | Display Visual Media
2.6.2 - Using Wireshark to View Protocol Data Units
Link to Packet Tracer Activity: Using Packet Tracer to View Protocol Data Units
In this activity, you use Packet Tracer's Simulation mode to capture and analyze packets from a ping from a PC's command prompt and a web request using a URL.
2.7 Chapter Summary
2.7.1 Summary and Review
Page 1:
Data networks are systems of end devices, intermediary devices, and the media connecting the devices, which provide the platform for the human network.
These devices, and the services that operate on them, can interconnect in a global and user-transparent way because they comply with rules and protocols.
The use of layered models as abstractions means that the operations of network systems can be analyzed and developed to cater the needs of future communication services.
The most widely-used networking models are OSI and TCP/IP. Associating the protocols that set the rules of data communications with the different layers is useful in determining which devices and services are applied at specific points as data passes across LANs and WANs.
As it passes down the stack, data is segmented into pieces and encapsulated with addresses and other labels. The process is reversed as the pieces are decapsulated and passed up the destination protocol stack.
Applying models allows various individuals, companies, and trade associations to analyze current networks and plan the networks of the future.
Display Media Text Transcript | Display Visual Media
2.7.1 - Summary and Review
In this chapter, you learned to:
- Describe the structure of a network, including the devices and media that are necessary for successful communication.
- Explain the function of protocols in network communications.
- Explain the advantages of using a layered model to describe network functionality.
- Describe the role of each layer in two recognized network models: the TCP/IP model and the O S I model.
- Describe the importance of addressing and naming schemes in network communications.
Page 2:
Display Media Text Transcript | Display Visual Media
2.7.1 - Summary and Review
This is a review and is not a quiz. Questions and answers are provided.
Question 1. List five end devices, six intermediate devices, and three forms of networking media.
Answer:
- End devices: desktop computer, laptop computer, server, PDA, cellular mobile phone, printer, security camera, IP phone, electronic point of sale device, automatic teller machine.
- Intermediate device: repeater, hub, wireless access point, switch, router, modem, firewall devices.
- Networking media: copper cable, fiber cable, radio (wireless).
Question 2. Compare and contrast the following terms: network, LAN, WAN, internetwork, and Internet.
Answer:
Network - A group of interconnected devices capable of carrying many different types of communications, including traditional computer data, interactive voice, video, and entertainment products.
LAN - A local network or group of interconnected local networks that are under the same administrative control. In the past, LAN's were thought of only as small networks that existed in a single physical location. While LAN's can be as small as a single local network installed in a home or small office, they now also include interconnected local networks consisting of many hundreds of hosts, installed in multiple buildings and locations. All local networks within a LAN are under one administrative control group that governs the security and access control policies that are in force on the network.
WAN - Telecommunications service providers (TSP) operate large regional networks spanning long distances. Individual organizations usually lease connections through a telecommunications service provider network. These networks that connect LAN's in geographically separated locations are wide area networks (WAN's). Although the organization maintains all policies and administration of the LAN's at both ends of the connection, the policies within the communications service provider network are controlled by the TSP. WAN's use specifically designed network devices to make the interconnections between LAN's.
Internetwork - A mesh of interconnected networks is used. Some of these interconnected networks are owned by large public and private organizations, such as government agencies or industrial enterprises, and are reserved for their exclusive use. The most well-known and widely used publicly accessible internetwork is the Internet.
Internet - The most well-known and widely used publicly accessible internetwork. The Internet is created by the interconnection of networks belonging to Internet Service Providers (ISP's). These ISP networks connect to each other to provide access for users all over the world. Ensuring effective communication across this diverse infrastructure requires the application of consistent and commonly recognized technologies and protocols as well as the cooperation of many network administration agencies.
Question 3. Compare and contrast the layers of the O S I model with the TCP/IP protocol stack.
Answer: There are two basic types of networking models: protocol models and reference models.
A protocol model closely matches the structure of a particular protocol suite. The hierarchical set of related protocols in a suite represents all the functionality required to interface the human network with the data network. The four-layer TCP/IP model is a protocol model because it describes the functions that occur at each layer of protocols within the TCP/IP suite.
A reference model provides a common reference for maintaining consistency within all types of network protocols and services. A reference model is not intended to be an implementation specification or to provide a sufficient level of detail to define precisely the services of the network architecture. The primary purpose of a reference model is to aid in clearer understanding of the functions and process involved. The seven-layer Open Systems Interconnection (O S I) model is the most widely known internetwork reference model. It is used for data network design, operation specifications, and troubleshooting.
The protocols that make up the TCP/IP protocol suite can be described in terms of the O S I reference model. In the O S I model, the Network Access Layer and the Application Layer of the TCP/IP model are further divided to describe discreet functions that need to occur at these layers.
At the Network Access Layer, the TCP/IP protocol suite does not specify which protocols to use when transmitting over a physical medium; it only describes the handoff from the Internet Layer to the physical network protocols. The O S I Layers 1 and 2 discuss the necessary procedures to access the media and the physical means to send data over a network.
The key parallels between the two network models occur at the O S I model Layers 3 and 4. O S I Model Layer 3, the Network Layer, almost universally is used to discuss and document the range of processes that occur in all data networks to address and route messages through an internetwork. The Internet Protocol (IP) is the TCP/IP suite protocol that includes the functionality described at Layer 3.
Layer 4, the Transport Layer of the O S I model, is often used to describe general services or functions that manage individual conversations between source and destination hosts. These functions include acknowledgement, error recovery, and sequencing. At this layer, the TCP/IP protocols Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) provide the necessary functionality.
The TCP/IP Application Layer includes a number of protocols that provide specific functionality to a variety of end-user applications. The O S I model Layers 5, 6, and 7 are used as references for application software developers and vendors to produce products that need to access networks for communications.
Question 4. Explain why networking models are used.
Answer: Although the TCP/IP and O S I models are the primary models used when discussing network functionality, designers of network protocols, services, or devices can create their own models to represent their products. Ultimately, designers are required to communicate to the industry by relating their product or service to either the O S I model or the TCP/IP model, or to both.
As a reference model, the O S I model provides an extensive list of functions and services that can occur at each layer. It also describes the interaction of each layer with the layers directly above and below it. Whereas TCP/IP model layers are referred to by name, the seven O S I model layers are usually referred to by number.
There are benefits to using a layered model to describe network protocols and operations:
- Assists in protocol design, because protocols that operate at a specific layer have defined information that they act upon and a defined interface to the layers above and below.
- Fosters competition because products from different vendors can work together.
- Prevents technology or capability changes in one layer from affecting other layers above and below.
- Provides a common language to describe networking functions and capabilities.
Question 5. Elaborate on the following terms: protocol, PDU's, and encapsulation.
Answer:
Protocol:
All communication, whether face-to-face or over a network, is governed by predetermined rules called protocols. These protocols are specific to the characteristics of the conversation. In our day-to-day personal communication, the rules we use to communicate over one medium, like a telephone call, are not necessarily the same as the protocols for using another medium, such as sending a letter.
Successful communication between hosts on a network requires the interaction of many different protocols. A group of inter-related protocols that are necessary to perform a communication function is called a protocol suite. These protocols are implemented in software and hardware that is on each host and network device.
PDU and Encapsulation:
As application data is passed down the protocol stack on its way to be transmitted across the network media, various protocols add information to it at each level. This is commonly known as the encapsulation process.
The form that a piece of data takes at any layer is called a Protocol Data Unit (PDU). During encapsulation, each succeeding layer encapsulates the PDU that it receives from the layer above in accordance with the protocol being used. At each stage of the process, a PDU has a different name to reflect its new appearance. PDU's within the protocols of the TCP/IP suite are:
- Data - The general term for the PDU used at the Application Layer.
- Segment - Transport Layer PDU
- Packet - Internetwork Layer PDU
- Frame - Network Access Layer PDU
Question 6. Explain the postal metaphor for encapsulation.
Answer: Individual pages of a letter are written and numbered sequentially. Each page is sealed in a separate envelope that is then addressed to the recipient. The letters are posted and put in a mailbag (labeled with the destination) with many other envelopes, each containing a page of different letters and addressed to recipients. Many mailbags are loaded into a van and transported toward the destination. Along the way, the mailbags might be transferred to other vans or different modes of transport - trucks, trains, aircraft, ships. At the destination, the mailbags are unloaded and emptied. The envelopes are delivered to the destination addresses. At one address, all the envelopes received are opened, the page are removed from each one, and the pages are reassembled into the letter.
The envelope, the mailbag, and the vans, trucks, or aircraft, do not care what is in the container that they carry. The letter itself is not used to provide information to assist in its delivery. The address on the envelope, the label on the mailbag, or the delivery instructions to the van driver are what direct the letter toward its destination.
Data encapsulation follows the same principle. It is the addresses used in each layer of encapsulation that direct the data toward its destination, not the data itself.
Question 7. What are the unique roles of Layer 2, Layer 3, and Layer 4 addresses?
Answer:
- Layer 4 addresses (ports) identify the individual applications sending or receiving data.
- Layer 3 (logical) addresses identify devices and their networks.
- Layer 2 (physical) addresses identify devices on a local network.
Page 3:
In this activity, you will start building, testing, and analyzing a model of the Exploration lab network.
Packet Tracer Skills Integration Instructions (PDF)
Click the Packet Tracer icon to launch the Packet Tracer activity.
Display Media Text Transcript | Display Visual Media
2.7.1 - Summary and Review
Link to Packet Tracer Activity: Skills Integration Challenge: Examining Packets
In this activity, you start building, testing, and analyzing a model of the Exploration lab network.
Page 4:
To Learn More
Reflection Questions
How are the classifications LAN, WAN, and Internet still useful, and how might they actually be problematic in classifying networks?
What are strengths and weaknesses of the OSI and TCP/IP models? Why are both models still used?
Metaphors and analogies can be powerful aids to learning but must be used with care. Consider issues of devices, protocols, and addressing in the following systems:
Standard postal service
Express parcel delivery service
Traditional (analog) telephone system
Internet telephony
Containerized shipping services
Terrestrial and satellite radio systems
Broadcast and cable television
Discuss what you see as common factors among these systems. Apply any similarities to other networks.
How could you apply these common concepts to developing new communications systems and networks?
Display Media Text Transcript | Display Visual Media
2.8 Chapter Quiz
2.8.1 Chapter Quiz
Page 1:
Display Media Text Transcript | Display Visual Media
2.8.1 - Chapter Quiz
1.Which O S I layer is associated with IP addressing?
A.1
B.2
C.3
D.4
2.Which type of addressing is found at the O S I Layer 2? (Choose two.)
A.logical
B.physical
C.MAC
D.IP
E.port
3.When a server responds to a web request, what occurs next in the encapsulation process after the web page data is formatted and separated into TCP segments?
A.The client de-encapsulates the segment and opens the web page.
B.The client adds the appropriate physical addresses to the segments so that the server can forward the data.
C.The server converts the data to bits for transport across the medium.
D.The server adds the source and destination IP address to each segment header to deliver the packets to the destination.
E.The server adds the source and destination physical addresses to the packet header.
4.Which term describes a specific set of rules that determines the formatting of messages and the process of encapsulation used to forward data?
A.segmentation
B.protocol
C.multiplexing
D.Q o S
E.reassembly
5.Which two are protocols associated with Layer 4 of the O S I model? (Choose two.)
A.IP
B.TCP
C.FTP
D.TFTP
E.UDP
6.Match the terms with their corresponding definition. (Not all items are used.)
Terms:
A. Multiplexing
B. PDU
C. Q o S
D. Encapsulation
E. Segmentation
F. Protocol
Definitions:
One. Dividing data streams into smaller pieces suitable for transmission.
Two. The process of adding layer-specific information or labels necessary to transmit data.
Three. Interleaving multiple data streams onto a shared communication channel or network medium.
Four. Formal rules outlining the structure and process of network communication.
Five. Term used for a data packet, often implying a specific layer or protocol.
7.Match the networking terms to the appropriate O S I layer. (Not all terms are used.)
Terms:
Frames
IP address
MAC address
Logical addressing
Packets
Physical addressing
Port numbers
Segments
Bits
Sequence numbers
Layers:
Transport
Network
Data Link
8.Match the functional description of each O S I layer to the appropriate name of the layer.
Descriptions:
A. Defines procedures for accessing the media.
B. Standardizes the data formats between systems.
C. Routes packets according to a unique network address.
D. Cabling, voltages, bits, and data rates.
E. Manages users sessions and dialogues.
F. Defines interfaces between application software.
G. End-to-end message delivery over the network.
Layers:
Seven. Application
Six. Presentation
Five. Session
Four. Transport
Three. Network
Two. Data Link
One. Physical
Wednesday, August 11, 2010
Monday, August 9, 2010
computer forensic- week3
sector
• The smallest unit of data addressable by a file system is a sector
• Sector is normally 512 Bytes in size
• In addition, for greater efficiency, file systems often group sectors into clusters and these then become the smallest area that can be allocated to a file.
File Slack
• If a file does not completely fill a cluster, then everything within the cluster after the file ends could contain data from a previously deleted file
• Windows typically zeros out data from the end of the data to the end of the sector, but leaves any remaining sectors within the cluster untouched
• Slack space is of great forensic interest as it can contain remenants of data that.
Disk Drive Structure
Analysis of Partitions
Partition Table Entries – each entry has the following fields:
- Starting CHS address
- Ending CHS address
- Starting LBA address
- Number of sectors in partition
- Type of partition
- Flags
CHS addresses vs. LBA addresses:
- CHS can address a maximum disk size of 8 GB
- Therefore nowadays almost all addressing is in the form of Logical Block Addressing
CHS is maintained for backward compatibility
Flags:
- The flag entry denotes whether a partition is bootable or not
- Identifies where the OS is located
Extended Partition Concepts:
- Many systems require more than 4 partitions
- The solution is to use extended partitions
- An entry in the partition table describes the location of an extended partition rather than a normal partition
- This extended partition will have it’s own partition table
• The smallest unit of data addressable by a file system is a sector
• Sector is normally 512 Bytes in size
• In addition, for greater efficiency, file systems often group sectors into clusters and these then become the smallest area that can be allocated to a file.
File Slack
• If a file does not completely fill a cluster, then everything within the cluster after the file ends could contain data from a previously deleted file
• Windows typically zeros out data from the end of the data to the end of the sector, but leaves any remaining sectors within the cluster untouched
• Slack space is of great forensic interest as it can contain remenants of data that.
Disk Drive Structure
Analysis of Partitions
Partition Table Entries – each entry has the following fields:
- Starting CHS address
- Ending CHS address
- Starting LBA address
- Number of sectors in partition
- Type of partition
- Flags
CHS addresses vs. LBA addresses:
- CHS can address a maximum disk size of 8 GB
- Therefore nowadays almost all addressing is in the form of Logical Block Addressing
CHS is maintained for backward compatibility
Flags:
- The flag entry denotes whether a partition is bootable or not
- Identifies where the OS is located
Extended Partition Concepts:
- Many systems require more than 4 partitions
- The solution is to use extended partitions
- An entry in the partition table describes the location of an extended partition rather than a normal partition
- This extended partition will have it’s own partition table
Sunday, August 8, 2010
suject to...
1. Peasants used to be subject to the local landowner.
农民过去受地主的压迫。
2. Trains are subject to delay(s) after the heavy snowfalls.
一下大雪火车就往往误点。
3. We are subject to many influences.
我们都受著多方的影响。
4. The sale of firearms is subject to many legal restrictions.
出售枪支受到许多法律限制。
5. The area is subject to devastating seasonal winds.
这个地区常遭破坏性季风的袭击。
6. We are a people no longer subject to foreign rule.
我们是一个不再受外国统治的民族。
7. Also, these fuels, especially oil, are subject to uncertainties over price and future supply.
此外,这些燃料,特别是石油,易受到价格和将来的供应等不稳定因素的影响。
8. All prices are subject to review.
一切商品的价格都有可能调整。
农民过去受地主的压迫。
2. Trains are subject to delay(s) after the heavy snowfalls.
一下大雪火车就往往误点。
3. We are subject to many influences.
我们都受著多方的影响。
4. The sale of firearms is subject to many legal restrictions.
出售枪支受到许多法律限制。
5. The area is subject to devastating seasonal winds.
这个地区常遭破坏性季风的袭击。
6. We are a people no longer subject to foreign rule.
我们是一个不再受外国统治的民族。
7. Also, these fuels, especially oil, are subject to uncertainties over price and future supply.
此外,这些燃料,特别是石油,易受到价格和将来的供应等不稳定因素的影响。
8. All prices are subject to review.
一切商品的价格都有可能调整。
Friday, August 6, 2010
computer forencis-week2
Digital Evidence:
Digital evidence suffers from a number of unique problems:
1. Is logically isolated from the media on which it exists
2. Is possible to contaminate if observed/handled in an inappropriate manner
3. It must be possible to demonstrate that the evidence has not been altered.
Rules of evidence:
1. Admissible – Conform to legal rules for admissibility in court
2. Authentic – Possible to tie evidentiary material to the incident
3. Complete – Must tell the whole story not just a perspective
4. Reliable – Nothing from the time the evidence is collected and handled should be able to cast doubt on its authenticity and reliability
5. Believable – It must be readily believable and understandable by a court
We have two main goals:
1. Ensure original data is not compromised.
2. Ensure that the copy is an exact copy of the original.
Methods of copying data:
There are number of methods for copying data:
- Logical: copy files, drag & drop. (this is bad)
- Raw bit-stream: start at the first location on the medium and copy each bit of data one after the other. (this is good) [software packages which can be used to perform a bit-stream copy: 1. ‘dd’-a free utility; 2. Encase-a commercial one, also handles the analysis]
- Hashing and other functions can also be performed in these ways
Why is the mode of copy important:
1. Deleted files exist in unallocated and slack space, a topical or ‘file level’ copy will ignore this
2. Data may exist in empty areas between partitions
3. Ensuring that the copy is a true and accurate representation of the original. To do this we need all the data, not just some of it.
Something more practical:
•Identify the item to be acquired
•Ensure that appropriate write blocking hardware is available
•Attach the device to the forensic workstation via the write blocker device.
•Make use of suitable software to perform hashes of the acquisition source
•Perform the acquisition
•Hash the acquisition source again and verify no changes have been made
•Hash the acquisition target and ensure that it matches the source
•Disconnect and securely store the source.
•DOCUMENT EVERYTHING!!!!
Dealing with hashing issue
- always use multiple hash functions, two or more.
- Understand that the probability of coming across a hash collision in the wild(when not trying to generate collisions) is very low.
So, what should we always avoid doing?
•Power on a PC to examine its contents - BAD
•Remove media from the system and examine that - GOOD
•Attach media directly to a workstation for acquisition - BAD
•Attach media via write blocking hardware - GOOD
•Immediately begin analysing the media - BAD
•Perform a forensic acquisition of the media - GOOD
•Assume the write blocking hardware has worked - BAD
•Perform hashes to verify the original remains unchanged - GOOD
•Assume the acquisition was successful - BAD
•Perform hashes to verify the original is identical to the copy - GOOD
notes: peripherals 外围设备,处部设备
[He doesn't conform to the usual stereotype of the city businessman with a dark suit and rolled umbrella.
他不像典型的城市商人那样,穿一身深色的套服、 带一把收好的雨伞。
She refused to conform to the normal social conventions.
她拒绝遵从正常的社会习俗。
The building does not conform to safety regulations.
这座建筑物不符合安全条例。]
Digital evidence suffers from a number of unique problems:
1. Is logically isolated from the media on which it exists
2. Is possible to contaminate if observed/handled in an inappropriate manner
3. It must be possible to demonstrate that the evidence has not been altered.
Rules of evidence:
1. Admissible – Conform to legal rules for admissibility in court
2. Authentic – Possible to tie evidentiary material to the incident
3. Complete – Must tell the whole story not just a perspective
4. Reliable – Nothing from the time the evidence is collected and handled should be able to cast doubt on its authenticity and reliability
5. Believable – It must be readily believable and understandable by a court
We have two main goals:
1. Ensure original data is not compromised.
2. Ensure that the copy is an exact copy of the original.
Methods of copying data:
There are number of methods for copying data:
- Logical: copy files, drag & drop. (this is bad)
- Raw bit-stream: start at the first location on the medium and copy each bit of data one after the other. (this is good) [software packages which can be used to perform a bit-stream copy: 1. ‘dd’-a free utility; 2. Encase-a commercial one, also handles the analysis]
- Hashing and other functions can also be performed in these ways
Why is the mode of copy important:
1. Deleted files exist in unallocated and slack space, a topical or ‘file level’ copy will ignore this
2. Data may exist in empty areas between partitions
3. Ensuring that the copy is a true and accurate representation of the original. To do this we need all the data, not just some of it.
Something more practical:
•Identify the item to be acquired
•Ensure that appropriate write blocking hardware is available
•Attach the device to the forensic workstation via the write blocker device.
•Make use of suitable software to perform hashes of the acquisition source
•Perform the acquisition
•Hash the acquisition source again and verify no changes have been made
•Hash the acquisition target and ensure that it matches the source
•Disconnect and securely store the source.
•DOCUMENT EVERYTHING!!!!
Dealing with hashing issue
- always use multiple hash functions, two or more.
- Understand that the probability of coming across a hash collision in the wild(when not trying to generate collisions) is very low.
So, what should we always avoid doing?
•Power on a PC to examine its contents - BAD
•Remove media from the system and examine that - GOOD
•Attach media directly to a workstation for acquisition - BAD
•Attach media via write blocking hardware - GOOD
•Immediately begin analysing the media - BAD
•Perform a forensic acquisition of the media - GOOD
•Assume the write blocking hardware has worked - BAD
•Perform hashes to verify the original remains unchanged - GOOD
•Assume the acquisition was successful - BAD
•Perform hashes to verify the original is identical to the copy - GOOD
notes: peripherals 外围设备,处部设备
[He doesn't conform to the usual stereotype of the city businessman with a dark suit and rolled umbrella.
他不像典型的城市商人那样,穿一身深色的套服、 带一把收好的雨伞。
She refused to conform to the normal social conventions.
她拒绝遵从正常的社会习俗。
The building does not conform to safety regulations.
这座建筑物不符合安全条例。]
computer forencis-week1
Cybercrime:
Crime committed using a computer and the Internet to steal a person’s identity or sell contraband or stalk victims or disrupt operations with malevolent programs.
Revolution of Evidence
Historically
- photos
- phone calls through telecom to fixed line
- Money was physical entity
Now
-Digital photos
-Emails, sms, doc ect
- Multiple providers, mobile phones
-Money is d digital number
What is digital forensics?
“Computer Forensics involves obtaining and analysing digital information for use as evidence in civil, criminal or administrative cases.”
“The art and science of applying computer science to aid the legal process.”
The first step in any investigation is : Gain Permission, (may be in the form of 1. A warrant , 2. A signed contract from an authorised party.
[not acceptable: 1. Verbal agreement, 2. Email]
four steps of a forensic investigation:
1. collection
2. preservation
3. filtering
4. presentation
Securing the scene:
1. Observe and establish the parameters of the scene
2. Initiate safety measures if necessary
3. Physically secure the scene
- Remove all unnecessary personnel
- Prevent unauthorised people from entering the scene
- Allow for documentation of all access
4. Physically secure any evidence
- Tag & bag
5. Release the scene
6. Finalise documentation of the acquisition of the evidence and ensure the chain of custodies have been correctly initiated.
Crime committed using a computer and the Internet to steal a person’s identity or sell contraband or stalk victims or disrupt operations with malevolent programs.
Revolution of Evidence
Historically
- photos
- phone calls through telecom to fixed line
- Money was physical entity
Now
-Digital photos
-Emails, sms, doc ect
- Multiple providers, mobile phones
-Money is d digital number
What is digital forensics?
“Computer Forensics involves obtaining and analysing digital information for use as evidence in civil, criminal or administrative cases.”
“The art and science of applying computer science to aid the legal process.”
The first step in any investigation is : Gain Permission, (may be in the form of 1. A warrant , 2. A signed contract from an authorised party.
[not acceptable: 1. Verbal agreement, 2. Email]
four steps of a forensic investigation:
1. collection
2. preservation
3. filtering
4. presentation
Securing the scene:
1. Observe and establish the parameters of the scene
2. Initiate safety measures if necessary
3. Physically secure the scene
- Remove all unnecessary personnel
- Prevent unauthorised people from entering the scene
- Allow for documentation of all access
4. Physically secure any evidence
- Tag & bag
5. Release the scene
6. Finalise documentation of the acquisition of the evidence and ensure the chain of custodies have been correctly initiated.
Wednesday, August 4, 2010
improve your resume
Following are some tips that will help you improve your resume, get it through the screening process and make it more appealing to potential employers
Don't lie. It's that simple. And don't be tempted to embellish the truth. Of course, you would be foolish to include in your resume anything remotely unflattering But the risks of fudging the truth in your resume far outweigh the benefits, particularly when it comes to specific facts, such as credentials and titles.
Objective Statement That Is Flowery or Too General. Many candidates lose their readers from the very beginning of the resume -- the "objective statement." The worst objective statements start with, "A challenging position that will enable me to contribute to organisational goals while offering an opportunity for growth and advancement." This type of statement is overused and too general, and therefore wastes valuable space
Too Short or Too Long. Too many people try to squeeze their experiences onto one page, because they've heard that a resume should never be longer than one page. When formatting the resume to fit on one page, many job seekers delete their impressive achievements. The reverse is also true. Take the candidate who rambles on and on for pages about irrelevant or redundant experiences -- the reader will easily be bored. When writing your resume, ask yourself, "Will this statement help me land an interview?" Only include information that elicits the answer "yes" to that question.
Too Focused on Job Duties. One of the most prevalent resume blunders is to turn a resume into a boring listing of job duties and responsibilities. Many people even use their company job descriptions as a guide to developing their resumes. To create a resume that is a cut above the rest, you should go beyond showing what was required of you, and demonstrate how you made a difference at each company. Provide specific examples of how the company benefited from your performance.
Typos! One typo can land your resume in the garbage. Two typos or more, and your chances are greatly diminished. Proofread, proofread, and proofread. This document is a reflection of you and should be absolutely perfect.
Use dates to show when you did things, not just the vague "one year".
Many people include their interests, such as reading, hiking, snowboarding, etc. These should only be included if they relate to the job objective
Personal information, such as date of birth, marital status, height and weight, should normally not be included on the resume.
Make sure your resume is complete with an e-mail address as well as a phone number
In a short, your resume can be described as a thoughtfully organised personal "brochure" that summarises your experience and highlights your achievements. It should present your skills, capabilities and strengths in the best possible light, without resorting to embellishment
Don't lie. It's that simple. And don't be tempted to embellish the truth. Of course, you would be foolish to include in your resume anything remotely unflattering But the risks of fudging the truth in your resume far outweigh the benefits, particularly when it comes to specific facts, such as credentials and titles.
Objective Statement That Is Flowery or Too General. Many candidates lose their readers from the very beginning of the resume -- the "objective statement." The worst objective statements start with, "A challenging position that will enable me to contribute to organisational goals while offering an opportunity for growth and advancement." This type of statement is overused and too general, and therefore wastes valuable space
Too Short or Too Long. Too many people try to squeeze their experiences onto one page, because they've heard that a resume should never be longer than one page. When formatting the resume to fit on one page, many job seekers delete their impressive achievements. The reverse is also true. Take the candidate who rambles on and on for pages about irrelevant or redundant experiences -- the reader will easily be bored. When writing your resume, ask yourself, "Will this statement help me land an interview?" Only include information that elicits the answer "yes" to that question.
Too Focused on Job Duties. One of the most prevalent resume blunders is to turn a resume into a boring listing of job duties and responsibilities. Many people even use their company job descriptions as a guide to developing their resumes. To create a resume that is a cut above the rest, you should go beyond showing what was required of you, and demonstrate how you made a difference at each company. Provide specific examples of how the company benefited from your performance.
Typos! One typo can land your resume in the garbage. Two typos or more, and your chances are greatly diminished. Proofread, proofread, and proofread. This document is a reflection of you and should be absolutely perfect.
Use dates to show when you did things, not just the vague "one year".
Many people include their interests, such as reading, hiking, snowboarding, etc. These should only be included if they relate to the job objective
Personal information, such as date of birth, marital status, height and weight, should normally not be included on the resume.
Make sure your resume is complete with an e-mail address as well as a phone number
In a short, your resume can be described as a thoughtfully organised personal "brochure" that summarises your experience and highlights your achievements. It should present your skills, capabilities and strengths in the best possible light, without resorting to embellishment
good websites
RSS 2.0: http://blogname.blogspot.com/feeds/posts/default?alt=rss
http://www.ccna4u.org/
cisco ecourse material
http://www.scss.ecu.edu.au/students/resources/cisco.php
http://www.ccna4u.org/
cisco ecourse material
http://www.scss.ecu.edu.au/students/resources/cisco.php
Subscribe to:
Comments (Atom)
Subscribe To
Posts
All Comments