Understanding Networking

Networking Terminology

  • Network Interface Card (NIC Card) – Also called Network Controller, Network Adapter, LAN Adapter – Computer hardware component that connects device to computer network. (Either physical or wireless)
  • Computer Network – Computers, connected via cable, that share information with eachother.
  • Network Protocol – Set of rules and conventions that govern the communications between network devices.
    • There are many types of networking protocols or standards
  • Router – Device that receives data from device and determines where to forward it.
    • They move information from one interface to another based upon some rules and conventions. They make these decisions based on communication distance or “cost of the route”
  • IP Address – Internet Protocol Address is numeric address assigned to every device on computer network.
  • DHCP – Dynamic Host Configuration Protocol – Tool for allowing router to assign IP addresses to devices that use the router.
  • DNS – Domain Name System – Converts domain names to IP Addresses that identify computer networks.

Physical Components of the Network

These are the cables and switches that are physically connected to eachother to allow for networking.

  • Endpoints – Devices that retrieve or provide information
  • Interconnections – Various components that connect devices in network, like network interface cards and cables
    • Switches – Provide intelligent switching of data within local area network.
    • Routers – Connect networks and intelligently choose pathways between networks.
    • Wireless Access Point – Connect wireless devices to physical server

Characteristics of a Network

Networks have characteristics that can be used to understand how it operates. These can describe the network’s performance and structure.

  • Topology – Networks have both a physical and logical topology. The physical topology is the physical arrangement of devices and components in the network. The logical topology is the path of how data is transferred in a network. In other words, the physical topology describes how components are interconnected in the network. The logical topology, which can be quite different, describes how network devices appear to network users.
  • Speed – Measure of the data rate of any give link in the network, measured in bits per second. Speed is measured in bits, not bytes, so understand that 75Mbits/s is 75 million bits, divide that by 8 for the number of bytes. Remember that 1Megabyte is different than 1Megabit.
  • Cost – Expense for purchasing network components, as well as the cost of installing and maintaining that network equipment.
  • Security – Describes how well a network is protected from inside and outside threats.
  • Availability – Measure of probability that network will be available should you need it. Represented by percentage of time called Uptime. To find this, divide the number of minutes that given network was available in a year by the number of minutes in a year (525600).
  • Scalability – Indicates how easily the network can grow to accomodate more users and load. If you design your network for today, it will cost more to expand later. Design for growth in mind.
  • Reliability – Dependability of the components that make up the network. Measured as a probability of failure, called Mean Time Before Failure.

Logical Components of the Network

Describes how data is transported in the network. Various protocols are used to transfer data. Internet Protocol is the most common protocol for exchanging information on the web.

Topology Types include:

  • Bus – In early bus topologies, devices were connected on a line of coaxial cable. Modern devices use a switch and twisted pair wiring in a star topology, where each device is connected to the switch by a LAN cable.
  • Ring – In a ring topology, the devices are connected to eachother in a circuit. So the last device is then connected to the next device, and so on to form a circle or ring.
  • Star – This is the most common physical implementation, a central device (switch) is connected to each device (like a computer), but the devices are not connected to eachother.
  • Mesh – Every device is connected to multiple devices in the network. This creates redundant links that help to increase network reliability and allow for the network to heal itself.

The logical topology can be different than the physical implementation. For example, a hub is a star topology physically, but a bus topology logically. For this reason, you cannot simply view the physical design of a network and understand how data flows, you must also take a look at the logical topology. Much of this information is contained in the Network Diagram.

The network diagram is a graphic containing network related information, with the amount of information varying between companies. It is a map of the logical relationships between devices. It should show:

  • Interface ID’s of devices
  • Device Identifiers
  • Network Addressing


Various types of applications can affect network performance, which can affect user experience of applications.

  • Batch Applications – Require little or no user interaction once initiated. These types of applications will usually grab as much bandwidth as they can.
    • FTP
    • Trivial File Transfer Protocol (TFTP)
    • Inventory Updates
    • File Copies
    • Software Downloads
  • Interactive Applications – Require human interaction. Users will often have to wait for responses, so this response time is the most important metric to watch for.
    • Inventory queries
    • Database Updates
  • Real Time Applications – Requires high quality service and low delay. With human to human interactions, latency (delay) will greatly reduce perceived quality of the application. Timely delivery of data is critical! Also make sure that data isn’t lost, as real time apps don’t allow for data retransmission, like other apps do.
    • Voice
    • Video

OSI Model – Open Systems Interconnection Model

The OSI model is often used to explain how devices communicate within a network. In the past, devices operated on the own communication models. These models were proprietary and contolled by the vendor, so development was significantly slower and there was limited interoperability.

The International Organization for Standardization developed the OSI model to standardize communication between devices and software. It introduced a layered approach to device communication.

The OSI model consists of 7 layers, with each layer being independent of other layers. Starting from the top, we have layer 7:

Layer 7Application
Layer 6Presentation
Layer 5Session
Layer 4Transport
Layer 3Network
Layer 2Datalink
Layer 1Physical

The OSI model is referenced from the bottom up. Areas of concern are also divided, so that an application developer doesn’t need to understand network or datalink, they are handled by different layers. From the perspective of the developer, they only interact with the layer below them.

The top three levels are usually the focus of developers, while the lower 4 layers are worked on by network engineers. This divide is blurring, so it’s best to understand entire OSI tree.

Application Layer 7

Network processes to applications that provide access for users to utilize network services. FTP is used at this layer.

We are not talking about individual applications, but rather the application protocol, like HTTP, which is used by websites. Rather than refer to the application as Chrome, we refer to it as HTTP, because that is the protocol the application relies upon.

This layer can identify communication partners in the network and even provide user authentication.

The application layers uses protocols to communicate with the lower layers in the model.

Presentation Layer 6

This layer is concerned with the format that the data is presented in. We are looking at the data representation / syntax. This ensures that data read by one application can be read by another application.

Different systems have different ways of formatting data, to do this, the layer configures the data to a Machine Independent Format, examples include:

  • Jpeg
  • Ascii
  • HTML
  • ZIP

This layer formats the data to be presented to the application layer. It structures the data and negotiates the transfer. This layer also provides encryption.

Session Layer 5

The session layer is concerned with interhost communcation. This layer establishes, maintains, and terminates sessions between applications. This layer acts as a coordinator between systems. Examples of protocols at this layer include:

  • Remote Procedue Calls (RPC)
  • Network File System (NFS)

This layer allows two or more separate applications on separate machines to create a session between them and share data.

Transport Layer 4

This layer ensures end-to-end communication. This layer performs message segmentation when it takes a message from a higher layers, splits into smaller units, then passes data to network layer. This is picked up the the network layer on the other end and passed to the transport layer, where is reassembled.

This layer also handles transportation issues and ensures reliability. The main protocols are Transmission Control Protocol (TCP) and UDP (User Datagram Protocol). TCP provides reliability, but UDP does not re transmit lost packets.

Flow control is also built in, controlling the amount of data from the sending process to ensure that the receiving process does not get too much data for it to handle.

Session Multiplexing

Combines several message streams or sessions into one logical link. This layer then keeps track of which layer belongs to which session.

Not available in UDP. UDP is usually used in VOIP, where retransmission is not required. UDP is lighter and faster then TCP, but has no reliability controls.

Network Layer 3

This layer is about data delivery, with routers moving data packets from one device to another. There are Layer 3 switches with router capabilities. Layer 3 devices use routing protocols:

  • OSPF – Open Shortest Path First
  • BGP – Border Gateway Protocol
  • ISIS – Intermediate System to intermediate system

These protocols use the logical addressing scheme in IPv4 to determine best path. They decide the best path based on:

  • cost
  • hop count
  • bandwidth
  • longest match of network address

The network layer is not at all concerned with reliability and relies on Layer 4 (TCP) to enforce data integrity.

Data Link Layer 2

This layer provides physical addressing and access to media. It’s primarily concerned with how data is formatted by the upper layers and how that data is conveyed across the physical network. Also concerned with how network access is controlled.

Ethernet is at layer 2, and involves the assignment of MAC addresses, which are Media Access Control address to identify devices. On a NIC (network adapter), the MAC address is built into the card by the manufacturer. MAC’s are 48 bits in length with 2 parts, the Organization Unique Identifier (OUI) and the unique portion. This ensures that every single device has it’s very own MAC address.

This layer also provides error detection and can even fix some errors that occur at the physical layer.

Physical Layer 1

This defines how data is transmitted. More accurately, is defines which states represent 0 or 1 in binary. It also defines all of the mechanical, procedural, and functional specifications for using the physical link.

The physical layer also sets standards for connections that must be respected by all manufacturers. You can use a Cat5 cable with an RJ45 connector on a Dell laptop or HP laptop or Cisco router. They all have to adhere to the physical implementation standards.

Physical layer is easiest to identify. We interact with layer 1 all the time. It sets specifications for maximum cable length or electrical specifications. It sets modulation techniques, bits synchronization, and other important standards.

Host Communication

When transferring data, the data must undergo conversion at the point of transmission and when it is received. This process is knows as encapsulation and de-encapsulation. Each layer only speaks to processes in that layer, so we must encapsulate the data to work with a different layer.

Think about a computer sending an email. The data on the computer, when the send button is hit, must transverse the entire OSI model to the physical layer for transmission. On the other end, the OSI model is worked from the physical layer on up to use the data.

It works like this:

  • Application (level 7) data is ensapsulated by Level 6 header, becoming level 6 data
  • Level 6 data is then encapsulated by a level 5 header, thus becoming level 5 data
  • this process is continued until the data is at level 2 (data link), when a Frame Check Sequence (FCS) is added to ensure that data isn’t corrupted during transmission
  • After the layer 2 header and FCD, the data is transferred on the physical line as bits (0,1)
  • Notice that each layer prepends a new header as the data moves through the OSI model

At the receiving end, the receiver reverses this process:

  • Bits are received at physical layer, then the layer 2 header is read, stripped from the data, and the data is then passed to layer 3
  • Once at Layer 3, the layer 3 header is stripped, and the data is passed to layer 4
  • Continues until all headers are removed (de-encapsulation) and user data is represented

Due to this encapsulation and de-encapsulation, each layer only ever speaks to the corresponding layer, between systems. Within this model, the data is known by different names depending on the layer:

  • Segments – Transport Layer
  • Packets – Network Layer
  • Frames – Data Link Layer
  • Bits – Physical Layer

TCP/IP model vs OSI

The OSI model has 7 layers whereas TCP/IP had 4 layers:

Layer 4 – Equivalent to 7-5 of OSIApplication Later
Layer 3Transport Layer
Layer 2 – Equivalent to Network of OSIInternet Layer
Layer 1 – Equivalent to 2-1 of OSINetwork Access

In the real world, we use a hybrid of these models that separates the Network access layer:

Layer 5 – Combined layers from OSIApplication Layer
Layer 4Transport Layer
Layer 3Network Layer
Layer 2Data Link Layer
Layer 1Physical Layer

Network engineers will often refer to the application, presentation, and session layers as the application layer, while leaving the rest of the model as the original OSI model.

In order to differentiate between processes, data that is received at the physical layer is given to the data link layer, where a Type Field is read that lets the network layer know which process to send the traffic to. This type field tells your network interface card (network layer) whether to use IPv4 or IPv6, for example.

Then, at layer 3, the Protocol Fieldinforms the device which protocols are running at layer 4. The most common protocols are TCP and UDP.

Then, at layer 4, the Port Number specifies which application is being used to handle the traffic. For example, Telnet traffic goes to port 23, TFTP data uses port 69, and, as you already know, HTTP goes through port 80.


Basic part of networking, we will encounter binary over and over again when networking. You’ll use binary with:

  • IP Subnetting
  • Configuring access lists to permit or deny certain IP’s or Subnets

Computers use switches that can be on or off. On is 1 while off is 0. This means binary is a central portion of computing.

In an 8-bit address, there are 256 possible values (different combinations of 1’s and 0’s), which is 28.

Decimal Vs Binary

Decimal SystemBinary System
Base 10 (0 – 9)Base 2 (0 or 1)
Primarily used in mathematicsPrimarily used in Computers
Base 27 26 25 24 23 22 21 20

If we add up all decimals, we get 255. This indicates that 1111 1111 = 255. Another thing to note is 1 in the first column is known as most significant bit, while 1 in last column is least significant bit.


IP version 4 is used to uniquely identify device on an IP network. They are 4 octets in length, or 4 sets of 8 bit addresses. Each 8 bit octet has a range of 0 – 255. They can be represented in both binary and decimal format. For instance:

  • is my router decimal address. In binary, it is:
1100 00001010 10000000 00010000 0001

Hexadecimal (MAC Address and IPv6)

On a router, you have the MAC address that the router uses, along with the BIA (burned in address) which was set during production of the router.

IPv6 uses MAC addresses as opposed to IP addresses.

Hexadecimal addresses have values from 0 – F. It’s 0 – 9 and A – F. They relate to decimal this way:

Hex0 – 9ABCDEF
Decimal0 – 9101112131415
Binary0000 – 1001101010111100110111101111

When figuring out hexadecimal conversion, you want to first take the decimal number and change to binary. For instance:

128 in decimal is equal to 1000000 in binary. Break the binary number into groups of 4, 1000 and 0000. Then convert the groupings, with 1000 = 8 and 0000 = 0. Now we have 128 in decimal = 80 in hexadecimal. Let’s try another example!

255 in decimal is 11111111. Broken down, that 1111 and 1111. 1111 = hexadecimal F, so 255 in decimal is FF in hexadecimal!

If we have an IP address of, what is that in hexadecimal? Start by breaking each portion into binary octets, so 10 = 00001010 and 1 = 00000001. Now break into groupings, so:


IP in binary is 0A.01.01.01 in hex.

IP Addressing

IPv4 addresses

An Internet Protocol address is a layer 3 logical address. Not like MAC address which is burnt into device. IP addresses are assigned by the network administrator or DHCP (dynamic host configuration protocol) server. IP’s are used to uniquely identify devices on the network, and routers send traffic according to the devices IP address.

Every device on the internet has a unique IP, and no two devices can have the same IP. We are starting to run out of IPv4 addresses, prompting the move to IPv6.

DNS (Domain Name Servers) connect the friendly URL’s to the actual IP addresses of the devices those URL’s are pointing to. DNS is analogous to the old-timey telephone operators, connecting friendly names to actual addresses.

IPv4 is connectionless. That means that no session is created between devices, data is simply transmitted from one device to another. There is no confirmation that the data even makes it to the destination. That is, IP makes the best effort of delivery and offers no guarantee of packet delivery. You can expect that packets will be lost, duplicated, or otherwise changed by the delivery protocol.

By contrast, TCP (transmission control protocol) is connection oriented. It has the ability to retransmit packages, thus guaranteeing delivery. TCP sets up a session then uses SYN (synchronization messages) from the transmitter and SYN Ack (synchronization acknowledgements) from the receiver to synchronize the data transactions.

Once the SYN ack is accepted by the transmitter, they send an Ack message back to the receiver, establishing the session. Because of this process, devices that use TCP are said to use a 3-way handshake.

Back to IP, it treats individual data packets independently, so data can take many different paths before it is compiled and assembled on your receiving machine. The best path is determined by routine protocols on your router. That path is based on the hierarchical addressing structure of IP.

Hierarchical Addressing Structure

Your IP address has both a network and a host portion. Routing decisions are based on the network portion of the address as opposed to the host portion. IPv4’s are 32 bits in size and are written in dotted decimal notation. Each value is 8 bits in size (also known as an octet) and their are 4 groups of octets divided by dots.

Network Vs Host Portion of IP Address

An IP address can be broken up into two parts, a network portion and a host portion

Network Address Portion

Also called the Network ID, the network portion of the IP identifies a specific network. Network ID’s are used by routers to build routing tables that contain different network addresses. In fact, your router doesn’t even care about the full IP address when choosing where to deliver your data packets. Instead, the router looks at the destination IP and matches only the network portion to the network address table.

Host Address Portion

Known as the Host ID, this identifies a specific endpoint on a network. The 2nd, 3rd, and 4th octets comprise the host address portion. Your endpoints are the devices that communicate on your networks. Your endpoints will all have unique host ID’s on the network (or subnet as we shall soon see).

To sum it up, IP is used to designate to which network to send data packets. Once the data packets reach the network, Address Resolution Protocol (ARP) on the router sniffs the host portion and determines to which device to route the traffic.

Address Classes

In the old days, before Classless domain routing (from 1981 – 1993) IPv4 addresses were divided into 5 classes:

  • Class A – There are over 16 million Class A IP addresses with many owned by large corporations. For instance 13.x.x.x is a class A address owned by Xerox.
  • Class B
  • Class C – All of the first three classes are used for Unicast Traffic
  • Class D – Multicast Traffic
  • Class E – Reserved for future experimental purposes

Newer IPv4 replaces address classes with Classless Inter-Domain Routing (CIDR) while IPv6 does not use address classes.

Many times, class A IP addresses will be written as 17.x.x.x/8 with 17 referring to Apple Inc. and /8 referring to the fact that the IP addresses have 8 network bits. As networks grew, there needed to be an allowance for different amounts of network bits. Thus the advent of Class B and Class C. Of course, this isn’t really used anymore because of CIDR and will only come up if you need to use a classful network command.

Class A

Class A addresses start with a 0 in the first octet of the IPv4 address. This first octet can have combinations from 00000000 (0) to 01111111 (127). A full class A address can have combinations from to

In reality, the first octet cannot have a value of 127 as that is reserved for the loopback adresses.

0 is used for the default network, so you are unable to set a PC’s IP address to begin with 0. This makes the actual range to

In class A addresses, it is the first 8 bits of the IP address, or the first octet that denote the network portion. The rest of the IP is reserved for host address.

Class B

Class B address start at binary 10. Not ten, but one and zero. This means that the first octet can be from 10000000 (128) to 10111111 (191). Class A has a 0 in the first bit, while class B have a 1 in the first bit.

In class B addresses, the first 2 octets (16 bits) are used to denote the network portion while the host portion of the address occupies the 3rd and 4th octets.

Class C

Class C address start at binary 110. This means that the first octet can be from 11000000 (192) to 11011111 (223). The 0 is in the 3rd bit position.

In class C addresses, the first 3 octets (24 bits) are used for the network portion, with the remaining last octet as the host portion of the address.

Class D

These addresses are used for multicast traffic. They are different than Class A, B, or C, which is used for unicast traffic. Multicast refers to the fact that one machine will be communicating with multiple machines, rather than a one-to-one transfer of data.

Class D addresses start with binay 1110, so the first octet can be from 11100000 (224) to 11101111 (239). The 0 is in the fourth bit position.

Class E

These are reserved addresses for testing and broadcasts. They start with 1111, so the first octet can have values from 11110000 (240) to 11111111 (255).

ClassFirst Octet Min (Decimal)First Octet Max (Decimal)0 PositionNetwork Portion
A00000000 (0)01111111 (127)First15.0.0.0
B10000000 (128)10111111 (191)Second127.15.0.0
C11000000 (192)11011111 (223)Third127.15.1.0
D11100000 (224)11101111 (239)Fourthnot defined
E11110000 (240)11111111 (255)Nonenot defined

Special Addresses

Directed Broadcast Address

Used by a host to send data to all devices on a specific network. The host portion of these addresses is populated by all binary 1’s. If network address is (Class B), then directed broadcast address is

Routers can communicate with directed broadcast addresses, but this is disabled by default. This is because hackers can use directed broadcast addresses to launch Denials of Service (DDOS) Attacks.

Local Broadcast Address

This address is used to communicate with all devices on a specific network. The entire IP address is binary 1’s, so the address is

When you machine requests an IP from the DHCP server, it doesn’t know the router’s IP and it doesn’t have one itself to speak from. It simply broadcasts to and requests an IP from the DHCP server. Traffic sent to this address is dropped by layer 3 routers and switches, it is only used to get IP’s from DHCP servers.

Local Loopback Address

Devices can send messages to themselves to verify that the TCP/IP stack is correctly installed. Loopbacks start with 127.x.x.x, with the most common address being In IPv6, the loopback address is ::1.

Note that a router has it’s own loopback address, with is different than the loopback address you would use to test your own machine. They have a loopback interface that can accept valid IP addresses and use those addresses for loopback.

RFC – Request for Comment

These are the new standards that are proposed for internet development. The final version of an RFC becomes an internet standard. Changes or updates can be implemented by newer RFC, essentially making the old standards obsolete.

RFC1918 is one important RFC that you should be aware of. It specifies private IP addresses, which are non-routable addresses on the internet. They will be blocked by service providers.

This RFC describes best practices when using private addressing. It identifies how IP addresses can be privatized internally and then translated when the machine has to speak to the wider internet. This spec has helped slow the exhaustion of IPv4 addresses.

The spec reserved (Class A), a single class A address. It reserved 16 contiguous Class B addresses starting at And it also reserved 256 contiguous class C addresses, starting at Remember that these address are not routable and any machine on one of these networks must be translated (network address translation or NAT) to speak with the world wide web.

IPv4 Link – Local Addresses

In the old days, you either had to have a DHCP server to give your machine an IP, or you had to assign one yourself. Nowadays, if no DHCP is available, your computer will automatically choose an IP in the range of This is called a link – local address.

Your machine will randomly assign the host portion, so you can network together any two machines automatically as long as there is a physical link between the network cards on the machine. The internet spec does all the configuration for you! Note – This address range is also non-routable. You can communicate with local machines, but not the internet.

Subnet Masks

Network masks help determine which portion of the address is the host and which is the network. Class A, B, and C networks have default masks, which are known as natural masks:

  • Class A – – The first octet is the network portion
  • Class B – – The first and second octet
  • Class C – – The first, second and third octet

The network mask simply shows which portion of the IP is network. If you have with a network mask of, you can look at the network mask and see that the first two octets are populated, so the network portion of the IP is 10.1 and the host / node portion is 1.1. In other words, the network is with a node of 1.1 on that network.

Computers use subnet masks when choosing how to send data, over the default gateway and onto the internet, or to the local network. A sender computer will check it’s IP address and subnet mask to determine the network ID (above 10.1). It will then compare this to the receivers IP address and subnet mask. If they are the same, the computer is speaking to a local device and requests the MAC address of the receiver to communicate locally. If the network ID’s are different, the message is sent to the default gateway and on to the world wide web to find it’s destination.


Classless interdomain routing was introduced in 1993, replacing classful IP addressing. It introduces Variable Length Subnet Masking (VLSM). Here is the difference:

  • IPv4 – – Indicates a class A network with the first octet representing the network portion
  • CIDR – – The /8 indicates the first octet represents the network portion

CIDR Notation

CIDR notation uses /x masks, which correspond to the number of binary bits that represent the network portion in the IP address. If our CIDR network mask is /24, that indicates the first 3 octets are network, thus you have a Class C address.

The reason we need CIDR is because the classful IP’s all have the subnet masks separated by the decimal. Class A uses the first octet. Class B uses the 1st and 2nd. There is no ability to only use a piece of the octet, you must use all of it with classful IP.

CIDR can split the IP within the octet boundaries. For instance, /20 indicates the first two octets are used for network and also the first 4 bits of the 3rd octet. /11 indicates the first octet and the first 3 bits in the second octet.

CISCO IOS Software

This is the operating system that you’ll find on most switches and routers. The software provides the network intelligence for devices. It is the most common networking software in the world. It’s used for both small and large devices, including:

  • Routers
  • Switches
  • LAN Switches
  • Wireless Access Points

Physical Connections to CISCO Router

To connect to a router or switch, you need:

  • Console Cable – RJ45 connector on one end to connect to console on router or switch, then DB9 male connector to connect to serial port on PC. If you don’t have a serial port, you’ll need USB-to-serial converter. Always connect RJ45 to console port on router, not AUX
  • Terminal Emulation Software
    • Hyperterminal
    • Putty – Free and works well, only for Windows
    • Terra Term
    • SecureCRT – Popular with networking engineers, not free
    • iTerm
    • Royal TSX


The Command Line Interface (CLI) accepts certain commands in certain modes. Be careful if the machine does not accept your command that you are in the right mode to issue that command. The mode is indicated with a distinctive prompt.

The prompt will be the router name followed by a sign.

Modes include:

User Mode

This is denoted by RouterName> notation. Only gives access to a limited number of basic monitoring commands. See the available commands with ?

Privilege Mode

From user mode, type enable for Privilege Mode. This is denoted by RouterName# notation.

Global Configuration Mode