Network reference Models and Protocols. OSI Model (Open system Interconnect Model). The OSI Model contains seven different layers. Technically this OSI Model is the ISO OSI Model (ISO + International Standards Organization) and they defined this OSI model. Layer 1 Physical: Is the physical layer, and the physical layer is concerned about how to get data on the wire. We're talking about the individual bits, the ones and zeros. How do we electrically represent them or how do we optically represent them, if we're using fiber optics. Layer 2 Data Link: Forwarding decisions based on an address that's burned in to the network interface card in a PC. Layer 3 Network: Forwarding decision based on a logical address, such as an IP address. Layer 4 Transport: TCP and UDP. Layer 5 Session: Is responsible for setting up, maintaining, and then tearing down sessions. Layer 6 Presentation: Concerned about how data is represented on the network. Layer 7 Aplication: Is some sort of a network service that allows other desktop applications to take advantage of that service. TCP/IP Model (DOD model / TCP/IP stack) DOD = Department of Defense model It's more IP-centric, the layers of the DoD Model can be mapped directly to one or more layers of the OSI Model. Layer 1 Network Access: This encompasses both the Physical and the Data Link layers of the OSI Model. Layer 2 Internet: Which is a direct correlation to the OSI Model's Network layer. Layer 3 Transport: It's named the same as its corresponding layer over in the OSI Model. Layer 4 Application: The Session, the Presentation, the Application  were  group  together  into this layer. IP, ICMP, UDP, and TCP IP: Internet Protocol (layer 3) ICMP: Internet Control Message Protocol (layer 3), A really common use for ICMP is to do something called a ping, a ping can allow us to determine if our network device has reachability to another network device UDP: User Data-ground protocol (Layer 4 of OSI model). Is not considered to be reliable, a unit of data at layer four, it's called a segment, we send a UDP segment, and we hope it gets to its destination, but we have no guarantee that it got to its destination. There's no acknowledgement coming back from the far side. TCP: Transmission Control Protocol (Layer 4 of OSI model) Is reliable, it's called connection-oriented because we set up a connection and it can detect if we drop a segment. A TCP session is set up using something called a three-way handshake: step one : Send an asynchronization message (SY) to set up a session. step two: The receiver need to send back an acknowledge message that it was received the SY message, and also a SY message is required from the receiver. step three: An acknowledgement message for the SY (1) SYN (2) SYN + ACK (3) SYN TCP windowing :  Once a TCP session is set up we can send varying amounts of data before expecting an acknowledgement. Domain Name System (DNS) Resolves a Fully-Qualified Domain Name (FQDN) to an IP address. A DNS server can take a well-known name, which we call a fully qualified domain name, and map it to a corresponding IP address. A DNS server can take a well-known name, which we call a fully qualified domain name, and map it to a corresponding IP address. well-known port for DNS is port 53 well-known port for DNS is port 53 Ports and Protocols The applications that we use are generally associated with a port number. In fact, there's quite a collection of what are called well-known port numbers. A well-known port number is in the range of 1023 or less. But we also have port numbers that are not necessarily well-known. Those are in the range of 1024 and greater. The following list have some of the more popular protocols. Notice on this table I've listed a protocol, its description, and what TCP or UDP port or ports it might be using. Protocol Description TCP Port UDP Port FTP File Transfer Protocol: Transfers files with a remote host (typically requires authentication of user credentials) 20 and 21   SSH Secure Shell: Securely connect to a remote host (typically via terminal emulator) 22   SFTP Secure FTP: Provides FTP file-transfer service over an SSH connection 22   SCP Secure Copy: Provides a a secure file-transfer service over SSH connection and offers a file's original date and time information, which is not available with SFTP 22   Telnet Telnet: Used to connect to a remote host (typically via a terminal emulator) 23   SMTP Simple Mail Transfer Protocol: Used for sending e-mail 25   DNS Domain Name System: Resolves domain names to corresponding IP address 53 53 TFTP Trivial File Transfer Protocol: Transfer files with a remote host (does not require authentication of user credentials)   69 DHCP Dynamic Host Configuration Protocol: Dynamically assigns IP address information (for example, IP address, subnet mask, DNS server's IP address, and default gateway's IP address) to a network device   67 HTTP Hypertext Transfer Protocol: Retrieves content from a web server 80   POP3 Post Office Protocol version 3: Retrieves e-mail from an e-mail server 110   NNTP Network News Transport Protocol: Supports the posting and reading of articles on Usenet news servers 119   NTP Network Time Protocol: Used by a network device to synchronize its clock with a time server ( NTP server)   123 SNTP Simple Network Time Protocol: Supports time synchronization among the network devices, similar to NTP, although SNTP uses a less complex algorithm in its calculation and is slightly less accurate than NTP   123 IMAP4 Internet Message Access Protocol version 4: Retrieves e-mail from an e-mail server 143   LDAP Lightweight Directory Access Protocol: provides directory services (for example, a user directory - including username, password, e-mail, and phone number information) to network clients 389   HTTPS Hypertext Transfer Protocol Secure: Used to securely retrieve content from a web server 443   rsh Remote Shell: Allows commands to be executed on a computer from a remote user 514   RTSP Real Time Streaming Protocol: Communicates with a media server (for example, a video server) and controls the playback of the server's media files 554 554 RDP Remote Desktop Protocol: A Microsoft protocol that allows a user to view and control the desktop of a remote computer. 3389     Protocol Data Units (PDUs) Aplication Presentation Sesion Transport ----- Segments Network ----- Packet (or Datagramas) Data Link ----- Frames Physical  ----- Bits

Common Network Infrastructure Devices Router: A Layer 3 device that can make forwarding decisions based on logical addresses (e.g. IP addresses). Wide Area Network (WAN) Connection: A network connection that interconnects geographically separate networks. Virtual Private Network (VPN): Allows a secure connection to be setup over an untrusted network (e.g. the Internet). Wireless Access Point : Communicates with wireless devices (e.g. smart phones, printers, or laptops) and interconnects those devices with a wired network. Ethernet Switch: A layer 2 device that makes forwarding decisions based on physical addresses (e.g. MAC addresses). Media Access Control (MAC) Address: A 48-bit addressed burned into a NIC, typically written in hexadecimal notation. Intrusion Prevention System (IPS): A sensor that sits in-line with network traffic, can recognize the signature of well-known attacks, and can stop those attacks. Intrusion Detection System (IDS): A sensor that receives a copy of network traffic, can recognize the signature of well-known attacks, and can stop those attacks. Firewall: A network device that uses a set of rules to determine what traffic to permit or deny between different portions (e.g. zones) of a network. Demilitarized Zone (DMZ): The term typically given to a portion of a network that should be accessible by external devices (e.g. devices on the internet). Firewall Router: A router configured to perform firewall functions, in addition to router functions. Multilayer Switch: An Ethernet switch that can make forwarding decisions based on layer 3 (and Higher) information (e.g. IP address), like a router, and can also make decisions based on Layer 2 information (e.g. MAC addresses), like a layer 2 Ethernet switch. Cache Engine: Locally stores content retrieved from a remote network (typically the internet), and sends that content to local devices requesting that content, thus saving bandwidth. Network-Attached Storage (NAS) Device: A network appliance that makes storage resources (e.g. large, redundant hard drives) available to network clients. Firewalls A network device (Or software) that can help prevent malicious traffic from spreading into a secured area a network, through the use of rule set. Firewall types: Packet Filter- A type of firewall that can permit or deny traffic based on information such as source and/or destination IP address and port numbers. Stateful Firewall- A type of firewall that, in addition to permitting or denying traffic based on IP address and/or port number information, can inspect sessions and recognize return traffic for a session that was initiate from a trusted network. Application Layer Firewall- A type of firewall that, in addition to inspecting sessions and permitting or denying traffic based on IP address and/or port number information, understands the nature of an application (e.g. its use of different protocols). Wireless Access Points Wireless Ad Hoc Network: Allows wireless devices to communicate with the one another without using a network infrastructure. Autonomous APs: Wireless access points that are individually managed. Lightweight APs: Wireless access points that are managed by a wireless LAN controller Lightweight Access Point Protocol (LWAPP): A protocol used by a wireless LAN controller to communicate with the lightweight APs it manages. Note that many LWAPP deployments are being replaced with the newer Control and Provisioning of Wireless Access Points (CAPWAP) protocol, which performs a similar function.