EITF45 övning 3 (FL6) Networking uppgifter med lösningar.pdf

# Network communication analysis and message tracing This topic focuses on understanding how data travels across networks by analyzing the different types of messages exchanged, including their MAC and IP addresses, and how they are processed by various network devices [2](#page=2). ### 1.1 Message types and their roles Network communication involves various types of messages, each serving a specific purpose. Understanding these messages is crucial for tracing communication flows and diagnosing network issues. #### 1.1.1 ARP (Address Resolution Protocol) ARP is used to discover the MAC address associated with a known IP address on the local network segment [5](#page=5) [8](#page=8). * **ARP Request:** When a host needs to send a packet to an IP address on the same network segment but doesn't know the corresponding MAC address, it broadcasts an ARP request. This request contains the sender's MAC and IP addresses, and the target IP address. The MAC address destination is a broadcast address (FF:FF:FF:FF:FF:FF) as it's sent to all devices on the local network [3](#page=3) [5](#page=5) [8](#page=8). * **ARP Reply:** The host with the matching IP address responds with an ARP reply, containing its MAC and IP addresses, to the original sender [5](#page=5) [8](#page=8). ARP messages are Ethernet frames and do not typically have an IP header, although IP addresses are included in the ARP header [5](#page=5) [8](#page=8). #### 1.1.2 DNS (Domain Name System) DNS is responsible for translating symbolic hostnames (like "www.d.se") into IP addresses [2](#page=2) [3](#page=3) [8](#page=8). * **DNS Request:** A host sends a DNS request to a DNS server to resolve a hostname. This request includes the sender's IP and MAC addresses, and the destination IP and MAC addresses of the DNS server [3](#page=3) [8](#page=8). * **DNS Reply:** The DNS server responds with the IP address corresponding to the requested hostname, including sender and receiver IP and MAC addresses [3](#page=3) [8](#page=8). #### 1.1.3 ICMP (Internet Control Message Protocol) ICMP is used for error reporting and network diagnostics. * **ICMP Echo Request (Ping):** A common use of ICMP is the echo request, used for pinging a host to check its reachability and response time. A host sends an ICMP Echo Request to the destination IP address and the MAC address of its default gateway (or directly if on the same network) [2](#page=2) [3](#page=3) [8](#page=8). * **ICMP Echo Reply:** The destination host sends an ICMP Echo Reply back to the source [2](#page=2) [3](#page=3). * **ICMP Redirect:** Historically, a router might send an ICMP redirect message to a host to inform it that a more efficient path exists for subsequent traffic to a particular destination [2](#page=2). #### 1.1.4 HTTP (Hypertext Transfer Protocol) HTTP is the foundation of data communication for the World Wide Web, used for fetching web pages and resources [10](#page=10) [4](#page=4) [5](#page=5) [8](#page=8). * **HTTP Request:** When a client requests a web page, it sends an HTTP request. This request includes the client's IP and MAC addresses, and the destination IP and MAC addresses of the web server. The communication often involves routing through intermediate devices like routers [10](#page=10) [5](#page=5) [8](#page=8). ### 1.2 Message tracing in different network scenarios Analyzing network communication requires understanding how different network devices handle messages. #### 1.2.1 Hosts, Routers, Switches, and Hubs The behavior of network devices significantly impacts how messages are propagated and observed. * **Hub:** A hub operates at the physical layer and simply repeats any incoming signal to all its other ports. This means any traffic on a hub is visible to all connected devices, creating a single collision domain. ARP requests and replies, as well as IP packets, broadcasted by or destined for any host connected to the hub will be seen by other connected hosts [4](#page=4) [5](#page=5) [6](#page=6) [7](#page=7). * **Switch:** A switch operates at the data link layer and learns MAC addresses associated with its ports. It forwards frames only to the specific port where the destination MAC address is located. Switches segment networks into smaller collision domains. If A sends an IP packet to C, and Gizmo is a switch, nothing will be seen on B's link if A and C are on the same network segment and the switch has learned C's MAC address [4](#page=4) [5](#page=5). * **Router:** A router operates at the network layer and connects different IP networks. It forwards IP packets based on destination IP addresses and routing tables. When a host sends an IP packet to a destination on a different network, it sends the packet to its default gateway (router). Routers create separate broadcast domains. If Gizmo is a router, and A wants to send to C (on a different network), A will send the packet to the router, and nothing will be seen on B's link if B is not directly connected to A's network segment [2](#page=2) [4](#page=4) [5](#page=5). #### 1.2.2 Scenarios and Message Flows **Scenario 1: Host A pings Host D (known by symbolic address)** When host A wants to ping host D, and only knows D by its symbolic address "www.d.se", several steps are involved, assuming empty caches [2](#page=2): 1. **ARP Request for DNS Server:** Host A needs to resolve the IP address of "www.d.se". First, it needs the MAC address of its default gateway (R1). It sends an ARP request to find the MAC address of the DNS server. This request is broadcasted [2](#page=2) [3](#page=3). 2. **ARP Reply from DNS Server:** The DNS server replies with its MAC address [3](#page=3). 3. **DNS Request:** Host A sends a DNS request to the DNS server to resolve "www.d.se" [2](#page=2) [3](#page=3). 4. **DNS Reply:** The DNS server replies with the IP address of "www.d.se" [2](#page=2) [3](#page=3). 5. **ARP Request for R1:** Now that A knows the IP address of R1 (its default gateway), it sends an ARP request to find R1's MAC address. This is broadcasted to discover R1's MAC address if it's on the same local network [3](#page=3). 6. **ARP Reply from R1:** R1 replies with its MAC address [3](#page=3). 7. **ICMP Echo Request to R1:** Host A sends the ICMP Echo Request to the IP address of D, but with R1's MAC address as the Layer 2 destination, as R1 is the default gateway [2](#page=2) [3](#page=3). 8. **R1 forwards ICMP Echo Request:** R1, upon receiving the packet, consults its routing table. It identifies that D is reachable via R2. R1 then forwards the ICMP Echo Request towards R2. If R2 is not on the same local network as R1, R1 will perform an ARP request to find R2's MAC address [3](#page=3). 9. **ICMP Echo Reply from D:** Host D receives the ICMP Echo Request and sends an ICMP Echo Reply back. This reply will traverse back through R2 and R1 to reach A [2](#page=2) [3](#page=3). **Scenario 2: Host B pings Host D (known by symbolic address)** This scenario is similar to scenario 1, but focuses on the messages seen by B, and highlights ARP broadcasts [2](#page=2) [3](#page=3). * **ARP Request for DNS Server:** Host B broadcasts an ARP request for the DNS server's MAC address [3](#page=3). * **ARP Request for R1:** Host B broadcasts an ARP request for R1's MAC address [3](#page=3). * **ARP Request for R2:** R1 might broadcast an ARP request for R2's MAC address if it needs to communicate with R2 and its ARP cache is empty [3](#page=3). **Scenario 3: Host A sends an IP packet to Host C (with updated caches)** If the network has been running and caches are updated, A already knows C's MAC address (if they are on the same network) [4](#page=4). * **Hub:** If Gizmo is a hub, A sends an IP packet with C's IP and MAC address. The hub broadcasts this packet to all ports, including B's link [4](#page=4). * **Switch:** If Gizmo is a switch, A sends an IP packet with C's IP and MAC address. The switch forwards this packet only to the port connected to C, so nothing appears on B's link [4](#page=4). * **Router:** If Gizmo is a router, A sends an IP packet with C's IP address. However, the Layer 2 destination MAC address will be the router's MAC address, as C is on a different network. Nothing appears on B's link [4](#page=4). **Scenario 4: Host A sends an IP packet to Host C (with empty caches)** With empty caches, A needs to discover C's MAC address [4](#page=4) [5](#page=5). * **Hub:** A sends an ARP request for C's MAC address, which is broadcast and seen on B's link. C's ARP reply is also broadcast and seen on B's link. Finally, A's IP packet to C is sent [5](#page=5). * **Switch:** A sends an ARP request for C's MAC address, which is broadcast. The switch learns C's MAC address from C's ARP reply and forwards it accordingly. Only the ARP request is seen on B's link [5](#page=5). * **Router:** A sends an ARP request for the router's MAC address, then sends the IP packet to the router. Nothing is seen on B's link [5](#page=5). **Scenario 5: Host A wants to fetch a webpage from "WWW" (Gizmo is a switch, empty caches)** This scenario involves a sequence of ARP, DNS, and HTTP requests [5](#page=5). 1. **ARP Request (A to Router):** A needs to send to the router. It broadcasts an ARP request for the router's MAC address [5](#page=5). 2. **ARP Reply (Router to A):** The router replies with its MAC address [5](#page=5). 3. **DNS Request (A to Router to DNS):** A needs the IP address of "WWW". It sends a DNS request to its router, which forwards it to the DNS server [5](#page=5). 4. **ARP Request (Router to DNS):** The router needs the MAC address of the DNS server to forward the request. It broadcasts an ARP request [5](#page=5). 5. **ARP Reply (DNS to Router):** The DNS server replies with its MAC address [5](#page=5). 6. **DNS Request (Router to DNS):** The router forwards the DNS request to the DNS server [5](#page=5). 7. **DNS Reply (DNS to Router to A):** The DNS server replies with the IP address of "WWW", sent back to the router and then to A [5](#page=5). 8. **HTTP Request (A to Router to WWW):** A sends an HTTP request for "www.mypage.se/minsida.html" to its router, destined for the IP address of WWW [5](#page=5). 9. **ARP Request (Router to WWW):** The router needs the MAC address of WWW. It broadcasts an ARP request to find it [5](#page=5). 10. **ARP Reply (WWW to Router):** WWW replies with its MAC address [5](#page=5). 11. **HTTP Request (Router to WWW):** The router forwards the HTTP request to WWW [5](#page=5). **Scenario 6: Host B sends an IP packet to DNS Server (empty caches)** This scenario illustrates communication within a network segment and across subnets [7](#page=7) [8](#page=8). 1. **ARP request (B to Router A):** Host B needs to send to the DNS server, which is on a different subnet. B first sends an ARP request for its default gateway, Router A [7](#page=7) [8](#page=8). 2. **ARP reply (Router A to B):** Router A replies with its MAC address [7](#page=7) [8](#page=8). 3. **DNS request (B to Router A to DNS):** B sends a DNS request to Router A, which forwards it towards the DNS server [7](#page=7) [8](#page=8). 4. **ARP request (Router A to DNS):** Router A needs the MAC address of the DNS server to forward the request. It sends an ARP request on the DNS server's subnet [7](#page=7) [8](#page=8). 5. **ARP reply (DNS to Router A):** The DNS server replies with its MAC address [7](#page=7) [8](#page=8). 6. **DNS request (Router A to DNS):** Router A forwards the DNS request to the DNS server [7](#page=7) [8](#page=8). 7. **DNS Reply (DNS to Router A to B):** The DNS server replies to Router A, which then forwards the reply to B [7](#page=7) [8](#page=8). **Scenario 7: Host A fetches a webpage from the webserver (empty caches)** This detailed scenario shows the interaction of ARP, DNS, and HTTP requests when accessing a web server from a different subnet [7](#page=7) [8](#page=8). 1. **ARP request (A to Router A):** Host A needs to access the web server, which is on a different subnet. A first sends an ARP request for its default gateway, Router A [7](#page=7) [8](#page=8). 2. **ARP reply (Router A to A):** Router A replies with its MAC address [7](#page=7) [8](#page=8). 3. **DNS request (A to Router A to DNS):** A needs the IP address of the web server. It sends a DNS request to Router A, which forwards it to the DNS server [7](#page=7) [8](#page=8). 4. **ARP request (Router A to DNS):** Router A needs the MAC address of the DNS server. It sends an ARP request on the DNS server's subnet [7](#page=7) [8](#page=8). 5. **ARP reply (DNS to Router A):** The DNS server replies with its MAC address [7](#page=7) [8](#page=8). 6. **DNS request (Router A to DNS):** Router A forwards the DNS request to the DNS server [7](#page=7) [8](#page=8). 7. **DNS Reply (DNS to Router A to A):** The DNS server replies with the web server's IP address to Router A, which then forwards it to A [7](#page=7) [8](#page=8). 8. **ARP request (A to Router B):** A now needs to send an HTTP request to the web server's IP. Since the web server is on a different subnet from A, A sends the packet to its default gateway (Router A). However, if Router A has multiple interfaces and the web server is reachable through Router B, A might be directed to Router B. This example shows A sending an ARP request for Router B's MAC address [7](#page=7) [8](#page=8). 9. **ARP reply (Router B to A):** Router B replies with its MAC address [7](#page=7) [8](#page=8). 10. **HTTP request (A to Router B to WWW):** A sends the HTTP request with the web server's IP address and Router B's MAC address as the Layer 2 destination [7](#page=7) [8](#page=8). 11. **ARP request (Router B to WWW):** Router B needs to send the HTTP request to the web server and thus needs its MAC address. Router B sends an ARP request for the web server's MAC address [7](#page=7) [8](#page=8). 12. **ARP reply (WWW to Router B):** The web server replies with its MAC address [7](#page=7) [8](#page=8). 13. **HTTP request (Router B to WWW):** Router B forwards the HTTP request to the web server [7](#page=7) [8](#page=8). **Scenario 8: Host E fetches a webpage from www.nyheter.se (empty caches, WiFi network)** This scenario details a web page retrieval process in a WiFi network with an access point acting as a switch [10](#page=10) [9](#page=9). 1. **ARP request (E to DNS):** Host E needs to resolve "www.nyheter.se". Since the DNS server is on a different subnet, E first sends an ARP request for its default gateway (likely a router associated with the access point) if it doesn't have it cached. However, the example shows an ARP request directly for the DNS server's MAC address, implying they might be on the same segment or the router handles this. The destination MAC is broadcast [10](#page=10). 2. **ARP reply (DNS to E):** The DNS server replies with its MAC address [10](#page=10). 3. **DNS request (E to DNS):** E sends a DNS request to the DNS server for "www.nyheter.se" [10](#page=10). 4. **DNS Reply (DNS to E):** The DNS server replies with the IP address of "www.nyheter.se" [10](#page=10). 5. **ARP request (E to Router):** E needs to send an HTTP request to the web server, which is on a different subnet. E sends an ARP request for its router's MAC address. The destination MAC is broadcast [10](#page=10). 6. **ARP reply (Router to E):** The router replies with its MAC address [10](#page=10). 7. **HTTP request (E to Router to Webserver):** E sends the HTTP request with the web server's IP address and the router's MAC address as the Layer 2 destination. The router then forwards the packet. The document notes that the router might not know the MAC address of the web server and might need to ARP for it on the destination network [10](#page=10). ### 1.3 Network address structures and analysis Understanding IP and MAC addresses is fundamental to network communication analysis. #### 1.3.1 MAC Addresses MAC (Media Access Control) addresses are unique hardware identifiers assigned to network interfaces. They are used at Layer 2 for communication within a local network segment [2](#page=2) [3](#page=3) [5](#page=5). #### 1.3.2 IP Addresses IP (Internet Protocol) addresses are logical addresses used at Layer 3 to identify devices on a network and to route packets between networks [2](#page=2) [3](#page=3) [5](#page=5). #### 1.3.3 Subnetting and Address Allocation Networks are often divided into subnets to improve organization and efficiency. * **CIDR Notation:** Classless Inter-Domain Routing (CIDR) notation, such as `/26` or `/29`, specifies the number of bits used for the network portion of an IP address. This determines the number of hosts that can be addressed within that subnet [11](#page=11) [12](#page=12). * **Host ID Calculation:** For a subnet with `$n$` bits for the network ID and `$32-n$` bits for the host ID in IPv4, the total number of addresses is $2^{(32-n)}$. Subtracting two addresses for the network address and the broadcast address leaves the number of available hosts. For example, a `/26` subnet means 26 bits for the network, leaving 6 bits for hosts, thus $2^6 = 64$ total addresses, and $64-2=62$ usable hosts [11](#page=11) [6](#page=6). * **Broadcast Addresses:** Each subnet has a broadcast address, which is a special IP address used to send data to all hosts within that subnet. For a `/29` subnet, the broadcast address can be determined based on the network address and the subnet mask [10](#page=10) [11](#page=11). > **Tip:** When analyzing communication, always consider whether devices are on the same local network segment or if routing is involved. This will determine whether ARP is needed and how MAC addresses are resolved. > **Example:** In scenario 1 (a), A needs to ping D. A does not know D's IP address initially. So A first performs DNS resolution to get D's IP address. Then, A needs to send the packet to its default gateway (R1), so it performs an ARP lookup for R1's MAC address. R1 then routes the packet to R2, and eventually to D. The entire process involves DNS, ARP, and ICMP messages. ### 1.4 Collision Domains and Network Segmentation Understanding collision domains is essential for analyzing network performance, especially in older network topologies. * **Collision Domain:** A collision domain is a network segment where data collisions can occur if two devices transmit data simultaneously [6](#page=6). * **Hubs and Collisions:** Devices connected via a hub share the same collision domain. This limits simultaneous transmission and can lead to performance degradation as more devices are added [6](#page=6). * **Switches and Routers:** Switches create separate collision domains for each port, significantly reducing collisions. Routers, by connecting different IP networks, also isolate collision domains [4](#page=4). > **Tip:** Pay close attention to the type of device (hub, switch, router) connecting network segments. This is a key factor in determining how messages are propagated and what is visible on different links. > **Example:** In task 2 (a), if Gizmo is a hub, A's IP packet to C will be seen on B's link because the hub broadcasts everything. If Gizmo is a switch, only the ARP request (if caches are empty) would be seen on B's link, as the switch intelligently forwards the IP packet directly to C. --- # IP addressing and subnetting This section examines IP addressing schemes, the process of subnetting networks, and the calculation of available host addresses within given network ranges, including the use of CIDR notation. ### 2.1 Understanding IP Addresses IP addresses are fundamental to network communication, uniquely identifying devices on a network. The document implicitly refers to IPv4 addressing, which uses a 32-bit structure. ### 2.2 Subnetting Fundamentals Subnetting is the process of dividing a larger network into smaller, more manageable subnetworks. This is achieved by borrowing bits from the host portion of an IP address to create a subnet identifier. #### 2.2.1 Subnet Mask A subnet mask is used in conjunction with an IP address to determine which part of the address represents the network and which part represents the host. It is a 32-bit number that has a binary value of '1' for network bits and '0' for host bits [6](#page=6). #### 2.2.2 CIDR Notation Classless Inter-Domain Routing (CIDR) is a method for specifying IP address allocation and routing. It uses a notation that indicates the number of bits used for the network portion of an IP address. For example, a `/24` indicates that the first 24 bits are used for the network ID, leaving 8 bits for host IDs [11](#page=11). ### 2.3 Calculating Available Host Addresses The number of available host addresses within a subnet is determined by the number of bits allocated to the host portion of the IP address. - The total number of addresses in a subnet is $2^h$, where $h$ is the number of host bits [12](#page=12). - However, two addresses are reserved: the network address (host bits all set to 0) and the broadcast address (host bits all set to 1) [12](#page=12). - Therefore, the number of usable host addresses is $2^h - 2$. #### 2.3.1 Example Calculation Consider a network with the address `135.230.15.128/26` [11](#page=11). - The `/26` CIDR notation means that 26 bits are used for the network ID. - This leaves $32 - 26 = 6$ bits for the host ID. - The total number of addresses in this subnet is $2^6 = 64$. - The number of usable host addresses is $2^6 - 2 = 64 - 2 = 62$ [11](#page=11) [12](#page=12). > **Tip:** When calculating for a subnet, remember that the network address and broadcast address are reserved and cannot be assigned to hosts. ### 2.4 Subnetting Examples and Applications The provided document includes several examples of subnetting scenarios and the determination of network addresses and host availability. #### 2.4.1 Scenario: Adding Hosts to a Network If a network is `8.168.1.0/24` it has 24 bits for the network ID and $32 - 24 = 8$ bits for the host ID. This allows for $2^8 - 2 = 256 - 2 = 254$ host addresses. If we want to add more hosts, we might need to re-evaluate the subnetting strategy or consider larger blocks. The question of how many host IDs are unused implies a current configuration where not all possible addresses within the `8.168.1.0/24` block are in use [6](#page=6). #### 2.4.2 Scenario: Configuring Subnets with CIDR For a network that requires two subnets, CIDR can be used to allocate appropriate address blocks. If a `/24` network is divided into two subnets, each subnet could be assigned a `/25` block. For instance, if the original network is `130.235.15.0/24` the two subnets could be `130.235.15.0/25` and `130.235.15.128/25`. Each of these `/25` subnets has $32 - 25 = 7$ host bits, yielding $2^7 - 2 = 128 - 2 = 126$ hosts per subnet [12](#page=12). If a `/24` network is to be divided into four subnets, each could be assigned a `/26` block. For the network `130.235.15.0/24`, the subnets could be `130.235.15.0/26`, `130.235.15.64/26`, `130.235.15.128/26`, and `130.235.15.192/26`. Each `/26` subnet has $32 - 26 = 6$ host bits, resulting in $2^6 - 2 = 64 - 2 = 62$ hosts per subnet. The broadcast addresses for these subnets would be the last address in each block: `130.235.15.63`, `130.235.15.127`, `130.235.15.191`, and `130.235.15.255` respectively [12](#page=12). > **Example:** A network `135.230.15.128/26` implies a network address of `135.230.15.128` and a subnet mask that reserves 26 bits for the network ID. This leaves 6 bits for host addresses. The first usable host IP is `135.230.15.129` and the last is `135.230.15.190`. The broadcast address is `135.230.15.191` [11](#page=11). ### 2.5 Network Device Roles in IP Addressing The examples illustrate how different network devices interact with IP addresses during communication. - **ARP (Address Resolution Protocol):** Used to resolve an IP address to a MAC address within the same local network segment. An ARP request is broadcast to all devices on the local network [11](#page=11) [9](#page=9). - **Routers:** Devices that connect different IP subnets. They use routing tables to determine the next hop for IP packets destined for remote networks [6](#page=6). - **DNS (Domain Name System):** Resolves human-readable domain names into IP addresses [9](#page=9). #### 2.5.1 Example: IP Packet Transmission with ARP When Computer A sends an IP packet to Computer B, and their ARP caches are empty, Computer A must first determine Computer B's MAC address. 1. **ARP Request:** Computer A broadcasts an ARP request on its local network, asking for the MAC address associated with Computer B's IP address. The ARP request's source IP is A's IP, and the destination IP is B's IP. The source MAC is A's MAC, and the destination MAC is the broadcast MAC address `FF:FF:FF:FF:FF:FF` [11](#page=11) [9](#page=9). 2. **ARP Reply:** If Computer B is on the same network, it will reply with its MAC address. The ARP reply's source IP is B's IP, and the destination IP is A's IP. The source MAC is B's MAC, and the destination MAC is A's MAC [11](#page=11). 3. **IP Packet:** Once A has B's MAC address, it can send the IP packet. The IP packet's source IP is A's IP, and the destination IP is B's IP. The source MAC is A's MAC, and the destination MAC is B's MAC [11](#page=11). If B is on a different subnet, the packet will be sent to the default gateway (router) first. The ARP process would then occur between A and the router, and then potentially between the router and B (or intermediate devices). #### 2.5.2 Host Location Determination The examples demonstrate how to infer the network segment a host is connected to based on network traffic patterns and IP addresses. - If an ARP request is sent from Host X to Host Y, and Y replies, they are likely on the same network segment [12](#page=12). - If an IP packet from Host A to Host B goes through a router, it suggests B is on a different subnet [12](#page=12). - If a device sends a request (e.g., DNS Request) and receives a reply without involving external routing, the devices are on the same network [12](#page=12). - A device located "outside the network" would not typically participate in local ARP broadcasts or have its traffic relayed through local routers for intra-network communication scenarios described in these examples [12](#page=12). --- # Network device behavior in different network topologies This section explores how network devices like hubs, switches, and routers handle and transmit network messages, impacting network visibility and communication flow across various topologies. ### 3.1 Device behavior based on device type The behavior of network devices when forwarding messages is fundamentally different, leading to varying levels of network visibility and message propagation. #### 3.1.1 Hubs When a hub is used, it operates at the physical layer (Layer 1) and essentially acts as a multi-port repeater. Any data packet received on one port is broadcasted to all other connected ports, regardless of the intended destination. This means all devices connected to a hub will see all traffic that passes through it [4](#page=4). * **Scenario: A sends an IP packet to C, and address caches are updated.** If Gizmo is a hub and A wants to send an IP packet to C (assuming they are on the same network and A knows C's MAC address), A will send an IP packet with C's IP address and C's MAC address. The hub will broadcast this packet on all its ports, so the link to B will also see this packet [4](#page=4). * **Scenario: A sends an IP packet to C, and address caches are empty.** If Gizmo is a hub and A does not know C's MAC address, A will first send an ARP request to find C's MAC address. This ARP request is broadcasted to B and C. The hub broadcasts this request to all ports. C's ARP reply will also be broadcasted by the hub to all ports, including the link to B. Subsequently, A's IP packet to C will also be broadcasted on all ports [5](#page=5). #### 3.1.2 Switches Switches operate at the data link layer (Layer 2) and are more intelligent than hubs. They maintain a MAC address table and learn which MAC addresses are connected to which ports. When a switch receives a frame, it examines the destination MAC address and forwards the frame only to the specific port where that MAC address is located [4](#page=4). * **Scenario: A sends an IP packet to C, and address caches are updated.** If Gizmo is a switch and A wants to send an IP packet to C (assuming they are on the same network and A knows C's MAC address), A sends an IP packet with C's IP address and C's MAC address. The switch will inspect the destination MAC address and forward the packet only to the port connected to C. Therefore, nothing will be seen on the link to B [4](#page=4). * **Scenario: A sends an IP packet to C, and address caches are empty.** If Gizmo is a switch and A does not know C's MAC address, A must first send an ARP request to discover C's MAC address. This ARP request is broadcasted. Since it's a broadcast, it will be seen on the link to B. Once C replies to the ARP request, the switch learns C's MAC address and associates it with the correct port. Subsequent traffic between A and C will be forwarded directly to C's port, and nothing further will be seen on the link to B [5](#page=5). #### 3.1.3 Routers Routers operate at the network layer (Layer 3) and are responsible for forwarding packets between different networks. When a router receives a packet, it examines the destination IP address. It then consults its routing table to determine the best path to reach the destination network and forwards the packet to the appropriate next-hop router or directly to the destination host if it's on a directly connected network. Routers do not forward broadcast traffic from one network to another (unless specifically configured to do so). * **Scenario: A sends an IP packet to C, and address caches are updated.** If Gizmo is a router, A will send its IP packet destined for C. A will use the MAC address of the router as the destination MAC address for the frame containing the IP packet. The router will then process the IP packet and route it towards C's network. Nothing will be seen on the link to B because the router is an intermediary device between A and C, and A is addressing the frame to the router, not directly to C's MAC address at this hop [4](#page=4). * **Scenario: A sends an IP packet to C, and address caches are empty.** If Gizmo is a router, A will first need to send an ARP request to obtain the router's MAC address since the router is the gateway to C's network. After receiving the router's MAC address, A sends the IP packet with the router's MAC address as the destination MAC address. The router then handles the routing. Nothing will be seen on the link to B, as A is communicating with the router, not directly with C's MAC address at this stage [4](#page=4) [5](#page=5). ### 3.2 Detailed packet flow for a web page request through a switch This section details the sequence of packets and frames involved when a host (A) requests a web page from a web server (WWW) through a switch, assuming all address caches are initially empty. The scenario involves the resolution of IP addresses to MAC addresses, including DNS lookups. * **Context:** Gizmo is a switch, and A wants to fetch a web page from "WWW" at the URL www.mypage.se/minsida.html. * **Packet/Frame Breakdown:** 1. **Message:** ARP Request * **From MAC:** A * **To MAC:** Broadcast * **From IP:** (A) * **To IP:** (Router) * **Description:** A needs to send an IP packet to C, but since caches are empty and C might be on a different network, A first needs the MAC address of the default gateway (router) to reach the internet. Therefore, A sends an ARP request to find the router's MAC address. This is broadcasted on the local segment. 2. **Message:** ARP Reply * **From MAC:** Router * **To MAC:** A * **From IP:** (Router) * **To IP:** - (Not applicable for ARP reply) * **Description:** The router receives the ARP request and replies with its MAC address to A. The switch learns the router's MAC address and the port it's connected to. 3. **Message:** DNS Request * **From MAC:** A * **To MAC:** Router (MAC of the default gateway) * **From IP:** A * **To IP:** DNS Server IP * **Description:** A sends a DNS request to resolve the IP address of www.mypage.se. This request is encapsulated in an IP packet with the destination IP address of the DNS server and is sent to the router's MAC address. 4. **Message:** ARP Request * **From MAC:** Router * **To MAC:** Broadcast * **From IP:** (Router) * **To IP:** (DNS Server) * **Description:** The router, in turn, needs to send the DNS request to the actual DNS server. If the router does not have the DNS server's MAC address cached, it will send an ARP request for the DNS server's MAC address. 5. **Message:** ARP Reply * **From MAC:** DNS Server * **To MAC:** Router * **From IP:** (DNS Server) * **To IP:** - * **Description:** The DNS server replies with its MAC address to the router. 6. **Message:** DNS Request * **From MAC:** Router * **To MAC:** DNS Server (MAC of the DNS server) * **From IP:** Router (or source IP of A, depending on configuration) * **To IP:** DNS Server IP * **Description:** The router now forwards the DNS request to the DNS server using the DNS server's MAC address. 7. **Message:** DNS Reply * **From MAC:** DNS Server * **To MAC:** Router * **From IP:** DNS Server IP * **To IP:** Router IP (or A's IP) * **Description:** The DNS server replies with the IP address of www.mypage.se to the router. 8. **Message:** DNS Reply * **From MAC:** Router * **To MAC:** A * **From IP:** Router IP (or DNS Server IP) * **To IP:** A's IP * **Description:** The router forwards the DNS reply back to A. A now knows the IP address of www.mypage.se. 9. **Message:** HTTP Request * **From MAC:** A * **To MAC:** Router (MAC of the default gateway) * **From IP:** A * **To IP:** WWW IP address * **Description:** A now sends the HTTP request for the web page to the web server's IP address. This request is framed with the router's MAC address as the destination MAC address. 10. **Message:** ARP Request * **From MAC:** Router * **To MAC:** Broadcast * **From IP:** (Router) * **To IP:** (WWW) * **Description:** The router needs to send the HTTP request to the web server (WWW). It sends an ARP request to discover the MAC address of the web server. 11. **Message:** ARP Reply * **From MAC:** WWW (Web Server) * **To MAC:** Router * **From IP:** (WWW) * **To IP:** - * **Description:** The web server replies with its MAC address to the router. 12. **Message:** HTTP Request * **From MAC:** Router * **To MAC:** WWW (MAC of the web server) * **From IP:** Router IP (or A's IP) * **To IP:** WWW IP address * **Description:** The router finally forwards the HTTP request to the web server using the web server's MAC address. * **Note on ARP Frames:** ARP requests and replies are transmitted as Ethernet frames, meaning they do not have an IP header. However, the IP addresses are included within the ARP header [5](#page=5). --- # ARP and DNS protocol interactions This section details the interaction between the Address Resolution Protocol (ARP) and the Domain Name System (DNS) in resolving network addresses and hostnames. ### 4.1 Address Resolution Protocol (ARP) ARP is a crucial protocol used at the data link layer to map an IP address (Layer 3) to a physical hardware address, specifically a MAC address (Layer 2). When a host needs to send a packet to another host on the same local network, and it only knows the destination IP address but not its MAC address, it uses ARP [10](#page=10) [11](#page=11) [3](#page=3) [5](#page=5) [7](#page=7) [8](#page=8) [9](#page=9). #### 4.1.1 ARP request and reply mechanisms An ARP request is broadcast to all devices on the local network. This request contains the IP address of the target host and asks, "Who has this IP address? Tell me your MAC address.". The destination MAC address for an ARP request is the broadcast address (FF:FF:FF:FF:FF:FF) [10](#page=10) [3](#page=3) [5](#page=5) [7](#page=7) [8](#page=8) [9](#page=9). The host that possesses the requested IP address responds with an ARP reply. This reply is unicast directly to the requesting host and contains its MAC address. [10](#page=10) [3](#page=3) [7](#page=7) [8](#page=8). > **Tip:** ARP operates at the data link layer and does not inherently have an IP header. However, the IP addresses are included within the ARP header itself for resolution purposes [10](#page=10) [5](#page=5) [8](#page=8). #### 4.1.2 ARP in communication scenarios ARP is essential for initiating communication between hosts on the same subnet when their MAC addresses are unknown. For instance, if host A wants to send an IP packet to host C on the same network and their MAC addresses are not in A's cache, A will send an ARP request for C's IP address [4](#page=4) [5](#page=5). When a host needs to communicate with a device on a different network, it first needs to resolve the MAC address of its default gateway (router). This is done via an ARP request for the router's IP address [10](#page=10) [2](#page=2) [3](#page=3) [7](#page=7) [8](#page=8). ### 4.2 Domain Name System (DNS) DNS is a hierarchical and decentralized naming system for computers, services, or any resource connected to the Internet or a private network. It translates human-readable domain names (like `www.d.se` or `www.nyheter.se`) into machine-readable IP addresses (like `8.168.1.4`) [10](#page=10) [2](#page=2) [3](#page=3) [5](#page=5) [7](#page=7) [8](#page=8). #### 4.2.1 DNS request and reply mechanisms When a client host needs to resolve a domain name to an IP address, it sends a DNS request. This request is typically sent to a configured DNS server. The DNS request specifies the domain name to be resolved [2](#page=2) [3](#page=3) [7](#page=7) [8](#page=8). The DNS server, upon receiving the request, either has the answer cached or queries other DNS servers to find the corresponding IP address. Once the IP address is found, the DNS server sends a DNS reply back to the requesting client, containing the resolved IP address [2](#page=2) [3](#page=3) [7](#page=7) [8](#page=8). #### 4.2.2 DNS in communication scenarios Before a host can send an IP packet to a destination using its domain name, it must first use DNS to resolve that domain name into an IP address. This process typically involves an ARP request for the DNS server's MAC address if it's on the local network, followed by the DNS request. [10](#page=10) [2](#page=2) [3](#page=3) [7](#page=7) [8](#page=8). > **Example:** If host A wants to ping `www.d.se`, and A's ARP and routing tables are empty, the sequence of events will be: > 1. A initiates a DNS request to resolve `www.d.se` to an IP address. This requires A to know the IP address of its DNS server. > 2. To send the DNS request to the DNS server, A might need to perform an ARP request to find the MAC address of the DNS server if it's on the same local network, or the MAC address of its default gateway if the DNS server is on a different network. > 3. Once the MAC address is resolved (either for the DNS server or the gateway), the DNS request is sent. > 4. The DNS server replies with the IP address of `www.d.se`. > 5. Now that A has the IP address of `www.d.se`, it can proceed with the ping. This will involve an ARP request to resolve the MAC address of `www.d.se` (or the next-hop router if `www.d.se` is on a different network), followed by the ICMP Echo Request (ping) [2](#page=2) [3](#page=3) [7](#page=7) [8](#page=8). ### 4.3 ARP and DNS protocol interactions The interaction between ARP and DNS is fundamental for name-based communication on IP networks. When a user or application requests a service using a domain name, DNS is employed to find the IP address, and ARP is then used to find the MAC address needed to deliver the packet to the correct destination on the local network segment [10](#page=10) [2](#page=2) [3](#page=3) [5](#page=5) [7](#page=7) [8](#page=8). The typical flow for a host initiating communication with a remote host by its domain name, assuming empty caches, is as follows: 1. **DNS Resolution:** * The host needs to know the IP address of the DNS server. If the DNS server is on the local network, the host will first send an **ARP request** to discover the DNS server's MAC address. * The DNS server replies with its MAC address via an **ARP reply**. * The host then sends a **DNS request** to the DNS server, asking for the IP address of the target domain name. * The DNS server responds with a **DNS reply** containing the target IP address. 2. **Packet Transmission:** * Now that the host has the target IP address, it needs to send an IP packet. * If the target IP address is on a different network, the host needs the MAC address of its default gateway. It sends an **ARP request** for the default gateway's IP address. * The default gateway responds with an **ARP reply**. * The host then sends the IP packet (e.g., ICMP Echo Request for ping, or HTTP Request for web browsing) destined for the target IP address, using the gateway's MAC address as the Layer 2 destination. [10](#page=10) [2](#page=2) [3](#page=3) [5](#page=5) [7](#page=7) [8](#page=8). * If the target IP address is on the same local network, the host sends an **ARP request** directly for the target IP address. * The target host responds with an **ARP reply**, and the IP packet is then sent directly to the target's MAC address. [4](#page=4) [5](#page=5). > **Key Interaction:** DNS provides the "what" (IP address), and ARP provides the "how" (MAC address) for local delivery. They work in tandem, with DNS resolution often preceding ARP resolution when communicating via domain names. --- ## Common mistakes to avoid - Review all topics thoroughly before exams - Pay attention to formulas and key definitions - Practice with examples provided in each section - Don't memorize without understanding the underlying concepts

| Term | Definition | |------|------------| | Host | A computer or other device connected to a computer network that participates by receiving, sending, or forwarding information. | | Router | A networking device that forwards data packets between computer networks. Routers perform the traffic directing functions on the Internet. | | DNS Server | A server that translates domain names (like www.example.com) into IP addresses (like 192.168.1.1) that computers can use to connect to each other. | | Ethernet Switch | A network device that connects multiple devices on a local area network (LAN) using packet switching to receive, process, and forward data to the destination device. | | MAC Address | A unique identifier assigned to network interfaces for communications at the data link layer of a network segment. It is also known as a physical address or hardware address. | | IP Address | A numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. It serves to identify the device and provide location addressing. | | Default Gateway | The node (typically a router) that serves as the access point to leave a local network and reach other networks, such as the internet. | | ARP Request | A network protocol data unit used to request the MAC address associated with a known IP address on a local network. It is typically broadcast to all devices on the network segment. | | ARP Reply | A network protocol data unit sent in response to an ARP Request, providing the MAC address that corresponds to the requested IP address. | | DNS Request | A query sent by a client to a DNS server to resolve a domain name into an IP address. | | DNS Reply | The response from a DNS server to a DNS request, containing the IP address corresponding to the queried domain name. | | ICMP Echo Request | A message sent by the Internet Control Message Protocol (ICMP) to request a response from a specific host, commonly used for network diagnostics like ping. | | ICMP Echo Reply | The response received by an ICMP Echo Request, indicating that the target host is reachable and responding. | | Broadcast | A message sent to all devices on a network segment simultaneously. | | Hub | A basic network device that connects multiple computers or other network devices together, repeating any data it receives on one port to all other ports. | | Collision Domain | A network segment where data packets collide if more than one device attempts to transmit data at the same time. Devices connected by a hub are in the same collision domain. | | Subnet | A logical subdivision of an IP network. Subnetting allows for more efficient use of IP address space and improved network management. | | CIDR Notation | Classless Inter-Domain Routing notation, a compact way to represent an IP address and its associated routing prefix. It uses a slash followed by the number of bits in the network portion of the address (e.g., /24). | | Broadcast Address | A special IP address within a subnet used to send a message to all hosts on that subnet simultaneously. | | HTTP Request | A message sent by a client (like a web browser) to a web server to request a specific web page or resource. | | TCP/UDP | Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) are transport layer protocols used for end-to-end communication. TCP provides reliable, ordered delivery, while UDP is a simpler, faster, but less reliable protocol. | | IEEE 802.11 | A family of specifications for wireless local area networks (WLANs), commonly known as Wi-Fi. |