What is Data Link Layer and Transport layer in Networking and Security??

Data Link Layer

In this topic, We have discussed basically about the data link layer, its role in Internet Model of networking,  parts of the Data Link,the role of the Network Interface Card (NIC),Identification of NIC’s (MAC addresses),Media Access Methods and Local Address Resolution (using ARP). The data link layer, or layer 2, is the second layer of the seven-layer OSI model of computer networking. This layer is the protocol layer that transfers data between adjacent network nodes in a wide area network (WAN) or between nodes on the same local area network (LAN) segment. It is the interface between Network layer and physical layer. The main role of data link layer is to transport the data within the local networks. This process is after called hop to hop. E.g. Personal Computer (home network), printer on local network, router on local network. The data link layer consists of two sub layers. They are

·        Local Link Control (LLC)

     It allows IPv4, IPv6 and IPv6 and other protocol transactions simultaneously.

·        Media Access Control (MAC)

    It sends traffic to network media and receives traffic from the network media.

The role of Network Interface Card (NIC)

 A Network Interface Card provides physical data connectivity for the data communication between computers. Each computer must be installed once the network card. It is also referred as Ethernet card, Local Network Area (LAN) adapter and network adapter. Network Interfaces are built into printers, network scanner, routers and other network devices. For instance, routers have one NIC connected to the local network and one or more connected to the other networks. Similarly, NIC has also got the unique  MAC address of 48 bits i.e. OUI(Organization Unique Identifier ( first 24 bits) & Unique 24 bit number(last 24 bit) . The MAC address is built into each interface by the manufacturer. The data link layer exchanges use the source and destination MAC address for communication.

Determining MAC address

Media Access control (MAC) is concerned with arbitrary access to the network.

The command to determine MAC address on Windows Operating system is ipconfig /all .The network setting displays:

·        MAC address (HWaddr)

·        IPv4 address ( inet addr)

·        IPv6 address (inet6 addr)

The command to determine MAC address on Linux system is ifconfig. The network setting displays:

·        MAC address (HWaddr)

·        IPv4 address ( inet addr)

·        IPv6 address (inet6 addr)

CSMA/CD protocol

Carrier Sense Multiple Access with Collision Detect CSMA/CD is a media access protocol. Generally, It is used by Ethernet (the most widely used Data link method for connecting computers and other devices to a network). This media access allows multiple computers to use common network media. It is evident that collision can occur when two machines try to send Ethernet packet at the same time. The networks using CSMA/CD are easy to implement and do not have determining transmission characteristics.

Working

NIC listens to the network media and waits for the network to become available if another device is transmitting. After transmitting, a station will listen to the network if there has been a collision. If the collision does occur both the devices will stop transmitting. In the shared network (networks with hub) there is high chance of collision however in the switched networks collision is less.

ARP-Working

The Address Resolution Protocol (ARP) is used by the Internet protocol especially IPv4 to map IP network addresses to the hardware addresses used by data link protocol. The protocol operates below the network layer as a part of interface between OSI network and OSI link layer. Network operating systems like Windows and Linux maintain a table in the RAM (called ARP Cache) that contains IP address and MAC address of the machine.

If the machine contacts with another machine with a particular IP address it:

1.     Looks in the ARP cache

2.     If the entry is not found it sends a broadcast to the network asking who has the IP address 192.168.12.14 (for example)

3.     The machine with that IP address will respond with its MAC address

4.     The ARP cache is updated with the new entry

The network packet captured in the Wire shark is ping.

What is Transport Layer??

The transport layer is the layer in the open system interconnection (OSI) model responsible for end-to-end communication over a network. It provides logical communication between application processes running on different hosts within a layered architecture of protocols and other network components. It is the forth layer of OSI model.

                                                   

The major functions of Transport layers are:

1.     Segmentation/Assembly

2.     Individual identification of applications

(Port numbers)

3.     Transport Layer Services:

          - UDP (unreliable service)

          - TCP (reliable transport service)

4.     TCP connections (establishment and termination)

5.     Flow control

1. Segmentation/Assembly

   A message is divided into segments; each segment contains sequence number, which         enables this layer in reassembling the message. Message is reassembled correctly upon arrival     at the destination and replaces packets which were lost in transmission.

2. Individual Identification of applications

User’s computers normally run multiple networked applications simultaneously. For example, a Browser, an email client and Skype. The transport layer allocates each client application a port number to distinguish it from other networked applications running on that computer. Server daemons running on network servers are also allocated port numbers. The combination of IP address and port number therefore allows client applications to specify a particular server daemon. It also allows server daemons to distinguish between different applications and different sessions (E.g. different browser tabs) running on a client computer. The combination of Host IP and allocated host number is called Socket.

IP Address, Ports and Sockets

Each IP address has associated with it 65536 ports (numbered 0 – 65535). Sockets can be written as follows:    192.168.22.33:47658

3. Transport Layer Services

·        By UDP( Unreliable Service)

User Datagram Protocol (UDP) provides basic transport services for network application. The UDP header specifies the source and destination port numbers, the length of the UDP header (in bytes) and a checksum.

It is an ideal transport protocol for streaming video and audio because of its speed and efficiency.It is unreliable transport protocol with no sessions or flow control and option error checking .However, It is faster than Transmission Control Protocol (TCP).It is also called as stateless protocol (communications protocol that treats each request as an independent transaction that is unrelated to any previous request).

·        By TCP(Reliable Service)

TCP checks for transmission errors, lost packets, packets out of order, etc, and tries to automatically correct these without "bothering" the application program. It also does flow control, slowing transmission if it is too fast for the receiver.

4. TCP connections (establishment and termination)

To establish a connection, TCP uses a three-way handshake. Before a client attempts to connect with a server, the server must first bind to and listen at a port to open it up for connections. TCP connections can last the duration of a session between a user application and a server daemon or connections can be setup and terminated regularly throughout a session. TCP connections are setup using a 3-way handshake

3 way handshake                    

Step 1:   The client initiates a connection.

It sends an Initial Sequence Number (ISN) to the destination.

Sets the SYN flag to indicate the TCP segment is initiating a connection.

Step 2:    The server responds.

The server acknowledges the client request. (Ack # = client’s ISN + 1)

The server sends its ISN (different to above) to the client.

The SYN and the ACK flags are set.

Step 3:    The client acknowledges the server’s response (Ack # = server’s ISN +1)

The ACK flag is set.

5.     TCP Flow Control

It is a protocol that guarantees we can have a reliable communication channel over an unreliable network. The TCP sliding window determines the number of unacknowledged bytes, x, that one system can send to another. Two factors determine the value of x:

·         The size of the send buffer on the sending system.

·         The size and available space in the receive buffer on the receiving system.