Presentation is loading. Please wait.

Presentation is loading. Please wait.

Networking Essentials For Firewall-1 Administrators

Published byDavid Cavalheiro Modified over 5 years ago

Similar presentations

Presentation on theme: "Networking Essentials For Firewall-1 Administrators"— Presentation transcript:

1 Networking Essentials For Firewall-1 Administrators
“What You Need To Know Before The Packets Flow” Copyright © 2006 Information Engine, Inc. Unsure?

2 Brief Networking Review
1. Networking Protocols 2. IP Protocols 3. The OSI Seven-Layer Networking Model 4. TCP And UDP 5. IP Addresses, Subnet Masks and Routing 6. Address Resolution Protocol (ARP) 7. Putting It All Together Copyright © 2006 Information Engine, Inc. Unsure?

3 1. Networking Protocols IP (Internet Protocol)
It’s special for two reasons: The Official Protocol for the Internet The Only Protocol Supported By VPN-1/Firewall-1! IPX (Internetwork Packet eXchange) AppleTalk DECnet NetBEUI Many, Many Others

4 2. IP Protocols Some of the Values of the IP Protocol Field:
1: Internet Control Message Protocol (ICMP) 6: Transmission Control Protocol (TCP) 17: User Datagram Protocol (UDP) 50: IP Security Encapsulating Security Payload (ESP) 51: IP Security Authentication Header (AH)

5 3. The OSI Seven-Layer Networking Model
7. Application 6. Presentation 5. Session 4. Transport 80 3. Network 2. Data Link 00-06-A3-43-E1-F4 1. Physical

6 Why Use The 7 Layer Model? Outbound Packets:
An outbound packet travels down the stack and leaves the IP host from below At many layers, it gets wrapped in additional headers and a checksum footer

7 Why Use The 7 Layer Model? Inbound Packets:
An inbound packet enters from below and travels up the stack At many layers, it gets unwrapped and a header and checksum footer gets stripped off

8 Why Use The 7 Layer Model? Each layer is effectively using the packet to communicate with only the corresponding layer on the partner IP host

9 Where Does Firewall-1 Fit In?
Below Layer 3 Above Layer 2 Both Inbound and Outbound

10 Firewall-1 Does These Things To A Packet
Anti-Spoof Checking: Uses Source IP Address Filtering: Uses both Source and Destination IP Address Uses both Source and Destination Ports NAT: Can change Source or Destination IP Address Can change Source or Destination Port Number Routing: Uses Destination IP Address

11 4. TCP And UDP TCP: UDP: Connection-oriented
Missed a packet? Please re-send. Sort of like a phone call UDP: Connection-less Missed a packet? Tough. Sort of like a radio station

12 Port Numbers Only on TCP and UDP!
Q: How Does Port Address Translation Disambiguate ICMP Traffic? A: (Discussion)

13 Common Port Numbers HTTP: TCP Port 80 Telnet: TCP Port 23
FTP: TCP Port 21 DNS: Lookups: UDP Port 53 Zone Transfers: TCP Port 53 SMTP: TCP Port 25 POP3: TCP Port 110

14 5. IP Addresses, Subnet Masks And Routing
Dotted Quad Notation: This is only a way to represent 32 bits in a human-friendly format Example: | | | == 205| | | ==

15 Dotted Quad Notation Dotted Quad Notation: Another Example:
| | | == 255| | | ==

16 The Subnet Mask An IP Address really consists of two contiguous parts:
A Network Number (the first N bits), followed by A Host ID (the remaining 32-N bits) Where N is the number of bits in the subnet mask The bit count always sums to 32 (Assuming IPv4 here)

17 The Two Most Important Subnet Mask Facts
A subnet mask is always a continuous series of 1’s followed by a continuous series of 0’s, with a total count of 32 binary digits The traditional dotted quad notation for a subnet mask is simply the decimal representation of this 32-bit mask

18 There Are Only 33 Possible Subnet Masks (Page 1 of 5)
| | | /0 | | | /1 | | | /2 | | | /3 | | | /4 | | | /5 | | | /6 | | | /7

19 There Are Only 33 Possible Subnet Masks (Page 2 of 5)
| | | /8 | | | /9 | | | /10 | | | /11 | | | /12 | | | /13 | | | /14 | | | /15

20 There Are Only 33 Possible Subnet Masks (Page 3 of 5)
| | | /16 | | | /17 | | | /18 | | | /19 | | | /20 | | | /21 | | | /22 | | | /23

21 There Are Only 33 Possible Subnet Masks (Page 4 of 5)
| | | /24 | | | /25 | | | /26 | | | /27 | | | /28 | | | /29 | | | /30 | | | /31

22 There Are Only 33 Possible Subnet Masks (Page 5 of 5)
| | | /32

23 Why Do We Have Subnet Masks?
So it’s easy to tell whether an IP address is a member of an IP subnet

24 How Does A Router Route? Step 1. For each IP interface, use the subnet mask to mask both the IP address on the interface and the destination IP address for the packet in hand. If they match, the we’re done with routing and can use Layer 2 (usually Ethernet) to deliver the packet.

25 How Does A Router Route? Step 2. If this comparison of masked IP addresses fails for every IP interface, then iterate through your routing table to determine the next hop and which interface to use to get there. Then send the packet to this next hop by Ethernet, using ARP if necessary to get the MAC address of the destination NIC.

26 How Does A Router Route? This business of determining whether to deliver a packet by Layer 2 or route it to its next hop is known as asking yourself: “Do I Route Or Do I Shout?” “Route” = = “Not in local network, send to next hop” “Shout” == “Resolve by ARP and send by Layer 2”

27 6. Address Resolution Protocol (ARP)
Resolves the Forwarding IP Address of a Node to its Corresponding Media Access Control (MAC) Address, typically its Ethernet address ARP Request Message: “Any Ethernet host on this segment with the IP address of ?” ARP Reply Message: “That’s me, at E-3C-21!”

28 Address Resolution Protocol (ARP)
The ARP Cache Is A RAM-Based Table Of IP-to-MAC Address Mappings Cisco IOS: Timeout is 3 Hours Windows: Timeout is 2 Minutes (Renewable Through Use to 10 Minutes)

29 7. Putting It All Together
Example and Demonstration

Download ppt "Networking Essentials For Firewall-1 Administrators"

Similar presentations

Cisco 2 - Routers Perrine. J Page 14/30/2015 Chapter 10 TCP/IP Protocol Suite The function of the TCP/IP protocol stack is to transfer information from.

Cisco 2 - Routers Perrine. J Page 14/30/2015 Chapter 10 TCP/IP Protocol Suite The function of the TCP/IP protocol stack is to transfer information from.
Chapter 14 TCP/IP and Routing Part #1 Unix System Administration.

Chapter 14 TCP/IP and Routing Part #1 Unix System Administration.
Introduction to TCP/IP

Introduction to TCP/IP
Institute of Technology Sligo - Dept of Computing Semester 2 Chapter 9 The TCP/IP Protocol Suite Paul Flynn.

Institute of Technology Sligo - Dept of Computing Semester 2 Chapter 9 The TCP/IP Protocol Suite Paul Flynn.
Defining Network Protocols Application Protocols –Application Layer –Presentation Layer –Session Layer Transport Protocols –Transport Layer Network Protocols.

Defining Network Protocols Application Protocols –Application Layer –Presentation Layer –Session Layer Transport Protocols –Transport Layer Network Protocols.
Chapter Overview TCP/IP Protocols IP Addressing.

Chapter Overview TCP/IP Protocols IP Addressing.
Wireshark and TCP/IP Basics ACM SIG-Security Lance Pendergrass.

Wireshark and TCP/IP Basics ACM SIG-Security Lance Pendergrass.
IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)

IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 9 TCP/IP Protocol Suite and IP Addressing.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 9 TCP/IP Protocol Suite and IP Addressing.
OSI Model Routing Connection-oriented/Connectionless Network Services.

OSI Model Routing Connection-oriented/Connectionless Network Services.
Network Redundancy Multiple paths may exist between systems. Redundancy is not a requirement of a packet switching network. Redundancy was part of the.

Network Redundancy Multiple paths may exist between systems. Redundancy is not a requirement of a packet switching network. Redundancy was part of the.
NetworkProtocols. Objectives Identify characteristics of TCP/IP, IPX/SPX, NetBIOS, and AppleTalk Understand position of network protocols in OSI Model.

NetworkProtocols. Objectives Identify characteristics of TCP/IP, IPX/SPX, NetBIOS, and AppleTalk Understand position of network protocols in OSI Model.
Chapter 9.

Chapter 9.
1 © 2004, Cisco Systems, Inc. All rights reserved. Chapter 4 Routing Fundamentals and Subnets/ TCP/IP Transport and Application Layers.

1 © 2004, Cisco Systems, Inc. All rights reserved. Chapter 4 Routing Fundamentals and Subnets/ TCP/IP Transport and Application Layers.
Cisco – Chapter 11 Routers All You Ever Wanted To Know But Were Afraid to Ask.

Cisco – Chapter 11 Routers All You Ever Wanted To Know But Were Afraid to Ask.
Networks – Network Architecture Network architecture is specification of design principles (including data formats and procedures) for creating a network.

Networks – Network Architecture Network architecture is specification of design principles (including data formats and procedures) for creating a network.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.
Chapter Three Network Protocols By JD McGuire ARP Address Resolution Protocol Address Resolution Protocol The core protocol in the TCP/IP suite that.

Chapter Three Network Protocols By JD McGuire ARP Address Resolution Protocol Address Resolution Protocol The core protocol in the TCP/IP suite that.
Chap 9 TCP/IP Andres, Wen-Yuan Liao Department of Computer Science and Engineering De Lin Institute of Technology

Chap 9 TCP/IP Andres, Wen-Yuan Liao Department of Computer Science and Engineering De Lin Institute of Technology
11 NETWORK LAYER PROTOCOLS Chapter 5 IP IPX NetBEUI AppleTalk.

11 NETWORK LAYER PROTOCOLS Chapter 5 IP IPX NetBEUI AppleTalk.

Similar presentations

Ads by Google