by Neil Lynch
Hardening the Hardware Firewall
Inevitably, some attacks will get through the network firewall and reach individual hosts which can be devastating to a company. In this project I’ll briefly discuss the hacker’s motives and partial techniques, explain the function of a firewall, its vulnerabilities, and proven (tested) recommendations to harden it from the probing attacker.
The malicious hacker’s motive, as opposed to the hacker who breaks-in for the thrill, (to demonstrate a company’s vulnerabilities) entails:
Breaking into corporate networks
Hacking into accounts without authorization
Stealing confidential data
Doing damage to critical infrastructure
Disrupting business continuity (day-to-day revenue generating operations)
Denial-of-service attacks, etc.
“Hacked computer systems remain one of the most dangerous and frightening fears of the modern era … often it is unclear that a computer system has been hacked until it is too late” (laws.com).
The hacker studies his victim:
Once the hacker has completed his reconnaissance and decides on his victim, he then penetrates the vulnerable firewall in one of many ways: via holes in the Access Control List (ACL), Zero-day exploits, etc., to acquire the target IP address range where he’ll starts probing the network for vulnerable hosts.
He sends probe packets into a network designed to elicit replies from internal hosts and routers within the address range. When a host receives an ICMP Echo reply message from an IP address, it knows there is a live host at that IP address. Once the hacker knows the IP address of live hosts, he needs to know what program the identified hosts are running because most attacks rely on the vulnerabilities in specific programs… The attacker sends port scanning probes to each identified host in order to determine which application the host is running. Once the attacker knows what programs the identified host is running, he can exploit the vulnerabilities in these specific programs. If the exploit succeeds, the attacker "owns" at least an account and may "own" the computer itself … Attackers take steps to make their actions more difficult to detect or analyze; hackers spoof their IP address, so as not to be identified. (Boyle et al. 32-33)
The hardware firewall, programmed by an administrator, contain preventative measures … designed to block unauthorized entry into the company’s network; the firewall, physically located between the internet and the network, filters all traffic before it enters the network … (ingress filtering) and also filters all packets before it leaves the network … (egress filtering), using a firewall technology called Stateful Packet Inspection.
SPI uses different specific examination methods depending on the state of the connection; it is important to check for different things during different states.
According to Rouse, Stateful inspection, also known as dynamic packet filtering, is a firewall technology that monitors the state of active connections and uses this information to determine which network packets to allow through the firewall.
Stateful inspection has largely replaced an older technology, static packet filtering. In static packet filtering, only the headers of packets are checked -- which means that an attacker can sometimes get information through the firewall simply by indicating, "reply" in the header. Stateful inspection, on the other hand, analyzes packets down to the application layer. By recording session information such as IP addresses and port numbers, a dynamic packet filter can implement a much tighter security posture than a static packet filter can.
Stateful inspection monitors communications packets over a period of time and examines both incoming and outgoing packets. Outgoing packets that request specific types of incoming packets are tracked and only those incoming packets constituting a proper response are allowed through the firewall.
In a firewall that uses stateful inspection, the network administrator can set the parameters to meet specific needs. In a typical network, ports are closed unless an incoming packet requests connection to a specific port and then only that port is opened. This practice prevents port scanning, a well-known hacking technique. (techtarget.com)
“The hardware firewall allows a large organization to have a central solution for its firewall needs…. Configuration changes to a hardware firewall affect all the computers on that network; thus, those changes do not have to be carried out on each and every computer” (Ezeobika, Yahoo!).
It’s the responsibility of the network administrator to set parameters and counter-measures, to harden the firewall from relentless hack-attacks. For example,
A firewall examines each packet passing through it. If the packet is a provable attack packet, the firewall drops the packet. If the packet is not a provable attack packet, the firewall passes the packet on to its destination. In firewalls, this is called a pass/deny decision. Note that a firewall passes all packets that are not provable attack packets. This means that it will pass any true attack packet that is not a provable attack packet. This will allow attack packets to get through to their target. (Boyle et al. 314)
So if an attacker gains the ability to turn it off or even to manipulate a firewall to allow certain traffic, the result could be disastrous.
For example, assume that the subnet 200.1.1.1/24 is considered malicious and that the security administrator has dutifully configured the (ACL) to block all inbound and outbound traffic to that subnet. If a nefarious individual successfully obtains management access to the firewall, they could wreak havoc with authorized network traffic, and certainly foster all sorts of malicious traffic and system requests. Altering the ACL to permit traffic to the above-mentioned subnet is merely an academic exercise as all manner of havoc can be wreaked by said nefarious individuals. (Casey, techtarget.com)
“Consequently, it is important to harden hosts to protect them against attack packets that the firewall does not drop” (Boyle et al. 314).
Here are a few reasons (vulnerabilities) requiring the administrator’s perpetual vigilance and countermeasures:
Zero-day exploits
Holes in ACL rules (passing any true attack packets that is not a provable attack packet)
Improper configuration (rendering a firewall useless)
Outdated virus definitions and security updates, etc.
Outdated firmware devices
Unpatched Operating Systems
To harden. these vulnerabilities the administrator should already be in possession of an executable/ contingency plan. In addition to, (using proven “successfully tested” recommendations):
Upgrading firmware devices
Downloading and installing patches for operating system vulnerabilities (Windows Server does this automatically).
Before upgrading firmware and installing patches … back-up, back-up, back-up, your system.
We should also be running the most recent version of our licensed product and have the most up-to-date security content and virus definitions. Reading operating-system log files regularly to look for and counter … suspicious activities is essential; “one of the first things many hackers do after taking over a device is to delete or at least disable event logging” (Boyle et al. 570). To prevent this intrusion firewall administrator must write more filtering rules and in actual cases of attacks, (like zero-day, SQL-injection, etc.) respond quickly to maintain business continuity.
Moreover, by eliminating other unnecessary services, which can create vulnerabilities for the host (utilizing ram and processing power), we can increase the performance, hence the safety.
Other recommendations for hardening the system:
Managing Users and Groups – Every user must have an account, individual accounts can be consolidated into groups.
Managing permissions – Specify and assign permissions.
Create strong passwords – Password policies must be long and complex; at least 8-characters, upper and lower case letters, numbers, and special characters.
Black holing attacker’s IP addresses
Testing for vulnerabilities – Mistakes will be made in hardening; do vulnerability testing, follow security baseline … it ensures uniformity in hardening (Boyle et al. 378).
It’s an enduring battle for the firewall administrator, counteracting the exploits of the hacker’s morphing motives and newly acquired ways (of counteracting the firewall administrator’s preventative measures). It’s a vicious cycle.
As stated above, the centrally located hardware firewall and attempts at hardening it from the malicious hacker, required administrative programming of the centrally located firewall: ingress and egress filtering of packets using SPI technology, which rejects (provable attacks packets), externally initiated connection-opening attempts via ACL signatures, etc.; (SPI replaced SPF). Egress filtering prevents replies to probe packets from leaving the network, deterring the hacker.
Administrating the ACL and configuring the centrally located firewall affects all computers on the network (this is good, security-wise, programming-wise, and administratively). Based on connect-type (packet state) and ACL scrutiny, provable attack packets are dropped, not-provable (potential attack packets) are passed.
Countering vulnerabilities like zero-day exploits, holes in the ACL, improper configuration, etc., and hardening vulnerabilities using executable contingency plans, proven recommendations (upgrading firmware devices, backing-up then installing patches, eliminating unnecessary services, etc.), should’ve given us a heightened understanding of the hardware firewall, its logging abilities, and the administrator’s relentless efforts to decipher these logs while shielding the network.
Work Cited
Laws.com Purpose of Hacking.
< http://criminal.laws.com/computer-crime/hacking/hacking-purpose >
Boyle, Randall J., and Raymond. R. Panko. Corporate Computer Security. New Jersey: Prentiss
Hall, 2013. Print
Ezeobika M.D., Chukwumah. The Advantages and Disadvantages of Hardware and Software
Firewalls. Hardware Vs. Software Firewalls: Which is Better? Yahoo, 25 Feb. 2011 .
< http://voices.yahoo.com/the-advantages-disadvantages-hardware-software-7927614.html >
Casey, Brad. Network Security. Enterprise firewall protection: Where it stands, where it's
headed .Web. Published: 02 Dec 2013
< http://searchsecurity.techtarget.com/tip/Identifying-and-preventing-router-switch-and-firewall-vulnerabilities >
Rouse, Margaret. Stateful Inspection. Web. Oct. 2009.
< http://searchnetworking.techtarget.com/definition/stateful-inspection >
<http://whatis.techtarget.com/contributor/Margaret-Rouse >
Saturday, January 10, 2015
Tuesday, August 13, 2013
MPEG-4
By Neil Lynch
MPEG-4 is a convergence of
MPEG-1, MPEG-2, etc. It incorporates a wide range of new technologies for video
compression … such as custom semiconductors and increase processing-power
advancements. MPEG-4 has its biggest advantage on video compression in general
and IP video transport in particular; … both developments require
significantly more calculations to be made in both the encoder and the decoder.
Together, these innovations have allowed a 50-percent reduction in bandwidth
for equivalent video quality as compared to MPEG-2 and have enabled new
applications such as HD video delivery over the Internet and by-way-of Blu-ray
and IPTV networks. MPEG-4 achieves many of its advances in compression
efficiency through the introduction of new video objects[1][1]
(Simpson); in MPEG-4 each element of a broadcast could be
generated separately and then transmitted as separate data units inside the
MPEG-4 stream, the decoder ... would process each of the different signals
elements and then combine them to form a video signal that is sent to the
viewer's display. In MPEG-2, all of the separate elements would be combined together
at the broadcaster's facility and then compressed and transmitted to the
viewer. Synthetic-image technology in MPEG-4 reduces bandwidth and gives
users control over items being displayed. MPEG-2 is an older
compression-version and do not have these innovations; it is less bandwidth
efficient when sending natural signals (brightness and color data) of thousand
of pixels.
[1][1]New video objects … created by the encoder from the natural
sources, such as video cameras and audio microphones, that capture input from
the natural world, or they can be created as completely new objects created
from synthetic sources that are generated through computer graphics or other
means; much less bandwidth is consumed when synthetic signal
are sent as compared to natural signals … due primarily to the innate
complexity of natural signals and the need to reproduce accurately the pixels
that make up a natural image(Simpson).
Simpson, Wes. Video Over IP. Burlington:
Elsevier, 2008. Print.
Friday, March 15, 2013
Cocoa Application Layer
By Neil Lynch
iOS, including Mail and Safari, are Cocoa applications. An integrated development environment
called [4]Xcode supports application development for both platforms. The combination of this
development environment and Cocoa makes it easy to create a well-factored, full-
featured application (What is Cocoa, Web). "As with all application environments, Cocoa presents
two faces; it has a runtime aspect and a development aspect…. the development aspect … is the more
interesting one to programmers.
Cocoa’s integrated suite of object-oriented software components -- classes -- enables you to
rapidly create robust, full-featured OS X and iOS applications. These classes are reusable and
adaptable software building blocks; you can use them as-is or extend them for your specific
requirements. Cocoa classes exist for just about every conceivable development necessity, from user-
interface objects to data formatting. Where a development need hasn't been anticipated, you can
easily create a subclass of an existing class that answers that need" (What is Cocoa, Web).
The Cocoa (Application) layer includes the frameworks described in the following sections.
Fig.1 Framework illustration (Cocoa Application layer, Web)
According to (OS X Cocoa, web), Cocoa includes primary
frameworks such as [5]AppKit and Core- Foundation that
provide common building blocks for all Mac applications,
as well as specialized frameworks for everything from
networking and data to graphics and professional audio processing. These frameworks range from
high-level Objective-C APIs that can create amazing effects in a few lines of code, down to low-level
frameworks to manipulate every aspect of the core system. Here is a small sampling of available
frameworks provided by Cocoa:
An example, Audio and Video:
“Architecturally, OS X is a series of software layers going from the foundation of Darwin to the
various application frameworks and the user experience they support. The intervening layers
represent the system software largely (but not entirely) contained in the two major umbrella
frameworks, Core Services and Application Services. A component at one layer generally has
dependencies on the layer beneath it. Figure 2 below, situates Cocoa in this architectural setting.
Quartz (implemented in the Core Graphics framework), is part of the Application Services layer. And
at the base of the architectural stack is Darwin; everything in OS X, including Cocoa, ultimately
depends on Darwin to function” (What is Cocoa, web).
OS X has a layered architecture with key technologies belonging to each layer; this article focuses on the Cocoa (Application) layer, its importance, special features, architecture in OS X, and frameworks.
[1]Cocoa is an application environment most specific to Mac OS X, as Cocoa-based applications run
only on Mac OS X. Cocoa is based on the Object-C object-oriented programming language. Often,
developers must use the Cocoa environment if they want to take advantage of 64-bit services. For this
reason, most of the built-in system software and new third-party software is developed for the Cocoa
environment (White 334); Cocoa’s high-level [2]APIs make it easy to add animation, networking, and
the native platform appearance and behavior to your application with only a few lines of code.
only on Mac OS X. Cocoa is based on the Object-C object-oriented programming language. Often,
developers must use the Cocoa environment if they want to take advantage of 64-bit services. For this
reason, most of the built-in system software and new third-party software is developed for the Cocoa
environment (White 334); Cocoa’s high-level [2]APIs make it easy to add animation, networking, and
the native platform appearance and behavior to your application with only a few lines of code.
iOS, including Mail and Safari, are Cocoa applications. An integrated development environment
development environment and Cocoa makes it easy to create a well-factored, full-
featured application (What is Cocoa, Web). "As with all application environments, Cocoa presents
two faces; it has a runtime aspect and a development aspect…. the development aspect … is the more
interesting one to programmers.
Cocoa’s integrated suite of object-oriented software components -- classes -- enables you to
rapidly create robust, full-featured OS X and iOS applications. These classes are reusable and
adaptable software building blocks; you can use them as-is or extend them for your specific
requirements. Cocoa classes exist for just about every conceivable development necessity, from user-
interface objects to data formatting. Where a development need hasn't been anticipated, you can
easily create a subclass of an existing class that answers that need" (What is Cocoa, Web).
 |
| Fig. 1 Cocoa Application Layer |
Fig.1 Framework illustration (Cocoa Application layer, Web)
According to (OS X Cocoa, web), Cocoa includes primary
frameworks such as [5]AppKit and Core- Foundation that
provide common building blocks for all Mac applications,
as well as specialized frameworks for everything from
networking and data to graphics and professional audio processing. These frameworks range from
high-level Objective-C APIs that can create amazing effects in a few lines of code, down to low-level
frameworks to manipulate every aspect of the core system. Here is a small sampling of available
frameworks provided by Cocoa:
An example, Audio and Video:
OS X delivers a rich audio and video experience through a comprehensive set of system-level
frameworks and technologies. Powerful APIs that streamline your development process make it easy
to incorporate professional-grade audio, music, media, and video functionality into your application.
frameworks and technologies. Powerful APIs that streamline your development process make it easy
to incorporate professional-grade audio, music, media, and video functionality into your application.
“Architecturally, OS X is a series of software layers going from the foundation of Darwin to the
various application frameworks and the user experience they support. The intervening layers
represent the system software largely (but not entirely) contained in the two major umbrella
frameworks, Core Services and Application Services. A component at one layer generally has
dependencies on the layer beneath it. Figure 2 below, situates Cocoa in this architectural setting.
 |
| Figure 2. Cocoa in the architecture of OS X |
Quartz (implemented in the Core Graphics framework), is part of the Application Services layer. And
at the base of the architectural stack is Darwin; everything in OS X, including Cocoa, ultimately
depends on Darwin to function” (What is Cocoa, web).
Based on the aforementioned (Cocoa’s (Application) layer, its importance, special features, architecture in OS X, and frameworks), Cocoa’s attractiveness to third-party app developers is apparent: the advantage of 64-bit services; its high-level Application Program Interface (API); its integrated development aspect called Xcode and its development aspect is the reason why most software --- built-in and third-party --- are developed for the Cocoa environment.
References
White, Kevin M. Mac OS X Support Essentials v10.6 California: Peachpit Press, 2010. Print.
What is Cocoa? http://developer.apple.com/library/mac/documentation/cocoa/conceptual/cocoafundamentals/index.html
Cocoa Application Layer http://developer.apple.com/library/mac/#documentation/MacOSX/Conceptual/OSX_Technology_Overview/CocoaApplicationLayer/CocoaApplicationLayer.html
[1] From its introduction as NeXTSTEP in 1989 to the present day, it has been continually refined and tested… The Cocoa frameworks consist of libraries, APIs, and runtimes that form the development layer for all of Mac OS X. Your application will automatically inherit the great
behaviors and appearances of Mac OS X, with full access to the underlying power of the UNIX operating system. https://developer.apple.com/technologies/mac/cocoa.html
[2] API, an abbreviation of application program interface, is a set of routines, protocols, and tools for building software applications. A good API makes it easier to develop a program by providing all the building blocks. A programmer then puts the blocks together. http://www.webopedia.com/TERM/A/API.html
[3] iOS is the operating system that runs on iPhone, iPod touch, and iPad devices. The operating system manages the device hardware and provides the technologies required to implement native apps. http://developer.apple.com/library/ios/#documentation/miscellaneous/conceptual/iphoneostechoverview/Introduction/Introduction.html
[4] The Xcode developer tools package provides everything you need to create great applications for Mac, iPhone, and iPad. https://developer.apple.com/technologies/tools/
[5] “AppKit, one of the application frameworks, provides the objects an application displays in its user interface and defines the structure for application behavior, including event handling and drawing. This is the only framework of the three that is actually in the Cocoa layer” (What is Cocoa, Web).
“AppKit is the key framework for Cocoa apps. The classes in the AppKit framework implement the user interface (UI) of an app, including windows, dialogs, controls, menus, and event handling. They also handle much of the behavior required of a well-behaved app, including menu management, window management, document management, Open and Save dialogs, and pasteboard (Clipboard) behavior.
In addition to having classes for windows, menus, event handling, and a wide variety of views and controls, AppKit has window- and data-controller classes and classes for fonts, colors, images, and graphics operations. A large subset of classes comprises the Cocoa text system, described in “Text, Typography, and Fonts.” Other AppKit classes support document management, printing, and services such as spellchecking, help, speech, and pasteboard and drag-and-drop operations” (Cocoa Application layer, Web).
Saturday, January 26, 2013
Subnetting
By Neil Lynch
Subnet Masking
Subnet masks tell the computer or router which part of an IP address is the network portion and which part is the host portion.
Subnet masking is a manipulation of sorts in the host’s octets of the IP classes, Class A, Class B, and Class C. It is sometimes done to control the flow of traffic in terms of hosts per segment, etc. According to Cannon, et al., Manipulating the mask via subnetting is a big improvement over fixed-length mask because it allows a single major network number to be subdivided into smaller subnetworks (102). ”Whenever you subnet
a network address you lose some of the host addresses that you could have had without subnetting” (Cannon 96). By masking a third octet in a Class B, IP address, you reduce the number of addresses significantly.
The best way to learn to subnet a network is to use a Class C address; it allows you to subnet the last octet. For example, let’s look at subnetting with the current lab project as illustrated, (Cannon, et al., 464)
In this network there were segments with various hosts and interfaces.
Net
3, on the other hand, the third subnet…must accommodate (2)hosts. With
the host
portion of 6 remaining, and
only 2 bits are required for this host,
I move the mask 4 bits to the right, making
it /30. With
y=4, we get 2^4=16 more subnets, each
with 2 host IP addresses:192.3.2.64/30, 192.3.2.68/30 through 192.3.2.124/30
Subnet Masking
Subnet masks tell the computer or router which part of an IP address is the network portion and which part is the host portion.
Subnet masking is a manipulation of sorts in the host’s octets of the IP classes, Class A, Class B, and Class C. It is sometimes done to control the flow of traffic in terms of hosts per segment, etc. According to Cannon, et al., Manipulating the mask via subnetting is a big improvement over fixed-length mask because it allows a single major network number to be subdivided into smaller subnetworks (102). ”Whenever you subnet
a network address you lose some of the host addresses that you could have had without subnetting” (Cannon 96). By masking a third octet in a Class B, IP address, you reduce the number of addresses significantly.
Network
administrators can use up to 14 bits to subnet a Class B address and six bits
of Class
C host octet.
The best way to learn to subnet a network is to use a Class C address; it allows you to subnet the last octet. For example, let’s look at subnetting with the current lab project as illustrated, (Cannon, et al., 464)
In this network there were segments with various hosts and interfaces.
The
Network IP was 192.3.2.0; the interfaces were F0/0, F0/1, and S0/0 with 51, 4, and 2 hosts
respectively.
Since
the network was Class C, I took the IP address 192.3.2.0 and masked its host by 2bits (2^y =4), where y = 2. This gave me four (4) subnets with 6 host portions remaining.
My right-most bit was 2^6 or 64 in decimal
which is what I used as my incremental value for
the four subnets: 192.3.2.0/26, 192.3.2.64/26, 192.3.2.128/26, 192.3.2.192/26.
Each
address now had 62 hosts which accommodated Net 1 and Net 2.
Net
3, on the other hand, the third subnet…must accommodate (2)hosts. With
the host
portion of 6 remaining, and
only 2 bits are required for this host,
I move the mask 4 bits to the right, making
it /30. With
y=4, we get 2^4=16 more subnets, each
with 2 host IP addresses:192.3.2.64/30, 192.3.2.68/30 through 192.3.2.124/30
References
Cannon, Kelly. Kelly Caudle, Anthony
Chiarella. CCNA Guide to Cisco Networking 4/e. Boston: 2009, Print.
Sunday, January 20, 2013
Data Initiation, Encapsulation and Navigation through TCP/IP protocol stack
by Neil Lynch
This article describes a two segment network interfaced with a router. It shows how data is initiated and encapsulated as it navigates through the 4-layers of the TCP/IP protocol stack from Application to Network, utilizing the ARP cache to find the gateway’s address, so the MAC frames can be delivered, filtered, and pulled-off allowing the packet to be sent to the destination (Host) MAC and IP addresses. Once a connection is established a Host to Host, connection-oriented (3-way handshake) would begin, using the TCP protocol at the Transport Layers for reliability.
This article describes a two segment network interfaced with a router. It shows how data is initiated and encapsulated as it navigates through the 4-layers of the TCP/IP protocol stack from Application to Network, utilizing the ARP cache to find the gateway’s address, so the MAC frames can be delivered, filtered, and pulled-off allowing the packet to be sent to the destination (Host) MAC and IP addresses. Once a connection is established a Host to Host, connection-oriented (3-way handshake) would begin, using the TCP protocol at the Transport Layers for reliability.
The TCP/IP host composes its data at the Application Layer. Ex. [Data]
The data is then passed to the Transport Layer protocol of which there are two (TCP and UDP), the connection-oriented protocol is chosen in this exercise, for it reliability as opposed to the unreliable (UDP) connection-less protocol.
The data is encapsulated in the Transport layer’s header. This segment manages data size and flow control.
Ex. [Transport Layer header [Data]]
The Data and Transport Layer header are passed to the Network Layer, the next step down in the TCP/IP protocol stack where the packet now includes the IP header, the Transport layer header and Data.
Ex. [Source IP address [Destination IP address [Transport layer header [Data]]]]
At the next step in the protocol stack, the OSI Data Link layer, containing the source MAC address and the destination (gateway or router’s) MAC address are added to the frame; … the sending computer attained the router’s MAC address by looking in the ARP cache or by sending an ARP request.
Ex. [source MAC address [destination (router *E1) MAC address [Source IP address [Destination IP address [Transport layer header [Data]]]]
The encapsulated frame is sent to the remote segment via the default gateway (the router or network interface connecting the local segment … to the other networks). When the router receives the frame, it pulls off the network interface information (OSI Data Link layer header) which contains the router’s MAC address because it’s no longer necessary, now that the router is in possession of the packet. It then analyzes the packet at the Network layer.
Ex. [Source IP address [Destination IP address [Transport layer header [Data]]]]
MAC address is removed from frame, leaving (packet)
The router then checks its routing table against the destination IP address to locate the appropriate network interface through which to forward the packet.
If the router is directly connected to the network for which the packet is destined, it will re-address the frame at the Network Interface layer with the MAC address of the destination host; it gets this MAC address from its ARP cache or an ARP request on the destination’s subnet.
Ex. [source (router *E0) MAC address [destination MAC address [Source IP address [Destination IP address [Transport layer header [Data]]]]
Frame re-addressed by Router after receiving MAC address from ARP(cache or request)
Once the router has the correct MAC to IP mapping, it repackages the Network Interface (OSI Data Link layer 2) using the MAC addresses of the destination host. After repackaging, the frame is sent to the destination host via the lower level of the (TCP/IP) protocol stack. The MAC addresses of the frame are then decapsulated at the Data Link layer and the packet then moves up to the Network Layer, where the IP addresses are decapsulated. At the next layer up … the Transport layer, the segment is decapsulated, the Data is then received by Application Layer and ultimately by Host B.
Now that a route (connection) is established, the three-way handshake can begin, ultimately allowing data to be transferred between hosts.
TCP requires a three-way handshake, once communication is established between Host A and Host B; that’s a connection request from Host A to Host B, and then an acknowledgement from Host B to Host -A.
· Ex. Host A -----------------connection request-------------> Host B
· Host A <--------- ------acknowledgement----------------Host B
· Once achieved, data is transmitted.
· Host A ---------------------data---------------------------->Host B
*E1, E0 router connecting two segments --------> (E1/E0) ----------->,
Host A to E1 and E0 to Host B
Subscribe to:
Posts (Atom)