CHAPTER 6: The OSI Model and Networking Protocols 236 closely together and that is why it’s hard to discuss one without the other. As a matter of fact, no matter how long you are in networking, you will find the OSI model is referenced on a daily basis all the way from the beginning as a student to a networking master. In this chapter, we look at the networking models that provide guidelines for vendors of networking products, including the early Depart- ment of Defense (DoD) model as well as the International Organization for Standardization (ISO) OSI model. Next, we move into the protocol suite. The majority of TCP/IP fundamentals will be covered in Chapter 7. You’ll also learn about the protocols that are used throughout the network communication process to ensure that data sent from a computer reach their intended destination. We also discuss popular networking protocols upon which majority of the Internet applications run. Now, let’s start with the OSI model and understand why it’s so important. Understanding the Purpose and Function of Networking Models This chapter discusses several specific networking models, so it’s important to begin our discussion with an overview of the purpose and function of networking models. Just about everywhere we look in the world today, we can see examples of agreed-upon rules that help people work together more effectively and efficiently to achieve a specific aim. This is especially true in the world of technology where standards, specifications, and protocols are used to accomplish a particular task. Why is it you can pop a DVD in your player and watch it, regardless of who made the DVD, the DVD player, or the television? It’s because everyone involved agreed to certain parameters such as the circumference of the DVD disk, the method of recording and reading the DVD, and the interface between the DVD player and the television. The same is true in computer technology. A wide variety of methods can be used to transmit and receive data across a network. Models are used to broadly define the required elements. This helps break down complex tasks into more manageable segments. It also provides frameworks from which standards can be developed. Organizing networking tasks in this way provides standardization, which is critical for any technology to be widely adopted. It also reduces development time and cost because common tasks are defined and can be implemented without “reinventing the wheel.” An excellent example of an organization dedicated to providing solid standards for networking is the Institute of Electrical and Electronics Engineers (IEEE), which will be covered shortly within this chapter. The OSI Model 237 The DoD networking model was originally created to solve the problem of people needing to share information across large computer systems. That model was used as the basis for an expanded model known as the OSI model. Later in this chapter, we cover the DoD model. Although the exam primarily focuses on the OSI model, you should still be familiar with its existence and how it maps to the OSI model. THE OSI MODEL The OSI model was originally developed at Honeywell in the mid-1970s and expanded upon the Defense Advanced Research Projects Agency (DARPA) model. In 1977, the ISO recognized the need to develop a communication standard for computing. They formed a subcommittee called the OSI committee and asked for proposals for a communication standard. Honeywell’s solution, called distributed systems architecture (DSA), included seven layers for communica- tions. This framework was adopted by the OSI and is still used as the model for distributed communications. The OSI model is shown in Figure 6.1. We’ll explore each of the seven layers of the OSI model in the following subsections. The first two layers of the OSI model involve both hardware and software. In the five upper layers (Layers 3 through 7), the OSI model typically is implemented via software only. Exam Warning Knowing that the OSI model is imperative, you need to know which devices and protocols function at each layer, so you need to know the layers to start with. Continue to draw the model shown in Figure 6.1 so that when you get to the exam, you can write it on scrap paper to help you with the exam. Test Day Tip Some exams may ask you to identify the seven layers of the OSI model, as well as to identify the definitions of one or more layers. An acronym used to remember the seven layers of the OSI model is all people seem to need data processing. This equates to application, presentation, session, transport, network, data link, and physical. By remembering this acronym, you’ll easily remember the seven layers (in reverse order). Remember that numbering starts at the bottom of the model. More commonly, the Network  exam requires you to know and understand what happens at each layer, and which protocol operates there (rather than just rote memoriza- tion of the layers themselves) to be able to troubleshoot common networking problems. CHAPTER 6: The OSI Model and Networking Protocols 238 The OSI model is represented as a stack because data that are sent across the network have to move through each layer at both the sending and receiving ends. The sending computer generally initiates the process at the application layer. The data is then sent down the stack to the physi- cal layer and across the network to the receiving computer. On the receiv- ing end, the data is received at the physical layer and the data packet sent up the stack to the application layer. A good visualization of this can be seen in Figure 6.2, where Computer A wants to browse a Web site home page of Server B, such as www. syngress.com/index.htm. To view how this works, con- sider these facts. The home page index.htm is the file that is located in a folder (or directory) on the Web server, and this is what Computer A wants to view. Computer A is connected to an Internet service provider (ISP) via a home PC, a net- work interface card (NIC), a cable modem, or whatever the ISP requires for connectivity. Computer A opens a Web browser (which is an appli- cation), the Web browser (not need- ing to know anything other than to make a request to the Web server) sends the request, and underlying protocols process it. The application layer (not to be associated with the application itself) starts the process. Encapsulation (addition of small pieces of information relative to the transmission of information) hap- pens at each layer, with each layer adding its information to the data to get it to the Web server, and then reversing the process to get informa- tion back again. As you can see, you only see the request; the Web server will answer back with index.htm. FIGURE 6.1 The OSI Networking Model. FIGURE 6.2 Viewing a Web Page Using the OSI Model. The OSI Model 239 The beauty of this depiction is that it is very easy to see and clearly under- stand why you absolutely need to know the OSI model and what happens at each layer. Layer 1: Physical The first, most basic layer of the OSI model is the physical layer. This layer specifies the electrical and mechanical requirements for transmitting data bits across the transmission medium (cable or airwaves). It involves sending and receiving the data stream on the carrier, whether that carrier uses electrical (cable), light (fiber optic) or radio, infrared, or laser (wireless) signals. The physical layer specifications include as follows: Voltage changes Timing of voltage changes Data rates Maximum transmission distances Physical connectors to the transmission medium Topology or physical layout of the network Many complex issues are addressed at the physical layer, including digital versus analog signaling, baseband versus broadband signaling, whether data HEAD OF THE CLASS… Advanced Networking You don’t need to know very advanced levels of net- working for the exam. The testing will not dig down into packet headers, encapsulation types, and so on, but if you want to make a career out of networking, you will eventually need to know this information. For that reason, let’s dig into the OSI model a little more (Figure 6.3). As Computer A wants to visit the Web site of syngress.com, the Web browser on the local PC is where the uniform resource locator (URL) is entered into the browser application’s address area. In this example, www.syngress.com is entered and then the real magic happens. As the request heads to the server, the OSI model handles the request, and Figure 6.4 shows all the things that are happening, such as IP addressing information, Media Access Control (MAC) address information, and so on. All these will be explained in the following sections, but this is how you could mentally map the data transmission in your head. Remember that this chart and information is not needed for the exam but for your general understand- ing of the topic. Again, knowing the OSI model information provides a foundation for you to grow and build on. Let’s now dig into the specifics of each layer starting from the lowest layer, the layer that makes use of the physical trans- mission medium, the physical layer. CHAPTER 6: The OSI Model and Networking Protocols 240 is transmitted synchronously or asynchronously, and how signals are divided into channels (multiplexing). Devices that operate at the physical layer deal with signaling, such as the transceivers on the NIC and the basic and simple connectors that join segments of cable. Digital Versus Analog Signaling These days, in the “digital age,” there is hardly a day that goes by without the need surfacing for some form of electricity in your life. So what is this analog signaling and why so much concern? Well, because as a Network techni- cian, you need to understand how different types of technology work, and the perfect example to drive this home would be the modem, a device that a great many people use every day to access the Internet via their standard preexisting telephone lines. A modem is a device that Mo… (Modulates) Dem… (Demodulates) a signal, or in easier to understand terms… the modem translates an analog system signal to a digital system signal and back again so that the signal can traverse along the Plain Old Telephone Service (POTS). It should then make sense to the PCs sending and receiving it, as the modem does the PC the favor of taking that analog signal and translating it into a digital one, which is what your PC natively understands. FIGURE 6.3 Viewing More Detail within the OSI Model. Exam Warning Modems translate analog to digital signals and back again. PCs are using digital technology to communicate, but the phone lines are using analog signaling. Therefore, the signal must be changed from one signaling method to the other as needed, such as when you want to connect your PC up to your ISP and surf the Internet. The OSI Model 241 So what is analog? Analog signals are electronic signals that are based on a wave that moves up and down continuously (as shown in Figure 6.4). A more technical definition of this technology is that analog signals are electronic signals that are transmitted by adding a signal of varying frequency or amplitude to a carrier wave of a given frequency of alternating electro- magnetic current. For the Network exam, don’t worry too much about the technical jargon here. Under- standing this function will help you to understand what the physical layer of the OSI model is responsible for and why. Analog signals, although com- monly used today (consider the tele- phone in your home), are actually not commonly used for new installations. Nothing new implemented today in technology uses analog anymore: most if not all of it winds up in digital format. Digital communications are more compatible with PCs because that’s how PCs operate, via digital technology. Digital signals are more reliable and easier to transmit. For this reason, it should be clear as to why digital is so important to understand and learn. As shown in Figure 6.5, you should see that since computers operate on 1s and 0s, digital (either being on or off, like a light switch if you will) fits binary math perfectly. 1 or 0, on or off. Now that you have seen both signaling methods, let’s move on to possible issues based on digital technology. FIGURE 6.4 Analog Signaling. FIGURE 6.5 Digital Signaling. CHAPTER 6: The OSI Model and Networking Protocols 242 Issues like attenuation (degradation of the signal) can really ruin digital communications. For example, if you were installing a PC over 150 m away from the concentrator it is connected to, (10BaseT technologies have a maximum allowed distance of about 100 m or 328 ft), the signal is likely to degrade (Figure 6.6). As Figure 6.6 shows, because the signal has degraded, the 1s and 0s become “unknowns” because they fall short of being either a 1 or 0. This example shows how exceeding maximum cable distances will in fact cause you issues later on. In sum, when dealing with the physical layer, the data handled is in bits, literally 1s and 0s. These 1s and 0s are represented by pulses of light or electricity (“on” generally represents 1 and “off” generally represents 0). How these bits are arranged and managed is a function of the next layer in the OSI model. Layer 2: Data Link Layer 2 is the data link layer. This layer is responsible for maintaining the data link between two computers, typically called hosts or nodes. It also defines and manages the ordering of bits to and from data segments, called packets. Frames contain data arranged in an organized manner, which provides for an orderly and consistent method of sending data bits across the medium. Without such control, the data would be sent in random sizes or configurations and the data that was sent on one end could not be decoded on the other end. The data link layer manages the physical addressing and synchronization of the data packets (as opposed to the logi- cal addressing that is handled at the network layer). The data link layer is also responsible for flow control and error notification. Flow control is the Test Day Tip Don’t get confused about terminologies such as Baseband and Broadband. Make sure you understand the following: Baseband is a method of data transmission where all bandwidth on the transmission medium is used to transmit a single digital signal. As you saw in Figure 6.6, Baseband technology uses digital signaling. Broadband is a method of data transmission where the bandwidth on the transmis- sion medium is broken into channels that are capable of supporting a wide range of frequencies. Make sure you are comfortable with the terminology and that you understand what each is and does. It will be important to understand, as you learn about 10BaseT, that the Base stands for Baseband. 10BaseT runs at 10 Mbps, it has a 100 m limit on distance. The T is for twisted-pair cabling. The OSI Model 243 process of managing the timing of sending and receiving data so that it doesn’t exceed the capacity (speed, memory, etc.) of the physical con- nection. Because the physical layer is responsible only for physically moving the data onto and off of the network medium, the data link layer also receives and manages error messaging related to physical delivery of packets. Network devices that operate at this layer include Layer 2 switches (switching hubs) and bridges. A Layer 2 switch decreases network congestion by sending data out only on the port to which the destina- tion computer is attached, instead of sending it out on all ports, as a physical layer hub does. Bridges provide a way to segment a network into two parts and filter traffic by building tables that define which computers are located on which side of the bridge, based on their MAC addresses. The data link layer is divided into two sublayers: the Logical Link Control (LLC) and the MAC. These were originally seen in the OSI model diagram in Figure 6.1. The LLC Sublayer The LLC sublayer provides the logic for the data link, thus it controls the synchronization, flow control, and error checking functions of the data link layer. This layer can handle connection-oriented transmissions (unlike the MAC sublayer below it), although connectionless service can also be provided by this layer. Connectionless operations are known as Class I LLC, whereas Class II can handle either connectionless or connection-oriented operations. With connection-oriented communication, each LLC frame that is sent is acknowledged. The LLC sublayer at the receiving end keeps up with the LLC frames it receives (these are also called protocol data units [PDUs]), and if it detects that a frame has been lost during the transmission, it can send back a request to the sending computer to start the transmission over again, beginning with the PDU that never arrived. FIGURE 6.6 The Effects of Attenuation on a Digital Signal. CHAPTER 6: The OSI Model and Networking Protocols 244 The LLC sublayer sits above the MAC sublayer and acts as a liaison between the upper layers and the protocols that operate at the MAC sublayer such as Ethernet, Token Ring, and so on (IEEE standards). The LLC sublayer itself is defined by IEEE 802.2. Link addressing, sequencing, and definition of service access points (SAPs) also take place at this layer. The MAC Sublayer The MAC sublayer provides control for accessing the transmission medium. It is responsible for moving data packets from one NIC to another across a shared transmission medium, such as an Ethernet or fiber-optic transmission medium. Physical addressing is addressed at the MAC sublayer. Every NIC has a unique MAC address, also called the physical address, which identifies that specific NIC on the network. The MAC address of a NIC is usually burned into a read-only memory (ROM) chip on the NIC. Each manufacturer of Exam Warning A MAC address consists of six hexadecimal numbers. The highest possible hexadecimal number is FF:FF:FF:FF:FF:FF, which is a broadcast address. The first three bytes contain a manufacturer code and the last three bytes contain a unique station ID. You must understand the functionality of a NIC card and what a MAC address is for the Network  exam. On Ethernet NICs, the physical or MAC address (also called the hardware address) is expressed as 12 hexadecimal digits, arranged in pairs with colons between each pair, for example, 12:3A:4D:66:3A:1C. In binary notation, this translates to a 48-bit (or 6-byte) number, with the initial three bytes representing the manufacturer and the last three bits representing a unique NIC made by that manufacturer. On Token Ring NICs, the MAC address is 6 bytes long, too, but the bits of each byte are reversed; that is, Ethernet transmits in canonical or least significant bit (LSB) mode, with the least significant bit first, whereas Token Ring transmits in noncanonical or most significant bit (MSB) mode, with the most significant bit first. Although duplicate MAC addresses are rare, they do show up because some manufacturers have started to use their numbers over again. This usually is not a problem because the duplicates almost never show up on the same network. Some cards allow you to change the MAC address by using special software to “flash” the card’s chip. You can view the MAC address on most systems with the following commands. Windows ME, 9x: winipcfg (navigate the graphical user interface [GUI] to find the MAC address) Windows NT, XP, 2000, 2003: ipconfig /all Linux: ifconfig -a On Linux, an Ethernet network interface is commonly seen as eth0. Under this information, you will find the relevant MAC for your system. The OSI Model 245 network cards is provided a unique set of MAC addresses so that (theoretically, at least) every NIC that is manufactured has a unique MAC address. Obvi- ously, it would be confusing if there were two or more NICs with the same MAC address. A packet intended for NIC No. 35 (a simplification of the MAC address) would not know to which NIC No. 35 it was destined. To avoid this confusion, MAC addresses, in most cases, are permanently burned into the NIC’s memory. This is sometimes referred to as the burned-in address (BIA). Another important issue that’s handled at the MAC sublayer is media access control. This refers to the method used to allocate network access to computers and prevent them from transmitting at the same time, causing data collisions. Common MAC methods include Carrier Sense Multiple Access/Collision Detection (CSMA/CD), used by Ethernet networks, Car- rier Sense Multiple Access/Collision Avoidance (CSMA/CA), used by Apple- Talk networks, and token passing, used by Token Ring and Fiber Distributed Data Interface (FDDI) networks. In Exercise 6.1, we go through the steps of identifying a MAC address on a Windows XP Professional system. EXERCISE 6.1 Locating a MAC address with Windows XP Professional Click 1. Start | Programs | Accessories | Command Prompt to access the Windows Command Prompt. Enter the command 2. ipconfig /all to see the physical address for the adapter that corresponds with your current network connection. You will see the system’s MAC address similar to the one shown below. Physical Address. . . . . . . . . : 00-0C-F1-54-45-89 To close the Windows Command Prompt, type 3. exit, then press Enter. Layer 3: Network As we travel up the OSI model, the next layer we encounter is the network layer. At the network layer, packets are sequenced and logical addressing is handled. Logical addresses are nonpermanent, software-assigned addresses that can be changed by administrators. The IP addresses used by the . this chapter, we look at the networking models that provide guidelines for vendors of networking products, including the early Depart- ment of Defense (DoD) model as well as the International. the world of technology where standards, specifications, and protocols are used to accomplish a particular task. Why is it you can pop a DVD in your player and watch it, regardless of who made. all ports, as a physical layer hub does. Bridges provide a way to segment a network into two parts and filter traffic by building tables that define which computers are located on which side