Computer Networking

A default gateway is a network node (typically a router) that serves as an access point to another network. It is the device that a host sends data to when the destination host is not on its own local network (subnet).

In simple terms, if your computer wants to send a packet to a device outside of your local network (e.g., a website on the internet), it doesn't know the exact path. So, it sends the packet to its configured default gateway. The gateway then takes on the responsibility of routing the packet towards its final destination.

DNS (Domain Name System) is the phonebook of the Internet. Humans access information online through domain names like google.com or wikipedia.org. Web browsers, however, interact through IP addresses. DNS translates human-readable domain names into machine-readable IP addresses.

The process generally works as follows:

1. A user types a domain name (e.g., www.example.com) into their browser.
2. The user's computer (or a local DNS server) sends a query to a recursive DNS server.
3. If the recursive server doesn't have the IP address cached, it queries a series of other servers:
   • First, it asks a Root DNS Server, which directs it to a...
   • Top-Level Domain (TLD) Server (for .com, .org, etc.). The TLD server then directs it to an...
   • Authoritative Name Server, which holds the actual DNS record for that specific domain.
4. The Authoritative Name Server returns the IP address for www.example.com back to the recursive server.
5. The recursive server sends the IP address to the user's computer, which can now establish a connection with the website's server.

These are all networking devices but they operate at different layers of the OSI model and have different functions.

A MAC (Media Access Control) address is a unique hardware identifier assigned to a network interface controller (NIC) for use as a network address in communications within a network segment.

• It is a 48-bit (or 6-byte) address.
• It is typically represented in hexadecimal format, with colons or hyphens separating the bytes (e.g., 00:1A:2B:3C:4D:5E).
• It operates at the Data Link Layer (Layer 2) of the OSI model.
• While an IP address is logical and can change depending on the network, a MAC address is physical and is permanently burned into the hardware by the manufacturer.

ARP (Address Resolution Protocol) is a communication protocol used for discovering the MAC (Media Access Control) address associated with a given IP address.

When a device wants to send a packet to another device on the same local network, it knows the destination IP address, but it needs the destination MAC address to create the Layer 2 frame. ARP is used to find it:

1. The source device sends an ARP Request broadcast message to the entire local network, asking 'Who has this IP address? Tell me your MAC address.'
2. The device on the network that has that specific IP address replies with an ARP Reply message, which contains its MAC address.
3. The source device can now send its packet and also stores the IP-to-MAC mapping in its ARP cache for future use.

DHCP (Dynamic Host Configuration Protocol) is a network management protocol used to automate the process of configuring devices on IP networks. It automatically assigns an IP address and other network parameters to each device when it joins the network.

Without DHCP, network administrators would have to manually assign IP addresses to every device, which is tedious and prone to errors.

The process is often called DORA:

1. Discover: A new client device broadcasts a DHCP Discover message to find a DHCP server.
2. Offer: A DHCP server receives the message and replies with a DHCP Offer message, containing a proposed IP address and other configuration details.
3. Request: The client broadcasts a DHCP Request message, formally requesting the offered address.
4. Acknowledge (ACK): The server finalizes the allocation, logs it, and sends a DHCP Acknowledge message to the client. The client can now use the assigned IP address.

NAT (Network Address Translation) is a method used by routers to map multiple private IP addresses within a local network to a single public IP address before transferring the information onto the internet.

Why is it needed?

The number of IPv4 addresses is limited. It's not feasible to assign a unique public IP address to every single device in the world. NAT solves this by allowing a company or household to use private IP addresses (like those in the 192.168.x.x range) for all of its internal devices, while only needing one public IP address from their Internet Service Provider (ISP) for their router.

When an internal device sends a packet to the internet, the router replaces the private source IP address with its own public IP address. When the response comes back, the router knows which internal device to forward it to based on a translation table it maintains.

A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.

Firewalls establish a barrier between a trusted internal network and an untrusted external network, such as the Internet.

They can be hardware, software, or both. They are a first line of defense in network security and can prevent unauthorized access, malware, and other threats from entering a private network.

A port is a communication endpoint in a computer's operating system. It is a 16-bit number (from 0 to 65535) used to identify a specific process or a type of network service.

While an IP address gets a data packet to a specific device, the port number tells the device's operating system which specific application or service the packet is intended for.

Ports are categorized as:

• Well-Known Ports (0-1023): Reserved for common services. For example, HTTP uses port 80, HTTPS uses port 443, and FTP uses port 21.
• Registered Ports (1024-49151): Registered for specific applications by software vendors.
• Dynamic or Private Ports (49152-65535): Used for temporary, client-side connections.

HTTP (Hypertext Transfer Protocol) is the protocol used for transmitting hypermedia documents, such as HTML. It is the foundation of data communication for the World Wide Web.

HTTPS (Hypertext Transfer Protocol Secure) is the secure version of HTTP. The 'S' stands for 'Secure'.

The key differences are:

• Security: HTTPS traffic is encrypted using SSL/TLS (Secure Sockets Layer/Transport Layer Security). This means that if an attacker intercepts the communication, they cannot read the data. HTTP traffic is sent in plain text, making it vulnerable to eavesdropping.
• Port Number: HTTP uses port 80 by default. HTTPS uses port 443.
• Trust: HTTPS requires a digital security certificate from a trusted Certificate Authority (CA) to be installed on the web server. This helps verify the identity of the website and builds user trust.

Modern browsers flag HTTP sites as 'Not Secure', and using HTTPS is a standard practice for all websites.