Instantly find and stop attacks with a fully automated platform that simplifies security. Palo Alto has been named a Leader in the Gartner Magic Quadrant® for Network Firewalls for the EIGHTH time in a row.

1. OSI MODEL
7 LAYERS
OPEN SYSTEM INTERCONNECTION MODEL
IT IS REFRENCE MODEL
1
Waseem Akram

2. 7 LAYERS
2
Waseem Akram

3. TCP/IP MODEL
4 LAYERS
TRANSMISSION CONTROL PROTOCOL/INTERNET PROTOCOL
IT IS IMPLEMENTATION MODEL
3
Waseem Akram

4. 4 LAYERS
4
Waseem Akram

5. PHYSICAL LAYER & FUNCTION
• 1st layer of OSI Model
• its consist of hardware and topology
• hardware are wired, wireless and connectors
• Topology - it is logical or physical layout of the network
• Bus,star,mesh,ring topology
• Its send and recives bits on medium
5
Waseem Akram

6. CABLES
• Console cable - it is use to take access of network devices
• Straight cables are primarily used for connecting different devices.
example: pc-sw, sw-router, sw-firewall.
• Crossover cables are use for connecting unlike devices same
devices.
example: pc-pc, sw-sw, router-router, pc-router.
Waseem Akram 6

7. LAYER 1 DEVICES
• layer 1 devices include hubs, repeaters & Ethernet cable connectors. These are the basic
devices that are used at the physical layer to transmit data through a given physical medium
which is suitable as per the network need.
Waseem Akram 7

8. DATA LINK LAYER
• its provides exchanging of data over common local media
• it has two sub layers
• MAC (Media access control) -physical address 48 bits
address expressed in 12 hexa decimal digits
• 1st half MAC address is provided by OUI
• 2nd half MAC address is provided by vendor
manufacuted
8
Waseem Akram

9. • LLC (Logical link control)
• it provide error detection by using FCS & CRC
Mathematical algorithm
• FRAMING
• It converts bits into bytes and bytes into frames and
vise-versa
• at data link layer DATA is called FRAME
9
Waseem Akram

10. What is Address Resolution Protocol (ARP)?
• Address Resolution Protocol (ARP) is a protocol or procedure that connects
an ever-changing Internet Protocol (IP) address to a fixed physical machine
address, also known as a media access control (MAC) address, in a local-
area network (LAN).
• This mapping procedure is important because the lengths of the IP and MAC
addresses differ, and a translation is needed so that the systems can
recognize one another. The most used IP today is IP version 4 (IPv4). An IP
address is 32 bits long. However, MAC addresses are 48 bits long. ARP
translates the 32-bit address to 48 and vice versa.
10
Waseem Akram

11. What Are the Types of ARP?
There are different versions and use cases of ARP. Let us take a look at a few.
Proxy ARP
• Proxy ARP is a technique by which a proxy device on a given network answers the ARP request for an IP address
that is not on that network. The proxy is aware of the location of the traffic's destination and offers its own MAC
address as the destination.
Gratuitous ARP
• Gratuitous ARP is almost like an administrative procedure, carried out as a way for a host on a network to simply
announce or update its IP-to-MAC address. Gratuitous ARP is not prompted by an ARP request to translate an IP
address to a MAC address.
Reverse ARP (RARP)
• Host machines that do not know their own IP address can use the Reverse Address Resolution Protocol (RARP) for
discovery.
Inverse ARP (IARP)
• Whereas ARP uses an IP address to find a MAC address, IARP uses a MAC address to find an IP address.
11
Waseem Akram

12. FRAME STRUCTURE-MTU
MTU is the maximum amount of payload that a single frame can carry
12
Waseem Akram

13. ENCAPSULATION & DECAPSULATION
• ENCAPSULATION - The process of adding extra-
information or exta
headers and trailer
• DECAPSULATION - The process of removing extra-
information or removing exta headers and trailer
13
Waseem Akram

14. ENCAPSULATION & DECAPSULATION PROCESS
14
Waseem Akram

15. LAYER 2 DEVICES
• A layer 2 network device is a multiport device that uses hardware addresses, MAC address, to process
and forward data at the data link layer (layer 2). A switch operating as a network bridge may
interconnect otherwise separate layer 2 networks. The bridge learns the MAC address of each
connected device.
Waseem Akram 15

16. NETWORK LAYER
• Handles the routing and sending of data between different
networks. The most important protocols at this layer are
IP and ICMP.
• IP ADDRESSING
• ROUTING
• PATH DETERMINATION
16
Waseem Akram

17. IP ADDRESSING
• This enables us to determine what is source ip and
destination ip
• it is a logical address which enables a machine to
comminicate with another.
17
Waseem Akram

18. ROUTING & Path Determination
• The process of transfering of packet from one network
to another network on the basis of destination ip
address
• The process of selecting best path
18
Waseem Akram

19. IP HEADER - (ip address is 32 bits)
19
Waseem Akram

20. What is ICMP (Internet Control Message Protocol)?
• ICMP is a network level protocol. ICMP messages communicate information about network
connectivity issues back to the source of the compromised transmission. It sends control
messages such as destination network unreachable, source route failed, and source quench.
It uses a data packet structure with an 8-byte header and variable-size data section.
ICMP and Ping
Ping is a process which uses ICMP messages to report back information on network
connectivity and the speed of data relay between a host and a destination computer. It's one of
the few instances where a user can interact directly with ICMP, which typically only functions to
allow networked computers to communicate with one another automatically.
PING is the Packet InterNet Groper.
20
Waseem Akram

21. LAYER 3 DEVICES
• The layer 3 in the OSI model is the network layer. The device that comes under this layer is
the router. The functions include address handling,logical address and names to physical
address translation ,routing and traffic management.
Waseem Akram 21

22. TRANSPORT LAYER
• It provide end-to- end connective between two devices,
so that they can send and receive data
• it has two types of protocol
• connection oriented protocol
• connectionless protocol
22
Waseem Akram

23. CONNECTION ORIENTED
• It provide guarantee of data transfer from one device to
another device
• It is reliable protocol
• Example - TCP (TRANSMISSION CONTROL
PROTOCOL)
23
Waseem Akram

24. CONNECTIONLESS PROTOCOL
• It doesn't provide guarantee of data transfer from one
device to another device
• It is unreliable protocol
• Example - UDP (USER DATAGRAM PROTOCOL)
24
Waseem Akram

25. TCP HEADER - 20bytes
25
Waseem Akram

26. UDP - 8bytes
26
Waseem Akram

27. PORT NUMBER
• Both TCP and UDP use port number
• it use to pass the information to the upper layer
• INTERNET ASSIGNED NUMBER AUTHORITY (IANA) Assigns port
numbers
27
Waseem Akram

28. UDP WORKING
• No connection establishment in case of UDP
28
Waseem Akram

29. TCP WORKING
• Connection
establishment in case
of TCP
• TCP 3-way handshake
• Before the data get
sent TCP
establishment a
connection
29
Waseem Akram

30. ERROR RECOVERY & WINDOWING
• TCP USE Sequence and Acknowledgement number For
error recovery
• Windowing size mean how many bytes of data that can
sent with accepting acknowledge from receiver
30
Waseem Akram

31. TCP VS UDP
TCP (Transmission Control Protocol) UDP (User Datagram Protocol)
TCP is a connection oriented protocol. UDP is a connection less protocol.
TCP rearranges data packets in the order
specified.
UDP has no inherent order as all packets are
independent of each other. If ordering is required,
it has to be managed by the application layer.
The speed for TCP is slower than UDP. UDP is faster because error recovery is not
attempted. It is a "best effort" protoco
TCP header size is 20 bytes UDP Header size is 8 bytes.
31
Waseem Akram

32. SESSION LAYER
• The session layer (layer 5) is responsible for establishing,
managing, synchronizing and terminating sessions
between end-user application processes.
32
Waseem Akram

33. PRESENTARION LAYER
• This layer converts the the data in the form that it can
be accept by the application
• The data from the application layer is extracted here
and manipulated as per the required format to transmit
over the network.
33
Waseem Akram

34. APPLICATION LAYER
• Application layer which is implemented by the network
applications. These applications produce the data, which
has to be transferred over the network. This layer also
serves as a window for the application services to access
the network and for displaying the received information to
the user. Ex:
• Application – Browsers, Skype Messenger etc.
34
Waseem Akram

35. APPLICATION LAYER PROTOCOLS
• DNS
• DHCP
• HTTP
• HTTPS
• FTP
• TFTP
• TELNET
• SSH
35
Waseem Akram

36. WHAT IS DNS?
• Domain Name System (DNS) it converts name to ip and
ip to name.
36
Waseem Akram

37. WHAT IS DHCP?
• It is application based protocol which provide IP, subnet, default-gateway to clients
37
Waseem Akram

38. PDU - PROTOCOL DATA UNIT
38
Waseem Akram