Networking Foundations
24 Apr 2022Welcome back to another post.
This time, we’ll take a detour from OSX specific topics to talk about networking.
We want to make sure we understand the basics before we attempt to do anything fancy.
So here we’ll post some RFCs you should read, compile some resources that explain what the hell the output from
tools such as ifconfig and netstat actually mean, etc etc.
Table of Contents
Terminology and the OSI Model
Check out An Introduction to Networking Terminology, Interfaces, and Protocols. This blog post provides some great background.
Couple things we want to repeat from that post
- A network device is software that serves as interface for networking hardware
- In *unix, network interfaces can be physical (real hardware) or virtual (linked to hardware but not actually hardware)
- MAC (medium access control) addresses are unique identifiers and are assigned to devices when they are manufactured.
- MAC is a communication protocol of the link layer
- IP addresses are unique on each network
- IP is implemented on top of the link layer, on the internet layer of the IP/TCP model
- Networks can be linked if the traffic is properly routed (this is where NAT comes into place)
- ICMP is used for network devices to communicate amongst themselves to indicate availability or errors
- TCP builds upon IP to make reliable connections from unreliable packet transmissions by implementing “handshakes” (more on this later)
IP
One of the first RFCs covering the IP protocol was RFS 791: INTERNET PROTOCOL.
The important ideas from the RFC are that
- IP is meant to be unreliable - it favours simplicity so that other protocols can freely build upon it
- data is broken into packets where the actual data of interest, the payload, is sent with headers
- headers communicate verious important metadata
TCP
The protocol builds up a connection prior to data transfer using a system called a three-way handshake. This is a way for the two ends of the communication to acknowledge the request and agree upon a method of ensuring data reliability.
After the data has been sent, the connection is torn down using a similar four-way handshake. xref: An Introduction to Networking Terminology, Interfaces, and Protocols.
TCP follows similar conventions to IP, packets have a payload and headers. An important piece of metadata is the TCP flag which identifies which type of TCP message is being sent. These are the possible values
| Flag | Abbreviation | One letter abbreviation | Numerical value |
|---|---|---|---|
| Urgent | URG | U | 32 |
| Acknowledgement | ACK | A | 16 |
| Push | PSH | P | 8 |
| Reset | RST | R | 4 |
| Synchronization | SYN | S | 2 |
| Finish | FIN | F | 0 |
Take a look at the following pages for more details
Now, back to handshakes. 3 way handshake is used to establish a connection, TCP 3 way handshake process
- Client sends SYN (S or 2)
- Server responds with SYN-ACK (S-A or 18)
- Client sends ACK (A or 16)
To terminate a connection, there is a 4-way handshake
- Client sends FIN (0)
- Server replies with ACK (16)
- Server will close transmission and send FIN-ACK (16)
- Client replies with ACK (16)
CIDRS
You will see CIDRs and talk about masks so much and so often that we recommend you read through
- Understanding IP Addresses, Subnets, and CIDR Notation for Networking
- Terraform
cidrsubnetDeconstructed- Make sure to really look into the
ipcalcexamples here, it will make CIDRs make more sense.
- Make sure to really look into the
ifconfig
I don’t know about you but like hell does ifconfig output make sense outright to me.
I did some research and came across
- Demystifying ifconfig and network interfaces in Linux
- Monitoring the Interface Configuration With the ifconfig Command
Read them, digest them, and live by them. And since we have a thing for all things OSX, also take a look at
There is a lot more, so every now and them we’ll come back and update this page.