SlideShare una empresa de Scribd logo

Networking Concepts

n|u - The Open Security Community
n|u - The Open Security Community

This document provides an overview of fundamental networking and web architecture concepts. It discusses the OSI 7-layer model, network topologies like star and bus, networking terms like client and server, protocols like IP, TCP, UDP, and DNS, internet architecture with TCP/IP, static web architecture using HTTP and HTML, and REST-based architecture where resources are manipulated through representations.

Tecnología
1 de 20
Descargar para leer sin conexión
Fundamental Concepts OWASP Hyderabad Oct 10th, 2009 Marc-André Laverdière
Agenda ● Network Basics ● IP, TCP, UDP, DNS ● Internet Architecture ● Static Web architecture ● HTTP features ● REST-based architecture (P.S. All images courtesy of Wikipedia)
Network Basics ● OSI 7 Layer Model
Network Topologies ● Point to point: using a switch or dedicated wiring ● Bus: common wire, like in cable internet ● Star: central hub ● Ring: token ring ● Mesh: redudancies ● Tree: hierarchical
Network Terms ● Client: computer that requests a service ● Server: computer that fulfills the request ● Gateway: point of contact to another network ● Proxy: intermediary for making requests to servers. Often caches resources ● Router: forwards information ● Hub: connects many network segments ● Switch: more efficient hub ● Link: connection between two points
IP ● IP: Internet Protocol ● Used to send packets between point A and point B ● No delivery guarantee ● Two current versions: IPv4 and IPv6
IPv4 vs IPv6 ● IPv6 adds many features to IPv4: – Greater address space – Supports autoconfiguration – Multicast – Mandatory IPSec (encryption, authentication, tunelling) – Removed rare fields, redundant checksum – Larger max packet size (4GB) – Support for mobile devices
NAT ● Network Address Translation, used with IP masquerading ● Used to make one IP address as front-end for many. E.g. Wireless hub+router ● Gateway rewrites the packets so that they look like they all originate from the gateway ● Breaks some applications, like SIP and some peer-to-peer clients
TCP ● Transmission Control Protocol ● Allows reliable transmissions ● Error detection ● Flow/congestion control ● Add concept of port ● Connection-based
UDP ● User Datagram Protocol ● Ports ● Fast ● No integrity checking/resending
DNS ● Domain Name System ● UDP main ● Some TCP ● 13 root clusters
Internet Architecture ● Interconnected computer networks ● TCP/IP ● DNS ● Lots of hardware ● Supports many things – WWW – Email – Usenet – IRC
Static Web Architecture ● Www: portion of the Internet for retrieval of hyperdocuments ● Multiple clients, multiple servers ● All resources are static ● Documents can include or refer to other resources ● Resources are organized under websites ● DNS, HTTP, HTML
HTTP ● HyperText Transfer ● Verbs: Protocol – HEAD: get metadata ● Text-based – GET: get a resource POST: submit data to a ● Binary content must be – resource encoded (often – PUT: upload a resource Base64) – DELETE ● One connection per – TRACE: echo back the request (HTTP 1.0) or request one connection for – OPTIONS: list supported many (HTTP 1.1) methods ● Stateless – CONNECT: create a tunnel
HTTP Request ● User-Agent Opera/9.64 (X11; Linux i686; U; en) Presto/2.1.1 ● Host www.wired.com ● Accept text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 ● Accept-Language en-IN,en;q=0.9 ● Accept-Charset iso-8859-1, utf-8, utf-16, *;q=0.1 ● Accept-Encoding deflate, gzip, x-gzip, identity, *;q=0 ● Cookie [cut] ● Cookie2 $Version=1 ● Proxy-Connection Keep-Alive
HTTP Response Header ● HTTP/1.1 200 OK ● Date: Mon, 23 May 2005 22:38:34 GMT ● Server: Apache/1.3.3.7 (Unix) (Red-Hat/Linux) ● Last-Modified: Wed, 08 Jan 2003 23:11:55 GMT ● Etag: "3f80f-1b6-3e1cb03b" ● Accept-Ranges: bytes ● Content-Length: 438 ● Connection: close ● Content-Type: text/html; charset=UTF-8
Cookies ● Cookies are values determined by the server that are stored by the client ● The client automatically sends the cookie value on every request to the server
REST-Based Architecture ● Problem: what I described is static. We need to execute code to have Web Applications ● Principles: – Everything goes through the resources. Resources are different than the representation given to the clients – Resources can be manipulated through the representation – Each message is self-descriptive – Hypermedia contains the application state
Essentially ● Applications react to queries from the clients only. Nothing happens without a query. ● Resource access is free to trigger any processing

Recomendados

Redis vs Infinispan | DevNation Tech Talk
Redis vs Infinispan | DevNation Tech TalkRedis vs Infinispan | DevNation Tech Talk
Redis vs Infinispan | DevNation Tech Talk
Red Hat Developers
 
Scale out backups-with_bareos_and_gluster
Scale out backups-with_bareos_and_glusterScale out backups-with_bareos_and_gluster
Scale out backups-with_bareos_and_gluster
Gluster.org
 
Developing apps and_integrating_with_gluster_fs_-_libgfapi
Developing apps and_integrating_with_gluster_fs_-_libgfapiDeveloping apps and_integrating_with_gluster_fs_-_libgfapi
Developing apps and_integrating_with_gluster_fs_-_libgfapi
Gluster.org
 
20160130 Gluster-roadmap
20160130 Gluster-roadmap20160130 Gluster-roadmap
20160130 Gluster-roadmap
Gluster.org
 
Gluster fs current_features_and_roadmap
Gluster fs current_features_and_roadmapGluster fs current_features_and_roadmap
Gluster fs current_features_and_roadmap
Gluster.org
 
Gluster intro-tdose
Gluster intro-tdoseGluster intro-tdose
Gluster intro-tdose
Gluster.org
 
Lcna tutorial-2012
Lcna tutorial-2012Lcna tutorial-2012
Lcna tutorial-2012
Gluster.org
 
Smb gluster devmar2013
Smb gluster devmar2013Smb gluster devmar2013
Smb gluster devmar2013
Gluster.org
 

Recomendados

Redis vs Infinispan | DevNation Tech Talk
Redis vs Infinispan | DevNation Tech TalkRedis vs Infinispan | DevNation Tech Talk
Redis vs Infinispan | DevNation Tech Talk
Red Hat Developers
 
Scale out backups-with_bareos_and_gluster
Scale out backups-with_bareos_and_glusterScale out backups-with_bareos_and_gluster
Scale out backups-with_bareos_and_gluster
Gluster.org
 
Developing apps and_integrating_with_gluster_fs_-_libgfapi
Developing apps and_integrating_with_gluster_fs_-_libgfapiDeveloping apps and_integrating_with_gluster_fs_-_libgfapi
Developing apps and_integrating_with_gluster_fs_-_libgfapi
Gluster.org
 
20160130 Gluster-roadmap
20160130 Gluster-roadmap20160130 Gluster-roadmap
20160130 Gluster-roadmap
Gluster.org
 
Gluster fs current_features_and_roadmap
Gluster fs current_features_and_roadmapGluster fs current_features_and_roadmap
Gluster fs current_features_and_roadmap
Gluster.org
 
Gluster intro-tdose
Gluster intro-tdoseGluster intro-tdose
Gluster intro-tdose
Gluster.org
 
Lcna tutorial-2012
Lcna tutorial-2012Lcna tutorial-2012
Lcna tutorial-2012
Gluster.org
 
Smb gluster devmar2013
Smb gluster devmar2013Smb gluster devmar2013
Smb gluster devmar2013
Gluster.org
 
The Internet of Things ... Babel
The Internet of Things ... BabelThe Internet of Things ... Babel
The Internet of Things ... Babel
NaLUG
 
Sdc challenges-2012
Sdc challenges-2012Sdc challenges-2012
Sdc challenges-2012
Gluster.org
 
Qemu gluster fs
Qemu gluster fsQemu gluster fs
Qemu gluster fs
Gluster.org
 
Lisa 2015-gluster fs-introduction
Lisa 2015-gluster fs-introductionLisa 2015-gluster fs-introduction
Lisa 2015-gluster fs-introduction
Gluster.org
 
20160401 Gluster-roadmap
20160401 Gluster-roadmap20160401 Gluster-roadmap
20160401 Gluster-roadmap
Gluster.org
 
Gluster d2
Gluster d2Gluster d2
Gluster d2
Gluster.org
 
Disperse xlator ramon_datalab
Disperse xlator ramon_datalabDisperse xlator ramon_datalab
Disperse xlator ramon_datalab
Gluster.org
 
Leases and-caching final
Leases and-caching finalLeases and-caching final
Leases and-caching final
Gluster.org
 
MoP(MQTT on Pulsar) - a Powerful Tool for Apache Pulsar in IoT - Pulsar Summi...
MoP(MQTT on Pulsar) - a Powerful Tool for Apache Pulsar in IoT - Pulsar Summi...MoP(MQTT on Pulsar) - a Powerful Tool for Apache Pulsar in IoT - Pulsar Summi...
MoP(MQTT on Pulsar) - a Powerful Tool for Apache Pulsar in IoT - Pulsar Summi...
StreamNative
 
Debugging with-wireshark-niels-de-vos
Debugging with-wireshark-niels-de-vosDebugging with-wireshark-niels-de-vos
Debugging with-wireshark-niels-de-vos
Gluster.org
 
Lcna example-2012
Lcna example-2012Lcna example-2012
Lcna example-2012
Gluster.org
 
Nsq & python worker
Nsq & python workerNsq & python worker
Nsq & python worker
Felinx Lee
 
Sdc 2012-challenges
Sdc 2012-challengesSdc 2012-challenges
Sdc 2012-challenges
Gluster.org
 
HornetQ Presentation On JBoss World 2009
HornetQ Presentation On JBoss World 2009HornetQ Presentation On JBoss World 2009
HornetQ Presentation On JBoss World 2009
jarfield
 
20160401 guster-roadmap
20160401 guster-roadmap20160401 guster-roadmap
20160401 guster-roadmap
Gluster.org
 
GlusterFs Architecture & Roadmap - LinuxCon EU 2013
GlusterFs Architecture & Roadmap - LinuxCon EU 2013GlusterFs Architecture & Roadmap - LinuxCon EU 2013
GlusterFs Architecture & Roadmap - LinuxCon EU 2013
Gluster.org
 
Webserver
WebserverWebserver
Webserver
ARYA TM
 
Modern Distributed Messaging and RPC
Modern Distributed Messaging and RPCModern Distributed Messaging and RPC
Modern Distributed Messaging and RPC
Max Alexejev
 
Introduction to highly_availablenfs_server_on_scale-out_storage_systems_based...
Introduction to highly_availablenfs_server_on_scale-out_storage_systems_based...Introduction to highly_availablenfs_server_on_scale-out_storage_systems_based...
Introduction to highly_availablenfs_server_on_scale-out_storage_systems_based...
Gluster.org
 
GlusterD 2.0 - Managing Distributed File System Using a Centralized Store
GlusterD 2.0 - Managing Distributed File System Using a Centralized StoreGlusterD 2.0 - Managing Distributed File System Using a Centralized Store
GlusterD 2.0 - Managing Distributed File System Using a Centralized Store
Atin Mukherjee
 
Physical Layer
Physical LayerPhysical Layer
Physical Layer
Rutwik Jadhav
 
Subneting and vlsm ntpg (1)
Subneting and vlsm ntpg (1)Subneting and vlsm ntpg (1)
Subneting and vlsm ntpg (1)
Sachii Dosti
 

Más contenido relacionado

La actualidad más candente

HornetQ Presentation On JBoss World 2009
HornetQ Presentation On JBoss World 2009HornetQ Presentation On JBoss World 2009
HornetQ Presentation On JBoss World 2009
jarfield
 

La actualidad más candente (20)

The Internet of Things ... Babel
The Internet of Things ... BabelThe Internet of Things ... Babel
The Internet of Things ... Babel
 
Sdc challenges-2012
Sdc challenges-2012Sdc challenges-2012
Sdc challenges-2012
 
Qemu gluster fs
Qemu gluster fsQemu gluster fs
Qemu gluster fs
 
Lisa 2015-gluster fs-introduction
Lisa 2015-gluster fs-introductionLisa 2015-gluster fs-introduction
Lisa 2015-gluster fs-introduction
 
20160401 Gluster-roadmap
20160401 Gluster-roadmap20160401 Gluster-roadmap
20160401 Gluster-roadmap
 
Gluster d2
Gluster d2Gluster d2
Gluster d2
 
Disperse xlator ramon_datalab
Disperse xlator ramon_datalabDisperse xlator ramon_datalab
Disperse xlator ramon_datalab
 
Leases and-caching final
Leases and-caching finalLeases and-caching final
Leases and-caching final
 
MoP(MQTT on Pulsar) - a Powerful Tool for Apache Pulsar in IoT - Pulsar Summi...
MoP(MQTT on Pulsar) - a Powerful Tool for Apache Pulsar in IoT - Pulsar Summi...MoP(MQTT on Pulsar) - a Powerful Tool for Apache Pulsar in IoT - Pulsar Summi...
MoP(MQTT on Pulsar) - a Powerful Tool for Apache Pulsar in IoT - Pulsar Summi...
 
Debugging with-wireshark-niels-de-vos
Debugging with-wireshark-niels-de-vosDebugging with-wireshark-niels-de-vos
Debugging with-wireshark-niels-de-vos
 
Lcna example-2012
Lcna example-2012Lcna example-2012
Lcna example-2012
 
Nsq & python worker
Nsq & python workerNsq & python worker
Nsq & python worker
 
Sdc 2012-challenges
Sdc 2012-challengesSdc 2012-challenges
Sdc 2012-challenges
 
HornetQ Presentation On JBoss World 2009
HornetQ Presentation On JBoss World 2009HornetQ Presentation On JBoss World 2009
HornetQ Presentation On JBoss World 2009
 
20160401 guster-roadmap
20160401 guster-roadmap20160401 guster-roadmap
20160401 guster-roadmap
 
GlusterFs Architecture & Roadmap - LinuxCon EU 2013
GlusterFs Architecture & Roadmap - LinuxCon EU 2013GlusterFs Architecture & Roadmap - LinuxCon EU 2013
GlusterFs Architecture & Roadmap - LinuxCon EU 2013
 
Webserver
WebserverWebserver
Webserver
 
Modern Distributed Messaging and RPC
Modern Distributed Messaging and RPCModern Distributed Messaging and RPC
Modern Distributed Messaging and RPC
 
Introduction to highly_availablenfs_server_on_scale-out_storage_systems_based...
Introduction to highly_availablenfs_server_on_scale-out_storage_systems_based...Introduction to highly_availablenfs_server_on_scale-out_storage_systems_based...
Introduction to highly_availablenfs_server_on_scale-out_storage_systems_based...
 
GlusterD 2.0 - Managing Distributed File System Using a Centralized Store
GlusterD 2.0 - Managing Distributed File System Using a Centralized StoreGlusterD 2.0 - Managing Distributed File System Using a Centralized Store
GlusterD 2.0 - Managing Distributed File System Using a Centralized Store
 

Destacado

Subneting and vlsm ntpg (1)
Subneting and vlsm ntpg (1)Subneting and vlsm ntpg (1)
Subneting and vlsm ntpg (1)
Sachii Dosti
 
Network technology Paper 2
Network technology Paper 2Network technology Paper 2
Network technology Paper 2
Sachii Dosti
 
Network technology paper
Network technology paperNetwork technology paper
Network technology paper
Sachii Dosti
 
Chapter 07 - Transport Layer
Chapter 07 - Transport LayerChapter 07 - Transport Layer
Chapter 07 - Transport Layer
Yaser Rahmati
 
Subneting and vlsm ntpg
Subneting and vlsm ntpgSubneting and vlsm ntpg
Subneting and vlsm ntpg
Sachii Dosti
 
ion exchange chromatography
ion exchange chromatographyion exchange chromatography
ion exchange chromatography
Shamili Kaparthi
 

Destacado (10)

Physical Layer
Physical LayerPhysical Layer
Physical Layer
 
Subneting and vlsm ntpg (1)
Subneting and vlsm ntpg (1)Subneting and vlsm ntpg (1)
Subneting and vlsm ntpg (1)
 
Network technology Paper 2
Network technology Paper 2Network technology Paper 2
Network technology Paper 2
 
Network technology paper
Network technology paperNetwork technology paper
Network technology paper
 
OSI Physical Layer
OSI Physical LayerOSI Physical Layer
OSI Physical Layer
 
Chapter 07 - Transport Layer
Chapter 07 - Transport LayerChapter 07 - Transport Layer
Chapter 07 - Transport Layer
 
OSI Network Layer
OSI Network LayerOSI Network Layer
OSI Network Layer
 
Subneting and vlsm ntpg
Subneting and vlsm ntpgSubneting and vlsm ntpg
Subneting and vlsm ntpg
 
ion exchange chromatography
ion exchange chromatographyion exchange chromatography
ion exchange chromatography
 
UV visible spectroscopy
UV visible spectroscopyUV visible spectroscopy
UV visible spectroscopy
 

Similar a Networking Concepts

Web technologies: recap on TCP-IP
Web technologies: recap on TCP-IPWeb technologies: recap on TCP-IP
Web technologies: recap on TCP-IP
Piero Fraternali
 
Computer network (10)
Computer network (10)Computer network (10)
Computer network (10)
NYversity
 
Building high performance microservices in finance with Apache Thrift
Building high performance microservices in finance with Apache ThriftBuilding high performance microservices in finance with Apache Thrift
Building high performance microservices in finance with Apache Thrift
RX-M Enterprises LLC
 
HTTP/2: What's new?
HTTP/2: What's new? HTTP/2: What's new?
HTTP/2: What's new?
Piet van Dongen
 

Similar a Networking Concepts (20)

Cleaning Up the Dirt of the Nineties - How New Protocols are Modernizing the Web
Cleaning Up the Dirt of the Nineties - How New Protocols are Modernizing the WebCleaning Up the Dirt of the Nineties - How New Protocols are Modernizing the Web
Cleaning Up the Dirt of the Nineties - How New Protocols are Modernizing the Web
 
gRPC Design and Implementation
gRPC Design and ImplementationgRPC Design and Implementation
gRPC Design and Implementation
 
Web technologies: recap on TCP-IP
Web technologies: recap on TCP-IPWeb technologies: recap on TCP-IP
Web technologies: recap on TCP-IP
 
HTTP2 in action - Piet Van Dongen - Codemotion Amsterdam 2017
HTTP2 in action - Piet Van Dongen - Codemotion Amsterdam 2017HTTP2 in action - Piet Van Dongen - Codemotion Amsterdam 2017
HTTP2 in action - Piet Van Dongen - Codemotion Amsterdam 2017
 
Computer network (10)
Computer network (10)Computer network (10)
Computer network (10)
 
Networks Have Layers - Understanding The OSI Model
Networks Have Layers - Understanding The OSI ModelNetworks Have Layers - Understanding The OSI Model
Networks Have Layers - Understanding The OSI Model
 
RPC in Smalltalk
RPC in Smalltalk RPC in Smalltalk
RPC in Smalltalk
 
Linux Servers
Linux ServersLinux Servers
Linux Servers
 
Design Web Service API by HungerStation
Design Web Service API by HungerStationDesign Web Service API by HungerStation
Design Web Service API by HungerStation
 
Apache HTTPd Server 2.2 Presentation
Apache HTTPd Server 2.2 PresentationApache HTTPd Server 2.2 Presentation
Apache HTTPd Server 2.2 Presentation
 
Building high performance microservices in finance with Apache Thrift
Building high performance microservices in finance with Apache ThriftBuilding high performance microservices in finance with Apache Thrift
Building high performance microservices in finance with Apache Thrift
 
.NET Conf 2022 - Networking in .NET 7
.NET Conf 2022 - Networking in .NET 7.NET Conf 2022 - Networking in .NET 7
.NET Conf 2022 - Networking in .NET 7
 
HTTP/2: What's new?
HTTP/2: What's new? HTTP/2: What's new?
HTTP/2: What's new?
 
There and back again
There and back againThere and back again
There and back again
 
Linux Hosting Training Course Level 1-2
Linux Hosting Training Course Level 1-2Linux Hosting Training Course Level 1-2
Linux Hosting Training Course Level 1-2
 
LEC_10_Week_10_Server_Configuration_in_Linux.pdf
LEC_10_Week_10_Server_Configuration_in_Linux.pdfLEC_10_Week_10_Server_Configuration_in_Linux.pdf
LEC_10_Week_10_Server_Configuration_in_Linux.pdf
 
From Device to Data Center to Insights
From Device to Data Center to InsightsFrom Device to Data Center to Insights
From Device to Data Center to Insights
 
Network tunneling techniques
Network tunneling techniquesNetwork tunneling techniques
Network tunneling techniques
 
Linux advanced concepts - Part 2
Linux advanced concepts - Part 2Linux advanced concepts - Part 2
Linux advanced concepts - Part 2
 
CN 6131(15) Module IV.pdf
CN 6131(15) Module IV.pdfCN 6131(15) Module IV.pdf
CN 6131(15) Module IV.pdf
 

Más de n|u - The Open Security Community

Más de n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Último

In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
Expeed Software
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
ScyllaDB
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
David Michel
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
CzechDreamin
 

Último (20)

Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 

Networking Concepts

  • 1. Fundamental Concepts OWASP Hyderabad Oct 10th, 2009 Marc-André Laverdière
  • 2. Agenda ● Network Basics ● IP, TCP, UDP, DNS ● Internet Architecture ● Static Web architecture ● HTTP features ● REST-based architecture (P.S. All images courtesy of Wikipedia)
  • 3. Network Basics ● OSI 7 Layer Model
  • 4. Network Topologies ● Point to point: using a switch or dedicated wiring ● Bus: common wire, like in cable internet ● Star: central hub ● Ring: token ring ● Mesh: redudancies ● Tree: hierarchical
  • 5. Network Terms ● Client: computer that requests a service ● Server: computer that fulfills the request ● Gateway: point of contact to another network ● Proxy: intermediary for making requests to servers. Often caches resources ● Router: forwards information ● Hub: connects many network segments ● Switch: more efficient hub ● Link: connection between two points
  • 6. IP ● IP: Internet Protocol ● Used to send packets between point A and point B ● No delivery guarantee ● Two current versions: IPv4 and IPv6
  • 7. IPv4 vs IPv6 ● IPv6 adds many features to IPv4: – Greater address space – Supports autoconfiguration – Multicast – Mandatory IPSec (encryption, authentication, tunelling) – Removed rare fields, redundant checksum – Larger max packet size (4GB) – Support for mobile devices
  • 8. NAT ● Network Address Translation, used with IP masquerading ● Used to make one IP address as front-end for many. E.g. Wireless hub+router ● Gateway rewrites the packets so that they look like they all originate from the gateway ● Breaks some applications, like SIP and some peer-to-peer clients
  • 9. TCP ● Transmission Control Protocol ● Allows reliable transmissions ● Error detection ● Flow/congestion control ● Add concept of port ● Connection-based
  • 10. UDP ● User Datagram Protocol ● Ports ● Fast ● No integrity checking/resending
  • 11. DNS ● Domain Name System ● UDP main ● Some TCP ● 13 root clusters
  • 12. Internet Architecture ● Interconnected computer networks ● TCP/IP ● DNS ● Lots of hardware ● Supports many things – WWW – Email – Usenet – IRC
  • 13.
  • 14. Static Web Architecture ● Www: portion of the Internet for retrieval of hyperdocuments ● Multiple clients, multiple servers ● All resources are static ● Documents can include or refer to other resources ● Resources are organized under websites ● DNS, HTTP, HTML
  • 15. HTTP ● HyperText Transfer ● Verbs: Protocol – HEAD: get metadata ● Text-based – GET: get a resource POST: submit data to a ● Binary content must be – resource encoded (often – PUT: upload a resource Base64) – DELETE ● One connection per – TRACE: echo back the request (HTTP 1.0) or request one connection for – OPTIONS: list supported many (HTTP 1.1) methods ● Stateless – CONNECT: create a tunnel
  • 16. HTTP Request ● User-Agent Opera/9.64 (X11; Linux i686; U; en) Presto/2.1.1 ● Host www.wired.com ● Accept text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 ● Accept-Language en-IN,en;q=0.9 ● Accept-Charset iso-8859-1, utf-8, utf-16, *;q=0.1 ● Accept-Encoding deflate, gzip, x-gzip, identity, *;q=0 ● Cookie [cut] ● Cookie2 $Version=1 ● Proxy-Connection Keep-Alive
  • 17. HTTP Response Header ● HTTP/1.1 200 OK ● Date: Mon, 23 May 2005 22:38:34 GMT ● Server: Apache/1.3.3.7 (Unix) (Red-Hat/Linux) ● Last-Modified: Wed, 08 Jan 2003 23:11:55 GMT ● Etag: "3f80f-1b6-3e1cb03b" ● Accept-Ranges: bytes ● Content-Length: 438 ● Connection: close ● Content-Type: text/html; charset=UTF-8
  • 18. Cookies ● Cookies are values determined by the server that are stored by the client ● The client automatically sends the cookie value on every request to the server
  • 19. REST-Based Architecture ● Problem: what I described is static. We need to execute code to have Web Applications ● Principles: – Everything goes through the resources. Resources are different than the representation given to the clients – Resources can be manipulated through the representation – Each message is self-descriptive – Hypermedia contains the application state
  • 20. Essentially ● Applications react to queries from the clients only. Nothing happens without a query. ● Resource access is free to trigger any processing