Networks

Pages in this section

  • Access control list (ACL) filters
    Last edited: 2026-02-05

    Access control list (ACL) filters

    Access Control List filters are deployed by ISPs or IXPs at their AS border routers to filter out unwanted traffic. These filters, whose implementation depends on vendor-specific hardware, are effective when the hardware is homogeneous, and the deployment of the filters can be automated. The drawbacks of these filters include limited scalability, and since the filtering does not occur at the ingress points, it can exhaust the bandwidth to a neighbouring AS.

  • Additive Increase Multiplicative Decrease (AIMD)
    Last edited: 2026-02-05

    Additive Increase Multiplicative Decrease (AIMD)

    This is a method of probe-and-adjust that some TCP implementations use.

  • Address Resolution Protocol (ARP)
    Last edited: 2026-02-05

    Address Resolution Protocol (ARP)

    This protocol is used to update a nodes ARP cache within a network . When this node needs to send packet to a address within its network (as identified by the network mask ) but that entry is missing from the ARP cache it does the following.

  • Angur
    Last edited: 2026-02-05

    Angur

    This is a system that monitors for censorship through connectivity disruptions. It uses two internet protocols:

  • ARP cache
    Last edited: 2026-02-05

    ARP Cache

    The ARP cache of a node in a network is a mapping from IP addresses within the same network to their MAC address . A node can identify a IP address within its network using the network mask . This gets updated using the Address Resolution Protocol (ARP) .

  • ARTEMIS
    Last edited: 2026-02-05

    ARTEMIS

    ARTEMIS is a system designed to detect and mitigate BGP Hijacking , operated locally by network operators to protect their own prefixes. The system is based on several key ideas and can be found in this paper .

  • ASwatch
    Last edited: 2026-02-05

    ASwatch

    ASwatch is a system that identifies malicious Autonomous system (AS) by analysing their routing behaviour, focusing specifically on “bulletproof” networks run by cybercriminals. Unlike other approaches that might rely on data from network traffic or content, ASwatch exclusively examines control plane information, which pertains to how networks route data.

  • Automatic Repeat Request (ARQ)
    Last edited: 2026-02-05

    Automatic Repeat Request (ARQ)

    This is the way TCP makes messaging reliable. This uses a combination message acknowledgements and message timeouts to determine if it needs to resend a segment . The timeout is a length of time before it reseeds the message. This will need to be fine tuned by guessing the Round trip time (RTT) .

  • Autonomous system (AS)
    Last edited: 2026-02-05

    Autonomous system (AS)

    An Autonomous system (AS) is a collection of IP addresses with a common prefix all controlled by a single administrative entity or domain.

  • Autonomous system number (ASN)
    Last edited: 2026-02-05

    Autonomous system number (ASN)

    This is an identifier for an AS .

  • BGP Blackholing
    Last edited: 2026-02-05

    BGP Blackholing

    This is a method of initiating blackholing in the event of a DDoS attack using an upstream service.

  • BGP Communities
    Last edited: 2026-02-05

    BGP Communities

    A BGP (Border Gateway Protocol) community is a mechanism used to group multiple routes together to simplify routing policies and facilitate route management.

  • BGP Flowspec
    Last edited: 2026-02-05

    BGP Flowspec

    BGP Flowspec is an extension of BGP designed to allow the creation and propagation of detailed traffic flow filtering rules. These rules can be applied across different ASs .

  • BGP Hijacking
    Last edited: 2026-02-05

    BGP Hijacking

    This is a class of attacks that use the BGP protocol as its method of attack. This falls into 3 categories:

  • BGP squatting
    Last edited: 2026-02-05

    BGP squatting

    This is a form of BGP Hijacking where the attacking AS announces a prefix before the genuine AS does - thus becoming the de facto route. This disrupts the flow of traffic to the intended AS .

  • Bitrate
    Last edited: 2026-02-05

    Bitrate

    This is the upload/download rate of some application. It is normally measured in bits per second (bps), though it scales to kilobits per second (kbps) or megabits per second (Mbps).

  • Bitrate adaption
    Last edited: 2026-02-05

    Bitrate adaption

    This is the process of choosing the quality of streamed content based on the network and device requirements.

  • Blackholing (BH)
    Last edited: 2026-02-05

    Blackholing

    This is when a server drops messages either intended for itself or another server. This is done in case of a DDoS attack to protect the service being attacked. Though it can be used for malicious purposes as well in the case of a Blackholing attack .

  • Blackholing attack
    Last edited: 2026-02-05

    Blackholing attack

    This is a form of BGP Hijacking where an attacking AS intercepts messages between two parties and drops the messages.

  • Border gateway protocol (BGP)
    Last edited: 2026-02-05

    Border gateway protocol (BGP)

    This is a class of protocols that are used for interdomain routing . That is sharing subnets between AS . Two routers connected over BGP are called BGP peers. They open a semi-permanent TCP connection where they exchange routes. There are two varieties of this class.

  • Bridge
    Last edited: 2026-02-05

    Bridge

    A bridge only has two ports but they know which devices are on either side. They will only repeat signals if the destination host is on the opposite side of the bridge. To do this a bridge maintains a forwarding table which maps MAC addresses to ports . It learns which hosts are on either side by reading the source MAC address of frames coming into the bridge.

  • Broadcast (networks)
    Last edited: 2026-02-05

    Broadcast

    You broadcast a message on a network by setting the destination MAC address to be “all f’s” this relates to the MAC address with all 1’s. This is understood by the router to be sent on to all ports it is connected to.

  • Checksum
    Last edited: 2026-02-05

    Checksum

    A checksum is a small fingerprint added to some data used to verify the validity of that data. There are different ways to compute this.

  • Checksum in layer 4
    Last edited: 2024-05-27

    To compute the checksum for a layer 4 header (either TCP or UDP ):

    • You first construct the header with an all zeros Checksum .
    • Then you append the pseudo-header to the message.
    • You break the message down into 16-bit segments potentially adding 0’s if needed.
    • Then compute the ones complement addition off all segments. If this is all 0’s it is sent as all 1’s. An all 0 header means that the checksum was not computed.
    • Fill this in as the checksum component. (Now if you perform the ones complement addition of all the 16-bit segments you should end up with all 1’s.)
    • Strip the pseudo-header off the segment .

    To verify the checksum on the receivers end they simply need to add all 16-bit segments and check it results in all 1’s. This makes it robust to a single bit flip whilst also being robust to most double bit flips if this happens in the same position in the 16-bit segments it will not be noticed.

  • Client
    Last edited: 2026-02-05

    Client

    A client is defined in reference to any transaction. The client is the Host (networks) who is receiving data in that transaction.

  • Client-Server model
    Last edited: 2026-02-05

    Client-Server model

    The client-server model is a distributed application structure with two roles. There are servers providing resources and clients requesting them. For example, a web-server follows the client server model. The user of the browser is the client and the server providing web-pages is the server.

  • Congestion control in TCP
    Last edited: 2024-05-28

    # Congestion control in TCP

    Congestion control is use to utilise the network with the following goals in mind:

    • Efficiency: We should try to have high utilisation of the network at all times.
    • Fairness: Each user should have a fair share of the network.
    • Low delay: We should not overwhelm the switches and routers buffers causing a large delay within the network.
    • Fast convergence: We want to get to a stable point that achieves all the above quickly.

    There are two approaches when it comes to congestion control.

  • Connection between OSI and IPS models
    Last edited: 2026-02-05

    # Connection between OSI and IPS models

    The OSI model was originally invented when the main computers were mainframes. Making layer 5 more important; however, in modern applications the roles and responsibilities of the last 3 layers in the OSI get very mixed and end up being combined into one another. Some applications might not implement some of them.

  • Content delivery network (CDN)
    Last edited: 2026-02-05

    Content delivery network (CDN)

    These are distribution networks that large content providers use to guarantee consistent converge across a region. This is due to the provider having more control of how the network is connected and lowering the costs of distribution.

  • Count to infinity problem
    Last edited: 2024-06-04

    This is a problem within the Distance vector routing algorithms caused by a change in the underlying graph or its distances. This causes very slow convergence to the correct intradomain distances as nodes all believe sending messages to one another using the old distances is the shortest path.

    # Example

    Suppose we have an AS with 3 routers $\{x,y,z\}$ which are all connected to one another with initial distances $d(z,x) = d(x,y) = 1$ and $d(y,z) = 10$ then we have the following shortest path tables.

  • DDoS reflection and amplification
    Last edited: 2026-02-05

    DDoS reflection and amplification

    Instead of attacking your target directly in DDoS attack - you can instead find legitimate services that respond to requests (for example when opening a TCP connection). You can make requests to such services where you spoof the source IP as your target. This has two advantages:

  • Default Gateway
    Last edited: 2026-02-05

    Default Gateway

    The default gateway for a network is a Gateway of a router on the network which this host will route Packets that have an Internet Protocol (IPv4) that is not in this Network (as given by the Network mask ).

  • Difference between an IP and MAC address
    Last edited: 2024-05-22

    For any packet we attach the source and destination Internet Protocol (IPv4) . This packet may need to travel through many different networks . For each different network it will get a new layer 2 header with the MAC address of the router it entered the network on and the router it needs to leave the network on.

  • Distance vector routing algorithms
    Last edited: 2026-02-05

    Distance vector routing algorithms

    Distance vector routing is a distributed routing algorithm. It uses the Bellman-Ford algorithm but in a distributed manner.

  • Distributed Denial-of-Service (DDoS)
    Last edited: 2026-02-05

    Distributed Denial-of-Service (DDoS)

    This is an attack against a service where you flood it with requests that it cannot handle. This causes the service to crash, denying access to it for other users. DDoS Diagram The diagram demonstrates the simplest form of attack, but this has many variants such as Spoofing and DDoS reflection and amplification .

  • DNS censorship
    Last edited: 2026-02-05

    DNS censorship

    DNS censorship is a large-scale network traffic filtering strategy opted by a network to enforce control and censorship over Internet infrastructure to suppress material that they deem as objectionable.

  • DNS injection
    Last edited: 2026-02-05

    DNS injection

    This is a form of DNS censorship . It uses a ruleset for which DNS entries are unacceptable and fakes the replies from a DNS lookup so the requester can not resolve the IP address . The works in the following way:

  • DNS records
    Last edited: 2026-02-05

    DNS records

    This is the response from a DNS server. This comes in a question/answer format as bellow. Typically these 4 vales:

  • Domain Name System (DNS)
    Last edited: 2026-02-05

    Domain Name System (DNS)

    The domain name systems main function is to translate a human readable domain name into an IP address . It is in essence a massive distributed database across many server. This distributed database uses different DNS records and a hierarchy of servers.

  • DSN-based content delivery
    Last edited: 2026-02-05

    DSN-based content delivery

    Content delivery network (CDN) use DNS -based methods to efficiently deliver content by distributing it across multiple servers worldwide. When a user requests a service via DNS, the CDN determines the “nearest edge server” based on factors such as network topology and current link characteristics. This server’s IP address is then returned to the user’s DNS client, ensuring that content is delivered from a location that is geographically or network-proximity closer to the user.

  • Duplex
    Last edited: 2026-02-05

    Duplex

    A connection method is duplex if the communication channel is bi-directional, i.e. both parties can send and receive data.

  • Dynamic Adaptive Streaming over HTTP (DASH)
    Last edited: 2026-02-05

    Dynamic Adaptive Streaming over HTTP (DASH)

    This is a technique to implement bitrate adaption . This has multiple implementations such as HTTP Live Streaming (HLS) or MPEG-DASH . These implementations differ in detail such as the encoding algorithms, segment sizes, DRM support, bitrate adaptation algorithms, etc.

  • Dynamic Host Configuration Protocol (DHCP)
    Last edited: 2026-02-05

    Dynamic Host Configuration Protocol (DHCP)

    To connect to the internet you need 4 pieces of information:

  • End to end principle
    Last edited: 2026-02-05

    End to end principle

    The end to end principle states that certain functions in a network , such as error correction or data integrity, are best implemented at the endpoints (source and destination) rather than in the intermediary nodes (like routers and switches ). This ensures more efficient and reliable communication by minimizing the complexity and potential points of failure within the network.

  • Evolutionary Architecture model (EvoArch)
    Last edited: 2026-02-05

    Evolutionary Architecture model (EvoArch)

    This is a model built to explain the Internet protocol stack hourglass shape . It builds a DAG in discrete time steps $G_i = (V_i,E_i)$ over time $i \in \mathbb{N}$ to model the protocols in the OSI model .

  • Exact prefix hijacking
    Last edited: 2026-02-05

    Exact prefix hijacking

    This is a form of BGP Hijacking where the attacking AS announces a path for the same prefix as a genuine AS . This disrupts the flow of traffic to the intended AS .

  • Fast retransmit
    Last edited: 2026-02-05

    Fast retransmit

    This is a method of handling unacknowledged messages. The keeps sending packages until it sees a package hasn’t be acknowledged 3 times. Then it restransmits that message before the timeout. Fast Retransmit

  • Fast-Flux Service Networks (FFSN)
    Last edited: 2026-02-05

    Fast-Flux Service Networks (FFSN)

    Fast-Flux Service Networks (FFSN) extend the principles of Round robin DNS (RRDNS) and Content delivery network (CDN) to enhance resilience and scalability, but they are often exploited by spammers and cybercriminals. FFSNs employ a technique where DNS responses rapidly change, featuring a very short Time to live (TTL) compared to RRDNS and CDNs. Each DNS lookup returns a different set of IP addresses from a larger pool of compromised machines.

  • File Transfer Protocol (FTP)
    Last edited: 2026-02-05

    File Transfer Protocol (FTP)

    This is a simple file transfer protocol which starts with the client sending a RETR message with the file name to retrieve a file from a server.

  • Finding rouge networks (FIRE)
    Last edited: 2026-02-05

    Finding rouge networks (FIRE)

    The FIRE (FInding Rogue nEtworks) system is designed to monitor the Internet for rogue networks—networks primarily used for malicious activities such as phishing, hosting spam pages, and distributing pirated software. It utilises three main data sources to identify potential rogue networks:

  • Firewall
    Last edited: 2026-02-05

    Firewall

    A firewall introspects Packets entering a network and filters packets out that are selected as malicious or unnecessary. This violates the End to end principle as introspection on the packets happens before they get to their destination. This is seen as needed to protect hosts and network integrity.

  • Flow control in TCP
    Last edited: 2024-05-28

    # Flow control in TCP

    Suppose host A is transmitting data to host B. When this starts up host B will reserve some amount of memory to buffer unprocessed packages. Lets say it can fit RcvBuffer bytes. Then it keeps track of LastByteRead and LastByteRecieved.

  • Frame (networks)
    Last edited: 2026-02-05

    Frame (networks)

    During the process of encapsulation the frame is a packet with added MAC addresses for the source and destination.

  • Gateway
    Last edited: 2026-02-05

    Gateway

    The gateway for a router connected to a network is its Internet Protocol (IPv4) address on that network .

  • Go back N
    Last edited: 2026-02-05

    Go back N

    This is a method of handling unacknowledged messages. When a sequence number is either skipped or timed out the send starts re-sending segments from the missing number. Go Back N

  • Great Firewall of China (GFW)
    Last edited: 2026-02-05

    Great Firewall of China (GFW)

    China runs a massive firewall that covers the whole of the country. It uses DNS censorship by injecting fake DNS record responses into the network. Gfw Arcitecture

  • Head of line (HOL) blocking
    Last edited: 2026-02-05

    Head of line (HOL) blocking

    In the switching fabric , head of line blocking happens when all inputs want to connect to the same output line. Then each of the queues are blocked whilst these requests get served. This can slow down switching fabric especially if inputs also have messages for other outputs that could get served. Head Of Line Blocking

  • Host (networks)
    Last edited: 2026-02-05

    Host (networks)

    A host can have multiple meanings in the context of networks. Most broadly it means any actor that can send and receive traffic on a network. In the context of Internet Protocol (IPv6) it is a Node (IPv6) that is not a Router (IPv6) .

  • Hot potato routing
    Last edited: 2026-02-05

    Hot Potato Routing

    This is the term used when deciding between two external egress routes to the Autonomous system (AS) . Routes use he external egress that has the shortest intradomain routing distance.

  • HTTP redirection
    Last edited: 2026-02-05

    HTTP redirection

    This is a response in the HTTP protocol . If a client sends a GET request to a server for a particular resource, the server can respond with a 3xx code and the name of the new server to retrieve the resource from. This causes the client to go to another domain to retrieve that asset.

  • Hub
    Last edited: 2026-02-05

    Hub

    A Hub is a multi-port Repeater .

  • Hyper Text Transfer Protocol (HTTP)
    Last edited: 2026-02-05

    Hyper Text Transfer Protocol (HTTP)

    The underlying protocol for web-servers.

  • Hypertext Transfer Protocol Secure (HTTPS)
    Last edited: 2026-02-05

    Hypertext Transfer Protocol Secure (HTTPS)

    This is HTTP using TLS encryption. This is sometimes refereed to as HTTP over TLS.

  • Imposture attack (IM)
    Last edited: 2026-02-05

    Imposture attack (IM)

    This is a form of BGP Hijacking where an attacking AS intercepts messages between two parties and continues the conversation pretending to be one of the parties.

  • Interdomain routing
    Last edited: 2026-02-05

    Interdomain routing

    This is the process of routing between Autonomous system (AS) . Here there is a lot of commercial pressure on the decision of which routes to offer. The protocols that are used for this are called Border gateway protocol (BGP) .

  • Interior gateway protocol (IGP)
    Last edited: 2026-02-05

    Interior gateway protocol (IGP)

    This is a class of protocols used for intradomain routing . That is for routers in the same network to exchange subnet addresses.

  • Internet
    Last edited: 2026-02-05

    Internet

    A internet is just a massive inter connected set of networks that are connected by routers .

  • Internet engineering task force (IETF)
    Last edited: 2026-02-05

    Internet engineering task force (IETF)

    The Internet Engineering Task Force (IETF) is an open standards organization that develops and promotes voluntary internet standards, particularly those related to the TCP/IP protocol suite. Founded in 1986, it operates through a collaborative process involving working groups and discussions, primarily conducted via mailing lists and periodic meetings.

  • Internet Exchange Points (IXPs)
    Last edited: 2026-02-05

    Internet Exchange Points (IXPs)

    These are massive interchanges for different internet providers such as ISPs and CDNs . These can exchange traffic locally in a commercial model that promotes more open transfer of traffic.

  • Internet Protocol (IP)
    Last edited: 2026-02-05

    Internet Protocol (IP)

    This is the only layer 3 protocol and identifies hosts on different networks . Though here are two versions of this protocol which are IPv4 and IPv6 . As the names suggests the second protocol is an updated version of the first. This was mainly brought about as We are running out of IPv4 addresses on the pubic internet .

  • Internet Protocol (IPv4)
    Last edited: 2026-02-05

    IP address

    An IP address forms the address for a host in a Network . It is 32-bits long which is normally broken down into 4 8-bit chunks turned into decimal numbers between 0-255.

  • Internet Protocol Stack (IPS) 4 layers
    Last edited: 2026-02-05

    Internet Protocol Stack (IPS) 4 layers

    The IPS stack is a model of how communication should work over the internet. It is structured into 4 different layers:

  • Internet Protocol Stack (IPS) 5 layers
    Last edited: 2026-02-05

    Internet Protocol Stack (IPS) 5 layers

    The IPS stack is a model of how communication should work over the internet. It is structured into 5 different layers:

  • Internet protocol stack hourglass shape
    Last edited: 2024-05-23

    When you look at the number of protocols at each layer of the OSI model you notice that there is an hour glass shape. With layer 7 and layer 1 having a variety of protocols in them buts layer 3 only using a single protocol the Internet Protocol (IP) . layer 4 is dominated by UDP and TCP .

  • Internet Service Provider (ISP)
    Last edited: 2026-02-05

    Internet Service Provider (ISP)

    An internet service provider (ISP) is a company that provides individuals and organizations access to the Internet and other related services.

  • Intradomain routing
    Last edited: 2026-01-28

    Intradomain routing

    Intradomain routing is the process of routers within an AS discovering their routing table. The main class of protocols used here are Interior gateway protocol (IGP) .

  • IP Anycast
    Last edited: 2026-02-05

    IP Anycast

    This is a protocol that uses Hot potato routing in the BGP . It broadcasts the same IP address from multiple different locations and records the path that gets advertised to a given AS . This is a cheap way to calculate the shortest path in terms of AS -paths from a set of locations to your AS . This is used in server selection within CDNs .

  • Iris
    Last edited: 2026-02-05

    Iris

    This is a system that detects DNS censorship . It does this by comparing the responses of open DNS resolvers on the internet. This is done in a multi-step process as shown below. Iris Methodology This first looks for open DNS resolvers that are part of the internet infrastructure (i.e. not home routers that are sometimes open due to misconfiguration).

  • Layer 1 Physical
    Last edited: 2026-02-05

    Layer 1 Physical

    This is the first layer of the OSI model. These are all the tools that help transport the physical bits from one host to another. For example:

  • Layer 2 Data Link
    Last edited: 2026-02-05

    Layer 2 Data Link

    Layer 2 of the OSI model concerns itself with MAC addresses and within network communication. It will have a header that stores the source and destination MAC address of the current hop within a network . These are tools that put data on or off the Physical layer . For example:

  • Layer 3 Network
    Last edited: 2026-02-05

    Layer 3 Network

    This layer works with nodes identified by an IP addresses . This applies a header to a Segment with the source and destination Internet Protocol (IPv4) . Devices at level 3 are:

  • Layer 4 Transport
    Last edited: 2026-02-05

    Layer 4 Transport

    This layer is responsible for getting the data to the right application once we are on the host . It attaches a layer 4 header with the destination and source port . There are two different types of ports .

  • Layer 5 Session
    Last edited: 2026-02-05

    Layer 5 Session

    Layer 5 of the OSI model is responsible for separating out users who might be connecting through the same lower levels or the same user who is switching between different networks to connect to the same server.

  • Layer 6 Presentation
    Last edited: 2026-02-05

    Layer 6 Presentation

    Layer 6 of the OSI model is responsible for telling us the form the data is in. How should we break down the long binary expression into something the application can understand.

  • Layer 7 Application
    Last edited: 2026-02-05

    Layer 7 Application

    This layer determines what to do with this data. In a HTTP web server these would be the key words get, post, head ect.

  • Link-state routing algorithms
    Last edited: 2026-02-05

    Link-state routing algorithms

    Link-state algorithms are used for intradomain routing . These use knowledge of the whole network - including topology and weights - to perform Dijkstra’s algorithm on the network to find the shortest path to every node. This gives us where to route packets to. The computational complexity of this is $O(n^2)$ where $n$ is the size of the network.

  • MAC address
    Last edited: 2026-02-05

    MAC address

    A MAC address is a 48-bit address that represent physical devices. These are made human readable by representing them as 12 hex digits (these are grouped into 2 characters and separated by - for windows : for Linux and in groups of 4 separated by a . SISCO routers and switches)

  • Man-in-the-middle attack (MM)
    Last edited: 2026-02-05

    Man-in-the-middle attack (MM)

    This is a form of BGP Hijacking where an attacking AS intercepts messages between two parties and reads or manipulates the messages before passing them on.

  • Middleboxes
    Last edited: 2026-02-05

    Middleboxes

    These are devices on a network that effect traffic but do not server the role to propagating messages within a network. Such examples are firewalls , NAT boxes , Load balancer , and Intrusion detection systems .

  • MPEG-DASH
    Last edited: 2026-02-05

    MPEG-DASH

    This is the Moving Picture Experts Group (MPEG) implementation of DASH .

  • Multiplexing
    Last edited: 2026-02-05

    Multiplexing

    Multiplexing is the process by which multiple applications on the same host communicate with different hosts at the same time. Multiplexing gaurentees each application only gets the messages related to communications they have made. This is done by the use of ports - an additional address system on top of IP addresses .

  • Multiprotocol label switching (MPLS)
    Last edited: 2026-02-05

    Multiprotocol label switching (MPLS)

  • Network
    Last edited: 2026-02-05

    Network

    A network is just a grouping of hosts that have the same network requirements. Though more specifically they are hosts that are directly connected by switches. The hosts will have to same 24-bit subnet .

  • Network Address Translation (NAT)
    Last edited: 2026-02-05

    Network Address Translation (NAT)

    A Network Address Translation boxs are used to solve the issue of limited IP addresses on the public Internet . They present a single public Internet Protocol (IPv4) and remap internal IP addresses and ports to that Internet Protocol (IPv4) and allocate it a port . To do this these boxes maintain a mapping table. This violates the End to end principle as a host that packets pass through has to change the layer 3 and layer 4 header before it has arrived at the host.

  • Network mask
    Last edited: 2026-02-05

    Network mask

    A network mask is a mask that gets applied to an IP address . These are normally of the form 0.0.0.0 (empty mask), 255.0.0.0 (use the first 8 bits of the address), 255.255.0.0 (first 16 bits ), 255.255.255.0 (first 24 bits ), or 255.255.255.255 to use the whole address.

  • Node (IPv6)
    Last edited: 2026-02-05

    Node

    A node on a network by RFC2460 is any actor that implements Internet Protocol (IPv6) .

  • Open Shortest Path First (OSPF)
    Last edited: 2026-02-05

    Open Shortest Path First (OSPF)

    The OSPF protocol is a intradomain routing algorithm suggested as an improvement on RIP for ISP . This is a link-state algorithm that uses hierarchy to do route summarization . It operates over one autonomous system .

  • Open Systems interconnection (OSI) model
    Last edited: 2026-02-05

    Open Systems interconnection (OSI) model

    The OSI model was presented by the International Organisation for Standardisation (ISO) for how networks should be structured. Its ultimate goal is to gaurentee safe communication between two hosts that may or may not be on the same network . It has 7 layers each with a different responsibility.

  • OpenFlow
    Last edited: 2026-02-05

    OpenFlow

    Definition here

  • Packets
    Last edited: 2026-02-05

    Packets

    During the process of encapsulation a packet is a segment with the additional headers for the destination and source Internet Protocol (IPv4) . This is sometimes refereed to as the data-gram.

  • Peer-peer model
    Last edited: 2026-02-05

    Peer-peer model

    The peer-to-peer model is a decentralised application architecture which has each participant being both consumer and provider of resources. Each peer offers some of its resources up to the network for other peers to use without central coordination. An example of this is Torrent file sharing.

  • Port
    Last edited: 2026-02-05

    Port

    A port is just a number that the host associates to an application. Ports break down into 3 groups

  • Protocol (networks)
    Last edited: 2026-02-05

    Protocol (networks)

    A protocol is a set of messages and rules that are an internet standard. They are defined in RFCs .

  • Pseudo-header
    Last edited: 2026-02-05

    Pseudo-Header

    The pseudo-header is appended to the layer 4 segment to compute the checksum . This is not sent with the layer 4 segment so has to be reproducible on the receiver’s side. The pseudo-header contains the source and destination IP address (found in the layer 3 header), the protocol used at layer 4 (which can be determined by the header fields) and the size of the layer 4 segment .

  • Quantization
    Last edited: 2026-02-05

    Quantization

    This is the process of estimating sound waves by using many samples. Usually in the order of 8,000 - 44,100 samples per second.

  • Reliable transmission of TCP messages
    Last edited: 2024-05-27

    # Reliable transmission of TCP messages

    TCP uses sequence numbers with acknowledgements to increase the reliability of messages. If a message was corrupted or not received it will resend that segment .

    Automatic Repeat Request (ARQ)

    The most basic implementation of ARQ stops and waits to check if the message was received.

  • Repeater
    Last edited: 2026-02-05

    Repeater

    A repeater is any device that just repeats any message it receives. Normally it has 2 ports if a message comes in one port it gets repeated on the other.

  • Request for Comments (RFC)
    Last edited: 2026-02-05

    Request for Comments (RFC)

    This is a set of technical publications that will define protocols used a internet standards. Though the term has been more broadly adopted within the tech industry to be a proposal for a new standard or idea.

  • Round robin DNS (RRDNS)
    Last edited: 2026-02-05

    Round robin DNS (RRDNS)

    Round Robin DNS is a technique used by large websites to manage and distribute incoming traffic across multiple servers at a single location. When a DNS request is made, RRDNS responds with a list of IP addresses (A records) for the requested domain. These addresses are rotated in sequence with each request, ensuring that no single server is overloaded with too many requests.

  • Round trip time (RTT)
    Last edited: 2026-02-05

    Round trip time (RTT)

    The round trip time is the length time it takes to send a message and for that message to be acknowledged.

  • Route summarization
    Last edited: 2026-02-05

    Route summarization

    The process of route summarization is to combine entries in the routing table that have to same common prefix if they all go to the same router. To do this though you need to know that all bother addresses on that subnet need to go to that router .

  • Router
    Last edited: 2026-02-05

    Routers

    A router is any device that implements Routing . They provide a traffic control point between networks . This is a good place to apply security filtering or redirecting. A router will have an Internet Protocol (IPv4) on each network it is connected to which will be its Gateway on that network .

  • Routing
    Last edited: 2026-02-05

    Routing

    The process of routing is delivering a packet to the network associated with its IP address . To do this all routers store a routing table which maps the tuple of an IP address and a network mask to either an interface or an IP address.

  • Routing Information Protocol (RIP)
    Last edited: 2026-02-05

    Routing Information Protocol (RIP)

    This is one of the first protocols that implemented Distance vector routing algorithms . For the distance metric it just used the number of different routers it would have to go through. The messages each router sends are the routing table with each subnet , the next router it would go through and the distance to that network in terms of “hops”. This table is refereed to as the RIP table. Later iterations of RIP use address aggregation. To maintain connection with their neighbours they use a UDP message on port 520 if they don’t hear from neighbours every 180 seconds they will assume they are no longer available and change the RIP table then broadcast it to its neighbours. This algorithms has challenges with updating routes and the time that takes to converge due to the count to infinity problem .

  • Routing table
    Last edited: 2026-02-05

    Routing table

    Routers keep a table of where packets with IP addresses belong to which connection for redirecting messages. This table maps the tuple of an Internet Protocol (IPv4) address and a network mask to either an interface or a next-hop gateway. You can use Route summarization to keep a routing table short.

  • Secure Socket Layer (SSL)
    Last edited: 2026-02-05

    Secure Socket Layer (SSL)

    This is an old secure network protocol that is similar to TLS but is slower and supports encryption with known vulnerabilities.

  • Segment
    Last edited: 2026-02-05

    Segment

    In the process of encapsulation a segment refers to data with source and destination headers attached.

  • Server
    Last edited: 2026-02-05

    Server

    A Server can have multiple definitions in the context of networks. Most broadly it is just a Host (networks) that implements an Application that can server requests. However, in the context of a transaction it is simply the Host (networks) that is sending data.

  • Session Initiation Protocol (SIP)
    Last edited: 2026-02-05

    Session Initiation Protocol (SIP)

    This protocol handles the signalling used in VoIP applications. Signalling typically takes care of how calls are set up and torn down. This has four major responsibilities.

  • Simple Mail Transfer Protocol (SMTP)
    Last edited: 2026-02-05

    Simple Mail Transfer Protocol (SMTP)

    This is the protocol mail servers communicate with users.

  • Socket
    Last edited: 2026-02-05

    Socket

    A socket is the collection of 3 pieces of information:

  • Software defined networks (SDN)
    Last edited: 2026-02-05

    Software defined networks (SDN)

    This is a paradigm of networking where you use a remote SDN-controller for the control plane for network devices. This has API’s for communicating with the data plane of the controlled devices but also an outward API to talk to a further management plane. This allows for central control over a whole autonomous system or network . Sdn Planes

  • Spoofing
    Last edited: 2026-02-05

    Spoofing

    Spoofing is the process of replacing the IP source field of a request.

  • Stop and wait ARQ
    Last edited: 2026-02-05

    Stop and wait ARQ

    This is an implementation of ARQ that sends some messages and wait for an acknowledgement before sending more. It uses a window size determined by the Transmission control in TCP . It will only send the window size worth of unacknowledged message before stopping to wait for a new acknowledgement message or the timeout window to be exceeded.

  • Sub-prefix hijacking
    Last edited: 2026-02-05

    Sub-prefix hijacking

    This is a form of BGP Hijacking where the attacking AS announces a sub-path for a prefix a genuine AS announced. This will be preferentially used as it is a more precise prefix. This disrupts the flow of traffic to the intended AS .

  • Subnets
    Last edited: 2026-02-05

    Subnets

    A sub network is a prefix of an IP address normally of length 8, 16, or 24. These form the hierarchy of IP addresses .

  • Switch
    Last edited: 2026-02-05

    Switch

    A switch is any device that implements switching . It acts as a multi-port bridge . These are used to define what is in a network .

  • Switching
    Last edited: 2026-02-05

    Switching

    This is the process of moving data within a network. A switch has devices connected on different ports. The switches main job is to keep a table of which MAC address is connecting through which port (this is a many to one relationship as there could be other switches in the network). This is a layer 2 process so just works on the level of MAC addresses . There are 3 operations involved in switching that will involve looking at the layer 2 header.

  • TCP 3 way handshake
    Last edited: 2026-02-05

    TCP 3 way handshake

    TCP starts a connection with a 3 way handshake to parse enough information to start the duplex communication:

  • TCP connection teardown
    Last edited: 2026-02-05

    TCP connection teardown

    When either host wants to end a TCP connection they follow a teardown protocol :

  • TCP CUBIC
    Last edited: 2026-02-05

    TCP CUBIC

    In networks with large bandwidth or a long delay TCP Reno yields low network utilisation. TCP CUBIC is the more efficient implementation used within the Linux kernel. CUBIC still uses a reset for a timeout and halves when it gets three duplicate acknowledgements. Though this implementation uses two different features to TCP Reno :

  • TCP Reno
    Last edited: 2026-02-05

    TCP Reno

    This is the classical Congestion control in TCP . It starts the window size to be 1 packets big. It uses AIMD with two different signals.

  • Traffic Engineering Framework
    Last edited: 2026-02-05

    Traffic Engineering Framework

    This framework can help network operators decide distances between routers within an autonomous system for intradomain routing . This uses the following steps:

  • Traffic Scrubbing Service
    Last edited: 2026-02-05

    Traffic Scrubbing Services

    A scrubbing service diverts the incoming traffic to a specialised server, where the traffic is “scrubbed” into either clean or unwanted traffic. The clean traffic is then sent to its original destination. This offers fine-grained filtering but at a high monetary and bandwidth cost.

  • Transmission control in TCP
    Last edited: 2024-05-27

    # Transmission control in TCP

    There are two main components of transmission control. These tackle two distinct problems that a connection may have:

    • Flow control in TCP : Allows the receiver to control how much data gets sent to it in one go, and
    • Congestion control in TCP : Allows probing of the network to guarantee maximum network utilisation without disruption to service.

    These both ultimately effect the number of unacknowledged messages allowed to be sent in ARQ . This will be the minimum of the two window sizes provided by the above controls.

  • Transmission Control Protocol (TCP)
    Last edited: 2026-02-05

    Transmission Control Protocol (TCP)

    The transmission control protocol is a layer 4 protocol that allows for multiplexing and a duplex communication channel. It is defined in RFC793 . This is a connection orientated protocol which establishes a connection with TCP 3 way handshake and closes connections with the TCP connection teardown . This gaurentees the following features.

  • Transport Layer Security (TLS)
    Last edited: 2026-02-05

    Transport Layer Security (TLS)

    The is an encryption protocol . It used to be called SSL.

  • Type-0 hijacking
    Last edited: 2026-02-05

    Type-0 hijacking

    This is a form of BGP Hijacking where the attacking AS announces a prefix not owned by itself.

  • Type-N hijacking
    Last edited: 2026-02-05

    Type-N hijacking

    This is a form of BGP Hijacking where the attacking AS announces an illegitimate path for a prefix that it does not own to create a fake route between different AS’s . For example, {AS2, ASx, ASy, AS1 – 10.0.0.0/23} denotes a fake path between AS2 and AS1, where there is no link between AS2 and ASx. The N denotes the position of the rightmost fake link in the illegitimate announcement, e.g. {AS2, ASx, ASy, AS1 – 10.0.0.0/23} is a Type-2 hijacking.

  • Type-U hijacking
    Last edited: 2026-02-05

    Type-U hijacking

    This is a type of BGP Hijacking where the attacking AS changes a routes prefix - so messages get routed incorrectly.

  • Unicast
    Last edited: 2026-02-05

    Unicast

    A frame is unicast if it has a particular nodes Internet Protocol (IPv4) and MAC address within it. This is the normal way to message nodes when not using a broadcast .

  • User Datagram Protocol (UDP)
    Last edited: 2026-02-05

    User Datagram Protocol (UDP)

    This is a layer 4 protocol that optimises for simplicity over reliability. This is defined it RFC768 The header that gets attached includes:

  • Virtual Local Area Networks (VLAN)
    Last edited: 2026-02-05

    Virtual Local Area Networks (VLAN)

    Virtual Local Area Networks let you break a large physical switch into multiple virtual switches. It does this by breaking up its ports into small groups that each will be a virtual switch. This means messages within one port range can only go out to ports within that range.

  • Voice over IP (VoIP)
    Last edited: 2026-02-05

    Voice over IP (VoIP)

    This is a class of applications which offer a phone-like experience through the Internet . For example Skype, Google Meet, or Zoom.