RE: ARP Spoof Question

["David Gillett" <gillettdavid () fhda edu>]

  Layers are an agreed-upon decomposition of the general 
problem of getting devices to communicate over a network,
which allow different pieces of the solution to be 
implemented by different teams/vendors and yet interoperate.
Just about *any* network text devotes one of the early 
chapters to a layer model, usually the ISO 7-layer model
although some treat the ARPA 4-layer model as a subset of 
ISO, and some as an alternative.

  The ISO model, briefly:

1. Physical Layer
  What is the arrangement of conductors in the cable?
  What do the connectors look like?
  What sorts of voltage and current is carried (if this
layer is electrical, which might not be the case)?

2. Data Link Layer
  How are bits arranged on the physical media to form
larger entities (frames)?
  How are sources and destinations identified (MAC 
addressing)?

3. Network Layer
  How are networks and hosts identified, so that packets
can be routed across multiple networks?

4. Transport Layer
  How are streams of traffic broken into sequences of packets,
and reassembled into streams at the other end?

5. Session Layer
  This layer should allow multiple streams to be associated
with a shared context.  It hasn't found wide use yet.

6. Presentation Layer
  Translations between host and network representations fit
nicely at this level.  It would also be a good place to put
encryption of content, although most current approaches opt
instead to provide an encrypted Transport layer.

7. Application Layer
  The application layer provides the interface between user 
and server processes and the network communications system.

David Gillett


> -----Original Message-----
> From: David Wallraff [mailto:wall0448 () ece umn edu]
> Sent: July 28, 2003 08:42
> To: David Gillett
> Cc: 'The Fueley'; security-basics () securityfocus com
> Subject: RE: ARP Spoof Question
>
>
> what are layers?  what purpose do they serve?
> dave
>
>
> On Thu, 24 Jul 2003, David Gillett wrote:
>
> > > > Switches are layer 2 devices, IP begins at layer 3. A
> > > > -switch- usually doesn't understand a single ip bit.
> > > > The management side of the switch (snmp, http, telnet,
> > > > whatever) are to be considered as any other networked host.
> > > ------------------------
> > > How would that apply to a layer 3 switch/router? Actually the
> > > packaging says that I have a Residential Gateway/Router/Firewall.
> > > Aren't gateways layer 7 devices? While switches are layer 2
> > > devices, they deal with MAC addresses right? Maybe a "smart"
> > > switch knows which MAC addresses are allowed on the network?
> > > Or am I missing it all here?
> > > --Rivera--
> >
> > 1.  "Residential Gateway/Router/Firewall"?  I don't see "switch"
> > in that list, do you?
> >
> > 2.  However, many small home routers are now incorporating a
> > switch on the LAN side.  It's all in one box, but for purposes
> > of understanding, it's more useful to think of it as two separate
> > devices, one at layer 2 and one at layer 3.
> >
> > 3.  "Gateway" is a generic term.  A layer 2 gateway is a bridge
> > (a switch is a multiport bridge).  A layer 3 gateway is a router.
> > A layer 7 gateway is a proxy.  A protocol converter might
> > sometimes get called a gateway.
> >
> > 4.  Some switches do have some layer 3 awareness.  The sort you
> > will find bundled into the box with a home router (see #2, above)
> > are not among them, however.
> >   Switches that are layer-3-aware can be useful, because it's
> > easier to find the port associated with a given IP address than
> > if you have to search by MAC address.
> >   Switches that are layer-3-aware can be a pain, because if you're
> > not careful with your configuration, they'll start listening to RIP
> > (from misconfigured clients...), or (I've seen this happen) sending
> > ICMP and UDP traffic one way and TCP traffic another, or generating
> > ICMP unreachable messages for packets that were delivered 
> via another
> > switch....
> >   A switch that knows about layer 3 can serve as a router, but in
> > my experience they rarely make very good routers.  (I make an
> > exception for the Cisco 5000/5500/6500 line, where the layer 3
> > intelligence amounts to a *good* router on a blade that fits in
> > the switch chassis.)
> >
> > David Gillett
> --------------------------------------------------------------
> -------------
> >
> --------------------------------------------------------------
> --------------
> >

---------------------------------------------------------------------------
----------------------------------------------------------------------------