[CALUG] DoD/OSI Layer 2, 3 and 4 in the real world -- WAS: open ports
Bryan J Smith
b.j.smith at ieee.org
Thu Sep 15 17:15:13 EDT 2011
From: Rajiv Gunja <opn.src.rocks at gmail.com>
> Sorry Bryan. I cannot accept your answer.> Yes, every application that talks over the network or within the OS
> itself has a port, it may be a temporary port, but it is present.
> In fact when 1 app talks to another app within the same server/pc,
> a port is opened for communication. It may not be seen on the network,
> but it is still present.
This is so beyond over-simplification and still are wholly incorrect. You just proved my point beyond any doubt. I _knew_ this would happen.
IP Protocol 6 (TCP), 17 (UDP) and a few other, select transports (level 4) +do_ use port addresses. Frames (layer 2), packets (layer 3), select transports (level 4) and several applications (higher levels) that do not utilize common transports (level 4) do _not_ utilize port addresses.
There is a lot of traffic and exchange that _never_ opens or services ports.
> About using tcpdump/snoop(solaris) over netstat. True netstat gives
> network information, it is a good step to get on to learn about network
> traffic. But for running it on a PC, it does not matter (since we are
> all behind a router at home).
I don't even know how to respond to that, so I will not. ;)
> Also, to learn something, we need to simply stuff first, else we will
> drive away folks who want to learn. If we make things sound like brain
> surgery, then no one will want to learn about subjects.
This analogy is utter fail. I'm not debating whether it's easy/hard, otherwise I would _not_ have dissected layer 2-4. I only did so because it seemed like several were going to the "brain surgery" level, so I did. It's like watching a couple of medical school students talk about dissecting the brain, going to a level they do not understand.
Regarding using netstat v. libpcap ... I can also follow with this analogy. One should not crack open the head to do a diagnostic, but only when I'm actually doing the surgery.
Sorry, that's 3 strikes. I'm done. You made my point better than I could. Not only that, but I _knew_ when I dove into this level, it wouldn't be just about people over-simplifying. It would be about people who actually don't know how it works. ;)
-- Bryan
P.S. When responding, don't assume some of us don't have credits in the Linux kernel and have written some of the layer 2 and 3 stack. ;)
More information about the CALUG
mailing list