We provide expert witness testimony and analysis of computer networks.
The complexity of computer networks continues has continued to increase rapidly in recent years. While TCP/IP and HTTP remain the foundation of the Internet, new peer-to-peer (P2P) protocols such as BitTorrent have gained major importance as content distribution mechanisms, and survivable ad-hoc networks remain an active area of scientific research. Virtually every modern computer system relies on some type of network to function.
What We Do
At Quandary Peak, we specialize in:
- Understanding and documenting the structure and behavior of complex distributed systems that heavily utilize wired and wireless networks.
- Analyzing network traffic to determine the nature and content of information exchanges.
- Investigating the cause of network failures.
- Assessing the production and maintenance costs, and the quality of the implemented network infrastructure.
What We Know
- TCP/IP, DNS, UDP, and HTTP
- CDMA, GSM, LTE, WCDMA, WiMax
- LANs, WANs, WWANs, and WLANs
- Wifi and 802.11
- Switches, routers, and hubs
- P2P protocols and BitTorrent
- IMAP, POP, and SMTP
- TLS and SSL
- FTP, SFTP, and SSH
- Command line utilities (traceroute, ipconfig, etc.)
Our experts are highly experienced in analyzing computer networks.
In the early days of computing it was common to find a single machine that was time-shared among multiple users. But as computers evolved and became cheaper, the computing industry saw a huge growth of interconnected computers – the machines needed to talk to each other, irrespective of their geographic boundaries. The age of the computer networks had dawned upon us.
Computer networks come in various shapes and sizes and are often confused with the notion of a distributed system. The latter is built on top of the former. If you remove the distributed system from the equation, all you are left with are a bunch of machines that are connected to each other, via some communication channel i.e., radio waves, Bluetooth, Wi-Fi, coaxial cable, Ethernet etc., that we can refer to as a computer network.
The Layered Architecture of Computer Networks
We can imagine each machine to consist of the following software layers for the purpose of understanding what a computer network entails. Each layer may or may not exist in isolation on a real machine, but the logical boundaries make it easier to understand its inner workings.
Physical Layer: This is the lowest layer and is responsible for sending/receiving data bits across the wire, and performing the necessary error checking to ensure that the signal is correctly sent and/or received. This layer does not understand what the bits mean. It only cares about the 0s and 1s contained in the bit-stream but does not care about the content of the message.
Data Layer: It’s the next layer up. Its main job is to transform a raw transmission channel into a line that appears free of undetected transmission errors. It understands the concept of a ‘data frame’ – a stream of bits of a fixed length, and transmits these frames sequentially. The receiver acknowledges the receipt of each frame. As before, this layer understands the notion of a frame, independent of the content of the data.
Network Layer: This layer sits atop the data layer and is considered to be ‘intelligent’, in a sense. It doesn’t understand the content of the data, but it’s the one responsible for correctly routing the data to make sure it reaches the intended destination. The intelligence for how to route the data is built into this layer. The Internet Protocol (IP) is in fact the network layer of modern computer networks.
Transport Layer: It’s primary purpose is to split the data coming from the higher layer(s) and pass it to the network layer for transmission and ensure that the pieces arrive correctly at the other end. This layer is responsible for determining what quality of service to provide to the users of the network. Should each packet be individually acknowledged for receipt (TCP) or no such acknowledgement is needed (UDP)? Should the message be broadcast to all nodes connected to the network or only select few who subscribed to a particular group (a.k.a., multicast)? These questions are addressed by the transport layer and are the TCP/UDP part of the TCP (transmission control protocol) or UDP (user datagram protocol) commonly referred to when talking about the Internet.
Application Layer: Strictly speaking, there are two more layers, between the transport and application layer. But, for simplicity we may combine them into the application layer itself. The HTTP protocol, which is the backbone of the World Wide Web resides in this layer, along with many others, like FTP, Gopher etc. Sessions, if any that need to be managed or handling different presentation syntax and semantics can be assumed to be a part of this layer too. Analysis of software at the network application layer for software litigation is provided by website expert witnesses, cloud computing expert witnesses, and social network expert witnesses.
Conceptually, here’s what happens when one enters a URL of a web page in the browser – the browser sends a request to that server along with any data payload, if the need be. The transport layer then splits the request into possibly multiple packets and adds the address of the destination to each packet. This address is visible to the network layer, which uses it to decide how best to route the packet over the network, since it only knows about its neighbors and not necessarily the entire Internet. The data layer may choose to break up each packet into fixed length frames and send them as a bit stream to the physical layer for transmission to the node as determined by the network layer. On the receiving end, after the data has gone through possibly numerous hops across the network, the process is reversed and the data packets reassembled in the order intended and given to the application expecting that message. The response is then built by the receiving application and sent back to the sender in a similar manner, through all the layers. The intermediate nodes only assemble the packets up to the network layer since they know they are not the intended recipients of the packet(s). However, it’s necessary to make sure that the content is encrypted prior to transmission to prevent a malicious node from assembling all packets and spy on the information – this concern falls under the realm of information security.
Computer networks can span an office room an entire building or campus, or cities or countries and are commonly referred to as LANs (local area network) and WANs (wide area network), or WLANs (wireless LANs) or WWANs (wireless WANs). The switches, routers and hubs hold the network together and can be seen in a physical sense. The protocols like BitTorrent, P2P, SMTP etc., all reside in the application layer and are mostly bundled with the operating system installed on the computer. The design and analysis of CDMA, GSM and LTE networks also falls under the umbrella of computer networks. Setting up these networks to work efficiently is non-trivial and is a job best left for the experts. Using the networks for browsing, or using BitTorrent, or streaming your favorite movie is lot easier by comparison. The applications hide the underlying complexity of the underlying network, but being aware about its existence may help appreciate the complexity of how it seems to all work together seamlessly.