common networking protocols

-

1.6 Explain the function of common networking protocols

Sorry, but it's not enough to just know the port number and the protocol it represents. To truly understand your network and how to manage it, you need to fully understand each protocol, what it does, and how it relates to your network as a whole. Table 1.7 lists all of the most common protocols and their purpose, function, and use in your network. I have also listed each of protocols and given more detailed information about each of them.
Table 1.7: The most common protocols
 Open table as spreadsheet
Protocol
Purpose
Function
Use
IP
Addresses and transports data from one network node to another.
A Network layer connectionless protocol, it “fires and forgets.” Performs fragmenting and assembling of packets.
IP addresses are assigned to computers and to router interfaces. These addresses are used to transfer a packet into the proper network so it can be delivered to a host.
TCP
Responsible for flow control and error recovery.
Connection based. Waits for receipt of acknowledgments from the destination that packets have been delivered without errors. Resends packets that are not acknowledged within a specified time frame. Works at the Transport layer of the TCP/IP suite.
Used with protocols that require a guaranteed delivery such as FTP, HTTP, SMTP, and others.
UDP
Broadcasts packets through a network, making a “best effort” to deliver them to the destination.
Connectionless protocol. Works at the Transport layer of the TCP/IP suite.
Used for applications that can provide their own acknowledgments or can be monitored, such as multimedia over the Internet or with noncritical data (such as gaming) where speed is more important.
FTP
Provides the rules of behavior for transferring files through an intranet or over the Internet.
Works at the Application layer of the TCP/IP suite. Provides a protocol as well as an application for transferring files.
Used to browse file structures on a remote computer and to transfer files between computers within intranets and on the Internet.
TFTP
Provides for transferring files within a network.
Connectionless protocol that works at the Application layer. Uses UDP for low overhead without a guarantee of delivery.
Typically used for simple file transfers such as those between a computer and a router or a switch for management purposes.
SMTP
Provides for the delivery of mail messages within a network or between networks.
Works at the Application layer and uses TCP to guarantee delivery of mail to remote hosts.
Typically used to transfer email messages within a network and between networks.
HTTP
Provides for browsing services for the World Wide Web.
Works at the Application layer and provides access to files on web servers through the use of URLs to pages that are formatted web languages such as HTML.
Typically used to browse information on the many servers that interconnect the World Wide Web.
HTTPS
Provides for access to resources on the Internet in a secure fashion.
Works at the Application layer and uses SSL to encrypt data traffic so communications on the Internet can remain secure.
Used for Internet communications that must remain secure, such as banking, ecommerce, and medical transactions.
POP3
Allows the storage and retrieval of user email on servers. Allows users to access and download email from servers.
Works at the Application layer. Users can connect to the server and download messages to a client. The messages can then be read of the client.
Used for many email applications. User can check their email boxes and download messages that have been placed in them.
IMAPv4
Allows the storage and retrieval of user email on servers. Allows users to access email on servers and either read the email on the server or download the email to the client to read it.
Works at the Application layer of the TCP/IP suite. Allows a user to read messages on an email server without the need to download the messages off the server.
Typically, this method of email retrieval is convenient for users who travel and therefore might access their email from more than one location. The mail remains on the server until they delete it, so they can gain access to it from multiple locations.
Telnet
Provides a virtual terminal protocol for connecting to a managing server.
Works at the Application layer of the TCP/IP suite. Provides a connection using an authentication method that is performed in clear text. This protocol and application are not considered secure.
Has been used in the past for “dumb terminals” that connected to mainframe computers. Is now used to connect computers to servers, routers, switches, and so on, for remote management.
SSH
Provides the capability to log onto a computer remotely, execute commands, and move files in a secure and encrypted environment.
Works at the Application layer of the TCP/IP suite. Provides for a secure logon and a secure environment in which to execute commands.
Typically used to manage servers from clients and to move sensitive files from one server to another within the same network or between networks.
ICMP
Provides error checking and reporting functionality.
Works at the Internet layer of the TCP/IP suite. Provides background services that can be used to provide information to an administrator and to request a “quench” of the information flow in the network.
Typically used as part of the ping tool to test network connectivity. Can send back an echo reply when an echo request message is sent to it. Can also send back a message such as “Destination Host Unreachable” and “Time Exceeded” when the connection to the pinged host is not possible.
ARP
Resolves IP addresses to MAC addresses.
Works at the Internet layer of the TCP/IP suite. Includes a cache that is checked first. If the entry is not found in the cache, then ARP uses a broadcast to determine the MAC address of the client.
Typically used by the system as a background service but also includes a utility that can be used for troubleshooting.
RARP
Resolves MAC addresses to IP addresses.
Works at the Internet layer of the TCP/IP suite. It assigns an IP address when presented with a MAC address.
Used with diskless workstations to assign an IP address automatically. Also sometimes used as very rudimentary security for computer authentication.
NTP
Synchronizes time between computers in a network.
Works at the Application layer of TCP/IP suite. Can synchronize time between clients and servers.
Used to synchronize time to assure that authentication protocols such as Kerberos work properly and that applications that require collaboration operate properly.
SIP (VoIP)
Sets up and tears down voice and video calls over the Internet.
Works at the Session layer of the OSI model and the Application layer of the TCP/IP suite.
Typically used for Voice over IP (VoIP) and video communications.
RTP (VoIP)
Defines a standardized packet format for delivering audio and video over the Internet.
Works at the Session layer of the OSI model and the Application layer of the TCP/IP suite.
Used to enhance multimedia communications for streaming, video conferencing, and push-to-talk applications.
IGMP
Provides a standard for multicasting on an intranet.
Allows a host to inform its local router, using Host Membership Reports that it wants to receive messages addressed to a specific multicast group.
Used to establish host memberships in multicast groups on a single network.
TLS
A network security protocol that provides for data confidentiality and integrity.
Works through active peer negotiation of authentication and encryption protocols.
Used for secure transmission of data between servers and clients within a network and between networks.
SNMP2/3
Assists network administrators in gathering information about their network.
Consists of a management information database and agents that are network devices. The agents that are in the same community as the database will send information to the database.
SNMP3 is used much more often than SNMP2 because it is much more secure. It uses a secure authentication mechanism and encrypts data as well.
DNS
Resolves hostnames to IP addresses.
Performs a series of steps with one of more DNS servers to resolve a user-friendly hostname to an IP address.
Allows users to address objects on a network or resources on the Internet by their friendly name, while the system can use the IP address to locate the resource.
DHCP
Dynamically assigns IP addresses and other network information to clients on a network.
Used by servers and other devices to dynamically assign IP addresses and other critical network addresses to clients that request them.
Used primarily for clients because servers, routers, and printers are generally assigned a static address.

Transmission Control Protocol (TCP)

TCP is a connection-oriented protocol that works at the Transport layer (layer 4) of the OSI model. It uses IP as its transport protocol and assists IP by providing a guaranteed mechanism for delivery. TCP requires that a session first be established between two computers before communication can take place. TCP also adds features such as flow control, sequencing, and error detection and correction. This guaranteed delivery mechanism is a requirement in order for TCP to operate at all. For this reason, you should understand how TCP operates.
TCP works by a process referred to as a three-way handshake. The TCP three-way handshake works as follows:
  1. TCP sends a short message called a SYN to the target host.
  2. The target hosts opens a connection for the request and sends back an acknowledgment message called a SYN ACK.
  3. The host that originated the request sends back another acknowledgment called an ACK, confirming that it has received the SYN ACK message and that the session is ready to be used to transfer data.
A similar process is used to close the session when the data exchange is complete. The entire process provides a reliable protocol. TCP extends its reliability by making sure that every packet it sends is acknowledged. If a packet is not acknowledged within the timeout period, the packet is re-sent automatically by TCP. The only disadvantage of a connection-oriented protocol is that the overhead associated with the acknowledgments tends to slow it down.

File Transfer Protocol (FTP)

FTP, as its name indicates, provides for the transfer of files through a network environment. It can be used within an intranet or through the Internet. FTP is actually more than just a protocol; it is an application as well, and thus FTP works at the Application layer of the OSI model and uses the TCP protocol as a transport mechanism. FTP allows a user to browse a folder structure on another computer (assuming they have been given the permissions to authenticate to the computer) and then to download files from the folders or to upload additional files.

User Datagram Protocol (UDP)

UDP also operates at the Transport layer of the OSI model and uses IP as its transport protocol, but it does not guarantee the delivery of packets. It doesn't guarantee the delivery of packets because UDP does not establish a session. UDP is instead known as a “fire-and-forget” protocol because it assumes that the data sent will reach its destination and does not require acknowledgments. Because of this, UDP is also referred to as a connectionless protocol.
Now you might be wondering why anyone would want to use UDP instead of TCP. The advantage of UDP is its low overhead in regard to bandwidth and processing effort. Whereas a TCP header has 11 fields of information that have to be processed, a UDP header has only 4 fields. Applications that can handle their own acknowledgments and that do not require the additional features of the TCP protocol might use the UDP protocol to take advantage of the lower overhead. Multimedia presentations that are broadcast or multicast onto the network often use UDP since they can be monitored to make sure that the packets are being received. Services such as the Domain Name System (DNS) service also take advantage of the lower overhead provided by UDP.

TCP/IP suite

Just for reference and to make sure that we are on the same page, the TCP/IP suite includes much more than the protocols of TCP and IP. It's actually a way of identifying all of the protocols on all four layers of the TCP/IP model. In fact, since our focus is on TCP/IP, it really encompasses all of the protocols we are discussing.

Dynamic Host Configuration Protocol (DHCP)

DHCP is actually more of a service than a protocol. When a client comes on to a network, it needs an IP address. You could statically assign every computer in your network, but that would be doing it the hard way. The easier and smarter way would be to use the DHCP protocol (service) to make automatic assignments for you. You can even configure a DHCP server to give a client other information, such as the address of the DNS server.
All Microsoft clients since Windows 98 have their default installation configurations set to obtain an IP address automatically. They are already looking for a DHCP server when they start up. When you include a properly configured DHCP server on your network, you avoid a great number of IP misconfigurations and save yourself a lot of manual labor.

Trivial File Transfer Protocol (TFTP)

TFTP is similar to FTP in that it allows the transfer of files within a network, but that's where the similarity stops. Whereas FTP allows for the browsing of files and folders on a server, TFTP requires that you know the exact name of the file you want to transfer and the exact location where to find the file. Also, whereas FTP uses the connection-oriented TCP protocol, TFTP uses the connectionless UDP protocol. TFTP is most often used for simple downloads such as transferring firmware to a network device, for example, a router or a switch.

Domain Name System (DNS)

DNS is a service and a protocol. It uses relational databases to resolve hostnames of computers and other network clients to their assigned IP addresses. DNS facilitates “friendly naming” of resources on a network and on the Internet so you don't have to remember, for example, the IP address for MSNBC.com. Clients can be statically configured with the addresses of the DNS servers that host the DNS database, or the DHCP server can provide that information to the client.

Hypertext Transfer Protocol (HTTP)

HTTP is the protocol that users utilize to browse the World Wide Web. HTTP clients use a browser to make special requests from an HTTP server (web server) that contains the files they need. The files on the HTTP server are formatted in web languages such as Hypertext Markup Language (HTML) and are located using a uniform resource locator (URL). The URL contains the type of request being generated (http://, for example), the DNS name of the server to which the request is being made, and, optionally, the path to the file on the server. For example, if you type http://support.microsoft.com/ in a browser, you will be directed to the Support pages on Microsoft's servers.

Hypertext Transfer Protocol Secure (HTTPS)

One of the disadvantages of using HTTP is that all the requests are sent in clear text. This means the communication is not secure and therefore unsuited for web applications such as ecommerce or exchanging sensitive or personal information through the Web. For these applications, HTTPS provides a more secure solution that uses a Secure Sockets Layer (SSL) to encrypt information that is sent between the client and the server. For HTTPS to operate, both the client and the server must support it. All the most popular browsers now support HTTPS, as do web server products such as Microsoft Internet Information Services (IIS), Apache, and most other web server applications. The URL to access a website using HTTPS and SSL starts with https:// instead of http://. For example, https://partnering.one.microsoft.com/mcp is the page that is used to authenticate Microsoft Certified Professionals to Microsoft's private website.

Address Resolution Protocol (ARP)

The ARP protocol works at the Network layer of the OSI model and the Internet layer of the TCP/IP suite. It is used to resolve IP addresses to MAC addresses. This is an extremely important function, since the only real physical address that a computer has is its MAC address; therefore, all communication will have to contain a MAC address before it can be delivered to the host. This is accomplished in a series of steps:
  1. A computer addresses a packet to another host using an IP address.
  2. Routers use the IP address to determine whether the destination address is in their network or on another network.
  3. If a router determines that the address is on another network, it forwards the packet to another router based on the information that is contained in its routing table.
  4. When the router that is responsible for the network that contains the destination address receives the packet, it checks the ARP cache to determine whether there is an entry that resolves the IP address to a MAC address. If there is an entry, it uses the MAC address contained in the entry to address the packet to its final destination.
  5. If there is no entry in the ARP cache, the router resolves the IP address to a MAC address for the destination by using ARP to broadcast onto the local network. It asks the computer with the IP address contained in the destination address of the packet to respond with its MAC address. The router also gives the computer its own MAC address to use for the response.
  6. The broadcast is “heard” by all the computers in the local network, but it will be responded to only by the computer that has the correct IP address. All other computers will process the request only to the point that they determine it is not for them.
  7. The computer that is configured with the IP address in question responds with its MAC address.
  8. The router addresses the packet with the MAC address and delivers it to its final destination.

Session Initiation Protocol (SIP)

SIP is a Session layer protocol that is primarily responsible for setting up and tearing down voice and video calls over the Internet. It also enables IP telephony networks to utilize advanced call features such as SS7.

Real-Time Transport Protocol (RTP)

RTP defines a standardized packet format for delivering audio and video over the Internet. It is frequently used in streaming, video conferencing, and push-to-talk applications.

Secure Shell (SSH)

First developed by SSH Communications Security, Secure Shell is a program used to log into another computer over a network, execute commands, and move files from one computer to another. SSH provides strong authentication and secure communications over unsecure channels. It protects networks from attacks such as IP spoofing, IP source routing, and DNS spoofing. The entire login session is encrypted; therefore, it is almost impossible for an outsider to collect passwords. SSH is available for Windows, Unix, Macintosh, and Linux, and it also works with RSA authentication.

Post Office Protocol Version 3 (POP3)

POP3 is one of the protocols that is used to retrieve email from SMTP servers. Using POP3, clients connect to the server, authenticate, and then download their email. Once they have downloaded their email, they can then read it. Typically, the email is then deleted from the server, although some systems hold a copy of the email for a period of time specified by an administrator. One of the drawbacks of POP3 authentication is that it is generally performed in clear text. This means that an attacker could sniff your POP3 password from the network as you enter it.

Network Time Protocol (NTP)

NTP is a protocol that works at the Application layer of the OSI model and synchronizes time between computers in a network. In today's distributed networks, ensuring that the time is synchronized between clients and servers is essential. Authentication protocols, such as the Kerberos protocol used with Microsoft's Active Directory, use keys that are valid only for about five minutes. If a client and a server are not synchronized, the keys could be invalid the very second they are issued. In many of today's networks, an authoritative time source such as the Internet is first used and configured onto a time server (perhaps a domain controller). Then that server uses NTP to synchronize time with other computers in the network. Some computers may be a receiver of the correct time as well as a sender of the time to other computers in the network.

Internet Message Access Protocol version 4 (IMAPv4)

IMAPv4 is another protocol that is used to retrieve email from SMTP servers, but IMAPv4 offers some advantages over POP3. To begin with, IMAPv4 provides a more flexible method of handling email. You can read your email on the email server and then determine what you want to download to your own PC. Since the email can stay in the mailbox on the server, you can retrieve it from any computer that you want to use, provided that the computer has the software installed to allow you to access the server. Microsoft Hotmail is a good example of an IMAPv4 type of service. You can access your Hotmail mail from any browser. You can then read, answer, and forward email without downloading the messages to the computer that you are using. This can be very convenient for users who travel.

Telnet

Telnet is a virtual terminal protocol that has been used for many years. Originally, Telnet was used to connect “dumb terminals” to mainframe computers. It was also the connection method used by earlier Unix systems. Telnet is still in use today to access and control network devices such as routers and switches.
The main problem with Telnet for today's environment is that it is not a secure protocol; everything is transmitted in plain text. For this reason, Telnet is being replaced by more secure methods such as Secure Shell and Microsoft's Remote Desktop Connection, which provide encrypted communication.

Simple Mail Transfer Protocol (SMTP)

SMTP defines how email messages are sent between hosts on a network. You can remember SMTP as “sending mail to people.” SMTP works at the Application layer of the OSI model and uses TCP to guarantee error-free delivery of messages to hosts. Since SMTP actually requires that the destination host always be available, mail systems spool the incoming mail into a user's mailbox so that the user can read it at another time. How users read the mail is determined by what protocol they use to access the SMTP server.

Simple Network Management Protocol 2/3 (SNMP 2/3)

The SNMP protocol is used to monitor devices on a network. A software component (called an agent) runs on the remote device and reports information via SNMP traps to the management systems. These management systems can be configured to record information such as errors on a network or resource information of the computers on a network.
SNMPv2 is an enhancement to the original SNMP (SNMPv1). The management information databases used in SNMPv1 are cumbersome and confusing to an administrator. SNMPv2 provides more user-friendly input and output options for data. SNMPv3 adds security measures for message integrity, authentication, and encryption. The enhancements of SNMPv3have made the previous two versions obsolete. The RFC that defines SNMPv3 (RFC-3411) refers to the previous versions as “historic.”

Internet Control Message Protocol (ICMP)

The ICMP protocol works at the Network layer of the OSI model and the Internet layer of the TCP/IP protocol suite. ICMP provides error checking and reporting functionality. Although ICMP provides many functions, the most commonly known is its ping utility. The ping utility is most often used for troubleshooting. In a typical “ping scenario,” an administrator uses a host's command line and the ping utility to send a stream of packets called an echo request to another host. When the destination host receives the packets, ICMP sends back a stream of packets referred to as an echo reply. This confirms that the connection between the two hosts is configured properly and that the TCP/IP protocol is operational.
ICMP can also send back messages such as “Destination Host Unreachable” or “Time Exceeded.” The former is sent when the host cannot be located on the network, and the latter is sent when the packets have exceeded the timeout period specified by TCP. Still another function of ICMP is the sending of source quench messages. These messages are sent by ICMP when the flow of data from the source is larger than that which can be processed properly and quickly by the destination. A source quench message tells the system to slow down and therefore prevents the resending of many data packets.

Internet Group Multicast Protocol (IGMP)

IGMP is the standard for IP multicasting on intranets. It is used to establish host memberships in multicast groups on a single network. The mechanisms of the protocol allow a host to inform its local router, using Host Membership Reports indicating that it wants to receive messages addressed to a specific multicast group.

Transport Layer Security (TLS)

TLS allows network devices to communicate across a network while avoiding eavesdropping, tampering, and message forgery. It is designed to allow end users to be sure with whom they are communicating. Clients can negotiate the keys that will be used to secure the data to be transferred. TLS is set to supersede its predecessor SSL.

Popular posts from this blog

-
selection, iteration, sequence ubuntu-12043-desktop-amd64 VirtualBox-438-92456-Win http://medical-dictionary.thefreedictionary.com/Atomic+value http://en.wikipedia.org/wiki/Atomic_value http://www.docstoc.com/docs/26533470/EXAMPLE-FLIGHT-ITINERARY http://www.mulesoft.org/documentation/display/33X/Flight+Reservation+Example
Read more

ch11 review silberschatz operating systems concepts essentials 2nd ed

-
Review Questions Section 11.1 11.1 True or False? Disk blocks are made up of one or more sectors. True 11.2 What is the name of the standard Linux file system? Extended file system (ext3/ext4) 11.3 What is the UNIX term for a file control block? inode Section 11.2 11.4 True or False? UNIX treats a directory exactly the same as a file. True 11.5 What does the acronym VFS refer to? Virtual File system Section 11.3 11.6 What are the two general approaches for implementing a directory? Linear list list of file names with pointers to the data blocks, hash table linear list stores directory entries but a hash data structure is used greatly reducing directory search time Section 11.4 11.7 Provide at least two different approaches for allocating disk blocks to files. contiguous allocation, linked allocation, indexed allocation 11.8 True or False? The UNIX inode is an example of linked allocation. False the unix inode is an example of indexed allocation Section 11.5 11.9 What would the...
Read more