protocols and standards presented by wahidullah shahaadat

8/14/2019 Protocols and Standards Presented by Wahidullah Shahaadat

1/28

IN THE NAME OF ALMIGHTY ALLAH1-Protocols and Standards

Identify a MAC (Media Access Control) address and its parts.

Every device on the network must have a unique MAC address to ensure proper receivingand transmission of data. The MAC address is a device's actual physical address, which isusually designated by the manufacturer of the device

Medium Access Control sublayer Operations The purpose of the MAC sublayer is todetermine when each frame should be passed on to the physical layer to be transmitted as adata signal over the network. The MAC sublayer governs which devices have permission totransmit data over the network and when. There are four basic methods for controlling accessto the network, polling, contention, token passing, and switching.

The data link layer is divided into two sublayers: The Media Access Control (MAC) layer

and the Logical Link Control (LLC) layer. The MAC sublayer controls how a computer onthe network gains access to the data and permission to transmit it. The LLC layer controlsframe synchronization, flow control and error checking.

Identify the seven layers of the OSI (Open Systems Interconnect) model and theirfunctions.

APPLICATION

layer 7

Gives user applications access to network. This layer represents the services, that directly support the user applications such as software for file transfers, database

access, and E-mail

PRESENTATION

layer 6

The presentation layer, usually part of an operating system,converts incoming and outgoing data from one presentationformat to another. Presentation layer services include dataencryption and text compression.

SESSION

layer 5

Opens manages, and closes conversations between twocomputers. It performs name recognition and the functionssuch as security, needed to allow two applications tocommunicate over the network, also provides error handling.

TRANSPORT

layer 4

This layer provides transparent transfer of data between endsystems, or hosts, and is responsible for end-to-end error recovery and flow control. It ensures complete data transfer.

Sequences data packets, and requests retransmission of missing packets. It also repackages messages for moreefficient transmission over the network.

NETWORK Establishes, maintains and terminates network connections.Routes data packets across network segments. Translates

1


2/28

layer 3 logical addresses and names into physical addresses.

DATA LINK

layer 2

Transmits frames of data from computer to computer on thesame network segment. Ensures the reliability of the physical

link established at layer 1. Standards define how data framesare recognized and provide the necessary flow control anderror handling at the frame set.

The data link layer is divided into two sublayers: The MediaAccess Control (MAC) layer and the Logical Link Control(LLC) layer. The MAC sublayer controls how a computer onthe network gains access to the data and permission totransmit it. The LLC layer controls frame synchronization,flow control and error checking.

PHYSICAL

layer 1

The Physical layer defines all the electrical and physicalspecifications for devices. This includes the layout of pins,voltages, and cable specifications. Hubs, repeaters andnetwork adapters are physical-layer devices.

Defines cabling and connections. Transmits data over the physical media.

Identify the OSI (Open Systems Interconnect) layers at which the following network components operate:

> Hubs, Switches, Bridges, Routers, NICs (Network Interface Card), WAPs (WirelessAccess Point)

APPLICATION

layer 7

DHCP DNS FTP HTTP IMAP4 IRC NNTP XMPP MIME POP3 SIP SMTP SNMP SSH TELNET BGP

RPC RTP

2


3/28

APPLICATION

layer 7

RTCP TLS/SSL SDP SOAP

L2TP PPTP

PRESENTATION

layer 6

AFP, AppleShare File Protocol GIF ICA Citrix Systems Core Protocol JPEG, Joint Photographic Experts Group LPP, Lightweight Presentation Protocol NCP, NetWare Core Protocol NDR, Network Data Representation PNG, Portable Network Graphics TIFF, Tagged Image File Format XDR, eXternal Data Representation

X.25 PAD, Packet Assembler/Disassembler Protocol

SESSION

layer 5

ADSP, AppleTalk Data Stream Protocol ASP, AppleTalk Session Protocol H.245, Call Control Protocol for Multimedia

Communication iSNS, Internet Storage Name Service L2F, Layer 2 Forwarding Protocol L2TP, Layer 2 Tunneling Protocol NetBIOS, Network Basic Input Output System PAP, Printer Access Protocol PPTP, Point-to-Point Tunneling Protocol RPC, Remote Procedure Call Protocol RTP, Real-time Transport Protocol RTCP, Real-time Transport Control Protocol SMPP, Short Message Peer-to-Peer SCP, Secure Copy Protocol SSH, Secure Shell

ZIP, Zone Information Protocol

TRANSPORT

layer 4

AEP, AppleTalk Echo Protocol ATP, AppleTalk Transaction Protocol CUDP, Cyclic UDP DCCP, Datagram Congestion Control Protocol FCP, Fiber Channel Protocol FCIP, Fiber Channel over TCP/IP IL, IL Protocol

3


4/28

TRANSPORT

layer 4

iSCSI, Internet Small Computer System Interface NBP, Name Binding Protocol NetBEUI, NetBIOS Extended User Interface SPX, Sequenced Packet Exchange

RTMP, Routing Table Maintenance Protocol SCTP, Stream Control Transmission Protocol SCSI, Small Computer System Interface TCP, Transmission Control Protocol

UDP, User Datagram Protocol

NETWORK

layer 3

Routers - Switches - Bridges

IP/IPv6, Internet Protocolo DVMRP, Distance Vector Multicast

Routing Protocolo ICMP, Internet Control Message Protocolo IGMP, Internet Group Multicast Protocolo PIM-SM, Protocol Independent Multicast

Sparse Modeo PIM-DM, Protocol Independent Multicast

Dense Mode IPSec, Internet Protocol Security IPX, Internetwork Packet Exchange

o RIP, Routing Information Protocolo

NLSP, NetWare Link State Protocol X.25, Packet Level Protocolo X.75, Packet Switched Signaling

Between Public Networks

DDP, Datagram Delivery Protocol

4


5/28

DATA LINK

layer 2

ARCnet ATM Cisco Discovery Protocol (CDP) Controller Area Network (CAN)

Econet Ethernet Fiber Distributed Data Interface (FDDI) Frame Relay High-Level Data Link Control (HDLC) IEEE 802.2 (provides LLC functions to IEEE

802 MAC layers) IEEE 802.11 wireless LAN LocalTalk Multiprotocol Label Switching (MPLS) Point-to-Point Protocol (PPP) Serial Line Internet Protocol (SLIP StarLan

Token ring

PHYSICAL

layer 1

Network adapters - Repeaters - Ethernet hubs - Modems- Wireless 802.11x

xDSL IRDA physical layer USB physical layer Firewire EIA RS-232, EIA-422, EIA-423, RS-449, RS-

485 ITU Recommendations: see ITU-T DSL ISDN T1 and other T-carrier links, and E1 and other E-

carrier links 10BASE-T, 10BASE2, 10BASE5, 100BASE-

TX, 100BASE-FX, 100BASE-T, 1000BASE-T,

1000BASE-SX and other varieties of theEthernet physical layer Wireless 802.11x SONET/SDH GSM radio interface Bluetooth physical layer

IEEE 802.11x Wi-Fi physical layers

5


6/28

Differentiate between the following network protocols in terms of routing, addressingschemes, interoperability and naming conventions:

> TCP/IP

Transmission Control Protocol , A connection based Internet protocol responsible for breaking data into packets, which the IP protocol sends over the network. IP is located at theTCP/IP Internet layer which corresponds to the network layer of the OSI Model. IP isresponsible for routing packets by their IP address.

IP is a connectionless protocol. which means, IP does not establish a connection betweensource and destination before transmitting data, thus packet delivery is not guaranteed by IP.Instead, this must be provided by TCP. TCP is a connection based protocol and, is designedto guarantee delivery by monitoring the connection between source and destination beforedata is transmitted. TCP places packets in sequential order and requires acknowledgmentfrom the receiving node that they arrived properly before any new data is sent.

TCP/IP model

Application layer

DHCP - DNS - FTP - HTTP - IMAP4 - IRC - NNTP - XMPP - MIME - POP3 - SIP- SMTP - SNMP - SSH - TELNET - BGP - RPC - RTP - RTCP - TLS/SSL - SDP -SOAP - L2TP - PPTP

Transport layer

This layer deals with opening and maintaining connections, ensuring that packetsare in fact received. This is where flow-control and connection protocols exist, suchas: TCP - UDP - DCCP - SCTP - GTP

Network layer

IP (IPv4 - IPv6) - ARP - RARP - ICMP - IGMP - RSVP - IPSec

Data link layer

ATM - DTM - Ethernet - FDDI - Frame Relay - GPRS - PPP

Physical layer

Ethernet physical layer - ISDN - Modems - PLC - RS232 - SONET/SDH - G.709 -Wi-Fi

6


7/28

> IPX/SPX

Internetwork Packet Exchange/Sequenced Packet Exchange developed by Novell and isused primarily on networks that use the Novell NetWare network operating system. The IPXand SPX protocols provide services similar to those offered by IP and TCP. Like IP, IPX is a

connectionless network layer protocol. SPX runs on top of IPX at the transport layer and, likeTCP, provides connection oriented, guaranteed delivery.

IPX nodes do not have to be configured with a unique node identifier; instead, they copy theMAC address of the network interface card into the IPX node address field. The IPX header contains information about which transport layer protocol receives a particular packet. WithIPX, this information is contained in the destination socket field. Servers have pre specifieddestination socket numbers, so workstations always know what value to use to sendinformation to the server. In contrast, these workstations assign source socket numbersdynamically for their own protocols outside the server socket number's range.

IPX routing protocols require each logical network to have a different network number inorder to forward IPX packets correctly. But, unlike IP, with IPX only servers and routersmust be configured with a network number. New network stations first use dynamic RoutingInformation Protocol (RIP) routing packets to learn network topography and configurationfrom servers and routers and then configure themselves accordingly.

Because IPX is a connectionless protocol, NetWare servers are unable to tell if a station'sconnection to the server is currently active. To avoid reserving resources for inactive users,the NetWare server sends a watchdog packet to a client after a predetermined length of inactivity. The packet asks if the client is still connected and, if the client does not respond,the server terminates the connection.

SPX is connection oriented and, thus, does not require the use of watchdog packets.However, network devices will keep an SPX session open by sending keep alive packets toverify the connection.

> NetBEUI

NetBIOS Enhanced User Interface was designed as a small, efficient protocol for use indepartment-sized LANs of 20-200 computers that do not need to be routed to other subnets.

NetBEUI is used almost exclusively on small, non-routed networks.

As an extension of NetBIOS, NetBEUI is not routable, therefore networks supporting NetBEUI must be connected with bridges, rather than routers, like NetBIOS, the NetBEUIinterface must be adapted to routable protocols like TCP/IP for communication over WANs.

7


8/28

> AppleTalk

AppleTalk is a LAN architecture built into all Apple Macintosh computers. While AppleTalk is a proprietary network, many companies now market AppleTalk based products, including

Novell and Microsoft. Similarly, designed to be link layer independent, AppleTalk supports

Apple's LocalTalk cabling scheme, but also runs over Ethernet (EtherTalk), Token Ring(TokenTalk), and Fiber Distributed Data Interface, or FDDI (FDDITalk).

AppleTalk node addresses are assigned dynamically to ensure minimal network administration overhead. When a node running AppleTalk starts up, it generates a randomnetwork layer protocol address and then sends out a broadcast to determine whether that

particular address is already in use. If it is, the node with the conflicting address responds andthe broadcasting node selects a new address and repeats the inquiry process.

2-Protocols and StandardsIdentify the components and structure of IP (Internet Protocol) addresses (IPv4, IPv6)

and the required setting for connections across the Internet.

An IP is a 32-bit number comprised of a host number and a network prefix, both of which areused to uniquely identify each node within a network. A shortage of available IP addresseshas prompted the creation of an addressing scheme known as Classless Inter-Domain Routing(CIDR). Among other capabilities, CIDR allows one IP address to designate many unique IPaddresses within a network. In addition, the current version of the IP address, IPv4, is beingupgraded to IPv6. The latter uses a 128-bit address, allowing for 2128 total IP addresses, asopposed to IPv4's 232.

> Internet Protocol version 4

Is the fourth iteration of the Internet Protocol (IP) and it is the first version of the protocol to be widely deployed. IPv4 is the dominant network layer protocol on the Internet and apartfrom IPv6 it is the only protocol used on the Internet.

IPv4 is a data-oriented protocol to be used on a packet switched internetwork (e.g., Ethernet).It is a best effort protocol in that it doesn't guarantee delivery. It doesn't make any guaranteeson the correctness of the data; it may result in duplicated packets and/or packets out-of-order.

> Internet Protocol version 6 (IPv6)

A network layer protocol for packet-switched internetworks. It is designated as the successor of IPv4, the current version of the Internet Protocol, for general use on the Internet.

The main improvement brought by IPv6 (Internet Protocol version 6) is the increase in thenumber of addresses available for networked devices, allowing, for example, each mobile

phone and mobile electronic device to have its own address. IPv4 supports 232 (about 4.3 billion) addresses, which is inadequate for giving even one address to every living person, letalone supporting embedded and portable devices. IPv6, however, supports 2128 addresses;this is approximately 51028 addresses for each of the roughly 6.5 billion people alive today.

8


9/28

Identify classful IP (Internet Protocol) ranges and their subnet masks (For example:Class A, B and C).

Systems that have interfaces to more than one network require a unique IP address for eachnetwork interface. The first part of an Internet address identifies the network on which the

host resides, while the second part identifies the particular host on the given network. Thiscreates the two-level addressing hierarchy.

The leading portion of each IP address identifies the network prefix. All hosts on a givennetwork share the same network prefix but must have a unique host number. Similarly, anytwo hosts on different networks must have different network prefixes but may have the samehost number.

Address Class Decimal Notation Ranges

Class A

Class B

Class C

1.xxx.xxx.xxx through 126.xxx.xxx.xxx

128.0.xxx.xxx through 191.255.xxx.xxx

192.0.0.xxx through 223.255.255.xxx

The xxx represents the host number field of the address that is assigned by the local network administrator.

Class A

addresses are intended for very large networks and can address up to 16,777,216 (224) hosts per network. The first digits of a Class A addresses will be a number between 1 and 126, thenetwork ID start bit is 0 and default subnet mask is 255.0.0.0

Class B

addresses are intended for moderate sized networks and can address up to 65,536 (216) hosts per network. The first digits of a Class B address will be a number between 128 and 191, the

network ID start bit is 10 and the default subnet mask is 255. 255.0.0

Class C

intended for small networks and can address only up to 254 (28-2) hosts per network. Thefirst digits of a Class C address will be a number between 192 and 223, the network ID start

bit is 110 and their default subnet mask is 255. 255. 255.0

9


10/28

Basic Class A, B, and C Network Address's

Class A Class B

Class C

Router A

10.10.0.0

Router B

128.28.0.0

Router C

192.28.0.0

Switch

10.10.0.1

Switch

128.28.0.1

Switch

192.28.0.1

10.10.0.2

128.28.0.2

192.28.0.2

Identify the purpose of subnetting.

A subnet mask is used to mask a portion of the IP address, so that TCP/IP can tell thedifference between the network ID and the host ID. TCP/IP uses the subnet mask todetermine whether the destination is on a local or remote network.

Advantages of subnetting a network include the following:

Reducing network congestion by limiting the range of broadcasts using routers Enabling different networking architectures to be joined

Identify the differences between private and public network addressing schemes.

10


11/28

> Public IP Addresses

For a computer to be visible on the Internet, it must be reachable through a public IP address.The IANA assigns ranges of public IP addresses to organizations that can then assign IPaddresses within those ranges to individual computers. This prevents multiple computers

from having the same IP address.

The public IP address can be assigned through a Dynamic Host Configuration Protocol(DHCP) server, configured manually, or provided by an Internet service provider (ISP).

> Authorized Private IP Addresses

The IANA has reserved a certain number of IP addresses that are never used on the globalInternet. These private IP addresses are used for networks that do not want to directly connectto the Internet but nevertheless require IP connectivity. For example, a user wanting toconnect multiple Windows based computers in a home network can use the AutomaticPrivate IP Addressing (APIPA) feature to allow each computer to automatically assign itself a private IP address. The user does not need to configure an IP address for each computer,nor is a DHCP server needed.

Computers on a network using authorized private IP addressing can connect to the Internetthrough the use of another computer with either proxy or network address translator (NAT)capabilities.

> Unauthorized Private IP Addresses

It is possible, when there is an absolute certainty that your network will never access theInternet, to assign to a node a 32-bit unauthorized private IP address of your choosing. Keepin mind that if any Internet connectivity is ever established with any node on your network,these unauthorized private IP addresses could generate significant problems that wouldrequire you to immediately change the IP address of every node that you had assigned in thismanner.

Identify and differentiate between the following IP (Internet Protocol) addressingmethods:

> Static / Dynamic

An IP network is somewhat similar to the telephone network in that you have to have the phone number to reach a destination. The big difference is that IP addresses are oftentemporary ( dynamic ).

Each device in an IP network is either assigned a permanent address ( static ) by the network administrator or is assigned a temporary address ( dynamic ) via DHCP software. Routers,firewalls and proxy servers use static addresses as do most servers and printers that servemultiple users. Client machines may use static or dynamic IP addresses. The IP addressassigned to your service by your cable or DSL Internet provider is typically dynamic IP. Inrouters and operating systems, the default configuration for clients is dynamic IP.

> Self-assigned (APIPA (Automatic Private Internet Protocol Addressing))

11


12/28

Automatic Private IP Addressing (APIPA) is a feature of Windows-based operating systems(included in Windows 98, ME, 2000, and XP) that enables a computer to automaticallyassign itself an IP address when there is no Dynamic Host Configuration Protocol (DHCP)server available to perform that function.

Using APIPA, a Windows based client assigns itself an IP address from a range reserved for authorized private class B network addresses (169.254.0.1 through 169.254.255.254), with asubnet mask of 255.255.0.0. A computer with an authorized private address cannot directlycommunicate with hosts outside its subnet, including Internet hosts. APIPA is most suitablefor small, single-subnet networks, such as a home or small office. APIPA is enabled bydefault if no DHCP servers are available on the network.

Note APIPA assigns only an IP address and subnet mask; it does not assign a default gateway, nor does it assign the IP addresses of DNS or WINS servers. Use APIPA only on a single-subnet network that contains no routers. If your small office or home office network isconnected to the Internet or a private intranet, do not use APIPA.

Define the purpose, function and use of the following protocols used in the TCP / IP(Transmission Control Protocol / Internet Protocol) suite:

> TCP (Transmission Control Protocol)

Transmission Control Protocol, A connection based Internet protocol responsible for breaking data into packets, which the IP protocol sends over the network. IP is located at theTCP/IP Internet layer which corresponds to the network layer of the OSI Model. IP isresponsible for routing packets by their IP address.

IP is a connectionless protocol. which means, IP does not establish a connection betweensource and destination before transmitting data, thus packet delivery is not guaranteed by IP.Instead, this must be provided by TCP. TCP is a connection based protocol and, is designedto guarantee delivery by monitoring the connection between source and destination beforedata is transmitted. TCP places packets in sequential order and requires acknowledgmentfrom the receiving node that they arrived properly before any new data is sent.

> UDP (User Datagram Protocol)

User Datagram Protocol runs on top of IP and is used as an alternative to TCP. UDP does

not, however, provide any error checking for guaranteeing packet delivery. Because UDP isnot as complex as TCP, it is also faster. It is often used for broadcast messages and for streaming audio and video. UDP is a connectionless transport protocol.

All upper layer applications that use TCP or UDP have a port number that identifies theapplication. This enables the port number to identify the type of service that one TCP systemis requesting from another.

Some commonly used ports

12


13/28

Port Number Service

80 HTTP

21 FTP

110 POP3

25 SMTP

23 Telnet

> FTP (File Transfer Protocol)

An Internet standard application-level TCP/IP protocol that can be used for transferring files between hosts on a TCP/IP internetwork.

File Transfer Protocol (FTP) is one of the earliest Internet protocols, and is still used for uploading and downloading files between clients and servers. An FTP client is an applicationthat can issue FTP commands to an FTP server, while an FTP server is a service or daemonrunning on a server that responds to FTP commands from a client. FTP commands can beused to change directories, change transfer modes between binary and ASCII, upload files,and download files.

> SFTP (Secure File Transfer Protocol)

SSH File Transfer Protocol or SFTP is a network protocol that provides file transfer andmanipulation functionality over any reliable data stream. It is typically used with the SSH-2

protocol to provide secure file transfer, but is intended to be usable with other protocols aswell. The sftp program provides an interactive interface similar to that of traditional FTPclients.

> TFTP (Trivial File Transfer Protocol)

Trivial File Transfer Protocol is a file transfer protocol that transfers files to and from aremote computer running the TFTP service. TFTP was designed with less functions thanFTP.

> SMTP (Simple Mail Transfer Protocol)

Simple Mail Transfer Protocol, is used to transfer messages between two remote computers.It is used on the Internet, and is part of the TCP/IP protocol stack.

> HTTP (Hypertext Transfer Protocol)

Hypertext Transfer Protocol is the underlying protocol for the World Wide Web. HTTPdefines how all resources on the web are transferred and what action web servers and

browsers should take in response to commands.

HTTP is a "stateless" protocol, meaning each command is executed independently, withoutany knowledge of the commands that came before it.

13


14/28

> HTTPS (Hypertext Transfer Protocol Secure)

The secure hypertext transfer protocol is a communications protocol designed to transfer encrypted information between computers over the World Wide Web. HTTPS is HTTP usinga Secure Socket Layer (SSL). A secure socket layer is an encryption protocol invoked on a

Web server that uses HTTPS. Most implementations of the HTTPS protocol involve online purchasing or the exchange of private information. Accessing a secure server often requiressome sort of registration, login, or purchase. The successful use of the HTTPS protocolrequires a secure server to handle the request.

> POP3 / IMAP4 (Post Office Protocol version 3 / Internet Message Access Protocolversion 4)

Post Office Protocol, used to retrieve e-mail from a mail server. Most e-mail applications usethe POP protocol, although some use the newer IMAP (Internet Message Access Protocol).

This older POP2 requires SMTP to send messages. While POP3, can be used with or withoutSMTP.

> Telnet

Short for Telecommunication Network, a virtual terminal protocol allowing a user logged onto one TCP/IP host to access other hosts on the network.

> SSH (Secure Shell)

Secure Shell or SSH is a set of standards and an associated network protocol that allowsestablishing a secure channel between a local and a remote computer. It uses public-keycryptography to authenticate the remote computer and (optionally) to allow the remotecomputer to authenticate the user. SSH provides confidentiality and integrity of dataexchanged between the two computers using encryption and message authentication codes(MACs). SSH is typically used to log into a remote machine and execute commands, but italso supports tunneling, forwarding arbitrary TCP ports and X11 connections; it can transfer files using the associated SFTP or SCP protocols. An SSH server, by default, listens on thestandard TCP port 22.

> ICMP (Internet Control Message Protocol)

Internet Control Message Protocol is a maintenance protocol in the TCP/IP suite, required inevery TCP/IP implementation, that allows two nodes on an IP network to share IP status anderror information. ICMP is used by the ping utility to determine the readability of a remotesystem.

> ARP / RARP (Address Resolution Protocol / Reverse Address Resolution Protocol)

Address Resolution Protocol, is a TCP/IP protocol used to convert an IP address into a physical address, such as an Ethernet address. A host wishing to obtain a physical address broadcasts an ARP request onto the TCP/IP network. The host on the network that has the IPaddress in the request then replies with its physical hardware address.

14


15/28

> NTP (Network Time Protocol)

The Network Time Protocol is used to synchronize the time of a computer client or server toanother server or reference time source, such as a radio or satellite receiver or modem. It

provides accuracy's typically within a millisecond on LANs and up to a few tens of

milliseconds on WANs.

> SNMP

Simple Network Management Protocol, is a TCP/IP protocol for monitoring networks andnetwork components. SNMP uses small utility programs called agents to monitor behavior and traffic on the network, in order to gather statistical data.

These agents can be loaded onto managed devices such as hubs, NIC's, servers, routers, and bridges. The gathered data is stored in a MIB (management information base).

To collect the information in a usable form, a management program console polls theseagents and downloads the information from their MIB's, which then can be displayed asgraphs, charts and sent to a database program to be analyzed.

> NNTP (Network News Transport Protocol)

The Network News Transfer Protocol or NNTP is an Internet application protocol used primarily for reading and posting Usenet articles, as well as transferring news among newsservers.

> SCP (Secure Copy Protocol)

Secure Copy or SCP is a means of securely transferring computer files between a local and aremote host or between two remote hosts, using the Secure Shell (SSH) protocol.

The protocol itself does not provide authentication and security; it expects the underlying protocol, SSH, to secure this.

The SCP protocol implements file transfers only. It does so by connecting to the host usingSSH and there executes an SCP server (scp). The SCP server program is typically the verysame program as the SCP client.

> LDAP (Lightweight Directory Access Protocol)

Lightweight Directory Access Protocol, or LDAP, is a networking protocol for querying andmodifying directory services running over TCP/IP.

A directory is a set of information with similar attributes organized in a logical andhierarchical manner. The most common example is the telephone directory, which consists of a series of names organized alphabetically, with an address and phone number attached.

An LDAP directory often reflects various political, geographic, and/or organizational boundaries, depending on the model chosen. LDAP deployments today tend to use Domain Name System (DNS) names for structuring the topmost levels of the hierarchy. Deeper inside

15


16/28

the directory might appear entries representing people, organizational units, printers,documents, groups of people or anything else which represents a given tree entry.

> IGMP (Internet Group Multicast Protocol)

The Internet Group Management Protocol is a communications protocol used to manage themembership of Internet Protocol multicast groups. IGMP is used by IP hosts and adjacentmulticast routers to establish multicast group memberships. It is an integral part of the IPmulticast specification, like ICMP for unicast connections. IGMP can be used for onlinevideo and gaming, and allows more efficient use of resources when supporting these uses.

> LPR (Line Printer Remote)

The Line Printer Daemon protocol/Line Printer Remote protocol (or LPD, LPR) also knownas the Berkeley printing system, is a set of programs that provide printer spooling andnetwork print server functionality for Unix-like systems. The most common implementationsof LPD are the official BSD UNIX operating system and the LPRng project. The CommonUnix Printing System (or CUPS), which is more common on modern Linux distributions,

borrows heavily from LPD.

A printer that supports LPD/LPR is sometimes referred to as a "TCP/IP printer" (TCP/IP isused to establish connections between printers and workstations on a network), although thatterm seems equally applicable to a printer that supports CUPS.

3-Protocols and Standards

Define the function of TCP / UDP (Transmission Control Protocol / User DatagramProtocol) ports.

> Transmission Control Protocol

A connection based Internet protocol responsible for breaking data into packets, which the IP protocol sends over the network. IP is located at the TCP/IP Internet layer which correspondsto the network layer of the OSI Model. IP is responsible for routing packets by their IPaddress.

> User Datagram Protocol

Runs on top of IP and is used as an alternative to TCP. UDP does not, however, provide anyerror checking for guaranteeing packet delivery. Because UDP is not as complex as TCP, it isalso faster. It is often used for broadcast messages and for streaming audio and video. UDP isa connectionless transport protocol.

Identify the well-known ports associated with the following commonly used services andprotocols:

16


17/28

Protocol Common Port

FTP (File Transfer Protocol) 20, 21

SSH (Secure Shell) 22

Telnet 23

SMTP (Simple Mail Transfer Protocol) 25

DNS (Domain Name Service) 53

TFTP (Trivial File Transfer Protocol) 69

HTTP (Hypertext Transfer Protocol) 80

POP3 (Post Office Protocol version 3) 110

NNTP (Network News Transport Protocol) 119

NTP (Network Time Protocol) 123

IMAP4 (Internet Message Access Protocol version4) 143

HTTPS (Hypertext Transfer Protocol Secure) 443

Identify the purpose of network services and protocols:

> DNS (Domain Name Service)

DNS name resolution is used on the Internet to map friendly names to IP addresses, and viceversa. For example instead of trying to remember an IP address composed of numbers, suchas 198.46.8.34 you could with the DNS type

http://www.microsoft.com/.

In Microsoft Windows 2000, Microsoft Windows Server 2003, and Microsoft WindowsXP environments, DNS is the default name resolution method.

17


18/28

> NAT(Network Address Translation)

Network Address Translation is a process that lets an entire network connect to a PPP server and appear as a single IP address, thus helping to conceal IP addresses from external hackers

and to alleviate address space shortage.

> ICS (Internet Connection Sharing)

You can choose one computer to share an Internet connection with the rest of the computerson your home or small office network. This computer is called the Internet ConnectionSharing (ICS) host computer.

To determine which computer should be your ICS host computer, use the followingguidelines:

The computer must be one that you can leave on at all times so that other computerson the network can access the Internet. If the computer is turned off, the connection tothe Internet will not be available.

If one computer has a DSL or cable modem, use that computer as the ICS hostcomputer.

If you plan to use a shared printer for your network, the printer should be installed onthe ICS host computer.

> WINS (Windows Internet Name Service)

While DNS resolves host names to IP addresses, WINS resolves NetBIOS names to IPaddresses. Windows Internet Name Service provides a dynamic database of IP address to NetBIOS name resolution mappings.

WINS, determines the IP address associated with a particular network computer. This iscalled name resolution. WINS supports network client and server computers runningWindows.

WINS uses a distributed database that is automatically updated with the names of computerscurrently available and the IP address assigned to each one.

DNS is an alternative for name resolution suitable for network computers with fixed IPaddresses.

> SNMP (Simple Network Management Protocol)

Simple Network Management Protocol, is a TCP/IP protocol for monitoring networks andnetwork components. SNMP uses small utility programs called agents to monitor behavior and traffic on the network, in order to gather statistical data.

These agents can be loaded onto managed devices such as hubs, NIC's, servers, routers, and bridges. The gathered data is stored in a MIB (management information base).

18


19/28

To collect the information in a usable form, a management program console polls theseagents and downloads the information from their MIB's, which then can be displayed asgraphs, charts and sent to a database program to be analyzed.

> NFS (Network File System)

Network File System (NFS) is a distributed file system that allows users to access files anddirectories located on remote computers and treat those files and directories as if they werelocal.

> Zeroconf (Zero configuration)

Zero Configuration Networking is a set of techniques that automatically create a usable IPnetwork without configuration or special servers. This allows unknowledgeable users toconnect computers, networked printers, and other items together and expect them to work automatically. Without Zeroconf or something similar, a knowledgeable user must either setup special servers, like DHCP and DNS, or set up each computer's network settings manualy.

Zeroconf currently solves three problems :

Choose numeric network addresses for networked items Figure out which computer has a certain name Figure out where to get services, like printing.

> SMB (Server Message Block)

A file-sharing protocol designed to allow networked computers to transparently access filesthat reside on remote systems over a variety of networks. The SMB protocol defines a seriesof commands that pass information between computers. SMB uses four message types:session control, file, printer, and message. It is mainly used by Microsoft Windows equippedcomputers.

SMB works through a client-server approach, where a client makes specific requests and theserver responds accordingly. One section of the SMB protocol is specifically for filesystemaccess, such that clients may make requests to a file server. The SMB protocol was optimisedfor local subnet usage, but one could use it to access different subnets across the Internet onwhich MS Windows file-and-print sharing exploits usually focus.

Client computers may have their own hard disks, which are not publicly shared, yet also wantaccess to the shared file systems and printers on the server, and it is for this primary purposethat SMB is best known and most heavily used.

> AFP (Apple File Protocol)

The file sharing protocol used in an AppleTalk network. In order for non-Apple networks toaccess data in an AppleShare server, their protocols must translate into the AFP language.

AFP versions 3.0 and greater rely exclusively on TCP/IP (port 548 or 427) for establishingcommunication, supporting AppleTalk only as a service discovery protocol. The AFP 2.xfamily supports both TCP/IP and AppleTalk for communication and service discovery.

19


20/28

> LPD (Line Printer Daemon) and Samba) .

LPD is the primary UNIX printing protocol used to submit jobs to the printer. The LPR component initiates commands such as "print waiting jobs," "receive job," and "send queuestate," and the LPD component in the print server responds to them.

The most common implementations of LPD are in the official BSD UNIX operating systemand the LPRng project. The Common Unix Printing System (or CUPS), which is morecommon on modern Linux distributions, borrows heavily from LPD.

Unix and Mac OS X Servers use the Open Source SAMBA to provide Windows users withServer Message Block (SMB) file sharing.

Identify the basic characteristics (For example: speed, capacity and media) of thefollowing WAN (Wide Area Networks) technologies:

> Packet switching

Packet switching offers more efficient use of a telecommunication provider's network bandwidth. With packet switching, the switching mechanisms on the network route each data packet from switch to switch individually over the network using the best-available path. Anyone physical link in a packet-switched network can carry packets from many differentsenders and for many different destinations. Where as in a circuit switched connection, the

bandwidth is dedicated to one sender and receiver only.

> Circuit switching

With circuit switching, data travels over a fixed path that is established at the beginning of the connection and remains open until the connection is terminated. A telephone call is anexample of a circuit switched link. When you dial a number the telecommunication provider,establishes an open circuit between your phone and the phone of the person you are calling.

No other calls can be placed over this circuit until you hang up.

> ISDN (Integrated Services Digital Network)

Integrated Services Digital Network adapters can be used to send voice, data, audio, or videoover standard telephone cabling. ISDN adapters must be connected directly to a digital

telephone network. ISDN adapters are not actually modems, since they neither modulate nor demodulate the digital ISDN signal.

Like standard modems, ISDN adapters are available both as internal devices that connectdirectly to a computer's expansion bus and as external devices that connect to one of acomputer's serial or parallel ports. ISDN can provide data throughput rates from 56 Kbps to1.544 Mbps using a T1 service.

ISDN hardware requires a NT (network termination) device, which converts network datasignals into the signaling protocols used by ISDN. Some times, the NT interface is included,or integrated, with ISDN adapters and ISDN-compatible routers. In other cases, an NT deviceseparate from the adapter or router must be implemented.

20


21/28

ISDN works at the physical, data link, network, and transport layers of the OSI Model.

> FDDI (Fiber Distributed Data Interface)

Fiber Distributed Data Interface, shares many of the same features as token ring, such

as a token passing, and the continuous network loop configuration. But FDDI has betterfault tolerance because of its use of a dual, counter-rotating ring that enables the ring toreconfigure itself in case of a link failure. FDDI also has higher transfer speeds, 100Mbps for FDDI, compared to 4 - 16 Mbps for Token Ring.

Unlike Token Ring, which uses a star topology, FDDI uses a physical ring. Each device inthe ring attaches to the adjacent device using a two stranded fiber optic cable. Datatravels in one direction on the outer strand and in the other direction on the innerstrand. When all devices attached to the dual ring are functioning properly, data travelson only one ring. FDDI transmits data on the second ring only in the event of a linkfailure.

Media MACMethod

Signal Propagation Method Speed Topologies MaximumConnections

Fiber-optic

Tokenpassing

Forwarded from device todevice (or port to port on ahub) in a closed loop

100Mbps

Double ringStar

500 nodes

> T1 (T Carrier level 1)

A 1.544 Mbps point to point dedicated, digital circuit provided by the telephone companies.T1 lines are widely used for private networks as well as interconnections between anorganizations LAN and the telco.

A T1 line uses two pairs of wire one to transmit, and one to receive. and time divisionmultiplexing (TDM) to interleave 24 64-Kbps voice or data channels. The standard T1 frameis 193 bits long, which holds 24 8-bit voice samples and one synchronization bit with 8,000frames transmitted per second. T1 is not restricted to digital voice or to 64 Kbps data streams.Channels may be combined and the total 1.544 Mbps capacity can be broken up as required.

> T3 (T Carrier level 3)

A T3 line is a super high-speed connection capable of transmitting data at a rate of 45 Mbps.A T3 line represents a bandwidth equal to about 672 regular voice-grade telephone lines,which is wide enough to transmit real time video, and very large databases over a busynetwork. A T3 line is typically installed as a major networking artery for large corporations,universities with high-volume network traffic and for the backbones of the major Internetservice providers.

> OCx (Optical Carrier)

Optical Carrier,designations are used to specify the speed of fiber optic networks thatconforms to the SONET standard.

21


22/28

Level Speed

OC-1 51.85Mbps

OC-3155.52Mbps

OC-12 622.08Mbps

OC-24 1.244Gbps

OC-48 2.488Gbps

> X.25

An X.25 network transmits data with a packet-switching protocol, bypassing noisy telephonelines. This protocol relies on an elaborate worldwide network of packet-forwarding nodesthat can participate in delivering an X.25 packet to its designated address.

Network Connections supports X.25 by using packet assemblers/disassemblers (PADs) andX.25 cards. You can also use a modem and special dial-up X.25 carriers (such as Sprintnetand Infonet) in place of a PAD or X.25 smart card on your computer.

Remote access clients running Windows XP Professional or Windows 2000 Server or later can use either an X.25 card or dial in to an X.25 PAD to create connections. To acceptincoming connections on a computer using X.25 running Windows XP Professional or Windows 2000 Server or later, you must use an X.25 card.

Identify the basic characteristics of the following internet access technologies:

> xDSL (Digital Subscriber Line)

xDSL is a term referring to a variety of new Digital Subscriber Line technologies. Some of these varieties are asymmetric with different data rates in the downstream and upstreamdirections. Others are symmetric. Downstream speeds range from 384 Kbps (or "SDSL") to1.5-8 Mbps (or "ADSL").

Asymmetric Digital Subscriber Line (ADSL) A high-bandwidth digital transmissiontechnology that uses existing phone lines and also allows voice transmissions over the samelines. Most of the traffic is transmitted downstream to the user, generally at rates of 512 Kbpsto about 6 Mbps.

> Broadband Cable (Cable modem)

Cable modems use a broadband connection to the Internet through cable televisioninfrastructure. These modems use frequencies that do not interfere with television

transmission.

22


23/28

> POTS / PSTN (Plain Old Telephone Service / Public Switched Telephone Network)

POTS / PSTN use modem's, which is a device that makes it possible for computers tocommunicate over telephone lines. The word modem comes from Modulate and Demodulate.Because standard telephone lines use analog signals, and computers digital signals, a sendingmodem must modulate its digital signals into analog signals. The computers modem on thereceiving end must then demodulate the analog signals into digital signals.

Modems can be external, connected to the computers serial port by an RS-232 cable or internal in one of the computers expansion slots. Modems connect to the phone line usingstandard telephone RJ-11 connectors.

> Wireless

A wireless network consists of wireless NICs and access points. NICs come in differentmodels including PC Card, ISA, PCI, etc. Access points act as wireless hubs to link multiplewireless NICs into a single subnet. Access points also have at least one fixed Ethernet port toallow the wireless network to be bridged to a traditional wired Ethernet network, such as theorganizations network infrastructure. Wireless and wired devices can coexist on the samenetwork.

WLAN (Wireless Local Area Network) A group of computers and associateddevices that communicate with each other wirelessly.

WPA (Wi-Fi Protected Access) A security protocol for wireless networks that builds

on the basic foundations of WEP. It secures wireless data transmission by using a keysimilar to WEP, but the added strength of WPA is that the key changes dynamically.The changing key makes it much more difficult for a hacker to learn the key and gainaccess to the network.

WPA2 (Wi-Fi Protected Access 2) WPA2 is the second generation of WPA securityand provides a stronger encryption mechanism through Advanced EncryptionStandard (AES), which is a requirement for some government users.

WPA-Personal A version of WPA that uses long and constantly changing encryptionkeys to make them difficult to decode.

WPA-Enterprise A version of WPA that uses the same dynamic keys as WPA-Personal and also requires each wireless device to be authorized according to a master

list held in a special authentication server.

4-Protocols and Standards

Define the function of the following remote access protocols and services:

> RAS (Remote Access Service)

Remote Access Service A service that provides remote networking for telecommuters, mobileworkers, and system administrators who monitor and manage servers at multiple branch

offices. Users with RAS can dial in to remotely access their networks for services such as fileand printer sharing, electronic mail, scheduling, and SQL database access.

23


24/28

> PPP (Point-to-Point Protocol)

An industry standard suite of protocols for the use of point-to-point links to transport

multiprotocol datagrams.

Point to point Protocol facilitates Internet connections over serial lines, including modemconnections. PPP software requires only a destination address usually a phone number for modem connections and a user login in order to negotiate a complete configuration for eachsession.

PPP support enables computers to dial in to remote networks through any server thatcomplies with the PPP standard. PPP also enables remote access clients to use anycombination of IPX, TCP/IP, NetBEUI, and AppleTalk. Remote access clients runningWindows NT and Windows 2000, Windows 98, and Windows 95 can use any combination of TCP/IP, IPX, and NetBEUI and programs written to the Windows Sockets, NetBIOS, or IPXinterface. Microsoft remote access clients do not support the use of the AppleTalk protocolover a remote access connection.

PPP connection sequence

When you connect to a remote computer, PPP negotiation accomplishes the following:

Framing rules are established between the remote computer and server. This allowscontinued communication (frame transfer) to occur.

The remote access server then authenticates the remote user by using the PPPauthentication protocols (MS-CHAP, EAP, CHAP, SPAP, PAP). The protocols thatare invoked depend on the security configurations of the remote client and server.

Once authenticated, if callback is enabled, the remote access server hangs up and callsthe remote access client.

The Network Control Protocols (NCPs) enable and configure the remote client for thedesired LAN protocols.

> SLIP (Serial Line Internet Protocol)

An older industry standard that is part of Windows remote access client to ensure

interoperability with other remote access software.

> PPPoE (Point-to-Point Protocol over Ethernet)

A specification for connecting users on an Ethernet network to the Internet through a broadband connection, such as a single DSL line, wireless device, or cable modem. UsingPPPoE and a broadband modem, LAN users can gain individual authenticated access to high-speed data networks. By combining Ethernet and Point-to-Point Protocol (PPP), PPPoE

provides an efficient way to create a separate connection for each user to a remote server.

24


25/28

> PPTP (Point-to-Point Tunneling Protocol)

Networking technology that supports multiprotocol virtual private networks (VPNs),

enabling remote users to access corporate networks securely across the Internet or other networks by dialing into an Internet service provider (ISP) or by connecting directly to theInternet. The Point-to-Point Tunneling Protocol (PPTP) tunnels, or encapsulates, IP, IPX, or

NetBEUI traffic inside of IP packets. This means that users can remotely run applications thatare dependent upon particular network protocols.

> VPN (Virtual Private Network)

Virtual private network A remote LAN that can be accessed through the Internet by usingPPTP (see above)

> RDP (Remote Desktop Protocol)

Remote Desktop Protocol (RDP) is a multi-channel protocol that allows a user to connect to acomputer running Microsoft Terminal Services. Clients exist for most versions of Windows(including handheld versions), and other operating systems such as Linux, FreeBSD, SolarisOperating System and Mac OS X. The server listens by default on TCP port 3389.

Version 4.0 was introduced with Terminal Services in Windows NT 4.0 Server,Terminal Server Edition.

Version 5.0, introduced with Windows 2000 Server, added support for a number of

features, including printing to local printers, and aimed to improve network bandwidth usage. Version 5.1, introduced with Windows XP Professional, included support for 24-bit

color and sound. Version 5.2, introduced with Windows Server 2003, included support for console

mode connections, a session directory, and local resource mapping. Version, 6.0, introduced with Windows Vista and Windows Server includes a

significant number of new features, most notably being able to remotely access asingle application instead of the entire desktop, and support for 32 bit color.

Identify the following security protocols and describe their purpose and function:

> IPSec (Internet Protocol Security)

Is a set of protocols used to support secure exchange of packets at the IP layer.

IPsec supports two encryption modes: Transport and Tunnel. Transport mode encrypts onlythe data portion of each packet, but leaves the header untouched. The more secure Tunnelmode encrypts both the header and the data portion.

For IPsec to work, the sending and receiving devices must share a public key. This isaccomplished through a protocol known as Internet Security Association and Key

25


26/28

Management Protocol/Oakley, which allows the receiver to obtain a public key andauthenticate the sender using digital certificates.

IPsec protocols operate at the network layer, layer 3 of the OSI model. Other Internet security protocols in widespread use, such as SSL and TLS, operate from the transport layer up (OSI

layers 4 - 7). This makes IPsec more flexible, as it can be used for protecting both TCP andUDP based protocols

> L2TP (Layer 2 Tunneling Protocol)

Layer 2 Tunneling Protocol is a tunneling protocol used to support virtual private networksVPNs. L2TP is an extension to the PPP protocol that enables ISPs to operate Virtual Private

Networks. L2TP combines the best features of two other tunneling protocols: PPTP fromMicrosoft and L2F from Cisco Systems.

> SSL (Secure Sockets Layer)

Secure Sockets Layer is a protocol that supplies secure data communication through dataencryption and decryption. SSL enables communications privacy over networks by using acombination of public key, and bulk data encryption.

> WEP (Wired Equivalent Privacy)

Wired Equivalent Privacy is a scheme that is part of the IEEE 802.11 wireless networkingstandard to secure IEEE 802.11 wireless networks. Because a wireless network broadcastsmessages using radio, it is particularly susceptible to eavesdropping.

WEP was intended to provide comparable confidentiality to a traditional wired network andthus it does not protect users of the network from each other.

> WPA (Wi-Fi Protected Access)

A security protocol for wireless networks that builds on the basic foundations of WEP. Itsecures wireless data transmission by using a key similar to WEP, but the added strength of WPA is that the key changes dynamically. The changing key makes it much more difficultfor a hacker to learn the key and gain access to the network.

WPA2 (Wi-Fi Protected Access 2) WPA2 is the second generation of WPA security and provides a stronger encryption mechanism through Advanced Encryption Standard (AES),which is a requirement for some government users.

> 802.11x

IEEE 802.11 also known by the brand Wi-Fi, denotes a set of Wireless LAN/WLANstandards developed by working group 11 of the IEEE LAN/MAN Standards Committee(IEEE 802). The term 802.11x is also used to denote this set of standards and is not to bemistaken for any one of its elements. There is no single 802.11x standard.

26


27/28

Protocol ReleaseDate

Op.Frequency

DataRate

(Typ)

DataRate

(Max)

Range(Indoor)

Range (Outdoor)

802.11a 1999

5.15-5.35/5.47-5.725/5.725-5.875 GHz

25Mbit/s

54Mbit/s

~25meters ~75 meters

802.11b 1999 2.4-2.5 GHz 6.5Mbit/s11Mbit/s


802.11g 2003 2.4-2.5 GHz 25Mbit/s 54Mbit/s ~25meters ~75 meters

802.11n 2007 2.4 GHz or 5GHz bands200Mbit/s

540Mbit/s


Identify authentication protocols:

> CHAP (Challenge Handshake Authentication Protocol)

Challenge Handshake Authentication Protocol is a challenge-response authentication protocolthat uses the industry-standard Message Digest 5 (MD5) hashing scheme to encrypt theresponse. CHAP is used by various vendors of network access servers and clients.

> MS-CHAP (Microsoft Challenge Handshake Authentication Protocol)

MS-CHAP Microsoft Challenge Handshake Authentication Protocol. MS-CHAP is anonreversible, encrypted password authentication protocol. The challenge handshake processworks as follows:

The remote access server or the IAS server sends a challenge to the remote accessclient that consists of a session identifier and an arbitrary challenge string.

The remote access client sends a response that contains the user name and anonreversible encryption of the challenge string, the session identifier, and the

password. The authenticator checks the response and, if valid, the user's credentials are

authenticated.

> PAP (Password AuthenticationProtocol)

27


28/28

Password Authentication Protocol uses plaintext passwords and is the least sophisticatedauthentication protocol. It is typically negotiated if the remote access client and remote accessserver cannot negotiate a more secure form of validation.

> RADIUS (Remote Authentication Dial-In User Service)

Is an AAA (authentication, authorization and accounting) protocol for applications such asnetwork access or IP mobility. It is intended to work in both local and roaming situations.

Some ISPs (commonly modem, DSL, or wireless 802.11 services) require you to enter ausername and password in order to connect on to the Internet. Before access to the network isgranted, this information is passed to a Network Access Server (NAS) device over the Point-to-Point Protocol (PPP), then to a RADIUS server over the RADIUS protocol. The RADIUSserver checks that the information is correct using authentication schemes like PAP, CHAP or EAP. If accepted, the server will then authorize access to the ISP system and select an IPaddress.

RADIUS is also widely used by VoIP service providers.

> Kerberos and EAP (ExtensibleAuthentication Protocol)).

An authentication system, Kerberos is designed to enable two parties to exchange privateinformation across an open network. It works by assigning a unique key, called a ticket, toeach user that logs on to the network. The ticket is then embedded in messages to identify thesender of the message.

Extensible Authentication Protocol , or EAP, is a universal authentication framework frequently used in wireless networks and Point-to-Point connections. Although the EAP

protocol is not limited to wireless LANs and can be used for wired LAN authentication, it ismost often used in wireless LANs. Recently, the WPA and WPA2 standard has officiallyadopted five EAP types as its official authentication mechanisms.

protocols and standards presented by wahidullah shahaadat

Documents