Protocols-1.pdf

Full Transcript

Protocols
Franklin M. Miranda Jr.
The history of TCP/IP
The Defense Advanced Research Projects
Agency, the research branch of the U.S.
Department of Defense, created the
TCP/IP model in the 1970s for use in
ARPANET, a wide area network that
preceded the internet. TCP/IP was
originally designed for the Unix OS, and it
has been built into all of the OSes that
came after it.
The TCP/IP model and its related
protocols are now maintained by the
Internet Engineering Task Force
OSI model V.S. TCP/IP model

The OSI model is TCP/IP model is
more generic more practical and
and protocol- guides the design
independent, and management
while the TCP/IP
model is more of networks.
functional and
based on
specific
protocols.
TCP/IP MODEL (Protocol suite)

Internet Protocol Suite, is a
collection of networking
protocols that work in
tandem to transfer a data
packet from one computer
to another using computer
networks.
TCP/IP Protocol Suite

The TCP/IP model is
an abstract idea. The
TCP/IP protocol suite
is an actual
implementation of the
model.
 Let us now identify
each protocol and
discuss it one by one
TCP-transmission Control Protocol

Protocol and is a suite of
communication protocols
used to interconnect
network devices on the
internet.
TCP/IP is also used as a
communications protocol
in a private computer
network (an intranet or
extranet).
TCPIP PROTOCOL

TCP/IP protocol suite functions as an Network address translation (NAT) is the
abstraction layer between internet virtualization of IP addresses. NAT helps
improve security and decrease the number
applications and the routing and of IP addresses an organization needs
switching fabric.
TCP

Common TCP/IP protocols include the
following:
Hypertext Transfer Protocol (HTTP) handles
the communication between a web server
and a web browser.
E.g. http://info.cern.ch - home of the first website

HTTP Secure handles secure communication
between a web server and a web browser

Collectively, the TCP/IP suite of protocols is
classified as stateless, which means each
client request is considered new because it
is unrelated to previous requests
The 4 layers of the TCP/IP model

1. The application layer
provides applications with
standardized data exchange.
Its protocols include HTTP,
FTP, Post Office Protocol 3,
Simple Mail Transfer Protocol
and Simple Network
Management Protocol. At the
application layer, the payload
is the actual application
data.
 2. The transport layer is
responsible for maintaining end-
to-end communications across
the network. TCP handles
communications between hosts
and provides flow control,
multiplexing and reliability. The
transport protocols include TCP
and User Datagram Protocol,
which is sometimes used instead
of TCP for special purposes
TCP

3. The network layer,
also called the internet
layer, deals with packets
and connects independent
networks to transport the
packets across network
boundaries. The network
layer protocols are IP and
Internet Control Message
Protocol, which is used for
error reporting
TCP

4. The physical layer, also
known as the network interface
layer or data link layer, consists
of protocols that operate only
on a link -- the network
component that interconnects
nodes or hosts in the network.
The protocols in this lowest
layer include Ethernet for local
area networks and Address
Resolution Protocol
Advantage of TCP/IP

helps establish a connection
between different types of
computers;
works independently of the OS;
supports many routing
protocols;
uses a client-server architecture
that is highly scalable;
can be operated independently;
supports several routing
protocolsIs lightweight
disadvantages of TCP/IP

complicated to set up and manage;
transport layer does not guarantee delivery
of packets;
is not easy to replace protocols in TCP/IP;
does not clearly separate the concepts of
services, interfaces, and protocols, so it is
not suitable for describing new technologies
in new networks
vulnerable to a synchronization attack,
which is a type of denial-of-service attack in
which a bad actor uses TCP/IP.
Tcp/ip model in computer network
Internet Control Message Protocol (ICMP)

The Internet Control Message
Protocol (ICMP) is a network layer
protocol used by network devices to
diagnose network communication
issues.
ICMP is mainly used to determine
whether or not data is reaching its
intended destination in a timely
manner. Commonly, the ICMP
protocol is used on network devices,
such as routers.
ICMP is crucial for error reporting
and testing, but it can also be used
in distributed denial-of-service
(DDoS) attacks.
What is ICMP used for?

The primary purpose of ICMP is for error
reporting. When two devices connect over
the Internet, the ICMP generates errors to
share with the sending device in the event
that any of the data did not get to its
intended destination. For example, if a
packet of data is too large for a router, the
router will drop the packet and send an ICMP
message back to the original source for the
data.
ICMP/TRACEROUTE

A secondary use of ICMP protocol is to
perform network diagnostics; the
commonly used terminal utilities
traceroute and ping both operate using
ICMP.
The traceroute utility is used to display
the routing path between two Internet
devices. The routing path is the actual
physical path of connected routers that
a request must pass through before it
reaches its destination. The journey
between one router and another is
known as a ‘hop,’ and a traceroute also
reports the time required for each hop
along the way. This can be useful for
determining sources of network delay.
ICMP /PING

The ping utility is a simplified version of
traceroute. A ping will test the speed of the
connection between two devices and report
exactly how long it takes a packet of data to
reach its destination and come back to the
sender’s device. Although ping does not
provide data about routing or hops, it is still
a very useful metric for gauging the latency
between two devices. The ICMP echo-
request and echo-reply messages are
commonly used for the purpose of
performing a ping.
Unfortunately, network attacks can exploit
this process, creating means of disruption
such as the ICMP flood attack and the ping
of death attack.
What Is File Transfer Protocol (FTP)

The term file transfer protocol (FTP)
refers to a process that involves the
transfer of files between devices over
a network.
The process works when one party
allows another to send or receive files
over the Internet.
FILE TRANSFER PROTOCOL

Originally used as a way for users to
communicate and exchange
information between two physical
devices, it is now commonly used to
store files in the cloud, which is
usually a secure location that is held
remotely.
FTP may be used by a business or
individual to transfer files from one
computer system to another or by
websites to upload or download files
from their servers
KEY TAKEAWAYS

File transfer protocol (FTP) is a way to
download, upload, and transfer files from one
location to another on the Internet and
between computer systems.

FTP enables the transfer of files back and
forth between computers or through the
cloud.
FTP

Users require an Internet connection
in order to execute FTP transfers.
FTP is an essential tool for those who
build and maintain websites.
Many FTP clients are free to
download, although most websites
already have the FTP built-in.
What Is an Example of FTP

Examples of FTP clients include CoffeeCup Free FTP, Core FTP,
FileZilla Client, FTP Voyager, and WinSCP.
What is Kerberos

Kerberos is a network
authentication protocol. It
is designed to provide
strong authentication for
client/server applications
by using secret-key
cryptography
KERBEROS

Kerberos was created by MIT as
a solution to these network
security problems. The
Kerberos protocol uses strong
cryptography so that a client
can prove its identity to a
server (and vice versa) across
an insecure network
connection.
KERBEROS

Kerberos is a solution to your network security
problems. It provides the tools of
authentication and strong cryptography over
the network to help you secure your
information systems across your entire
enterprise

The Three Main Parts of Kerberos
User/client
Key distribution center (KDC)
Authentication server (AS)
Ticket-granting server (TGS)
Service/application
Kerberos authentication

allows service systems and users to
authenticate each other. During all steps of
the process, the user and the server will
know that the counterparts that they are
interacting with are authentic.
User Datagram Protocol (UDP)

Transport Layer protocol.
UDP is a part of the
Internet Protocol suite,
referred to as UDP/IP
suite.

Unlike TCP, it is an
unreliable and
connectionless protocol
Applications of UDP:

Used for simple request-
response communication when
the size of data is less and
hence there is lesser concern
about flow and error control.
It is a suitable protocol for
multicasting as UDP supports
packet switching.
UDP is used for some routing
update protocols like RIP
(Routing Information Protocol).
Following implementations uses UDP as a
transport layer protocol
NNP (Network News
Protocol) Quote of the
day protocol TFTP,
RTSP, RIP.

used for the distribution, inquiry, retrieval, and posting
of news articles using a reliable stream-based
mechanism, usually TCP/IP.
The Domain Name System (DNS)

protocol is a core
network service that
allows users to navigate
the internet using
hostnames instead of IP
addresses.
DNS

DNS stands for Domain Name System.
DNS is a directory service that provides a mapping
between the name of a host on the network and its
numerical address.
DNS is required for the functioning of the internet.
Each node in a tree has a domain name, and a full
domain name is a sequence of symbols specified by
dots.
DNS is a service that translates the domain name
into IP addresses. This allows the users of networks
to utilize user-friendly names when looking for other
hosts instead of remembering the IP addresses.
For example, suppose the FTP site at EduSoft had an
IP address of 132.147.165.50, most people would
reach this site by specifying ftp.EduSoft.com.
Therefore, the domain name is more reliable than IP
address.
DNS (Domain Name Service)

DNS servers translate the
website domain names users
search in web browsers into
corresponding numerical IP
addresses.
BOOTP, DHCP.

A protocol important part of
the web's infrastructure,
serving as the Internet's
phone book: every time you
visit a website, your
computer performs a DNS
lookup.
What if every search in web you use the dot
ip address?
Equivalent dot IP address of
FACEBOOOK

69.63.176.13 Dot IP address for Google Browser

69.63.181.15
69.63.187.17 For IPv4: 8.8.8.8 and/or 8.8.4.4. For IPv6:
2001:4860:4860::8888 and/or
69.63.187.18 2001:4860:4860::8844 69.63.184.142
69.63.187.19
69.63.181.11
69.63.181.12
 DNS is a TCP/IP protocol used on different platforms. The domain
name space is divided into three different sections: generic
domains, country domains, and inverse domain.
Country Domain

▪ The format of country
domain is same as a generic
domain, but it uses two-
character country
abbreviations (e.g., us for
the United States) in place
of three character
organizational
abbreviations.
The domain name space is divided into three
different sections: generic domains, country
domains, and inverse domain.
Generic Domains

▪ It defines the registered hosts
according to their generic behavior.
▪ Each node in a tree defines the
domain name, which is an index to
the DNS database.
▪ It uses three-character labels, and
these labels describe the
organization type.
The application layer can do some of the
tasks through UDP

Record Route
Provides a facility for
routers to record their IP
addresses, allowing a
system to see the route
that an IP datagram took Trace Route
on its way from the A traceroute provides a map of how data on the internet
travels from its source to its destination.
original source to the
final destination.
Inverse Domain

▪ The inverse domain is used for
mapping an address to a name.
When the server has received a
request from the client, and the
server contains the files of only
authorized clients. To
determine whether the client is
on the authorized list or not, it
sends a query to the DNS server
and ask for mapping an address
to the name.
Timestamp

the current time of an
event that a computer
records. Through
mechanisms, such as the
Network Time Protocol, a
computer maintains
accurate current time,
calibrated to minute
fractions of a second.
A timestamp is a digital record of the
date and time when an event occurred,
usually represented in a human-readable
format.
SMTP(Simple Mail Transfer Protocol)

is a TCP/IP protocol used in sending
and receiving email. SMTP is used
most commonly by email clients,
including Gmail, Outlook, Apple
Mail and Yahoo Mail.
SMTP can send and receive email,
but email clients typically use a
program with SMTP for sending
email.
 Simple Mail Transfer Protocol (SMTP)

is a standard internet
protocol that allows
computers and servers to
exchange email messages
over a network.
SMTP is used by email
service providers like Gmail
and Outlook, as well as
other message transfer
agents.
Model of SMTP
POP3 (Post Office Protocol)

An older protocol was originally
designed to be used on only one
computer. Unlike modern
protocols that use two-way
synchronization, POP3 only
supports one-way email
synchronization, only allowing
users to download emails from a
server to a client.
IMAP(Internet Message Access Protocol)

is an Internet standard
protocol used by email
clients to retrieve email
messages from a mail
server over a TCP/IP
connection. IMAP is
defined by RFC 9051.
 SNMP(Simple Network Management Protocol)

SNMP is a framework used
for managing devices on the
internet.
It provides a set of
operations for monitoring
and managing the internet.
Simple Network Management Protocol (SNMP)

is an application-layer
protocol. Part of the
Transmission Control
Protocol/Internet Protocol
(TCP/IP) suite.
Used to monitor and manage
network devices, such as
routers, servers, and
printers, by collecting and
organizing information about
them and changing that
information to modify their
behavior.
 Examples of SNMP

Routers, switches, firewalls, and
wireless access points are examples
of devices that you can manage via
SNMP.
RFC stands for Request for Comments

is a collection of technical
documents published by the
Internet Engineering Task
Force (IETF) that describe the
internet's technical
foundations and specify
protocols. These protocols are
used to deliver services like
email, real-time
collaboration, and the domain
name system.
Reverse Address Resolution Protocol (RARP)

is a protocol a physical machine in a
local area network (LAN) can use to
request its IP address. It does this by
sending the device's physical address
to a specialized RARP server that is
on the same LAN and is actively
listening for RARP requests.
ActiveX

is a software framework
from Microsoft that includes
protocols, technologies,
and APIs that allow
applications to share data
and functionality with each
other through web
browsers.
 ActiveX is a deprecated software
framework created by Microsoft that
adapts its earlier Component Object
Model (COM) and Object Linking and
Embedding (OLE) technologies for
content downloaded from a network,
particularly from the World Wide
Web. Microsoft introduced ActiveX in
1996.