SYSTEM ADMINISTRATION Chapter 7 TCP/IP

advertisement
SYSTEM ADMINISTRATION
Chapter 7
TCP/IP
Overview (OSI Model Review)
• The OSI Model is a layered framework that provides
structure for data communications.
• The Application layer services applications.
Protocols such as DNS, FTP, TFTP, Telnet, SNMP,
and SMTP function at this layer.
• The Presentation layer is responsible for character
conversion, encryption/decryption, and
compression/decompression. No TCP/IP protocols
function at this layer.
(continued)
Overview (OSI Model Review)
(continued)
• The Session layer opens, maintains, and ends sessions,
provides name-recognition services, and aids in reliable
data delivery. No TCP/IP protocols function at this layer.
• The Transport layer guarantees delivery of packets to
the destination, divides messages into packets and
provides the sequencing services necessary to
reassemble the message at delivery, requests
retransmission when non-delivery errors occur, and
manages flow-control between the source and
destination nodes. TCP and UDP function at this layer.
(continued)
Overview (OSI Model Review)
(continued)
• The Network layer is responsible for logical addressing
and the routing of packets through the internetwork.
IP, UDP, ARP, RARP, and ICMP are part of this
layer.
• Data Link layer responsibilities include converting
packets into bits, and defining the access methods
used to allow data to be transmitted and received.
No TCP/IP protocols function at this layer.
• The Physical layer transmits data across the
physical media, and sets standards for the physical
components of a network such as cable, NICs, and
repeaters. No TCP/IP protocols function at this layer.
TCP
• Transmission Control Protocol is a connectionoriented, reliable protocol that uses IP for transport.
• TCP guarantees delivery of packets through use of
the checksum.
• TCP uses port identities to provide a logical
connection between the source and destination
nodes.
IP
• IP is the most basic of all the protocols in the TCP/IP
suite because it is the transport protocol all other
protocols rely on.
• IP delivers packets. It does not guarantee delivery.
• IP is a connectionless protocol.
UDP
• UDP is a connectionless protocol used to transport
data.
• UDP uses some very basic error-checking methods
to validate the delivery of the packets.
• UDP is commonly used for service protocols (and
therefore, applications) because of its efficiency and
lower overhead.
FTP
• FTP allows remote nodes to share files by providing
the method to retrieve those files to a local machine.
• FTP uses TCP for transport.
• FTP has two components: the client (requestor)
component, and the server (service provider)
component. These two components can be
configured on any type of machine because FTP
does not look at the machine or the operating
system. It is concerned only with the service
availability.
(continued)
FTP
(continued)
• Access to files is controlled in one of two ways: using a
user account and password for access; or using the
Anonymous account. Both require that the appropriate
permissions or rights be configured on the files.
• The Anonymous account requires a password that is an
e-mail address.
• The bandwidth speed, congestion on the media, and the
speed of the computer hosting FTP determine the speed
of an FTP session.
• FTP uses many commands that allow the user to
download files, upload files, change directories, and
request a multiple-file download or upload.
• Other utilities are available to make the FTP process
more user-friendly.
TFTP
• TFTP does many of the same things FTP does, but
without the overhead of a TCP connection.
• TFTP uses UDP for efficient transport of files.
• TFTP is commonly used to access router
configuration files and operating system files stored
on a remote computer.
• Any node running the TCP/IP protocol can act either
as a service provider or as a client.
SMTP
• SMTP is the protocol used to support the transfer of
e-mail messages from one email system to another
over a TCP/IP connection.
• SMTP uses TCP to provide guaranteed delivery of
the packets that form an e-mail message.
• Use of TCP connections allows an error message to
be sent to the source node if delivery of the
message cannot be completed.
(continued)
SMTP
(continued)
• POP3 is a protocol that runs on an email server and
allows email messages to be stored on the email
server.
• POP3 assumes that the client will always use the
same machine when requesting email messages
from the server
• POP3 requires a client to authenticate with a valid
user name and password. It will then dynamically
transmit all stored messages to the client machine.
(continued)
SMTP
(continued)
• POP3 holds conversations with the client and takes
those conversations through three states:
o Authorization – readiness to service the client by
validating the user name and password
o Transaction – sends the waiting messages to the
client machine, and takes care of deleting,
sending, and forwarding any marked messages.
o Update – closes the conversation with the client.
• POP3 assumes that the client will always use the same
machine when requesting e-mail messages from the
server
IMAP
• IMAP allows administrators to provide their users
with the ability to access e-mail through a Web
browser such as Internet Explorer or Netscape.
• IMAP does not require that the messages stored for
a user account be downloaded to the client
machine, but rather will store all messages on the email server, carry out commands against those
messages (delete, modify, reply), and continue to
store messages for a client.
HTTP
• HTTP is a generic, stateless protocol that gives
access to Internet resources without regard for the
platform or operating system of the requesting node.
• HTTP forms the set of rules governing the transfer
of files in text format, graphic image format, audio
format, and video format.
• HTTP can access links to other files, which create
additional requests for file transfer.
• Hypertext Markup Language (HTML) is the coding
embedded within the HTTP request.
HTTPS
• HTTPS is an extension of the HTTP protocol.
• HTTPS uses Secure Sockets Layer to encrypt data
and protect that data during transmission over public
media.
• Multiple algorithms are available to encrypt data.
The algorithm chosen is dependent on the security
need.
• HTTPS requires the presence of a certificate
provider such as Verisign or Microsoft Certificate
Server.
TELNET
• Telnet is a terminal emulation protocol.
• Telnet allows users to access a remote node as if
they were sitting at that node.
• A telnet session is initialized by typing “telnet
resource-name” at a command prompt, or opening a
HyperTerminal session if you are using a Microsoft
Windows operating system.
• Telnet is frequently used to access router
configurations and to make changes to those router
configurations.
ICMP
• ICMP generates an error message when delivery of a
packet cannot be completed.
• A destination unreachable error indicates that the router
is unable to complete the delivery. Routers issue four
types of destination unreachable messages:
– Network-unreachable
– Host-unreachable
– Protocol-unreachable
– Port-unreachable
(continued)
ICMP
(continued)
• The PING utility issues an echo-request message,
which ICMP then takes to the destination address or
next router. When that destination is reached, an
echo-reply is issued to acknowledge that the path
for the packet is good.
• To encourage more efficient routing, a router issues
an ICMP redirect message.
• When the packet’s route exceeds the TTL on the
packet, and the packet has not been delivered, the
packet is discarded and an ICMP time-exceeded
message is issued to the sending node.
ARP/RARP
• ARP allows a router to discover the MAC address of
the destination node and deliver the packet to that
node.
• ARP requests are broadcasts sent over the
destination segment (based on the destination IP
address in the header of the packet).
• The node holding the IP address will respond to the
broadcast with its MAC address, thus allowing
delivery of the packet.
(continued)
ARP/RARP
(continued)
• Most operating systems allow ARP caching.
• RARP is used when the MAC address is known, but
the IP address has not been identified.
• Some operating systems do not allow RARP
requests with default installations of the TCP/IP
protocol ARP/RARP.
NTP
• NTP allows synchronization of computer clocks on a
network, internetwork, or the Internet.
• Time synchronization is important to some applications,
as well as to some operating systems that log events
with a time marker.
• There are three functions for NTP servers:
• Client – requests time
• Server – provides time
• Peer – argues with other peers to come up with an
agreed-upon time.
• NTP typically used one of two resources for the true time
setting: United States Naval Observatory (USNO) or the
National Institute for Standards and Technology (NIST).
TCP/UDP Ports
• A port is a logical entity that identifies a specific process
on both a source and destination node: it is the endpoint
in a logical connection.
• There are 65,535 ports, and those ports are grouped into
three categories:
• Well-known ports – 0-1023; assigned to common
services
• Registered ports – 1024-49151; registered to
vendors
• Dynamic and/or private ports – unassigned for
dynamic usage
Download