SYSTEM ADMINISTRATION Chapter 7 TCP/IP Overview (OSI Model Review) • The OSI Model is a layered framework that provides structure for data communications. • The Application layer services applications. Protocols such as DNS, FTP, TFTP, Telnet, SNMP, and SMTP function at this layer. • The Presentation layer is responsible for character conversion, encryption/decryption, and compression/decompression. No TCP/IP protocols function at this layer. (continued) Overview (OSI Model Review) (continued) • The Session layer opens, maintains, and ends sessions, provides name-recognition services, and aids in reliable data delivery. No TCP/IP protocols function at this layer. • The Transport layer guarantees delivery of packets to the destination, divides messages into packets and provides the sequencing services necessary to reassemble the message at delivery, requests retransmission when non-delivery errors occur, and manages flow-control between the source and destination nodes. TCP and UDP function at this layer. (continued) Overview (OSI Model Review) (continued) • The Network layer is responsible for logical addressing and the routing of packets through the internetwork. IP, UDP, ARP, RARP, and ICMP are part of this layer. • Data Link layer responsibilities include converting packets into bits, and defining the access methods used to allow data to be transmitted and received. No TCP/IP protocols function at this layer. • The Physical layer transmits data across the physical media, and sets standards for the physical components of a network such as cable, NICs, and repeaters. No TCP/IP protocols function at this layer. TCP • Transmission Control Protocol is a connectionoriented, reliable protocol that uses IP for transport. • TCP guarantees delivery of packets through use of the checksum. • TCP uses port identities to provide a logical connection between the source and destination nodes. IP • IP is the most basic of all the protocols in the TCP/IP suite because it is the transport protocol all other protocols rely on. • IP delivers packets. It does not guarantee delivery. • IP is a connectionless protocol. UDP • UDP is a connectionless protocol used to transport data. • UDP uses some very basic error-checking methods to validate the delivery of the packets. • UDP is commonly used for service protocols (and therefore, applications) because of its efficiency and lower overhead. FTP • FTP allows remote nodes to share files by providing the method to retrieve those files to a local machine. • FTP uses TCP for transport. • FTP has two components: the client (requestor) component, and the server (service provider) component. These two components can be configured on any type of machine because FTP does not look at the machine or the operating system. It is concerned only with the service availability. (continued) FTP (continued) • Access to files is controlled in one of two ways: using a user account and password for access; or using the Anonymous account. Both require that the appropriate permissions or rights be configured on the files. • The Anonymous account requires a password that is an e-mail address. • The bandwidth speed, congestion on the media, and the speed of the computer hosting FTP determine the speed of an FTP session. • FTP uses many commands that allow the user to download files, upload files, change directories, and request a multiple-file download or upload. • Other utilities are available to make the FTP process more user-friendly. TFTP • TFTP does many of the same things FTP does, but without the overhead of a TCP connection. • TFTP uses UDP for efficient transport of files. • TFTP is commonly used to access router configuration files and operating system files stored on a remote computer. • Any node running the TCP/IP protocol can act either as a service provider or as a client. SMTP • SMTP is the protocol used to support the transfer of e-mail messages from one email system to another over a TCP/IP connection. • SMTP uses TCP to provide guaranteed delivery of the packets that form an e-mail message. • Use of TCP connections allows an error message to be sent to the source node if delivery of the message cannot be completed. (continued) SMTP (continued) • POP3 is a protocol that runs on an email server and allows email messages to be stored on the email server. • POP3 assumes that the client will always use the same machine when requesting email messages from the server • POP3 requires a client to authenticate with a valid user name and password. It will then dynamically transmit all stored messages to the client machine. (continued) SMTP (continued) • POP3 holds conversations with the client and takes those conversations through three states: o Authorization – readiness to service the client by validating the user name and password o Transaction – sends the waiting messages to the client machine, and takes care of deleting, sending, and forwarding any marked messages. o Update – closes the conversation with the client. • POP3 assumes that the client will always use the same machine when requesting e-mail messages from the server IMAP • IMAP allows administrators to provide their users with the ability to access e-mail through a Web browser such as Internet Explorer or Netscape. • IMAP does not require that the messages stored for a user account be downloaded to the client machine, but rather will store all messages on the email server, carry out commands against those messages (delete, modify, reply), and continue to store messages for a client. HTTP • HTTP is a generic, stateless protocol that gives access to Internet resources without regard for the platform or operating system of the requesting node. • HTTP forms the set of rules governing the transfer of files in text format, graphic image format, audio format, and video format. • HTTP can access links to other files, which create additional requests for file transfer. • Hypertext Markup Language (HTML) is the coding embedded within the HTTP request. HTTPS • HTTPS is an extension of the HTTP protocol. • HTTPS uses Secure Sockets Layer to encrypt data and protect that data during transmission over public media. • Multiple algorithms are available to encrypt data. The algorithm chosen is dependent on the security need. • HTTPS requires the presence of a certificate provider such as Verisign or Microsoft Certificate Server. TELNET • Telnet is a terminal emulation protocol. • Telnet allows users to access a remote node as if they were sitting at that node. • A telnet session is initialized by typing “telnet resource-name” at a command prompt, or opening a HyperTerminal session if you are using a Microsoft Windows operating system. • Telnet is frequently used to access router configurations and to make changes to those router configurations. ICMP • ICMP generates an error message when delivery of a packet cannot be completed. • A destination unreachable error indicates that the router is unable to complete the delivery. Routers issue four types of destination unreachable messages: – Network-unreachable – Host-unreachable – Protocol-unreachable – Port-unreachable (continued) ICMP (continued) • The PING utility issues an echo-request message, which ICMP then takes to the destination address or next router. When that destination is reached, an echo-reply is issued to acknowledge that the path for the packet is good. • To encourage more efficient routing, a router issues an ICMP redirect message. • When the packet’s route exceeds the TTL on the packet, and the packet has not been delivered, the packet is discarded and an ICMP time-exceeded message is issued to the sending node. ARP/RARP • ARP allows a router to discover the MAC address of the destination node and deliver the packet to that node. • ARP requests are broadcasts sent over the destination segment (based on the destination IP address in the header of the packet). • The node holding the IP address will respond to the broadcast with its MAC address, thus allowing delivery of the packet. (continued) ARP/RARP (continued) • Most operating systems allow ARP caching. • RARP is used when the MAC address is known, but the IP address has not been identified. • Some operating systems do not allow RARP requests with default installations of the TCP/IP protocol ARP/RARP. NTP • NTP allows synchronization of computer clocks on a network, internetwork, or the Internet. • Time synchronization is important to some applications, as well as to some operating systems that log events with a time marker. • There are three functions for NTP servers: • Client – requests time • Server – provides time • Peer – argues with other peers to come up with an agreed-upon time. • NTP typically used one of two resources for the true time setting: United States Naval Observatory (USNO) or the National Institute for Standards and Technology (NIST). TCP/UDP Ports • A port is a logical entity that identifies a specific process on both a source and destination node: it is the endpoint in a logical connection. • There are 65,535 ports, and those ports are grouped into three categories: • Well-known ports – 0-1023; assigned to common services • Registered ports – 1024-49151; registered to vendors • Dynamic and/or private ports – unassigned for dynamic usage