Professional Documents
Culture Documents
Group Assignment For 4 Year IT Students
Group Assignment For 4 Year IT Students
Group Name ID NO
Internet protocols can be used to communicate across any set of interconnected networks.
They are equally well suited for local-area network (LAN) and wide-area network (WAN)
communications. The Internet suite includes not only lower-layer specifications (such as TCP
and IP), but also specifications for such common applications as e-mail, terminal emulation, and
file transfer. Figure 7-1 shows some of the most important Internet protocols and their
relationships to the OSI reference model.
As an interesting side note, the seven-layer model actually came about after TCP/IP. DARPA
used a four-layer model instead, which the OSI later expanded to seven layers. This is why
TCP/IP doesn't generally fit all that well into the seven-layer OSI model.
Figure 7-1 The Internet Protocol Suite and the OSI Reference Model
Creation and documentation of the Internet Protocol suite closely resemble an academic
research project. The protocols are specified and refined in documents called Requests For
Comments (RFCs), which are published, reviewed, and analyzed by the Internet community.
Taken together, the RFCs provide a colorful history of the people, companies, and trends that
have shaped the development of what is today the world's most popular open-system protocol
suite.
B)Application Layer – OSI and TCP/IP Models
Two important concepts: –
Application Layer: The first step for getting data on to the network.
fit roughly into the top three layers of the OSI Model.
– Most TCP/IP application layer protocols were developed before PCs, GUIs and multimedia
objects.
– They implement very little of the Presentation and Session layer functionality.
– Compression.
– Encryption.
– Handles the exchange of information to initiate dialogs, keep them active and restart
sessions.
DNS (Domain Name System) Resolves Internet names (URLs) to IP Addresses, port 53
Telnet, SSH (Terminal emulation, Secure shell) access to servers and network devices, port
23,22
SMTP (Simple Mail Transfer Protocol) Transfer of mail messages and attachments (outgoing),
port 25 POP3, POP3S (Post Office Protocol) Transfer of mail messages and attachments
(incoming), port 110, 995
DHCP (Dynamic Host Configuration Protocol) Assigns IP Addresses (IP, subnet mask) and other
parameters (DNS, Gate way, …) to hosts, port 67, 68
HTTP(s) (Hypertext Transfer Protocol) Transfer files that make up web pages, port 80, 443
FTP(S) ((Secure) File Transfer Protocol) Interactive file transfer between systems, port
control:21,data:21 and 3713, data:989,990
Within the Application layer, there are two forms of software programs or processes that
provide access to the network:
– Applications
– Services
• Application layer protocols are used by both the source and destination devices during a
communication session.
• The application layer protocols implemented on the source and destination host must match.
The Application Layer uses protocols that are implemented within applications and services
– Protocols provide the rules and formats that govern how data is treated.
Application layer protocols are used by both the source and destination devices during a
communication session.
• The application layer protocols implemented on the source and destination host must match
C) ping
The ping tool uses the IP ICMP echo request and echo reply messages to test reachability to a
remote system. In its simplest form, ping simply confirms that an IP packet is capable of getting
to and getting back from a destination IP address (Figure 7-7). This tool generally returns two
pieces of information: whether the source can reach the destination (and, by inference, vice
versa), and the round-trip time (RTT, typically in milliseconds). The RTT returned by ping should
be used only as a comparative reference because it can depend greatly on the software
implementation and hardware of the system on which ping is run. If ping fails or returns an
unusual RTT, trace route can be used to help narrow down the problem. It is also possible to
vary the size of the ICMP echo payload to test problems related to maximum transmission unit
(MTU).
The address resolution protocol (arp) is a protocol used by the Internet Protocol (IP) [RFC826],
specifically IPv4, to map IP network addresses to the hardware addresses used by a data link
protocol. The protocol operates below the network layer as a part of the interface between the
OSI network and OSI link layer. It is used when Ethernet. The job of the ARP is essentially to
translate 32-bit addresses to 48-bit addresses and vice-versa. This is necessary because in IP
Version 4 (IPv4), the most common level of Internet Protocol (IP) in use today, an IP address is
32-bits long, but MAC addresses are 48-bits long.
ARP works between network layers 2 and 3 of the Open Systems Interconnection model (OSI
model). The MAC address exists on layer 2 of the OSI model, the network layer, while the IP
address exists on layer 3, the data link layer. ARP can also be used for IP over other LAN
technologies, such as token ring, fiber distributed data interface (FDDI) and IP over ATM.
In IPv6, which uses 128-bit addresses, ARP has been replaced by the Neighbor Discovery
The term address resolution refers to the process of finding an address of a computer in a
network. The address is "resolved" using a protocol in which a piece of information is sent by a
client process executing on the local computer to a server process executing on a remote
computer. The information received by the server allows the server to uniquely identify the
network system for which the address was required and therefore to provide the required
address. The address resolution procedure is completed when the client receives a response
from the server containing the required address.
An Ethernet network uses two hardware addresses which identify the source and destination of
each frame sent by the Ethernet. The destination address (all 1's) may also identify
a broadcast packet (to be sent to all connected computers). The hardware address is also
known as the Medium Access Control (MAC) address, in reference to the standards which
define Ethernet. Each computer network interface card is allocated a globally unique 6 byte link
address when the factory manufactures the card (stored in a PROM). This is the normal link
source address used by an interface. A computer sends all packets which it creates with its own
hardware source link address, and receives all packets which match the same hardware address
in the destination field or one (or more) pre-selected broadcast/multicast addresses.
The Ethernet address is a link layer address and is dependent on the interface card which is
used. IP operates at the network layer and is not concerned with the link addresses of
individual nodes which are to be used. The address resolution protocol (arp) is therefore used
to translate between the two types of address. The arp client and server processes operate on
all computers using IP over Ethernet. The processes are normally implemented as part of the
software driver that drives the network interface card.
There are four types of arp messages that may be sent by the arp protocol. These are identified
by four values in the "operation" field of an arp message. The types of message are:
1,ARP request
2,ARP reply
3,RARP request
4,RARP reply
To reduce the number of address resolution requests, a client normally caches resolved
addresses for a (short) period of time. The arp cache is of a finite size, and would become full of
incomplete and obsolete entries for computers that are not in use if it was allowed to grow
without check. The arp cache is therefore periodically flushed of all entries. This deletes unused
entries and frees space in the cache. It also removes any unsuccessful attempts to contact
computers which are not currently running.
If a host changes the MAC address it is using, this can be detected by other hosts when the
cache entry is deleted and a fresh arp message is sent to establish the new association. The use
of gratuitous arp (e.g. triggered when the new NIC interface is enabled with an IP address)
provides a more rapid update of this information.
The figure below shows the use of arp when a computer tries to contact a remote computer on
the same LAN (known as "sysa") using the "ping" program. It is assumed that no previous IP
datagrams have been received form this computer, and therefore arp must first be used to
identify the MAC address of the remote computer.
The arp request message ("who is X.X.X.X tell Y.Y.Y.Y", where X.X.X.X and Y.Y.Y.Y are IP
addresses) is sent using the Ethernet broadcast address, and an Ethernet protocol type of value
0x806. Since it is broadcast, it is received by all systems in the same collision domain (LAN). This
is ensures that is the target of the query is connected to the network, it will receive a copy of
the query. Only this system responds. The other systems discard the packet silently.
Gratuitous ARP
Gratuitous ARP is used when a node (end system) has selected an IP address and then wishes to
defend its chosen address on the local area network (i.e. to check no other node is using the
same IP address). It can also be used to force a common view of the node's IP address (e.g.
after the IP address has changed).Use of this is common when an interface is first configured, as
the node attempts to clear out any stale caches that might be present on other hosts. The node
simply sends an arp request for itself.
Proxy ARP
Proxy ARP is the name given when a node responds to an arp request on behalf of another
node. This is commonly used to redirect traffic sent to one IP address to another system.
Proxy ARP can also be used to subvert traffic away from the intended recipient. By responding
instead of the intended recipient, a node can pretend to be a different node in a network, and
therefore force traffic directed to the node to be redirected to itself. The node can then view
the traffic (e.g. before forwarding this to the originally intended node) or could modify the
traffic. Improper use of Proxy ARP is therefore a significant security vulnerability and some
networks therefore implement systems to detect this. Gratuitous ARP can also help defend the
correct IP to MAC bindings.
E) Net stat
The net stat command is a good tool for diagnosing common problems in a Transmission
Control Protocol/Internet Protocol (TCP/IP) network environment.
The net stat command lets you determine which area of the network has a problem. After
you have isolated the problem to an area, you can use more sophisticated tools to proceed.
Communication problems
Common TCP/IP communication problems include the inability to communicate with a host on
your network and routing problems. These are some solutions.
NetBIOS over TCP/IP (NBT, or sometimes Net BIT) is a networking protocol that allows legacy
computer applications relying on the NetBIOS API to be used on modern TCP/IP networks.
NetBIOS was developed in the early 1980s, targeting very small networks (about a dozen
computers). Some applications still use NetBIOS, and do not scale well in today's networks of
hundreds of computers when NetBIOS is run over NBF. When properly configured, NBT allows
those applications to be run on large TCP/IP networks (including the whole Internet, although
that is likely to be subject to security problems) without change.
1.Name service
In NetBIOS, each participant must register on the network using a unique name of at most 15
characters. In legacy networks, when a new application wanted to register a name, it had to
broadcast a message saying "Is anyone currently using that name?" and wait for an answer. If
no answer came back, it was safe to assume that the name was not in use. However, the wait
timeout was a few seconds, making the name registration a very lengthy process, as the only
way of knowing that a name was not registered was to not receive any answer.NBT can
implement a central repository, or Name Service, that records all name registrations.
The packet formats of the Name Service are identical to DNS. The key differences are the
addition of NetBIOS "Node Status" query, dynamic registration and conflict marking packets.
They are encapsulated in UDP. Later implementation includes an optional Scope part of the
name, making NetBIOS name hierarchical like DNS, but this is seldom used..
Datagram mode is "connectionless"; NetBIOS datagrams are sent over UDP. A datagram is sent
with a "Direct Unique" or "Direct Group" packet if it's being sent to a particular NetBIOS name,
or a "Broadcast" packet if it's being sent to all NetBIOS names on the network.
3.Session service
Session mode lets two computers establish a connection for a "conversation", allows larger
messages to be handled, and provides error detection and recovery. Sessions are established by
exchanging packets.
The computer establishing the session attempts to make a TCP connection to port 139 on the
computer with which the session is to be established. If the connection is made, the computer
establishing the session then sends over the connection a "Session Request" packet with the
NetBIOS names of the application establishing the session and the NetBIOS name to which the
session is to be established. The computer with which the session is to be established will
respond with a "Positive Session Response" indicating that a session can be established or a
"Negative Session Response" indicating that no session can be established. Data is transmitted
during an established session by Session Message packets.
TCP handles flow control and retransmission of all session service packets, and the dividing of
the data stream over which the packets are transmitted into IP datagrams small enough to fit
in link-layer packets. Sessions are closed by closing the TCP connection.
Security vulnerabilities
Web servers are typically - but not exclusively - the first point of impact for internet-based
attack vectors. Local area network (LAN) ports, by design, advertise information and
consequently often become the focus of the most attacks upon Client-Server networks. Many
services that are vulnerable to such means of attack, can - dependent on organizational impact
to work-flows - safely be disabled. This is particularly true of network services that are
inherently intranet-centric.
Two such vulnerable network protocols that provide services are: the Server Message
Block (SMB) protocol and NetBIOS over TCP/IP. Both services can reveal incredible amounts of
detailed and vital security information about an exposed network. When not mitigated,
NetBIOS over TCP/IP and SMB provide recurring vectors for malicious attacks upon a network.
Specifically, NetBIOS provides attackers with a means to map the network and also freely
navigate a compromised intranet. In regards to public Web Servers, neither service is necessary
for the successful operation of a public Web server and disabling both services in such scenarios
can greatly enhance the security status of a network.
NetBIOS was also developed for non-routable LANs. A central role of NetBIOS in Client-Server
networks (and also those networks that have networked peripheral hardware that also
predates DNS compatibility) is to provide name resolution to computers and networked
peripherals. Further, it allows for such networked hardware to be accessed and shared and also
enables the mapping and browsing of network folders, shares and shared printers, faxes, etc. In
its primary capacity, it acts as a session-layer protocol transported over TCP/IP to provide name
resolution to a computer and shared folders.
G) Network Management System Look Up Ip Configure
The International Organization for Standardization (ISO) network management model defines
five functional areas of network management. This document covers all functional areas. The
overall purpose of this document is to provide practical recommendations on each functional
area to increase the overall effectiveness of current management tools and practices. It also
provides design guidelines for future implementation of network management tools and
technologies.
Configuration Flowchart Figure 1-2 Flowchart for configuring the IP DCN solution
Configuration Procedure
Required.
1 Setting Changing the NE ID
basic NE
attributes Setting NE Communication Required.
Parameters
2 Configuring DCCs Required.
3 Configuring Configuring the VLAN ID Perform this operation if the VLAN ID and
the inband and Bandwidth Used by an bandwidth of the inband DCN planned for OptiX
DCN Inband DCN equipment do not take their default values. (The
default VLAN ID is 4094 and the default bandwidth
is 512 kbit/s.)
NOTE:
The same VLAN ID is used for inband DCN
communication over the entire network.
Configuring the Priority of Required when the priority needs to be specified for
Inband DCN Packets DCN packets.
4 Configuring Setting OSPF Protocol Required.
IP routes Parameters
Changing the network Required for an ABR.
segment of the backbone
area for an ABR
Creating an OSPF Area When a network consists of multiple OSPF areas,
create the non-backbone area to which the ABR
belongs.
Adding an ABR into a Required when the ABR is in an area with multiple
network segment network segments.
Enabling the proxy ARP If the third-party NMS and the third-party equipment
are on the same IP network segment and the OptiX
transmission network provides an IP route between
the third-party NMS and the third-party equipment,
enable the proxy ARP on the OptiX NE connected to
the third-party NMS and the OptiX NE connected to
the third-party equipment.
Creating a Static IP Route Configure the static routes of NEs according to the
network plan.
Querying IP Routes In normal cases:
The gateway NE has a route to the NMS.
The gateway NE has routes to non-gateway NEs
and non-gateway NEs have routes to the gateway
NE.
If the third-party equipment is connected to the
third-party NMS through an OptiX NE, the OptiX
NE has routes to the third-party NMS and to the
third-party equipment.
NOTE:
You can check the route status by testing route
connectivity, in addition to querying IP routes.
7 Creating Creating NEs by Using the It is recommended that you perform this operation to
NEs on the Manual Method add one or more NEs to a large existing network on
centralized (U2000) or Creating NEs by the centralized NMS.
NMS Using the Search Method NOTE:
(Web LCT) If NE Automatic Reporting is enabled, an NE is
automatically created on the U2000 after it communicates
with the U2000.
Creating NEs by Using the It is recommended that you perform this operation to
Search Method create NEs on the centralized NMS in other cases.
(U2000) or Creating NEs by NOTE:
Using the Manual Method If NE Automatic Reporting is enabled, an NE is
(Web LCT) automatically created on the U2000 after it communicates
with the U2000.
Network Management
The ISO network management model's five functional areas are listed below.
Fault Management—Detect, isolate, notify, and correct faults encountered in the network.