OSI Layer’s Protocols and Devices

7.Applicatio  Application Layer provides the operating system wit

n layer h direct access to network services
 Application layer provides an interface so that
processes such as Excel or Word that are running on the
local machine can get access to network services (E.G.,
retrieving a file from a network server)
 Handles network access, flow control and error
recovery
 It serves as the interface between the user and the net
work
---------------------------------------------------
Devices : Gateway works in Application layer
Protocols : DHCP - DNS - FTP - HTTP - IMAP4 - IRC
- NNTP - XMPP -
MIME - POP3 - SIP - SMTP - SNMP - SSH - TELNET
- BGP - RPC - RTP - RTCP - TLS/SSL - SDP - SOAP -
L2TP - PPTP
6.Presentati  is responsible for presenting the
on layer data in a standard format and
data translation (formatting)
Following tasks are performed in Presentation Layer:
 Encoding – Decoding
 Encryption – Decryption
 Compression – Decompression
---------------------------------------------------
Devices : Gateway Works in Presentation Layer
5.Session  Session Layer is responsible for establishing, maintai
layer ning and
terminating session
 Responsible for name recognition (identification) so
only the designated
parties can participate in the session
---------------------------------------------------
Devices : Gateway works in Session Layer
4.Transport  Transport Layer is responsible for reliable delivery of
layer data. It
 This is where flow-control and connection protocols
exist,
 Provides errorchecking to guarantee errorfree data de
livery,
with on losses or duplications
 The major function of the Transport Layer is Error C
orrection
 Identifying Service, Multiplexing & Demultiplexing
and Segmentation
are happening in this layer
---------------------------------------------------
Devices :
Brouter and Gateway works in Transport Layer
Protocols : TCP - UDP - DCCP - SCTP - GTP
3.Network  Network Layer is responsible for providing best path
layer for Data
to reach the destination
 Logical addressing is happening in this layer
 Network Layer translates logical network address
and names to their physical address (e.g. computer nam
e = MAC address
---------------------------------------------------
Devices : Router works in Network Layer
Protocols : IP (IPv4 - IPv6) - ARP - RARP - ICMP -
IGMP - RSVP - IPSec - IPX/SPX
2.Data link  It handles data frames between the
layer network and Physical layers
 Error detection is happening in this layer
It Receives end packages raw data from the Physical l
ayer into
data frames for delivery to the Network layer as packets
---------------------------------------------------
Devices : Switch, Bridge and NIC works in this layer
Protocols : ATM - DTM - Ethernet - FDDI - Frame
 Relay - GPRS - PPP
1.Physical In Physical Layer data will be converted into Binary(0
layer ’s & 1’&)
It transmits raw bit stream over physical cable
The Physical layer defines all the electrical and
physical
specifications for devices.
---------------------------------------------------
Devices : Hub and Repeater works in Physical Layer
Protocols :Ethernet physical layer - ISDN - Modems -
PLC - RS232 - SONET/SDH - G.709 - Wi-Fi

Basic Networking Commands Explained with Examples

 Tracert / traceroute

Tracert: Determines the path taken to a destination by sending Internet Control

Message Protocol (ICMP) Echo Request messages to the destination with
incrementally increasing Time to Live (TTL) field values.

Examples:

To trace the path to the host named www.google.co.in use following command

tracert www.google.co.in

 Ping

Verifies IP-level connectivity to another TCP/IP computer by sending Internet

Control Message Protocol (ICMP) Echo Request messages. The receipt of
corresponding Echo Reply messages are displayed, along with round-trip times. Ping
is the primary TCP/IP command used to troubleshoot connectivity, reach ability, and
name resolution.

 Ipconfig

Displays all current TCP/IP network configuration values and refreshes Dynamic
Host Configuration Protocol (DHCP) and Domain Name System (DNS) settings. This
command is most useful on computers that are configured to obtain an IP address
 automatically. This enables users to determine which TCP/IP configuration values
have been configured by DHCP, Automatic Private IP Addressing (APIPA), or an
alternate configuration.

Examples:

ipconfig To display the basic TCP/IP configuration for all adapters

ipconfig /all To display the full TCP/IP configuration for all adapters
ipconfig /renew "Local Area To renew a DHCP-assigned IP address configuration for
Connection" only the Local Area Connection adapter
ipconfig /flushdns To flush the DNS resolver cache when troubleshooting
DNS name resolution problems
ipconfig /showclassid Local To display the DHCP class ID for all adapters with names
that start with Local
ipconfig /setclassid "Local Area To set the DHCP class ID for the Local Area Connection
Connection" TEST adapter to TEST
 Arp

Displays and modifies entries in the Address Resolution Protocol (ARP) cache, which
contains one or more tables that are used to store IP addresses and their resolved
Ethernet or Token Ring physical addresses. There is a separate table for each Ethernet
or Token Ring network adapter installed on your computer.

Examples:

To display the ARP cache tables for all interfaces use following command

arp -a
 Netstat

Displays active TCP connections, ports on which the computer is listening, Ethernet
statistics, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP
protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over
IPv6 protocols).

Netstat provides statistics for the following:

 Proto - The name of the protocol (TCP or UDP).

 Local Address - The IP address of the local computer and the port number being used.
The name of the local computer that corresponds to the IP address and the name of the
port is shown unless the -n parameter is specified. If the port is not yet established, the
port number is shown as an asterisk (*).
 Foreign Address - The IP address and port number of the remote computer to which
the socket is connected. The names that corresponds to the IP address and the port are
shown unless the -n parameter is specified. If the port is not yet established, the port
number is shown as an asterisk (*).

Examples:

To display the ARP cache tables for all interfaces use following command

Netstate

 Nbtstat

Displays NetBIOS over TCP/IP (NetBT) protocol statistics

NetBIOS name tables for both the local computer and remote computers, and the
NetBIOS name cache. Nbtstat allows a refresh of the NetBIOS name cache and the
names registered with Windows Internet Name Service (WINS).

Nbtstat command-line parameters are case-sensitive.

 TCP and UDP

The Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) are used to
transmit network data to and from server and client applications.

The main difference between the two protocols is that

 TCP uses a connection-oriented transport, once a connection is established, data can

be sent bidirectional. while
 UDP is a simpler, connectionless Internet protocol.
 When the TCP protocol is used, a special connection is opened up between two network
devices, and the channel remains open to transmit data until it is closed.
 On the other hand, a UDP transmission does not make a proper connection and merely
broadcasts its data to the specified network address without any verification of receipt.
 The advantage of TCP is that the transmission is much more reliable because it uses
acknowledgement packets to ensure delivery.
 The advantage of UDP is that there is no connection, so it is much faster without all the
checks and acknowledgements going on, but is also less reliable. In Table some common
TCP/IP applications are shown with the type of protocol they use.

 DNS (Domain Name Service)

 is a collection of databases that translate hostnames to IP addresses.

  A Domain Name Service (DNS) makes it easier to identify a host by a domain name. A
domain name uses words rather than numbers to identify Internet hosts. Suppose you
want to connect to the facebook Web site by using your Web browser. You would enter
 http://www.facebook.com
 FTP (File Transfer Protocol)

The File Transfer Protocol (FTP) is used to connect to remote computers, list
shared files, and either upload or download files between local and remote computers.

FTP runs over TCP, which provides a connection-oriented, guaranteed data-delivery

service. FTP is a character-based command interface, although many FTP
applications have graphical interfaces. FTP is still used for file transfer.

 SFTP (Secure File Transfer Protocol)

SSH File Transfer Protocol or SFTP is a network protocol that provides file transfer
and manipulation functionality over any reliable data stream.

 TFTP (Trivial File Transfer Protocol)

TFTP is used when a file transfer does not require an acknowledgment packet during
file transfer. TFTP is used often in router configuration. TFTP is similar in operation
to FTP. TFTP is also a command-line-based utility.

One of the two primary differences between TFTP and FTP

is speed and authentication. Because TFTP is used without acknowledgment
packets, it is usually faster than FTP. TFTP does not provide user authentication like
FTP and therefore the user must be logged on to the client and the files on the remote
computer must be writable. TFTP supports only unidirectional data transfer (unlike
FTP, which supports bi-directional transfer). TFTP is operated over port 69

 SMTP (Simple Mail Transfer Protocol)

SMTP is a standard electronic-mail protocol that handles the sending of mail from one
SMTP to another SMTP server. To accomplish the transport, the SMTP server has its
own MX (mail exchanger) record in the DNS database that corresponds to the domain
for which it is configured to receive mail.

SMTP uses TCP for communication and operates on port 25. Simple Mail Transfer
Protocol (SMTP) is the application-layer protocol used for transmitting e-mail
messages. SMTP is capable of receiving e-mail messages, but it's limited in its
capabilities. The most common implementations of SMTP are in conjunction with
either POP3 or IMAP4. For example, users download an e-mail message from a POP3
server, and then transmit messages via an SMTP server

 HTTP (Hypertext Transfer Protocol)

HTTP is often called the protocol of the Internet. HTTP received this designation
because most Internet traffic is based on HTTP. When a user requests a Web resource,
it is requested using HTTP. The following is a Web request:

http://www.example.com

When a client enters this address into a Web browser, DNS is called to resolve the
Fully Qualified Domain Name (FQDN) to an IP address. When the address is
resolved, an HTTP get request is sent to the Web server. The Web server responds
with an HTTP send response. Such communication is done several times throughout a
single session to a Web site. HTTP uses TCP for communication between clients and
servers. HTTP operates on port 80.

 HTTPS (Hypertext Transfer Protocol Secure)

HTTP is for Web sites using additional security features such as certificates. HTTPS
is used when Web transactions are required to be secure. HTTPS uses a certificate
based technology such as VeriSign.

Certificate-based transactions offer a mutual authentication between the client and the
server. Mutual authentication ensures the server of the client identity, and ensures the
client of the server identity. HTTPS, in addition to using certificate-based
authentication, encrypts all data packets sent during a session.

session, simply double-click the lock icon in the lower-right area of the Web browser.
HTTPS operates on port 443 and uses TCP for communication.

 POP3 / IMAP4 (Post Office Protocol version 3 / Internet Message Access

Protocol version 4)

Post Office Protocol 3 (POP3) and Internet Message Access Protocol 4 (IMAP4) are
two application-layer protocols used for electronic messaging across the Internet.

 POP3 is a protocol that involves both a server and a client.

 A POP3 server receives an e-mail message and holds it for the user.
  A POP3 client application periodically checks the mailbox on the server to
download mail.

 POP3 does not allow a client to send mail, only to receive it. POP3 transfers e-
mail messages over TCP port 110.

Internet Message Access Protocol 4 ( IMAP4) is an alternate e-mail protocol.

IMAP4 works in the same way as POP3, in that an e-mail message is held on a server
and then downloaded to an e-mail client application.

Users can read their e-mail message locally in their e-mail client application, but they
can't send an e-mail message using IMAP4. When users access e-mail messages via
IMAP4, they have the option to view just the message header, including its title and
the sender's name, before downloading the body of the message.

 Telnet

Short for Telecommunication Network, a virtual terminal protocol allowing a user

logged on to one TCP/IP host to access other hosts on the network.

Many people use remote control applications to access computers at their workplace
from outside the network. In remote control, a session appears in which the user is
able to manage the files on the remote computer, although the session appears to be
functioning locally. Telnet is an early version of a remote control application.

 SSH (Secure Shell)

is a program for logging in to and executing commands on a remote machine. It

provides secure encrypted communications between two untrusted hosts over an
insecure network. When SSH connects and logs in to a specified computer, the user
must prove his/her identity to the remote machine which is transmitted across the
connection using one of three forms of data encryption.

 ICMP (Internet Control Message Protocol)

ICMP provides network diagnostic functions and error reporting. One of the most
used IP commands is the Packet Internet Grouper (PING) command. When a host
PINGS another client, it sends an ICMP ECHO request, and the receiving host
responds with an ICMP ECHO REPLY. ICMP also provides a little network help for
routers. When a router is being overloaded with route requests, the router sends a
source quench message to all clients on the network, instructing them to slow their
data requests to the router.

 PING checks network connectivity on clients and routers.

  ARP / RARP (Address Resolution Protocol / Reverse Address Resolution
Protocol)

The Address Resolution Protocol (ARP) is an Internet layer protocol that helps
TCP/IP network components find other devices in the same broadcast domain.

ARP resolves an IP address of a destination to the MAC address of the destination

on the same data link layer medium, such as Ethernet. Remember that for two devices
to talk to each other in Ethernet (as with most layer 2 technologies), the data link layer
uses a physical address (MAC) to differentiate the machines on the segment. When
Ethernet devices talk to each other at the data link layer, they need to know each
other’s MAC addresses.

RARP is sort of the reverse of an ARP. In an ARP, the device knows the layer 3
address, but not the data link layer address. With a RARP, the device doesn’t have an
IP address and wants to acquire one. The only address that this device has is a MAC
address. Common protocols that use RARP are BOOTP and DHCP

 NTP (Network Time Protocol)

The Network Time Protocol is used to synchronize the time of a computer client or
server to another server or reference time source, such as a radio or satellite receiver
or modem. It provides accuracy's typically within a millisecond on LANs and up to a
few tens of milliseconds on WANs.

 SNMP

SNMP is a two-way network management protocol. SNMP consists of two

components, the SNMP Agent, and the SNMP Management Console. The SNMP
Management Console is the server side for SNMP. The management console sends
requests to the SNMP Agents as get commands that call for information about the
client.

The SNMP Agent responds to the Management Console’s get request with a trap
message. The trap message has the requested information for the Management
Console to evaluate. Security can be provided in many ways with SNMP; however,
the most common form of security for SNMP is the use of community names,
associations that link SNMP Agents to their Management Consoles:

 Agents, by default, respond only to Management Consoles that are part of the same
community name.
 If an SNMP Agent receives a request from a Management Console that is not part of
the same community name, then the request for information is denied.
Because SNMP is an industry-standard protocol, heterogeneous environments are
common. Many vendors provide versions of SNMP Management Consoles. Hewlett
Packard, for example provides HP Open View (one of the most popular Management
Consoles on the market); Microsoft provides SNMP Server with the Windows NT and
2000 Resource Kits and Systems Management Server. SNMP Management Consoles
request information according to a Management Information Base (MIB) format. An
MIB is a numeric value that specifies the type of request, and to which layer of the
OSI model the request is being sent.

 SCP (Secure Copy Protocol)

Secure Copy or SCP is a means of securely transferring computer files between a

local and a remote host or between two remote hosts, using the Secure Shell (SSH)
protocol. The protocol itself does not provide authentication and security; it expects
the underlying protocol, SSH, to secure this.

The SCP protocol implements file transfers only. It does so by connecting to the host
using SSH and there executes an SCP server (scp). The SCP server program is
typically the very same program as the SCP client.

 LDAP (Lightweight Directory Access Protocol)

Lightweight Directory Access Protocol, or LDAP, is a networking protocol for

querying and modifying directory services running over TCP/IP.

A directory is a set of information with similar attributes organized in a logical and

hierarchical manner. The most common example is the telephone directory, which
consists of a series of names organized alphabetically, with an address and phone
number attached.

An LDAP directory often reflects various political, geographic, and/or organizational

boundaries, depending on the model chosen. LDAP deployments today tend to use
Domain Name System (DNS) names for structuring the topmost levels of the
hierarchy. Deeper inside the directory might appear entries representing people,
organizational units, printers, documents, groups of people or anything else which
represents a given tree entry.

 IGMP (Internet Group Multicast Protocol)

The Internet Group Management Protocol is a communications protocol used to

manage the membership of Internet Protocol multicast groups. IGMP is used by IP
hosts and adjacent multicast routers to establish multicast group memberships. It is an
integral part of the IP multicast specification, like ICMP for unicast connections.
IGMP can be used for online video and gaming, and allows more efficient use of
resources when supporting these uses.

 LPR (Line Printer Remote)

The Line Printer Daemon protocol/Line Printer Remote protocol (or LPD, LPR) also
known as the Berkeley printing system, is a set of programs that provide printer
spooling and network print server functionality for Unix-like systems.

 NAT (Network Address Translation)

NAT translates one IP address to another. This can be a source address or a destination address.
Two basic implementations of NAT can be used: static and dynamic

 Static NAT

With static NAT, a manual translation is performed by an address translation device, translating
one IP address to a different one. Typically, static NAT is used to translate destination IP
addresses in packets as they come into your network, but you can translate source addresses also.

 Dynamic NAT

With static address translation, you need to build the translations manually. If you have 1000
devices, you need to create 1000 static entries in the address translation table, which is a lot of
work. Typically, static translation is done for inside resources that outside people want to access.
When inside users access outside resources, dynamic translation is typically used. In this
situation, the global address assigned to the internal user isn’t that important, since outside
devices don’t directly connect to your internal users—they just return traffic to them that the
inside user requested.

 ICS (Internet Connection Sharing)

ICS provides networked computers with the capability to share a single connection to the
Internet. Multiple users can use ICS to gain access to the Internet through a single connection by
using Dial-Up Networking or local networking.

 WINS (Windows Internet Name Service)

While DNS resolves host names to IP addresses, WINS resolves NetBIOS names to IP
addresses. Windows Internet Name Service provides a dynamic database of IP address to
NetBIOS name resolution mappings. WINS, determines the IP address associated with a
particular network computer. This is called name resolution. WINS supports network client and
server computers running Windows. WINS uses a distributed database that is automatically
updated with the names of computers currently available and the IP address assigned to each one.
DNS is an alternative for name resolution suitable for network computers with fixed IP
addresses.

 SNMP (Simple Network Management Protocol)

SNMP, is a TCP/IP protocol for monitoring networks and network components. SNMP uses
small utility programs called agents to monitor behavior and traffic on the network, in order to
gather statistical data. These agents can be loaded onto managed devices such as hubs, NIC's,
servers, routers, and bridges. The gathered data is stored in a MIB (management information
base). To collect the information in a usable form, a management program console polls these
agents and downloads the information from their MIB's, which then can be displayed as graphs,
charts and sent to a database program to be analyzed.

 NFS (Network File System)

Network File System (NFS) is a distributed file system that allows users to access files and
directories located on remote computers and treat those files and directories as if they were
local.

 Zeroconf (Zero configuration)

Zero Configuration Networking is a set of techniques that automatically create a usable IP

network without configuration or special servers. This allows unknowledgeable users to connect
computers, networked printers, and other items together and expect them to work automatically.

Zeroconf currently solves three problems :

 Choose numeric network addresses for networked items

 Figure out which computer has a certain name
 Figure out where to get services, like printing.

 SMB (Server Message Block)

A file-sharing protocol designed to allow networked computers to transparently access files that
reside on remote systems over a variety of networks.

SMB uses four message types: session control, file, printer, and message. It is mainly used by
Microsoft Windows equipped computers. SMB works through a client-server approach, where a
client makes specific requests and the server responds accordingly. Client computers may have
their own hard disks, which are not publicly shared, yet also want access to the shared file
systems and printers on the server, and it is for this primary purpose that SMB is best known and
most heavily used.

 AFP (Apple File Protocol)

The file sharing protocol used in an AppleTalk network. In order for non-Apple networks to
access data in an AppleShare server, their protocols must translate into the AFP language. AFP
versions 3.0 and greater rely exclusively on TCP/IP (port 548 or 427) for establishing
communication, supporting AppleTalk only as a service discovery protocol. The AFP 2.x family
supports both TCP/IP and AppleTalk for communication and service discovery.

 LPD (Line Printer Daemon) and Samba)

LPD is the primary UNIX printing protocol used to submit jobs to the printer. The LPR
component initiates commands such as "print waiting jobs," "receive job," and "send queue
state," and the LPD component in the print server responds to them. The most common
implementations of LPD are in the official BSD UNIX operating system and the LPRng project.
The Common Unix Printing System (or CUPS), which is more common on modern Linux
distributions, borrows heavily from LPD. Unix and Mac OS X Servers use the Open
Source SAMBA to provide Windows users with Server Message Block (SMB) file sharing.