18-02-2011, 12:52 AM
[Network +] Common networking protocols and the TCP/IP suite
There are a lot of protocols in use today but they all have one thing in common and that is that they are sets of rules to determine how communication will take place within a network.
You should be aware of the different protocols in use today and how they work together, or in some cases don't work together.
In addition, groups of protocols are combined to create protocol suites. One of the most important being the Transmission Control Protocol / Internet Protocol or TCP/IP.
Today I will be covering the protocols within the TCP/IP suite.
The TCP/IP suite is split in to four layers and these are, Link, Internet, Transport and Application with each layer containing different protocols.
I don't like to say this but if you don't want to read about all of the protocols then the key ones you need to understand are: IP, TCP, UDP with knowledge of HTTP, HTTPS, FTP and the mail protocols.
IP (Internet Protocol)
IP is a connectionless protocol that transports packets from a source host to a destination host, across one or more networks. All network devices are assigned with an IP address.
TCP (Transmission Control Protocol)
TCP is a connection oriented protocol that provides reliable delivery of data from one computer program to another. TCP is used by applications such as FTP.
TCP requires that a session is established between two computers before communication can take place.
TCP works using a three way handshake process:
1) The host sends a SYN to the target host.
2) The target host then opens a connection and sends back a SYN ACK.
3) The host then sends an ACK to confirm that it received the SYN ACK. After this three way handshake has taken place, data can then be transferred.
When you send data using TCP, TCP is responsible for breaking the data into packets and controlling the rate of data flow.
It does this by telling the sender to either speed up or slow down, this is a precaution to ensure that programs never receive more data than they can handle.
The sender keeps a record of every packet that it sends and receives, as well as a timer from when the packet was sent and re-sends a packet if the time expires, this is used when a packet is lost or corrupt.
The receiver responds with an ACK for each packet that it receives.
If a server sends 100 SYN packets but the client only receives 97, then the client will only send 97 ACKs back. The server would then check and notice that it's 3 packets short so it would then resend the missing SYNs, this is to make sure that the client did NOT receive the packets and that it was not just a routing / networking error when the client was supposed to have sent the ACKs.
In essence there are two connections being made with TCP. Each side of the connection has both a Tx(transmit) and a Rx(receive) and they are independent of each other.
TCP uses error correction, it is not one side talking at a time saying I GO, YOU GO. It is both sides speaking and listening simultaneously.
*Thanks to Pack3t SynAck3r for his clarification and addition.
UDP (User Datagram Protocol)
UDP is a connectionless protocol. UDP broadcasts packets in the hope that they are received, resulting in many packets being lost. UDP is used by DNS and VoIP amongst others.
FTP (File Transfer Protocol)
Used to transfer files between computers / servers either within an intranet or the internet. Uses TCP and is based on a client / server set up.
TFTP (Trivial File Transfer Protocol)
Used to transfer files but unlike FTP, TFTP uses UDP instead of TCP. Compared to FTP, TFTP is limited and is often used to transfer files to routers or switches for management purposes and doesn't require authentication.
SMTP (Simple Mail Transfer Protocol)
SMTP is used to send emails and uses TCP to guarantee delivery.
HTTP (Hypertext Transfer Protocol)
The foundation protocol used on the internet, allowing you to view files on the world wide web.
HTTPS (Hypertext Transfer Protocol Secure)
Uses SSL to encrypt traffic, usually passwords for secure sites such as paypal.
POP3 (Post Office Protocol Version 3)
Allows the retrieval of emails from a webserver to a client, the emails are then stored on the local client.
IMAP4 (Internet Message Access Protocol version 4)
Similar to POP3 where it allows the retrieval of emails but the main difference is that the emails are stored on a server and not locally on a client.
Telnet (Telnet)
I'd say Telnet is legacy now but is still often used to connect to and manage switches or routers although it is insecure as it authenticates in clear text. It provides a CLI for remote management.
SSH (Secure Shell)
SSH in many ways replaced Telnet, it offers a secure alternative to log on to computers remotely provided with a CLI. Often used to connect to servers, traffic can also be tunneled over SSH such as VNC.
ICMP (Internet Control Message Protocol)
ICMP is often used to send error messages regarding networked computers. ICMP relies on IP and is used with tools such as ping and traceroute, ICMP sends echo replies to pings or messages such as "Destination Host Unreachable" or "Time Exceeded".
ICMPv4 is used for IPv4 networks and ICMPv6 for IPv6 networks.
ARP (Address Resolution Protocol)
ARP resolves IP addresses to MAC addresses. Checks in the ARP cache first before using a broadcast that determines the MAC address of the client. ARP is often targeted in MITM attacks, sometimes called ARP cache posioning attacks.
RARP (Reverse Address Resolution Protocol)
RARP is somewhat the opposite to ARP in the sense that it resolves MAC addresses to IP addresses. RARP is now obsolete and has been replaced by DHCP
NTP (Network Time Protocol)
NTP is used to synchronise computer clocks and time in a network. Microsoft often complains that you need your clock synchronised with their server before you can use Windows Update.
SIP (Session Initiation Protocol)
SIP is commonly used to control voice and video calls over IP,(VoIP). I don't know a lot about SIP
RIP (Routing Information Protocol)
RIP is a routing protocol. It uses distance vector routing and hop counts as it's routing metric, 15 hops is the maximum supported with 16 considered infinate. Uses UDP and port 520. The latest version is RIPv2, RIPv2 multicasts the entire routing table to adjacent routers at the address 224.0.0.9, hosts that don't run RIP drop the requests. OSPF has been considered better than RIP.
Other Protocols
IGMP (Internet Group Management Protocol)
TLS (Transport Layer Security)
DHCP (Dynamic Host Configuration Protocol)
LDAP (Lightweight Directory Access Protocol)
There are some others as well but familiarise yourself with these and you'll be good to go.
Also, no ripping my hard work!
There are a lot of protocols in use today but they all have one thing in common and that is that they are sets of rules to determine how communication will take place within a network.
You should be aware of the different protocols in use today and how they work together, or in some cases don't work together.
In addition, groups of protocols are combined to create protocol suites. One of the most important being the Transmission Control Protocol / Internet Protocol or TCP/IP.
Today I will be covering the protocols within the TCP/IP suite.
The TCP/IP suite is split in to four layers and these are, Link, Internet, Transport and Application with each layer containing different protocols.
I don't like to say this but if you don't want to read about all of the protocols then the key ones you need to understand are: IP, TCP, UDP with knowledge of HTTP, HTTPS, FTP and the mail protocols.
IP (Internet Protocol)
IP is a connectionless protocol that transports packets from a source host to a destination host, across one or more networks. All network devices are assigned with an IP address.
TCP (Transmission Control Protocol)
TCP is a connection oriented protocol that provides reliable delivery of data from one computer program to another. TCP is used by applications such as FTP.
TCP requires that a session is established between two computers before communication can take place.
TCP works using a three way handshake process:
1) The host sends a SYN to the target host.
2) The target host then opens a connection and sends back a SYN ACK.
3) The host then sends an ACK to confirm that it received the SYN ACK. After this three way handshake has taken place, data can then be transferred.
When you send data using TCP, TCP is responsible for breaking the data into packets and controlling the rate of data flow.
It does this by telling the sender to either speed up or slow down, this is a precaution to ensure that programs never receive more data than they can handle.
The sender keeps a record of every packet that it sends and receives, as well as a timer from when the packet was sent and re-sends a packet if the time expires, this is used when a packet is lost or corrupt.
The receiver responds with an ACK for each packet that it receives.
If a server sends 100 SYN packets but the client only receives 97, then the client will only send 97 ACKs back. The server would then check and notice that it's 3 packets short so it would then resend the missing SYNs, this is to make sure that the client did NOT receive the packets and that it was not just a routing / networking error when the client was supposed to have sent the ACKs.
In essence there are two connections being made with TCP. Each side of the connection has both a Tx(transmit) and a Rx(receive) and they are independent of each other.
TCP uses error correction, it is not one side talking at a time saying I GO, YOU GO. It is both sides speaking and listening simultaneously.
*Thanks to Pack3t SynAck3r for his clarification and addition.
UDP (User Datagram Protocol)
UDP is a connectionless protocol. UDP broadcasts packets in the hope that they are received, resulting in many packets being lost. UDP is used by DNS and VoIP amongst others.
FTP (File Transfer Protocol)
Used to transfer files between computers / servers either within an intranet or the internet. Uses TCP and is based on a client / server set up.
TFTP (Trivial File Transfer Protocol)
Used to transfer files but unlike FTP, TFTP uses UDP instead of TCP. Compared to FTP, TFTP is limited and is often used to transfer files to routers or switches for management purposes and doesn't require authentication.
SMTP (Simple Mail Transfer Protocol)
SMTP is used to send emails and uses TCP to guarantee delivery.
HTTP (Hypertext Transfer Protocol)
The foundation protocol used on the internet, allowing you to view files on the world wide web.
HTTPS (Hypertext Transfer Protocol Secure)
Uses SSL to encrypt traffic, usually passwords for secure sites such as paypal.
POP3 (Post Office Protocol Version 3)
Allows the retrieval of emails from a webserver to a client, the emails are then stored on the local client.
IMAP4 (Internet Message Access Protocol version 4)
Similar to POP3 where it allows the retrieval of emails but the main difference is that the emails are stored on a server and not locally on a client.
Telnet (Telnet)
I'd say Telnet is legacy now but is still often used to connect to and manage switches or routers although it is insecure as it authenticates in clear text. It provides a CLI for remote management.
SSH (Secure Shell)
SSH in many ways replaced Telnet, it offers a secure alternative to log on to computers remotely provided with a CLI. Often used to connect to servers, traffic can also be tunneled over SSH such as VNC.
ICMP (Internet Control Message Protocol)
ICMP is often used to send error messages regarding networked computers. ICMP relies on IP and is used with tools such as ping and traceroute, ICMP sends echo replies to pings or messages such as "Destination Host Unreachable" or "Time Exceeded".
ICMPv4 is used for IPv4 networks and ICMPv6 for IPv6 networks.
ARP (Address Resolution Protocol)
ARP resolves IP addresses to MAC addresses. Checks in the ARP cache first before using a broadcast that determines the MAC address of the client. ARP is often targeted in MITM attacks, sometimes called ARP cache posioning attacks.
RARP (Reverse Address Resolution Protocol)
RARP is somewhat the opposite to ARP in the sense that it resolves MAC addresses to IP addresses. RARP is now obsolete and has been replaced by DHCP
NTP (Network Time Protocol)
NTP is used to synchronise computer clocks and time in a network. Microsoft often complains that you need your clock synchronised with their server before you can use Windows Update.
SIP (Session Initiation Protocol)
SIP is commonly used to control voice and video calls over IP,(VoIP). I don't know a lot about SIP
RIP (Routing Information Protocol)
RIP is a routing protocol. It uses distance vector routing and hop counts as it's routing metric, 15 hops is the maximum supported with 16 considered infinate. Uses UDP and port 520. The latest version is RIPv2, RIPv2 multicasts the entire routing table to adjacent routers at the address 224.0.0.9, hosts that don't run RIP drop the requests. OSPF has been considered better than RIP.
Other Protocols
IGMP (Internet Group Management Protocol)
TLS (Transport Layer Security)
DHCP (Dynamic Host Configuration Protocol)
LDAP (Lightweight Directory Access Protocol)
There are some others as well but familiarise yourself with these and you'll be good to go.
Also, no ripping my hard work!