Chapter 5
The Extension Protocols and
its Network Applications
ARP
The IP address is virtual, which is processed via software. LAN or WAN hardware is unable to detect a connection between the net ID of a network and an IP address and or between a host and the IP address of a host ID. To transport an IP packet, the data must be encapsulated in a frame that can be delivered from the local hardware at the receiver. Therefore, this frame must contain the hardware address of the receiver and the sender.
Address Resolution Protocol (ARP)
Also, its MAC address to be known as the IP protocol wants to send a message via the Ethernet; it must in addition to the IP address of the recipient, corresponds to this end, the TCP / IP protocol suite maintains an Address Resolution Protocol (ARP). The ARP defines two basic components: a request and a response. A request message contains an IP address and asks the corresponding hardware address (MAC address) from. The answer contains the corresponding hardware address and the IP address for which the request was made.
To avoid having to provide for each packet to be sent first an ARP request, the ARP protocol stores all known information temporarily in a table.
ARP performs this table as a cache: a small table with some belonging together engine information each overwritten or after a certain period of time (several minutes) can be deleted.
The figure above shows the use of ARP in Wireshark. Wireshark is a packet sniffer and protocol analyzer, a program to collect and analyze data in a computer network.
The RARP protocol works the other way around: It sends a request, a request with a hardware address. Then, a reply, a reply with the requested IP address is sent.
BootP and DHCP
Introduction
When starting hosts, some configurations must be made before the host can actively participate in the network traffic. Each host has an IP address, and the subnet mask applied reasonable, the IP address of the default gateway (this is the router that connects the local network to other networks, the Internet, etc.) and possibly data on the DNS server ( see the further section in this chapter) below. This data statically defined in a host or as may be determined dynamically. This section is about how certain settings can be performed automatically at startup. This boot is also known under the name of bootstrapping.
BootP
The bootstrap protocol is the TCP / IP suite added to some dynamic Configuration before in a single step to unite. The BootP protocol sends out a broadcast request to obtain configuration information. A BOOTP server knows this message and responds with a BootP reply that contains all the necessary information. BootP uses IP packets, even though the participants do not already have IP addresses. As the destination address, a broadcast address is used, which consists exclusively of send inputs, the source address is all zeros. The BootP server can use the hardware address, send his answer to the configuration is simplified by BootP, but the problem remains that a BootP server receives its information from a database that is performed as before by an administrator must manually.
DHCP
For further automatic configuration has developed the IETF Dynamic Host Configuration Protocol (DHCP). DHCP is a protocol that can join a new network without manual intervention by an administrator a host. DHCP is a client-server protocol. The client is a new host, the requesting IP information one or more DHCP servers may exist that can assign these data per network.
For a new host is the DHCP protocol consists of four steps:
-
DHCP Discover: A client sends an encapsulated in an IP packet UDP message using port 67 to search for a DHCP server. A broadcast destination address (255.255.255.255) and the source address (0.0.0.0) is used.
-
DHCP offer: the response from a DHCP server to the client. This response contains an IP address, subnet mask, and release time for the IP address.
-
DHCP request: The host selects the different address offers and responds to the selected server with a request that contains the configuration parameters.
-
DHCP ACK: The server responds with an acknowledgment.
DHCP Relay Agent - DHCP Option 82
The DHCP Relay Agent is a bootstrap protocol in which DHCP packets between DHCP clients and servers can route to different IP networks. In other words, a DHCP server, a network can use a DHCP relay agent with which it is not directly connected.
A DHCP relay agent listens to the known bootpc of client ports (67) to broadcast packets from DHCP clients in the network. These packages are converted into unicast packets and forwarded to the configured DHCP server. Here, the DHCP Relay Agent transmits its own IP address in the giaddr field of these packets. The DHCP server can, therefore, send a unicast packet to the relay agent the answer.
The relay agent then forwards the response as either broadcast or unicast packet on the network to the client.
The DHCP Option 82 is an information option of the DHCP Relay Agent. It was developed so that a DHCP relay agent can add a package to a DHCP server forward each network-specific information. The option uses an additional two information: Circuit ID and Remote ID.
About this information from the DHCP server receives information about the network in which the sending host is located information depends very much on the DHCP relay agent, and exist in Ethernet-based networks of the MAC addresses of the ports of the relay agents that shape the path to Endhost. With this information, you can specify where the assigned IP address is physically located on the network. The DHCP server may also use this information in making decisions about how to assign a specific IP address.
ICMP
In IP communication service data packets can be lost, their delivery can be greatly delayed, or they can be delivered in the wrong order. IP is not a reliable communication service but tried to avoid mistakes and to report if necessary, the occurrence of problems. A typical example of error detection is the header checksum. Whenever a data packet is received, the checksum is controlled to ensure that the header is intact. If a checksum is detected errors, the message is deleted immediately. This can’t be reported because the source address is deleted along with the message. However, other, less important term problems can be reported.
Internet Control Message Protocol
The TCP / IP protocol suite includes a protocol for sending error messages: the Internet Control Message Protocol (ICMP). So can be notified when a particular network device is unavailable, or that a particular host or router is unavailable. The computer users sometimes come directly in contact with the ICMP ping, especially
when using the Network Diagnostics commands and traceroute.
ICMP has five errors and four informative messages. The five error messages ICMP are:
-
Source Quench (source stop) is sent by a router if it forward temporarily; not enough free buffer has and therefore must reject incoming IP packets. This message is sent to the host, who created the IP packet. The sending host needs to adapt its transmission speed.
-
Time Exceeded: is sent by a router if the Time to live field has reached zero.
-
Destination Unreachable: is sent by a router if it determines that an IP packet can’t reach its destination. The error message distinguishes between a situation in which an entire network is temporarily not connected to the Internet (because a particular router is not functioning properly), and the event that a particular host is temporarily offline.
-
Redirect: is sent by a router if it determines that the IP packet to another router would actually be sent to be able to achieve his goal.
-
Fragmentation Required: is sent by a router if it determines that an IP packet is larger than the MTU (Maximum Transmission Unit) of the network.
In the ICMP, four informative messages are defined:
-
Echo Request / Reply: An echo request can be sent to any host advertising. In response, an echo reply is sent; it contains the same data as the request.
-
Address Mask Request / Reply: a host sends an address mask request at startup. A router responds with a message containing the correct subnet mask used on that network.
ICMP Message
The ICMP protocol is used to support the IP protocol. So it also uses IP packets to send messages. The figure below shows how an ICMP message to a data frame is encapsulated.
An ICMP error message is always processed in response to a specific IP packet and sent back to its source.
The various fields in the ICMP header are:
-
TYPE:
-
Code:
-
checksum:
-
Identifier:
-
Sequence Number:
Check the Reachability of a Host
Many tools collect information over a network by sending test messages and waiting for the ICMP responses. One of the most important diagnostic tools is the ping command. This sends, after calling on the DOS level, ICMP IP packets to another subscriber to check whether this host is reachable over the network. The reasonable pinged host sends the packets immediately returns as an echo. Further, the command specifies the reaction rate and a static Summary of the percentage of packets that have not responded to the from. It can generate the IP address that is used as the hostname.
ping www.google.be ping 134.16.85.9
An overview of the numerous options for entering the command ping displayed without working.
Following Your Route
While the ping command only checks to see if a particular host is reachable, the command does tracert route to a specific host visible. The above figure shows how the command tracert all IP addresses of the routers, which receive the test packet and Send outputs.
Tracert first sends a test packet with a time-to-live value of 1. The first router decrements to 0, discards the message and sends the ICMP error message Time Exceeded. In this way, the IP address of the first router can be determined. Now a test packet with a time-to-live value of 2 is sent. The first router operation is valued by 1 and sends the message. The second router will set the TTL value to 0, in turn, rejects the message and sends the ICMP error message. In this way, the IP address of the second router can be determined. This process will be continued as long as the last host reached.
IGMP
IGMP (Internet Group Management Protocol) is the protocol for IP multicast applications in TCP / IP networks. This standard is defined in RFC 1112th. In addition to a definition of address and host extensions for supporting multicasting by IP, hosts correspond to this keeps RFC also a definition of version 1 of IGMP. The IGMP Version 2 is defined in RFC 2236th. Both versions IGMP provide a protocol available to the information on the membership of a host on specific multicast groups exchanged and can be edited.
Multicast messages are sent to a single address (multicast IP address) but processed by multiple hosts. The group of participants who respond to a particular multicast IP address is called a multicast group. Some Important control features of multicasting:
Belonging to a group is dynamic: hosts can always leave the group or join a group.
-
Hosts can subside- KISSING by sending IGMP messages multicast groups.
-
Group size is not limited. The various participants can be distributed across multiple networks, provided that the intervening router IGMP sub base.
-
Hosts can also send IP messages to a particular group if they are not part of this group.
IGMP Messages
IGMP describes how the information on the membership status between routers and the various participants of multicast groups to be replaced. Examples of IGMP messages:
-
Host Membership Report: When a host member of a multicast group is all, it sends a host membership report and informs all other members of the group. A router stores these reports, ensuring the administration of the multicast group.
-
Host Membership Query: is sent by routers to gather information about group members in a network periodically. All members of a group respond again with a membership report. Routers store all the information and ensure that multicast messages are not sent in networks where there are no group members.
-
Leave group: is the last host that the factory segment leaves a group in a particular network, sent.
The IGMP protocol is used to support the IP protocol. So it also uses IP packets to send messages. The figure below shows how an IGMP message encapsulated in a data frame.
IGMP Snooping
A switch that connects a member of a multicast group with a router can read IGMP snooping IGMP messages and evaluate using. IGMP Snooping translates multicast IP addresses to multicast MAC addresses. In this way, a switch can store multicast MAC addresses in its multicast filter table and send as multicast messages only to the correct ports.
This ensures that multicast messages prevent a Network unnecessarily burden. This method is known under the name switches in dynamic multicasting, in contrast to the static multicasting, in which the groups must be manually configured in all switches and for all ports.
Multicast Addresses
Multicast IP addresses are addresses in the range between 224.0.0.0 and 239.255.255.255 (Class D). For private networks, it is generally recommended to use the range 239.xxx for multicast IP addresses.
The addresses in the range 224.0.0.1 to 224.0.0.255 include reserved for multicast applications within a network. The time-to-live value of such IP packets is set to 1, so they can not leave the
network.
There are also multicast MAC addresses reserved. All addresses whose first byte is 01h, STE hen for multicasting are available. Addresses starting with 01: 00: 5E: 0 starts are multicast MAC addresses used for IP multicasting.
This transformation requires an explanation. The most significant bit of the second byte overall belongs to a multicast address to the identification code and is therefore not mapped with. Thus, the multicast IP address is 228.30.117.216 into the multicast MAC address 01: converted D8: 00: 5E: 1E: 75 miles. The multicast IP address 228158117216 is, however, in the multicast MAC address 01: converted D8: 00: 5E: 1E: 75 miles.
GMRP
IEEE 802.1p
Corporate networks are becoming ever larger and more complex. It is, therefore, important that the growing traffic can be managed efficiently. Here, the "Quality of convenience I represent an important tool with which it can be ensured that the most critical data is transmitted predictably. Using the IEEE 802.1p protocol kön- nen switches data on the network preferably be delivered. This will improve the predictability and reliability of improved traffic.
IEEE 802.1 defines a 3-bit field, which can be assigned to the data to be transmitted a priority from 0 to 7 within tagged Ethernet frames.
The IEEE 802.1 standard also provides for measures for filtering multicast packets so that they do not unnecessarily spread over Layer 2 networks. One of these measures is the GMRP (GARP Multicast Registration Protocol). GMRP and GARP are of the IEEE 802.1-defined industrial protocols.
The Function of the GMRP
GMRP processed multicast group addresses on Layer 2 (MAC layer).
GMRP operates both the switches as well as the hosts. The host GMRP is used with IGMP. There it forms the IGMP packets Layer 3 data frames to the second layer.
A switch receives both the GMRP packets at layer 2 and the IGMP packets at Layer 3. The GMRP packets limit the switch traffic in the VLAN group to which the sending host belongs. If the switch the "GMRP join Message received, the port it was received on the multicast group in question is added. The switch forwards the subscription request to all other participants of the VLAN on, WOR among themselves the multicast source is located. If the source is a sends multicast message to the group, the switch those only to members of the corresponding group forwards.
The switch sends GMRP queries regularly. If a participant wants to stay in a group, he must answer these queries. Want a participant no longer listen to the group overall, it can be a leave message Send or simply not respond. If the switch from a particular host no response or receives leave a message, he strokes the operators concerned from the list.
DNS
There are two main ways to identify a host on the Internet: In addition to the previously mentioned IP address, there is also the possibility of a subscriber a hostname (a plain text names) allocated to facilitate the use in general.
Hostname, such as www.google.be (Search engine) or www.phoenixcontact.com read- sen easier to remember and, therefore, more user-friendly. A hostname has not enough information to be able to locate the host on the Internet. Since the application of preferring the hostname, the TCP / IP protocols, however, are based on IP address, must be a mapping between hostnames and IP addresses made. This is done by the Domain Name System (DNS), by Dr. Paul V. Mockapetris and Jon Postel was invented. In 1983 she presented the DNS architecture found in
RFC882 and 883rd
In summary, DNS stands for:
-
a distributed database that is implemented in a hierarchy of DNS servers;
-
a protocol at the application layer, with the hosts and DNS servers, can communicate with each other to the conversion of IP addresses to hostnames and be able to make vice versa.
The DNS servers are often UNIX machines on which software such as Berkeley Internet Name Domain (BIND) or Microsoft DNS is running. The DNS protocol uses UDP and uses port 53rd
The Structure of Hostnames
With regard to the syntax of hostnames are always elements made of a series of the alphanumeric segment that is separated by points. Domain names have a hierarchical structure; the most significant part of the name is right. The leftmost segment is the name of individual hosts. Other segments in a domain name identify the group that owns the name. DNS does not specify how many segments a domain name is but gives values for the most significant segment before. The table below shows an overview of the different values of the test significantly segments.
Domain Name
|
Assigned to
|
com
|
commercial organizations
|
edu
|
educational institutions
|
gov
|
public bodies
|
mil
|
military
|
net
|
Network management facilities
|
org
|
other organizations
|
int
|
international organizations
|
Country codes
|
States such. U. be for U.S.A
|
SNMP
SNMPv1: The SNMP protocol defined in RFC 1157 1990th SNMP stands for Simple Network Management Protocol. This protocol describes a structured method for monitoring and managing specific network infrastructure. It was quickly applied extensively in commercial products and became the de facto standard for network management. SNMP is a simple protocol.
SNMPv2: The experience with the protocol led in 1993 to an improved version of SNMP, described in RFC 1441 and RFC 1452 (coexistence of v1 and v2), and eventually became the standard on the Internet.
SNMPv3: The third version of the standard Management Framework (SNMPv3) is based on the previous versions of SNMPv1 and SNMPv2. SNMPv3 is basically SNMPv2 supplemented by security and administration. Key features of SNMPv3 include:
In a network, many interesting participants are active; the formations of important ones inform about the status may have to manage a network. Such participants can be hubs, switches, routers, printers and PCs. To be directly managed by SNMP, must on a node, an SNMP management process - a so-called SNMP agent -. Can fen lauryl. All computers to which are intended for use in the network will be able, as a number of hubs, switches, routers and peripherals. Each agent performs a local database where his condition is stated in the present and the past in variables that affect his work.
Network management is in place management stations: in practice, a normal computer on which special management software is running. On these stations, run one or more processes that communicate over the network with agents by issuing orders and receive responses.
In this configuration, all intelligence sits in the management stations to the agents as simple as possible to keep and to minimize their impact on the devices on which they run. Many management stations have a graphical user interface, so the network administrator to inspect the state of the network and can take action if necessary.
Structure of SNMP
The SNMP consists of three main parts:
-
MIB (Management Information Base (RFC1213)): description of all variables of a certain network element;
-
SMI (Structure of Management Information (RFC 1155)): Structure for storing network information;
-
SNMP: protocol for communication between the manager and a network device (RFC1157).
Most existing networks consist of elements from different manufacturers - hosts of one or more manufacturers, switches and
routers from other companies, and printers from other manufacturers turn. To ensure that a management station. again by another manufacturer comes) with all these various components communicate can be to determine the nature of the information collected by these devices specified strictly.
It makes no sense if one asks Management station a router on the frequency of occurrence of lost packets when the router does not register the information. Therefore SNMP accurately describes the information that any type of agent available must provide and the format that has to use the agent to do so. Most of the SNMP model is to define customized who lead what information needs and how they are to be transmitted.
In short, it runs down to is that each device performs one or more variables (objects) that describe the state of the device. The totality of all possible objects in a network is in a data structure, the MIB (Management Information Base) is called.
The SNMP protocol itself now describes how the interaction between the Management and agents is established. To this end, five different Nachrich- be defined type.
MIB and SMI
Managed by the SNMP objects defined in the MIB and are shown in the above Figure to the FIN. For simplicity, these objects are divided into different groups. These categories provide a basis for the information that can operate a management station comparable needs.
-
The group system offers managers the opportunity to find out how an overall is advised, who made it, the hardware and software it contains, where it is located, and what its job is. The timing of the recent boot is specified.
-
In the interfaces, a group is about the network adapter. The group registered, how many packets and bytes sent and
received on the network and discarded, how many broadcasts there, and how large the execution queue.
-
The group IP addresses the IP traffic to and from the node. There is above all counters that register how many packets were discarded for various reasons. Also, there is static data about the fragmentation and Reassembly of datagrams. All this information is primarily for the management of routers is important.
-
In the ICMP group is about IP error messages. There is a counter that records the number of each message type for each ICMP message.
-
The TCP-group records the current number of open connections and the overall sent and received segments and various statistical data on a fault on the server.
-
The UDP group counts the sent and received UDP datagrams, and REGI started how many of them were undeliverable because of an unknown port or for other reasons.
-
The last group is used to collect statistical data on the work of the SNMP itself: how many messages were sent to what message it was, etc.
Each variable of each object in the MIB is characterized by an Object Identifier (OID) and its type:
-
The OID describes a path in the MIB tree. The figure below shows the structure used in the SNMP MIB. The object sys Object ID, which belongs to the group system, is accessible via the OID 1.3.6.1.2.1.1.2.0.
-
Object types are built using basic types that are defined in the SMI.
There are several MIBs. First, the global MIBs (z. B. MIB2 in RFC1213) have been described in RFCs. These MIBs must that is
supported by all SNMP-incompatible device. Furthermore, there are also manufacturer-specific MIB objects.
SNMP Protocol
The SNMP normally operates so that the management station sends a request to an agent in which it requests information, or it prompts you to change its state to a certain way. Ideally, the agent responds only to the reasonably requested information or confirms that he has his condition changed as desired. The SNMP settles different messages which could be sent.
message
|
description
|
Get request
|
Queries the value of one or more variables
|
Get next request
|
Queries which the following current variable from
|
Get bulk request
|
Asks a piece of large group information from
|
Set request
|
Change one or more variables
|
Inform request
|
The message between different managers to describe the local MIB
|
|
|
In one particular case, the agent can take the initiative and send a message, namely when it detects the occurrence of a critical event. Managed nodes can fail and restart, and network segments can fail and go back into service, etc. Every relevant event is defined in a MIB module. When an agent determines that a relevant event has occurred, it reports this immediately all management stations in his configuration list. This message is called an SNMP trap. However, it is usually only the occurrence of an event. It is the task of the
management station to carry out requests to get the details.
message
|
description
|
SNMP trap
|
Agent to the Manager reports an event
|
The table shows that SNMP messages the UDP protocol to use, and which ports here for use are for the next image.
HTTP and HTTPS
TLS / SSL
The Transport Layer Security (TLS), the successor to the Secure Sockets Layer (SSL), encryption is an encryption protocol that allows a secure data channel is created on an unsecured network such as the Internet.
Both protocols work a layer deeper than the application protocols, such as HTTP, SMTP, FTP, etc., but above the transport protocol TCP. They are part of protocol family TCP / IP. One of its main objectives is to back up client/server applications.
On the transmitter, the side encrypts the TLS layer data of the application and transmits it to the correct TCP port. At the receiver side, TLS reads the data from the correct TCP port, decrypts it and forwards it to the application. The through locks, the data is up to the recording layer.
TLS provides the following security features for client/server applications over TCP / IP:
-
Authentication: This allows an application to verify the identity of another application with which it communicates.
-
Privacy: Between the applications submitted, data is protected from access or misuse.
-
Integrity: applications can determine if data has been modified in transit.
The techniques used are based on concepts such as public keys and certification skating.
If an application SSL / TLS uses a handshake process is started, first, in which the encryption algorithm and the agreed key to use and the server to be verified by the client. Following that procedure, all application data is encrypted.
HTTP
It defines the exact format of the requests (requests) of a web browser to the server and the format of the responses (responses) that can give to the Web server. Each request contains a URL pointing to a network component or a static object (eg., A Web page) points. The HTTP protocol uses port 80th
Each HTTP URL starts with "http: //".
HTTP is insecure and vulnerable to man-in-the-middle attacks and eavesdropping practices.
HTTPS
HTTPS (Hypertext Transfer Protocol Secure) is an extension of the HTTP protocol, which is used for the secure exchange of data. When using HTTPS, the data is encrypted form, making it impossible for an outsider to intercept the data. HTTPS is basically HTTP, with the addition of SSL / TLS is used to send the data to clauses scrambling system and to verify the server.
Each HTTPS URL begins with "https: //". The protocol uses TCP port 443rd
Review of Some Other Important Applications
FTP
FTP (File Transfer Protocol) is a protocol that allows the exchange is
simplified files between different hosts. It allows the transmission of any files and create directories as well as rename or delete directories and files. The protocol hides the details of an individual computer system from the user, making it ideal for heterogeneous situations. The protocol can transfer files between any system.
TFTP
TFTP (Trivial File Transfer Protocol) is to provide a simplified FTP version that is often used by devices such as routers, switches, etc. with firmware and configurations.
NTP
NTP (Network Time Protocol) is a protocol that can synchronize with your computer in a network their internal clock with the other computers. NTP is based on the predictability of the network caused by the delay. The computer network is doing here- divided hierarchically, with the computer with the most accurate time as SStratum 0 "is referred to. The computer systems that bring about NTP directly from their time there are, by definition, SStratum 1. "
The protocol has some smart features. Thus, for. B. make an NTP client use of multiple NTP servers and decide for themselves which of the server works best. Using some decision criteria, an NTP client selects a server and synchronizes it with it. Small-time differences between server and client are resolved by the client, in which he leaves something to run faster or slower his watch. In this way, the time difference can be compensated without time jumps.
SSH
Secure Shell is located at the application layer of the TCP / IP protocol. SSH replaces old protocols such as Telnet and Rlogin by a secured variant. The protocol uses TCP port 22nd
SSH is a secure login on another computer and the execution of loading missing possible on a computer at a different location within a shell. The encryption used makes it difficult for foreigners to read
the original commands.
An important advantage of SSH is the ability to authenticate with an asymmetric encryption method. This allows SSH applications automatically be set once, without having to be stored in that code a password. The private key is to log on to any system that uses the corresponding public key, which is possible.
CLI (Command Line Interface)
Operating systems with a command-line interface (command-line interface), the user can place orders via text commands. When the execution of a command sen completed, the user can enter more commands. A command is the usual with <Enter> completed.
Known CLIs are command.com (DOS) or Bash (UNIX).
In addition to operating systems, other software programs can be used with a CLI loading such. As the FTP client and the Telnet client from Microsoft. Also, industrial switches are often operated via a CLI.