Briefly discuss the functions of transport layer.
The Transport layer (also known as the Host-to-Host Transport layer) provides the Application layer with session and datagram communication services. The Transport layer encompasses the responsibilities of the OSI Transport layer. The core protocols of the Transport layer are TCP and UDP. TCP provides a one-to-one, connection-oriented, reliable communications service. TCP establishes connections, sequences and acknowledges packets sent, and recovers packets lost during transmission. In contrast to TCP, UDP provides a one-to-one or one-to-many, connectionless, unreliable communications service. UDP is used when the amount of data to be transferred is small (such as the data that would fit into a single packet), when an application developer does not want the overhead associated with TCP connections, or when the applications or upper-layer protocols provide reliable delivery. TCP and UDP operate over both IPv4 and IPv6 Internet layers.
Explain the purpose of NCP in PPP.
The Network Control Protocol (NCP) phase in the PPP link connection process is used for establishing and configuring different network-layer protocols such as IP, IPX or AppleTalk.
After a NCP has reached the Opened state, PPP will carry the corresponding network-layer protocol packets. Any supported network-layer protocol packets received when the corresponding NCP is not in the Opened state MUST be silently discarded.
During this phase, link traffic consists of any possible combination of LCP, NCP, and network-layer protocol packets.
The most common layer 3 protocol negotiated is IP. The routers exchange IP Control Protocol (IPCP) messages negotiating options specific to the protocol. The corresponding network control protocol for IPv6 is IPv6CP.
IPCP negotiates two options: compression and IP address assignments. However, IPCP is also used to pass network related information such as primary and backup Windows Name Service (WINS) and Domain Name System (DNS) servers.
There are a large number of proposed standard protocols, which specify the operation of PPP over different kinds of point-to-point links. Each has a status of elective. Point-to-point circuits in the form of asynchronous and synchronous lines have long been the mainstay for data communications. In the TCP/IP world, the de facto standard SLIP protocol has served admirably in this area, and is still in widespread use for dial-up TCP/IP connections. However, SLIP has a number of drawbacks that are addressed by the Point-to-Point Protocol. PPP has three main components:
· A method for encapsulating datagrams over serial links.
· A Link Control Protocol (LCP) for establishing, configuring, and testing the data-link connection.
· A family of Network Control Protocols (NCPs) for establishing and configuring different network-layer protocols.
What is fragmentation? Explain its significance.
When an IP datagram travels from one host to another, it can pass through different physical networks. Each physical network has a maximum frame size. This is called the maximum transmission unit (MTU). It limits the length of a datagram that can be placed in one physical frame. IP implements a process to fragment datagrams exceeding the MTU. The process creates a set of datagrams within the maximum size. The receiving host reassembles the original datagram. IP requires that each link support a minimum MTU of 68 octets. This is the sum of the maximum IP header length (60 octets) and the minimum possible length of data in a non-final fragment (8 octets). If any network provides a lower value than this, fragmentation and reassembly must be implemented in the network interface layer. This must be transparent to IP. IP implementations are not required to handle unfragmented datagrams larger than 576 bytes. In practice, most implementations will accommodate larger values.
An unfragmented datagram has an all-zero fragmentation information field. That is, the more fragments flag bit is zero and the fragment offset is zero. The following steps fragment the datagram:
1. The DF flag bit is checked to see if fragmentation is allowed. If the bit is set, the datagram will be discarded and an ICMP error returned to the originator.
2. Based on the MTU value, the data field is split into two or more parts. All newly created data portions must have a length that is a multiple of 8 octets, with the exception of the last data portion.
3. Each data portion is placed in an IP datagram. The headers of these datagrams are minor modifications of the original:
The more fragments flag bit is set in all fragments except the last.
The fragment offset field in each is set to the location this data portion occupied in the original datagram, relative to the beginning of the original unfragmented datagram. The offset is measured in 8-octet units.
If options were included in the original datagram, the high order bit of the option type byte determines if this information is copied to all fragment datagrams or only the first datagram. For example, source route options are copied in all fragments.
– The header length field of the new datagram is set.
– The total length field of the new datagram is set.
– The header checksum field is re-calculated.
4. Each of these fragmented datagrams is now forwarded as a normal IP datagram.
IP handles each fragment independently. The fragments can traverse different routers to the intended destination. They can be subject to further fragmentation if they pass through networks specifying a smaller MTU. At the destination host, the data is reassembled into the original datagram. The identification field set by the sending host is used together with the source and destination IP addresses in the datagram. Fragmentation does not alter this field. In order to reassemble the fragments, the receiving host allocates a storage buffer when the first fragment arrives. The host also starts a timer. When subsequent fragments of the datagram arrive, the data is copied into the buffer storage at the location indicated by the fragment offset field. When all fragments have arrived, the complete original unfragmented datagram is restored. Processing continues as for unfragmented datagrams. If the timer is exceeded and fragments remain outstanding, the datagram is discarded. The initial value of this timer is called the IP datagram time to live (TTL) value. It is implementation-dependent. Some implementations allow it to be configured. The netstat command can be used on some IP hosts to list the details of fragmentation.
What is a socket? Give an example.
The socket interface is one of several application programming interfaces to the communication protocols. Designed to be a generic communication programming interface, socket APIs were first introduced by Berkeley Software Distribution (BSD). Although it has not been standardized, Berkeley socket API has become a de facto industry standard abstraction for network TCP/IP socket implementation. Consider the following terminologies:
· A socket is a special type of file handle, which is used by a process to request network services from the operating system.
· A socket address is the triple: <protocol, local-address, local port>
For example, in the TCP/IP (version 4) suite:
<tcp, 192.168.14.234, 8080>
· A conversation is the communication link between two processes.
· An association is the 5-tuple that completely specifies the two processes that comprise a connection:
<protocol, local-address, local-port, foreign-address, foreign-port>
In the TCP/IP (version 4) suite, the following could be a valid association:
<tcp, 192.168.14.234, 1500, 192.168.44, 22>
· A half-association is either one of the following, which each specify half of a connection:
<protocol, local-address, local-process>
<protocol, foreign-address, foreign-process>
The half-association is also called a socket or a transport address. That is, a socket is an endpoint for communication that can be named and addressed in a network. Two processes communicate through TCP sockets. The socket model provides a process with a full-duplex byte stream connection to another process. The application need not concern itself with the management of this stream; these facilities are provided by TCP. TCP uses the same port principle as UDP to provide multiplexing. Like UDP, TCP uses well-known and ephemeral ports. Each side of a TCP connection has a socket that can be identified by the triple <TCP, IP address, port number>. If two processes are communicating over TCP, they have a logical connection that is uniquely identifiable by the two sockets involved, that is, by the combination <TCP, local IP address, local port, remote IP address, remote port>. Server processes are able to manage multiple conversations through a single port.
Differentiate between FQDN and PQDN.
When using the Domain Name System, it is common to work with only a part of the domain hierarchy, such as the myDivision.myCorp.com domain. The Domain Name System provides a simple method of minimizing the typing necessary in this circumstance. If a domain name ends in a dot (for example, myDept.myDiv.myCorp.com.), it is assumed to be complete. This is called a fully qualified domain name (FQDN) or an absolute domain name. However, if it does not end in a dot (for example, myDept.myDiv), it is incomplete and the DNS resolver may complete this by appending a suffix such as .myCorp.com to the domain name. The rules for doing this are implementation-dependent and locally configurable.
Partially-qualified names are used to make master files faster to create and more readable, by cutting down on the common parts of names; they are sort of the “human equivalent” of DNS message compression. A FQDN is shown as a full domain name ending in a dot (“.”) to represent the DNS name tree root. A PQDN is given as just a partial name with no root, and is interpreted as a FQDN by the software reading the master file (see the $ORIGIN directive below for more.)
It is important to remember the trailing dot to mark FQDNs; if the origin is “xyzindustries.com” and in its zone file the name “bigisp.net” appears, the server will read this as “bigisp.net.xyzindustries.com”—probably not what you want. Also, e-mail addresses, such as the <r-name> field in the SOA record, have the “@” of the e-mail address converted to a dot, following the standard DNS convention.
What do you mean by “OPTION NEGOTIATION”? Explain with an example.
Using internal commands, Telnet is able to negotiate options in each host. The starting base of negotiation is the NVT capability: Each host to be connected must agree to this minimum. Every option can be negotiated by the use of the four command codes WILL, WONT, DO, and DONT. In addition, some options have suboptions.The primary goal of the Telnet protocol is the provision of a standard interface for hosts over a network. To allow the connection to start, the Telnet protocol defines a standard representation for some functions:
IP Interrupt Process
AO Abort Output
AYT Are You There
EC Erase Character
EL Erase Line
Discuss FTP proxy transfer through firewall.
the passive data transfer reverses the direction of establishment of the data connection. Instead of issuing a PORT command, the client issues a PASV command, which uses no parameters. Upon accepting this command, the FTP server sends back a reply containing an IP address and port number. The client initiates a connection back to the server on the indicated IP address and port.
One of the reasons to use a passive data transfer is to bypass firewall configurations that block active data connections. For this reason, passive mode is often referred to as “firewall friendly mode.” An example of such a scenario is a firewall that has been configured to block any inbound attempts to open a connection. In this example, an FTP server responding to a client’s PORT command would receive an error when trying to open a connection to the indicated IP address and port. However, by using passive mode, the client initiates the connection from within the network, and the firewall allows the data transfer to proceed.
Using proxy transfer
FTP provides the ability for a client to have data transferred from one FTP server to another FTP server. Several justifications for such a transfer exist, including:
· To transfer data from one host to another when direct access to the two hosts are not possible.
· To bypass a slow client connection.
· To bypass a firewall restriction.
· To reduce the amount of traffic within the client’s network
The process of setting up a proxy transfer begins with the use of a proxy open command. Any FTP command can then be sent to the proxy server by preceding the command with proxy. For example, executing the dir command lists the files on the primary FTP server. Executing the proxy dir command lists the files on the proxy server. The proxy get and proxy put commands can
then be used to transfer data between the two hosts.
1. The FTP client opens a connection and logs on to the FTP server A.
2. The FTP client issues a proxy open command, and a new control connection is established with FTP server B.
3. The FTP client then issues a proxy get command (though this can also be a proxy put).
4. A data connection is established between server A and server B. Following data connection establishment, the data flows from server B to server A.
Explain various steps involved in SMTP mail transaction flow.
Although mail commands and replies are rigidly defined, the exchange can easily be followed in Fig. 8.2. All exchanged commands, replies, and data are text lines delimited by a <CRLF>. All replies have a numeric code at the beginning of the line. The steps of this flow are:
1. The sender SMTP establishes a TCP connection with the destination SMTP and then waits for the server to send a 220 Service ready message or a 421 Service not available message when the destination is temporarily unable to proceed.
2. HELO (HELO is an abbreviation for hello) is sent, to which the receiver will identify itself by sending back its domain name. The sender-SMTP can use this to verify that it contacted the right destination SMTP. The sender SMTP can substitute an EHLO command in place of the HELO command. A receiver SMTP that does not support service extensions will respond with a 500 Syntax Error, command unrecognized message. The sender SMTP then retries with HELO, or if it cannot transmit the message without one or more service extensions, it sends a QUIT message. If a receiver-SMTP supports service extensions, it responds with a multiline 250 OK message, which includes a list of service extensions that it supports.
3. The sender now initiates the start of a mail transaction by sending a MAIL command to the receiver. This command contains the reverse-path that can be used to report errors. Note that a path can be more than just the user [email protected] domain name pair. In addition, it can contain a list of routing hosts. Examples of this are when we pass a mail bridge, or when explicit routing information is provided in the destination address. If accepted, the receiver replies with a 250 OK.
4. The second step of the actual mail exchange consists of providing the server SMTP with the destinations for the message. There can be more than one recipient. This is done by sending one or more RCPTTO:<forward-path> commands. Each of them will receive a reply 250 OK if the destination is known to the server, or a 550 No such user here if it is not.
5. When all RCPT commands are sent, the sender issues a DATA command to notify the receiver that the message contents will follow. The server replies with 354 Start mail input, end with <CRLF>.<CRLF>. Note the ending sequence that the sender should use to terminate the message data.
6. The client now sends the data line by line, ending with the 5-character sequence <CRLF>.<CRLF> line, upon which the receiver will acknowledge with a 250 OK, or an appropriate error message if anything went wrong.
7. At this juncture, the client now has several possible actions:
If the client has no more messages to send, it can end the connection with a QUIT command, which will be answered with a 221 Service closing transmission channel reply.
If the sender has no more messages to send, but is ready to receive messages (if any) from the other side, it can issue the TURN command. The two SMTPs now switch their role of sender/receiver, and the sender (previously the receiver) can now send messages by starting with step 3.
If the sender has another message to send, it returns to step 3 and sends a new MAIL command.
Discuss various HTTP protocol parameters.
· HTTP version: HTTP uses a <major>.<minor> numbering scheme to indicate the versions of the protocol. The furthermost connection is performed according to the protocol versioning policy. The <major> number is incremented when there are significant changes in protocol, such as changing a message format. The <minor> number is incremented when the changes do not affect the message format. The version of HTTP messages is sent by an HTTP-Version field in the first line of the message. The HTTP-Version field is in the following format: HTTP-Version = “HTTP” “/” 1*DIGIT “.” 1*DIGIT
· Uniform Resource Identifiers (URIs): Uniform Resource Identifiers are generally referred to as WWW addresses and a combination of Uniform Resource Locators (URLs) and Uniform Resource Names (URNs). In fact, URIs are strings that indicate the location and name of the source on the server.
· HTTP URL: The HTTP URL scheme enables you to locate network resources through the HTTP protocol. It is based on the URI Generic Syntax and described in RFC 3986. The general syntax of a URL scheme is: HTTP_URL = “http” “//” host [ “:” port ] [ abs_path ]. The port number is optional. If it is not specified, the default value is 80.
With example, explain how OIDs are assigned to managed objects?
A managed object not only has to be described but identified, too. This is done using the ASN.1 object identifier (OID). The object identifier reserves a set of numbers for different groups. Each object is identified by a string of numbers indicating the hierarchy to which it belongs. Referring back to the example of ifType, this object has an OID of 126.96.36.199.188.8.131.52.1.3. This can initially be broken into two parts:
ifType 3 :Note that the terms ifType, 184.108.40.206.220.127.116.11.1.3, and ifEntry.3 are functionally interchangeable. However, ifType’s OID can be further broken down as follows:
Again, the terms ifType, 18.104.22.168.22.214.171.124.1.3, ifTable.1.3, and ifEntry.3 are all functionally interchangeable. The OID can continue to be broken down because each digit has a specific meaning. The significance of each digit adheres to the following rules:
· The first digit defines the node administrator:
1 for ISO
2 2 for CCITT
3 3 for the joint ISO-CCITT
· The possible values for the second digit are determined by the first digit. In this case, the ISO node administrator defines 3 for use by other organizations.
· The third digit’s potential values again depend on the first and second digits. But if the first two digits are 1.3, 6 is defined for the use of the U.S. Department of Defense.
· In the fourth group, the Department of Defense has not indicated how it will manage its group, so the Internet community assumed 1 for its own.
· The fifth group was approved by IAB to be:
– 1 for the use of OSI directory in the Internet
– 2 for object identification for management purposes
– 3 for object identification for experimental purposes
– 4 for object identification for private use
This if further illustrated in Fig. 10.2, which shows a mapping of how the OID number for ifType is determined.