Chapter Four
Understanding the TCP/IP Protocol Suite
Introduction
In networks, as in everyday life, rules and procedures govern communication. The rules and procedures that allow devices on a network to communicate with each other are referred to as protocols. Some protocols deal specifically with the process of transferring data from one system to another, and others are responsible for route discovery and providing client functionality.
This chapter focuses on the TCP/IP protocol suite. TCP/IP is not a single protocol but rather an entire collection of protocols, each designed to perform a different function on the network. Understanding how TCP/IP works requires an understanding of those protocols within the TCP/IP protocol suite. This chapter examines some of the characteristics of the protocols found within TCP/IP and their function. Understanding these characteristics is important for the Network+ exam.
A Brief Introduction to Protocols
When computers were restricted to standalone systems, little need existed for mechanisms to communicate between them. However, it wasn’t long before the need to connect computers for the purpose of sharing files and printers became a necessity. Establishing communication between network devices required more than a length of cabling; a method or a set of rules was needed to establish how systems would communicate. Protocols provide that method.
It would be nice if a single protocol facilitated communication among all devices, but this is not the case. You can use a number of protocols on a network, each of which has its own features, advantages, and disadvantages. What protocol you choose can have a significant impact on the functioning and performance of the network.
Protocols are grouped into protocol suites. Each protocol suite defines a complete set of protocols that allow the devices to communicate. Within each protocol suite are a variety of protocols, which can be broken down into three distinct categories:
• Application protocols—Application protocols provide client functionality.
• Transport protocols—Transport protocols provide mechanisms for moving data around the network.
• Network protocols—Network protocols perform the underlying tasks that enable the movement of data.
The main protocol used today to facilitate network communication is Transmission Control Protocol/Internet Protocol (TCP/IP), which is a comprehensive protocol suite. TCP/IP is available for all common platforms, including Windows, Linux, UNIX, MAC OS, and Novell systems. Although TCP/IP reigns supreme today, it used to have some significant competition, including
• Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX)—Developed by Novell, IPX/SPX is a set of protocols originally designed for use on Novell networks. It is now less popular than it once was because of the impact of TCP/IP.
• AppleTalk—Designed for use on networks that use Macintosh systems, AppleTalk is an advanced suite of protocols that provides high levels of functionality.
In addition to these protocol suites, certain other protocols, such as NetBIOS Extended User Interface (NetBEUI), were once commonly used on smaller networks. Because these protocols are no longer widely deployed, they have been left out of this version of the Network+ objectives and out of this book.
To get an idea of exactly how protocols facilitate communication between devices, let’s look at the role protocols play at the sending and receiving computers. In the data communication process, the information that passes between computers on a network goes through certain steps at both the sending and receiving devices. The following sections discuss what takes place at each end of the communication process.
Protocols from the Sending Device
For a computer to send data, the following steps must be performed; keep in mind that these are general steps—the actual processes taken at the sending device are far more complex:
1. The protocol is responsible for breaking the data into smaller parts, called packets.
2. Within each individual packet, network addressing information is attached. Network addressing identifies the destination for the packet and the route it travels to a destination.
3. The data is prepared for transmission and sent through the network interface card (NIC) and on to the network.
Note
You can match steps 1 through 3 to the OSI model, starting with the application layer and ending with the physical layer, where the data is passed from the NIC to the network media. The OSI model is discussed in detail in Chapter 9, “OSI Model.”
Protocols on the Receiving Device
The steps for the receiving device are similar to those for the sending device, but they occur in the opposite order:
1. When data reaches the destination computer, the data is taken off the network media and in through the system’s NIC.
2. The addressing information added by the sending computer is stripped from the packets.
3. The data packets are reassembled.
4. The reassembled packets are passed to the specific application for use.
To accomplish these steps, the same protocol must be used on the sending and receiving devices. It is possible for two devices that use different protocols to communicate with each other, but a gateway—an intermediary device that has the capability to translate between two formats—is needed. For more information on gateways, refer to Chapter 3, “Networking Components and Devices.”
Transmission Control Protocol/Internet Protocol (TCP/IP) Protocol Suite
In the dynamic IT industry, technologies come and go; new and improved methods, procedures, and equipment replace the old at a staggering pace. TCP/IP is one of the few exceptions to the rule. Not only has it survived in a state similar to its original, but as other networking protocols have fallen away, networks’ dependency on TCP/IP has increased. There may have been pretenders to the protocol crown, but TCP/IP is truly the champion.
In the late 1970s and early 1980s, the U.S. Department of Defense Advanced Research Projects Agency (ARPA) needed a system that would allow it to share the resources of its expensive mainframe computer systems. From this, the ARPANET—the forerunner of today’s Internet—was developed.
The original ARPANET network used a communication protocol known as NCP, but limitations were soon discovered, and a new protocol was needed to meet the new networking demands. That new protocol was TCP/IP. TCP/IP soon became the unquestioned leader in the protocol arena; increasingly, networks of all shapes and sizes were using it.
The history of the Internet and the development of TCP/IP have been closely linked and continue to be so today. ARPANET itself was retired in 1989, but its functions were steadily improved, and today we have the Internet. TCP/IP has always been at the root of the Internet; if you are working in network environments that require Internet access, you can expect to be using the TCP/IP protocol. All the major network operating systems include support for TCP/IP.
Although TCP/IP is often referred to as a single protocol, the TCP/IP suite comprises many protocols. Each of the protocols in the TCP/IP suite provides a different function, and together they provide the functionality we know as TCP/IP.
The TCP/IP protocol suite got its name from the two main protocols in the suite: TCP and the IP. TCP is responsible for providing reliable transmissions from one system to another, and IP is responsible for addressing and route selection. The following sections describe TCP, IP, and the other protocols that make up the TCP/IP protocol suite.
Note
As we work through this chapter and through the book, the term request for comment (RFC) is used. RFCs are standards published by the Internet Engineering Task Force (IETF) that describe methods, behaviors, research, or innovations applicable to the operation of the Internet and Internet-connected systems. Each new RFC has an associated reference number. Looking up this number gives you information on the specific technology. For more information on RFCs go to the Internet Engineering Task Force online (www.ietf.org).
Internet Protocol (IP)
IP, which is defined in RFC 791, is the protocol used to transport data from one node on a network to another. IP is connectionless, which means that it doesn’t guarantee the delivery of data; it simply makes a best effort to do so. To ensure that transmissions sent via IP are completed, a higher-level protocol such as TCP is required.
Note
IP and the OSI model IP operates at the network layer of the OSI model. Refer to Chapter 9 for more on protocols and the OSI model.
In addition to providing best-effort delivery, IP also performs fragmentation and reassembly tasks for network transmissions. Fragmentation is necessary because the maximum transmission unit (MTU) size is limited in IP. In other words, network transmissions that are too big to traverse the network in a single packet have to be broken into smaller chunks and reassembled at the other end. Another function of IP is addressing. IP addressing is a complex subject; refer to Chapter 5, “TCP/IP Addressing and Routing,” for a complete discussion.
Transmission Control Protocol (TCP)
TCP, which is defined in RFC 793, is a connection-oriented protocol that uses IP as its transport protocol. Being connection-oriented means that TCP establishes a mutually acknowledged session between two hosts before communication takes place. TCP provides reliability to IP communications. Specifically, TCP adds features such as flow control, sequencing, and error detection and correction. For this reason, higher-level applications that need guaranteed delivery use TCP rather than its lightweight and connectionless brother, UDP.
When TCP wants to open a connection with another host, it follows this procedure:
1. It sends a message called a SYN to the target host.
2. The target host opens a connection for the request and sends back an acknowledgment message called an ACK (or SYN ACK).
3. The host that originated the request sends back another acknowledgment, saying that it has received the ACK message and that the session is ready to be used to transfer data.
When the data session is completed, a similar process is used to close the session. This three-step session establishment and acknowledgment process is referred to as the TCP three-way handshake.
Note
TCP and the OSI model TCP operates at the transport layer of the OSI model.
TCP is a reliable protocol because it has mechanisms that can accommodate and handle errors. These mechanisms include timeouts, which cause the sending host to automatically retransmit data if its receipt is not acknowledged within a given time period.
Note
SYN flooding A problem with the TCP SYN/ACK system is that the TCP/IP protocol stack assumes that each of the SYN requests it receives is genuine. Although this is normally the case, hackers can also exploit this trust as a weakness by using an attack known as a SYN flood. In a SYN flood, large numbers of SYN requests are directed at a host, but the source address to which the system attempts to send an ACK is false; therefore, no acknowledgment of the ACK occurs. The host, assuming that the lack of response is attributable to a network problem, keeps the SYN connections open for a period of time as a “just in case” precaution. During this time, the connection cannot be used by another host. If enough false SYN requests are directed at a server, the result is that no connections are left to service legitimate requests. To guard against this occurrence, some applications and operating systems have strategies that determine when a false connection is made, which helps prevent SYN flooding.
User Datagram Protocol (UDP)
UDP, which is defined in RFC 768, is the brother of TCP. Like TCP, UDP uses IP as its transport protocol, but the big difference is that UDP does not guarantee delivery like TCP does. In a sense, UDP is a “fire and forget” protocol; it assumes that the data sent will reach its destination intact. In fact, the process of checking whether data is delivered is left to upper-layer protocols.
Note
UDP and the OSI model UDP operates at the transport layer of the OSI model.
Unlike TCP, with UDP there is no establishment of a session between the sending and receiving hosts, which is why UDP is referred to as a connectionless protocol. The upshot of this is that UDP has a much lower overhead than TCP. In fact, a TCP packet header has 14 fields, whereas a UDP packet header has 4. Therefore, UDP is much more efficient than TCP. In applications that don’t need the added features of TCP, UDP is much more economical in terms of bandwidth and processing effort.
Exam Alert
Connection-oriented TCP is a connection-oriented protocol that uses IP as its transport protocol. This is in contrast to UDP which is a connectionless protocol.
File Transfer Protocol (FTP)
As its name suggests, File Transfer Protocol (FTP) provides for the uploading and downloading of files from a remote host running FTP server software. As well as uploading and downloading files, FTP allows you to view the contents of folders on an FTP server and rename and delete files and directories if you have the necessary permissions. FTP, which is defined in RFC 959, uses TCP as a transport protocol to guarantee delivery of packets.
FTP has security mechanisms used to authenticate users. However, rather than create a user account for every user, you can configure FTP server software to accept anonymous logons. When you do this, the username is anonymous, and the password is normally blank. Most FTP servers that offer files to the general public operate in this way.
In addition to being popular as a mechanism for distributing files to the general public over networks such as the Internet, FTP is also popular with individuals and organizations that need to frequently exchange large files across a LAN.
Note
FTP and the OSI model FTP is an application layer protocol.
All the common network operating systems offer FTP server capabilities, although whether you use them depends on whether you need FTP services. All popular workstation operating systems offer FTP client functionality, although it is common to use third-party utilities such as CuteFTP and SmartFTP instead.
FTP assumes that files being uploaded or downloaded are straight text (that is, ASCII) files. If the files are not text, which is likely, the transfer mode has to be changed to binary. With sophisticated FTP clients, such as CuteFTP, the transition between transfer modes is automatic. With more basic utilities, you have to perform the mode switch manually.
Unlike some of the other protocols discussed in this chapter that perform tasks transparently to the user, FTP is an application layer service that is called upon frequently. Therefore, it can be useful to know some of the commands supported by FTP. If you are using a client such as CuteFTP, you might never need to use these commands, but they are useful to know in case you find yourself using a command-line FTP client. Table 4.1 lists some of the most commonly used FTP commands.
Table 4.1 Commonly Used FTP Commands
Exam Alert
FTP commands On the Network+ exam, you might be asked to identify the appropriate FTP command to use in a given situation.
Secure Shell (SSH)
Created by students at the Helsinki University of Technology, Secure Shell (SSH) is a secure alternative to Telnet. SSH provides security by encrypting data as it travels between systems. This makes it difficult for hackers using packet sniffers and other traffic detection systems. It also provides more robust authentication systems than Telnet.
Two versions of SSH are available: SSH1 and SSH2. Of the two, SSH2 is considered more secure. The two SSH versions are not compatible. So, if you are using an SSH client program, the server implementation of SSH that you are connecting to must be the same version.
Although SSH, like Telnet, is primarily associated with UNIX and Linux systems, implementations of SSH are available for all commonly used computing platforms, including Windows and Macintosh. As discussed earlier, SSH is the foundational technology for the Secure File Transfer Protocol (SFTP).
Exam Alert
SSH and secure communications For the exam, you should remember that SSH is a more secure alternative to Telnet.
Secure File Transfer Protocol (SFTP)
One of the big problems associated with FTP is that it is considered insecure. Even though simple authentication methods are associated with FTP, it is still susceptible to relatively simple hacking approaches. In addition, FTP transmits data between sender and receiver in an unencrypted format. By using a packet sniffer, a hacker could easily copy packets from the network and read the contents. In today’s high-security computing environments, a more robust solution is needed.
That solution is the Secure File Transfer Protocol, which, based on the Secure Shell (SSH) technology, provides robust authentication between sender and receiver. It also provides encryption capabilities, which means that even if packets are copied from the network, their contents will remain hidden from prying eyes.
SFTP is implemented through client and server software available for all commonly used computing platforms.
Note
Which SFTP is it? In an industry dominated by acronyms, it should come as no surprise that two protocols have the same acronym. In this case, the SFTP acronym is used to describe both the Secure File Transfer Protocol and the Simple File Transfer Protocol. If you are researching additional information for the Network+ exam, make sure that you are reading about the Secure File Transfer Protocol.
Trivial File Transfer Protocol (TFTP)
A variation on FTP is Trivial File Transfer Protocol (TFTP), which is also a file transfer mechanism. However, TFTP does not have either the security capability or the level of functionality that FTP has. TFTP, which is defined in RFC 1350, is most often associated with simple downloads, such as those associated with transferring firmware to a device such as a router and booting diskless workstations.
Another feature that TFTP does not offer is directory navigation. Whereas in FTP, commands can be executed to navigate around and manage the file system, TFTP offers no such capability. TFTP requires that you request not only exactly what you want but also the particular location. Unlike FTP, which uses TCP as its transport protocol to guarantee delivery, TFTP uses UDP.
Note
TFTP and the OSI model TFTP is an application layer protocol that uses UDP, which is a connectionless transport layer protocol. For this reason, TFTP is referred to as a connectionless file transfer method.
Simple Mail Transfer Protocol (SMTP)
The SMTP protocol defines how mail messages are sent between hosts. SMTP uses TCP connections to guarantee error-free delivery of messages. SMTP is not overly sophisticated, and it requires the destination host to always be available. For this reason, mail systems spool incoming mail so that users can read it later. How the user then reads the mail depends on how the client accesses the SMTP server.
Note
Sending and receiving mail SMTP can be used for both sending and receiving mail. The Post Office Protocol (POP) and Internet Message Access Protocol (IMAP) can be used only for receiving mail.
Hypertext Transfer Protocol (HTTP)
HTTP is the protocol that allows text, graphics, multimedia, and other material to be downloaded from an HTTP server. HTTP defines what actions can be requested by clients and how servers should answer those requests.
In a practical implementation, HTTP clients (that is, web browsers) make requests in an HTTP format to servers running HTTP server applications (that is, web servers). Files created in a special language such as Hypertext Markup Language (HTML) are returned to the client, and the connection is closed.
Exam Alert
HTTP and TCP HTTP is connection-oriented protocol that uses TCP as a transport protocol. You should know this for the exam.
HTTP uses a uniform resource locator (URL) to determine what page should be downloaded from the remote server. The URL contains the type of request (for example, http://), the name of the server being contacted (for example, www.microsoft.com), and optionally the page being requested (for example, /support). The result is the syntax that Internet-savvy people are familiar with: http://www.microsoft.com/support.
Hypertext Transfer Protocol Secure (HTTPS)
One of the downsides of using HTTP is that HTTP requests are sent in clear text. For some applications, such as e-commerce, this method of exchanging information is not suitable—a more secure method is needed. The solution is HTTPS. HTTPS uses a system known as Secure Socket Layer (SSL), which encrypts the information sent between the client and the host.
For HTTPS to be used, both the client and server must support it. All popular browsers now support HTTPS, as do web server products, such as Microsoft Internet Information Server (IIS), Apache, and almost all other web server applications that provide sensitive applications. When you are accessing an application that uses HTTPS, the URL starts with https rather than http—for example, https://www.amazon.com.
Exam Alert
HTTPS E-commerce sites such as online banking or purchasing should use HTTPS on their site. Look for the HTTPS connections for payment transactions on the e-commerce sites and for sensitive data transfers between corporate information systems.
Post Office Protocol Version 3/Internet Message Access Protocol Version 4 (POP3/IMAP4)
Both POP3, which is defined in RFC 1939, and IMAP4, the latest version of which is defined in RFC 1731, are mechanisms for downloading, or pulling, email from a server. They are necessary because, although the mail is transported around the network via SMTP, users cannot always read it immediately, so it must be stored in a central location. From this location, it needs to be downloaded, which is what POP and IMAP allow you to do.
POP and IMAP are popular, and many people now access email through applications such as Microsoft Outlook and Eudora, which are POP and IMAP clients.
One of the problems with POP is that the password used to access a mailbox is transmitted across the network in clear text. This means that someone could determine your POP password with relative ease. This is an area in which IMAP offers an advantage over POP. It uses a more sophisticated authentication system, which makes it more difficult for someone to determine a password.
Exam Alert
POP and IMAP POP and IMAP can be used to download, or pull, email from a server, but they cannot be used to send mail. That function is left to SMTP, which can both send and receive.
Note
Web-based mail—the other, other email Although accessing email by using POP and IMAP has many good points, such systems rely on servers to hold the mail until it is downloaded to the client system. In today’s world, a more sophisticated solution to anytime/anywhere email access is needed. For many people, that solution is web-based mail. Having an Internet-based email account allows you to access your mail from anywhere and from any device that supports a web browser. Recognizing the obvious advantages of such a system, all the major email systems have, for some time, included web access gateway products.
Telnet
Telnet, which is defined in RFC 854, is a virtual terminal protocol. It allows sessions to be opened on a remote host and then for commands to be executed on that remote host. For many years, Telnet was the method by which multiuser systems such as mainframes and minicomputers were accessed by clients. It was also the connection method of choice for UNIX systems. Today, Telnet is still commonly used for accessing routers and other managed network devices.
One of the problems with Telnet is that it is not secure. As a result, remote session functionality is now almost always achieved by using alternatives such as SSH.
Exam Alert
Telnet and UNIX/Linux Telnet is used to access UNIX and Linux systems.
Internet Control Message Protocol (ICMP)
Internet Control Message Protocol (ICMP), defined in RFC 792, is a protocol that works with the IP layer to provide error checking and reporting functionality. In effect, ICMP is a tool that IP uses in its quest to provide best-effort delivery.
ICMP can be used for a number of functions. Its most common function is probably the widely used and incredibly useful ping utility. ping sends a stream of ICMP echo requests to a remote host. If the host is able to respond, it does so by sending echo reply messages back to the sending host. In that one simple process, ICMP enables the verification of the protocol suite configuration of both the sending and receiving nodes and any intermediate networking devices.
However, ICMP’s functionality is not limited to the use of the ping utility. ICMP also can return error messages such as Destination Unreachable and Time Exceeded messages. (The former message is reported when a destination cannot be contacted and the latter when the time to live [TTL] of a datagram has been exceeded.)
In addition to these and other functions, ICMP performs source quench. In a source quench scenario, the receiving host cannot handle the influx of data at the same rate as the data is being sent. To slow down the sending host, the receiving host sends ICMP source quench messages, telling the sender to slow down. This action prevents packets from being dropped and having to be re-sent.
ICMP is a useful protocol. Although ICMP operates largely in the background, the ping utility alone makes it one of the most valuable of the protocols discussed in this chapter.
Address Resolution Protocol (ARP) and Reverse Address Resolution Protocol (RARP)
Address Resolution Protocol (ARP), defined in RFC 826, is responsible for resolving IP addresses to Media Access Control (MAC) addresses. When a system attempts to contact another host, IP first determines whether the other host is on the same network it is on by looking at the IP address. If IP determines that the destination is on the local network, it consults the ARP cache to see whether it has a corresponding entry.
If no entry exists for the host in the ARP cache, a broadcast on the local network asks the host with the target IP address to send back its MAC address. The communication is sent as a broadcast because without the target system’s MAC address, the source system cannot communicate directly with the target system.
Because the communication is a broadcast, every system on the network picks it up. However, only the target system replies because it is the only device whose IP address matches the request. The target system, recognizing that it is the target of the ARP request, replies directly to the source system. It can do this because the ARP request contains the MAC address of the system that sent it. If the destination host is determined to be on a different subnet than the sending host, the ARP process is performed against the default gateway and then repeated for each step of the journey between the sending and receiving hosts.
The Reverse Address Resolution Protocol (RARP) performs the same function as ARP, but in reverse. In other words, it resolves MAC addresses to IP addresses. RARP makes it possible for applications or systems to learn their own IP address from a router or DNS server. Such a resolution is useful for tasks such as performing reverse lookups in DNS. RARP is defined in RFC 903.
Note
ARP functions The function of ARP is to resolve the IP address of a system to the MAC address of the interface on that system.
Network Time Protocol (NTP)
Network Time Protocol (NTP), defined in RFC 1305, is the part of the TCP/IP protocol suite that facilitates the communication of time between systems. The idea is that one system configured as a time provider transmits time information to other systems that can be both the time receivers and the time providers to other systems.
Time synchronization is important in today’s IT environment because of the distributed nature of applications. Two good examples of situations where time synchronization is important are email and directory services systems. In each of these cases, having time synchronized between devices is important because without it there would be no way of keeping track of changes to data and applications.
In many environments, external time sources such as radio clocks, global positioning system (GPS) devices, and Internet-based timeservers are used as sources for NTP time. In others, the BIOS clock of the system is used. Regardless of what source is used, the time information is communicated between devices by using NTP.
Note
NTP rules Specific guidelines dictate how NTP should be used. You can find these “rules of engagement” at http://support.ntp.org/bin/view/Servers/RulesOfEngagement.
NTP server and client software is available for a variety of platforms and devices. If you are looking for a way to ensure time synchronization between devices, look to NTP as a solution.
Network News Transfer Protocol (NNTP)
The Network News Transfer Protocol (NNTP) is a protocol associated with the posting and retrieval of messages from newsgroups. A newsgroup is the name given to a discussion forum hosted on a remote system. By using NNTP client software, like that included with many common email clients, users can post, reply, and retrieve messages.
Although web-based discussion forums are slowly replacing newsgroups, demand for newsgroup access remains high. The distinction between web-based discussion forums and NNTP newsgroups is that in newsgroups, messages are retrieved from the server to be read. In contrast, on a web-based discussion forum the messages are not downloaded. They are simply viewed from a remote location.
NNTP, defined in RFC 3977, is an application layer protocol that uses TCP as its transport mechanism.
Secure Copy Protocol (SCP)
The Secure Copy Protocol (SCP) is another protocol based on SSH technology. SCP provides a secure means to copy files between systems on a network. SSH technology encrypts data as it travels across the network, thereby securing it from eavesdropping. It is intended as a more secure substitute for the Remote Copy Protocol (RCP). SCP is available as a command-line utility or as part of application software for most commonly used computing platforms.
Lightweight Directory Access Protocol (LDAP)
The Lightweight Directory Access Protocol (LDAP) is a protocol that provides a mechanism to access and query directory services systems. In the context of the Network+ exam, these directory services systems are most likely to be Novell Directory Services (NDS) and Microsoft Active Directory. Although LDAP supports command-line queries executed directly against the directory database, most LDAP interactions will be via utilities such as an authentication program (network logon) or locating a resource in the directory through a search utility.
Internet Group Management Protocol (IGMP)
Internet Group Management Protocol (IGMP) is the protocol within the TCP/IP protocol suite that manages multicast groups. It allows, for example, one computer on the Internet to target content to a specific group of computers that will receive content from the sending system. This is in contrast to unicast messaging in which data is sent to a single computer or network device and not a group or a broadcast message that goes to all systems.
Multicasting is a mechanism by which groups of network devices can send and receive data between the members of the group at one time, instead of sending messages to each device in the group separately. The multicast grouping is established by each device being configured with the same multicast IP address. These multicast IP addresses are from the IPv4 Class D range including 224.0.0.0 to 239.255.255.255 address ranges. IGMP is used to register devices into a multicast group, as well as to discover what other devices on the network are members of the same multicast group. Common applications for multicasting include groups of routers on an internetwork and videoconferencing clients.
Domain Name System (DNS)
DNS performs an important function on TCP/IP-based networks. It resolves hostnames, such as www.examcram.com, to IP addresses, such as 209.202.161.67. Such a resolution system makes it possible for people to remember the names of, and refer to frequently used hosts, using the easy-to-remember hostnames rather than the hard-to-remember IP addresses.
Note
Platform independent Like other TCP/IP-based services, DNS is a platform-independent protocol. Therefore, it can be used on Linux, UNIX, Windows, NetWare, and almost every other platform.
In the days before the Internet, the network that was to become the Internet used a text file called HOSTS to perform name resolutions. The file was regularly updated with changes and distributed to other servers. The following is a sample of some entries from a HOSTS file:
As you can see, the IP address of the host is listed, along with the corresponding hostname. It is possible to add to a HOSTS file aliases of the server names, which in this example are s1 and mailserver. All the entries have to be added manually, and each system to perform resolutions has to have a copy of the file.
Exam Alert
The HOSTS file On the Network+ exam, you might be asked to identify the purpose and function of a HOSTS file.
Note
Comments in a HOSTS file A comment in a HOSTS file is preceded by a number (pound) sign (#).
Even when the Internet was growing at a relatively slow pace, using the HOSTS file was both cumbersome and prone to error. It was obvious that as the network grew, a more automated and dynamic method of performing name resolution was needed. DNS became that method.
Note
Resolution via the HOSTS file HOSTS file resolution is still supported by practically every platform. If you need to resolve only a few hosts that will not change often or at all, you can still use the HOSTS file for this.
DNS solves the problem of name resolution by offering resolution through servers configured to act as name servers. The name servers run DNS server software, which allows them to receive, process, and reply to requests from systems that want to resolve hostnames to IP addresses. Systems that ask DNS servers for a hostname-to-IP address mapping are referred to as resolvers. Figure 4.1 shows an example of the DNS resolution process.
Figure 4.1 The DNS resolution process.
Because the DNS namespace, discussed in the following section, is large, a single server cannot hold all the records for the entire namespace. As a result, there is a good chance that a given DNS server might not be able to resolve the request for a certain entry. In this case, the DNS server asks another DNS server whether it has an entry for the host.
Note
DDNS One of the problems with DNS is that despite all its automatic resolution capabilities, entries and changes to those entries must still be performed manually. A strategy to solve this problem is to use Dynamic DNS (DDNS), a newer system that allows hosts to be automatically registered with the DNS server.
The DNS Namespace
DNS operates in what is referred to as the DNS namespace. This space has logical divisions organized in a hierarchical structure. At the top level are domains such as .com (commercial) and .edu (educational), as well as domains for countries, such as .uk (United Kingdom) and .de (Germany). Below the top level are subdomains associated with organizations or commercial companies, such as Red Hat and Microsoft. Within these domains, hosts or other subdomains can be assigned. For example, the server ftp.redhat.com would be in the redhat.com domain, or another domain called, for instance, development, could be created, and hosts could be placed in that (that is, ftp.development.redhat.com). Figure 4.2 shows a graphical representation of a DNS hierarchical namespace.
Figure 4.2 An example of a DNS hierarchical namespace.
Note
FQDNs The domain name, along with any subdomains, is referred to as the fully qualified domain name (FQDN) because it includes all the components from the top of the DNS namespace to the host. For this reason, many people refer to DNS as resolving FQDNs to IP addresses.
The lower domains are largely open to use in whatever way the domain name holder sees fit. However, the top-level domains are relatively closely controlled. Table 4.2 lists a selection of the most widely used top-level DNS domain names. Recently, a number of top-level domains were added, mainly to accommodate the increasing need for hostnames.
Table 4.2 Selected Top-Level Domains in the DNS Namespace
It should be noted that although the assignment of domain names is supposed to conform to the structure in Table 4.2, the assignment of names is not as closely controlled as you might think. It’s not uncommon for some domain names to be used for other purposes. In particular, the .net and .org namespaces have been used for purposes other than what was intended.
Note
Reverse lookup Although the primary function of DNS is to resolve hostnames to IP addresses, it is also possible to have DNS perform an IP address-to-hostname resolution. This process is called reverse lookup.
Types of DNS Entries
Although the most common entry in a DNS database is an A (ADDRESS) record, which maps a hostname to an IP address, DNS can hold numerous other types of entries, as well. Some of particular note are the MX record, which is used to map entries that correspond to mail exchanger systems; and CNAME, or canonical record name, which can be used to create alias records for a system. A system can have an A record and then multiple CNAME entries for its aliases. A DNS table with all these types of entries might look like this:
As you can see, rather than map to an actual IP address, the CNAME and MX record entries map to another host, which DNS in turn can resolve to an IP address.
DNS in a Practical Implementation
In a real-world scenario, whether you use DNS is almost a nonissue. If you have Internet access, you will most certainly use DNS, but you are likely to use the DNS facilities of your ISP rather than have your own internal DNS server. However, if you operate a large, complex, multiplatform network, you might find that internal DNS servers are necessary. The major network operating system vendors are conscious of the fact that you might need DNS facilities in your organization, so they include DNS server applications with their offerings.
It is common practice for workstations to be configured with the IP addresses of two DNS servers for fault tolerance. Figure 4.3 shows an example.
Figure 4.3 The DNS entries on a Windows XP system.
The importance of DNS, particularly in environments where the Internet is heavily used, cannot be overstated. If DNS facilities are not accessible, the Internet effectively becomes unusable, unless you can remember the IP addresses of all your favorite sites.
Simple Network Management Protocol (SNMP)
Simple Network Management Protocol (SNMP) allows network devices to communicate information about their state to a central system. It also allows the central system to pass configuration parameters to the devices.
Note
SNMP is not an NMS SNMP is a protocol that facilitates network management functionality. It is not, in itself, a network management system (NMS).
Components of SNMP
In an SNMP configuration, a central system known as a manager acts as the central communication point for all the SNMP-enabled devices on the network. On each device that is to be managed and monitored via SNMP, software called an SNMP agent is set up and configured with the IP address of the manager. Depending on the configuration, the SNMP manager then communicates with and retrieves information from the devices running the SNMP agent software. In addition, the agent can communicate the occurrence of certain events to the SNMP manager as they happen. These messages are known as traps. Figure 4.4 shows how an SNMP system works.
SNMP Management Systems
An SNMP management system is a computer running a special piece of software called a network management system (NMS). These software applications can be free, or they can cost thousands of dollars. The difference between the free applications and those that cost a great deal of money normally boils down to functionality and support. All NMS systems, regardless of cost, offer the same basic functionality. Today, most NMS applications use graphical maps of the network to locate a device and then query it. The queries are built in to the application and are triggered by a point and click. You can issue SNMP requests from a command-line utility, but with so many tools available, it is simply not necessary.
Note
Trap managers Some people refer to SNMP managers or NMSs as trap managers. This reference is misleading because NMS can do more than just accept trap messages from agents.
Using SNMP and an NMS, it is possible to monitor all the devices on a network, including switches, hubs, routers, servers, and printers, as well as any device that supports SNMP, from a single location. Using SNMP, you can see the amount of free disk space on a server in Jakarta or reset the interface on a router in Helsinki—all from the comfort of your desk in San Jose. Such power, though, does bring with it some considerations. For example, because an NMS gives you the capability to reconfigure network devices, or at least get information from them, it is common practice to implement an NMS on a secure workstation platform, such as a Linux or Windows server, and to place the NMS PC in a secure location.
SNMP Agents
Although the SNMP manager resides on a PC, each device that is part of the SNMP structure also needs to have SNMP functionality enabled. This is performed through a software component called an agent.
An SNMP agent can be any device capable of running a small software component that facilitates communication with an SNMP manager. SNMP agent functionality is supported by almost any device designed to be connected to a network.
As well as providing a mechanism for managers to communicate with them, agents can tell SNMP managers when something happens. When a certain condition is met on a device running an SNMP agent, a trap is sent to the NMS, and the NMS then performs an action, depending on the configuration. Basic NMS systems may sound an alarm or flash a message onscreen. Other, more advanced, products may send a pager message, dial a cell phone, or send an email message.
Management Information Bases (MIB)
Although the SNMP trap system may be the most commonly used aspect of SNMP, the manager-to-agent communication is not just a one-way street. In addition to being able to read information from a device using the SNMP commands Get and Get Next, SNMP managers can also issue the Set command. Having just three commands might make SNMP seem like a limited mechanism, but this is not the case. The secret of SNMP’s power is in how it uses those three commands.
To demonstrate how SNMP commands work, imagine that you and a friend each have a list on which the following four words are written: four, book, sky, and table. If you, as the manager, ask your friend for the first value, she, acting as the agent, will reply “four.” This is analogous to an SNMP Get command. Now, if you ask for the next value, she would reply “book.” This is analogous to an SNMP Get Next command. If you then say “set green,” and your friend changes the word book to green, you will have performed the equivalent of an SNMP Set command. Sound simplistic? Well, if you can imagine expanding the list to include 100 values, you can see how you could navigate and set any parameter in the list, using just those three commands. The key, though, is to make sure that you and your friend have exactly the same list, which is where Management Information Bases (MIBs) come in.
SNMP uses databases of information called MIBs to define what parameters are accessible, which of the parameters are read-only, and which are capable of being set. MIBs are available for thousands of devices and services, covering every imaginable need.
Tip
Finding a MIB If you want to find a MIB for a device on your network, MIB Central (www.mibcentral.com) provides a searchable database of nearly 2,400 MIBs for a wide range of equipment.
To ensure that SNMP systems offer cross-platform compatibility, MIB creation is controlled by the International Organization for Standardization (ISO). An organization that wants to create a MIB can apply to the ISO. The ISO then assigns the organization an ID under which it can create MIBs as it sees fit. The assignment of numbers is structured within a conceptual model called the hierarchical name tree. Figure 4.5 shows an example of the MIB hierarchical name tree.
Figure 4.5 An example of the MIB hierarchical name tree.
SNMP Communities
Another feature of SNMP that allows for manageability is communities. SNMP communities are logical groupings of systems. When a system is configured as part of a community, it communicates only with other devices that have the same community name. In addition, it accepts Get, Get Next, or Set commands only from an SNMP manager with a community name it recognizes. Typically, two communities are defined by default: a public community intended for read-only use and a private community intended for read and write operations.
Whether you use SNMP depends on how many devices you have and how distributed your network infrastructure is. Even in environments that have only a few devices, SNMP can be useful because it can act as your eyes and ears, notifying you in the event of a problem on the network.
Dynamic Host Configuration Protocol (DHCP)
Dynamic Host Configuration Protocol (DHCP), defined in RFC 2131, allows ranges of IP addresses, known as scopes, to be defined on a system running a DHCP server application. When another system configured as a DHCP client is initialized, it asks the server for an address. The server then assigns an address from the DHCP scope to the client for a predetermined amount of time, known as the lease. Figure 4.6 shows a representation of DHCP.
Figure 4.6 An example of DHCP.
At various points during the lease (normally the 50% and 85% points), the client attempts to renew the lease from the server. If the server cannot perform a renewal, the lease expires at 100%, and the client stops using the address.
In addition to an IP address and the subnet mask, the DHCP server can supply many other pieces of information, although exactly what can be provided depends on the DHCP server implementation. In addition to the address information, the default gateway is often supplied, along with DNS information.
As well as having DHCP supply a random address from the scope, it’s also possible to configure it to supply a specific address to a client. Such an arrangement is known as a reservation. Reservations are a means by which you can still use DHCP for a system but at the same time guarantee that it will always have the same IP address.
The advantages of using DHCP are numerous:
• Administrators do not have to manually configure each system.
• Human error such as the assignment of duplicate IP addresses is eliminated.
• Reconfiguring systems is unnecessary if they move from one subnet to another or if you decide to make a wholesale change of the IP addressing structure.
The downsides are that DHCP traffic is broadcast based and thus generates network traffic, albeit a small amount. Also, the DHCP server software must be installed and configured on a server, which can place additional processor load (again, minimal) on that system. From an administrative perspective, after the initial configuration, DHCP is about as maintenance free as a service can get, with only occasional monitoring normally required.
Note
Platform independence DHCP is a protocol-dependent service, but it is not platform dependent. This means that you can use, for instance, a Linux DHCP server for a network with Windows clients or a Novell DHCP server with Linux clients. Although the DHCP server offerings in the various network operating systems might differ slightly, the basic functionality is the same across the board. Likewise, the client configuration for DHCP servers running on a different operating system platform is the same as for DHCP servers running on the same base operating system platform.
To better understand how DHCP works, it is worth spending a few minutes looking at the processes that occur when a DHCP-enabled client connects to the network. When a system configured to use DHCP comes onto the network, it broadcasts a special packet that looks for a DHCP server. This packet is known as the DHCPDISCOVER packet. The DHCP server, which is always on the lookout for DHCPDISCOVER broadcasts, picks up the packet and compares the request with the scopes that it has defined. If it finds that it has a scope for the network from which the packet originated, it chooses an address from the scope, reserves it, and sends the address, along with any other information, such as the lease duration, to the client. This is known as the DHCPOFFER packet. Because the client still does not have an IP address, this communication is also achieved via broadcast.
When the client receives the offer, it looks at the offer to determine whether it is suitable. If more than one offer is received, which can happen if more than one DHCP server is configured, the offers are compared to see which is best. Best in this context can involve a variety of criteria but is normally the length of the lease. When the selection process is complete, the client notifies the server that the offer has been accepted, through a packet called a DHCPREQUEST packet, at which point the server finalizes the offer and sends the client an acknowledgment. This last message, which is sent as a broadcast, is known as a DHCPACK packet. When the client system has received the DHCPACK, it initializes the TCP/IP suite and can communicate on the network. Figure 4.7 shows a representation of the DHCP process between a server and a client.
Note
What if the DHCP server is on a different subnet from the client? A common question about DHCP is, “What happens if the DHCP server is on a different subnet from the client?” Normally, a router is configured not to forward a broadcast, but if the router is configured appropriately, it recognizes that the broadcast packet is a DHCP discovery packet, and it therefore forwards the packet. When it does, however, it embeds in the packet information about which network the packet originated from. This allows the DHCP server to match the source network address with one of its ranges. This strategy allows a single DHCP server to serve the entire internetwork. If the router doesn’t accommodate DHCP forwarding, a special service called a DHCP relay agent can be configured on a server. The DHCP relay agent forwards DHCP packets directly to the DHCP server instead of using broadcasts, allowing packets to traverse the routers.
Transport Layer Security
The Transport Layer Security (TLS) protocol is a security protocol designed to ensure privacy between communicating client/server applications. When a server and client communicate, TLS ensures that no one can eavesdrop and intercept or otherwise tamper with the data message. TLS is the successor to SSL.
TLS is composed of two layers: the first is the TLS Record Protocol and the second is the TLS Handshake Protocol. The TSL Record Protocol uses a reliable transport protocol such as TCP and ensures that the connection made between systems is private using data encryption. The TLS Handshake Protocol is used for authentication between the client and the server.
Note
More about security Authentication, encryption, and more on security protocols is covered in Chapter 13, “Network Management Tools and Documentation Procedures.”
Session Initiation Protocol
We all know that long distance calls are expensive, in part because it is costly to maintain phone lines and employ technicians to keep those phones ringing. Voice over IP (VoIP) is a cheaper alternative for our phone service. VoIP technology allows voice conversations to occur by traveling through IP packets and via the Internet. VoIP avoids the high cost of regular phone calls by using the existing infrastructure of the Internet; no monthly bills or expensive long distance charges are required. But how does it work?
Like every other type of network communication, VoIP requires protocols to make the magic happen. In the case of VoIP, one such protocol is the Session Initiation Protocol (SIP). SIP is an application layer protocol designed to establish and maintain multimedia sessions such as Internet telephony calls. This means that SIP can create communication sessions for such features as audio/videoconferencing, online gaming, and person-to-person conversations over the Internet. SIP does not operate alone; it uses TCP or UDP as transport protocols. Remember, TCP allows guaranteed delivery of data packets, whereas UDP is a fire-and-forget transfer protocol.
Exam Alert
SIP security services SIP also includes a suite of security services, which includes denial-of-service prevention, authentication (both user to user and proxy to user), integrity protection, and encryption and privacy services.
Real-time Transport Protocol (RTP)
Through the Internet or over our networks, we can use a variety of multimedia services such as video conferencing, VoIP, and streaming audio. The demand for these types of real-time applications is increasing, creating the need for protocols to support them. Currently, TCP and UDP are widely used Internet transport protocols; however, both were not designed with real-time applications in mind. The Real-Time Transport Protocol (RTP) was designed specifically for the transport of real-time applications. Although RTP may be known as a transport protocol, it still rides on top of other protocols, often UDP. Using UDP, RTP does not guarantee delivery of multimedia data. UDP is most often used because applications using RTP are less sensitive to packet loss, but typically very sensitive to delays.
Exam Alert
RTP For the Network+ exam, remember that RTP is the Internet-standard protocol for the transport of real-time data, including audio and video. RTP does not guarantee delivery of data.
RTP is responsible to carry the data that has real-time properties. It combines this transport responsibility with the Real-time Transport Protocol Control Protocol (RTCP). The function of the RTCP is to monitor the data delivery, looking for dropped data packets, and to help ensure quality of service (QoS).
Review Break
TCP/IP Protocol Suite Summary
Table 4.3 summarizes the details of each of the protocols discussed in the preceding sections. You can use this table for review before you take the Network+ exam.
Table 4.3 TCP/IP Protocol Suite Summary
Exam Alert
Table review Review the information provided in Table 4.3 before taking the Network+ exam. You can expect to find questions on protocols and their purpose on the exam.
Identifying Common TCP/IP Port Numbers
The TCP/IP protocol suite offers so many services and applications that a mechanism is needed to identify to which protocol the incoming communications should be sent. That mechanism is a TCP/IP port.
Each TCP/IP protocol or application has a port associated with it. When a communication is received, the target port number is checked to see what protocol or service it is destined for. The request is then forwarded to that protocol or service. Take, for example, HTTP, whose assigned port number is 80. When a web browser forms a request for a web page, the request is sent to port 80 on the target system. When the target system receives the request, it examines the port number, and when it sees that the port is 80, it forwards the request to the web server application.
You can understand ports by thinking about the phone system of a large company. You can dial a central number (analogous to the IP address) to reach the switchboard, or you can append an extension number to get to a specific department directly (analogous to the port number). Another analogy is an apartment block. An apartment block has a single street address, but each apartment in the building has its own apartment number.
TCP/IP has 65,535 ports available, but they are broken down into three designations:
• Well-known ports—The port numbers range from 0 to 1023. Be prepared to identify which ports are considered well known for the Network+ exam.
• Registered ports—The port numbers range from 1024 to 49151. Registered ports are used by applications or services that need to have consistent port assignments.
• Dynamic or private ports—The port numbers range from 49152 to 65535. These ports are not assigned to any protocol or service in particular and can be used for any service or application.
It is common for protocols to establish communication on one of the well-known ports and then move to a port in the dynamic range for the rest of the conversation. It’s a bit like using a CB radio, in that you try to get a “breaker” on Channel 19, but then you go to another channel to have a conversation, leaving 19 open for others.
Note
IANA You can obtain a list of port numbers from Internet Assigned Numbers Authority (IANA) at www.iana.org/assignments/port-numbers.
Understanding some of the most common TCP/IP port assignments is important because administrators are often required to specify port assignments when working with applications and configuring security for a network. Table 4.4 shows some of the most well-known port assignments. For the Network+ exam, concentrate on the information provided in Table 4.4, and you should be able to answer any port-related questions you might receive.
Table 4.4 Some of the Most Common TCP/IP Suite Protocols and Their Port Assignments
Exam Alert
Port numbers Expect to know what port numbers are used for each protocol for the Network+ exam.
Note
You may have noticed in Table 4.4 that FTP has two ports associated with it. Port 20 is considered the Data port, whereas Port 21 is considered the Control port. In practical use, FTP connections use Port 21. Port 20 is rarely used in modern implementations.
Although these are the standard ports for each of these protocols, in some cases it’s possible to assign other port numbers to services. For example, you might choose to have one web server application listen to the default port 80 while another listens to a different port. The result would be that if a user accesses the server but specifies a different port number, the user would be directed to the other web server application running on the server.
Based on the information provided, you would likely recommend configuring the firewall to allow SMTP (port 25) traffic for sending email and POP3 (110) for receiving email. Nonsecure browsing would require HTTP (80), and secure browsing would require HTTPS (443). Name resolutions would be performed via DNS (53). FTP access would require ports 20 and 21 to be opened. Time information is transmitted using the NTP protocol (123). Newsgroup access is facilitated through the NNTP protocol on port 119.
Summary
This chapter introduces the TCP/IP protocol used in all modern network environments. A protocol is a set of rules that govern how communication and the exchange of data take place between devices on a network.
The TCP/IP protocol suite is composed of several individual protocols. Each individual protocol provides a different function for the protocol suite. Some protocols, such as RTP, UDP and TCP, are transport protocols; others, such as POP3, IMAP, and SMTP, are used for email. Knowing each protocol and its function is an important part of network administration.
Each protocol within the TCP/IP protocol suite requires a port through which to access and leave a system. These ports can be blocked to prevent a certain protocol from functioning on that system.
Key Terms
• TCP
• FTP
• UDP
• DHCP
• TFTP
• DNS
• HTTP(S)
• ARP
• SSH
• POP3
• NTP
• IMAP4
• Telnet
• SMTP
• SNMP2/3
• ICMP
• IGMP
• TLS
Apply Your Knowledge
Exercise
4.1 Testing ports on your computer
As mentioned previously, protocols enter and leave a computer system using ports. If these ports are not properly configured, intruders can enter through them. In this exercise you are going to test the security of your computer’s ports.
Estimated time: 10 minutes
1. Open your web browser and go to http://www.grc.com. Click the Shields Up logo on the screen.
2. Scroll down the page until you find the link Shieldsup! It is red and on the left side of the screen.
3. Select the Proceed button to continue.
4. On this screen you can choose what you would like to have scanned. Choose the All Service Ports option as shown in Figure 4.8.
5. Your system will be scanned, and any potential security breaches will be noted.
Exam Questions
1. What is the function of HTTP?
A. It allows files to be retrieved from web servers.
B. It provides a mechanism for time synchronization information to be communicated between hosts.
C. It allows virtual terminal sessions to be opened on a remote host.
D. It resolves NetBIOS names to IP addresses.
2. On a DHCP system, what term is given to the period of time for which a system is assigned an address?
A. Rent
B. Sublet
C. Lease
D. Assignment time
3. Which of the following are considered transport protocols? (Choose the two best answers.)
A. TCP
B. IP
C. UDP
D. NCP
4. When using FTP, which command would you use to upload multiple files at once?
A. mget
B. put
C. mput
D. get
5. During a discussion, your ISP’s technical support representative mentions that you might have been using the wrong FQDN. Which TCP/IP-based network service is the representative referring to?
A. DHCP
B. RTP
C. SNMP
D. DNS
6. What is the function of ARP?
A. It resolves MAC addresses to IP addresses.
B. It secures RARP transfers.
C. It resolves IP addresses to MAC addresses.
D. It resolves hostnames to IP addresses.
7. What is the function of NTP?
A. It provides a mechanism for the sharing of authentication information.
B. It is used to access shared folders on a Linux system.
C. It is used to communicate utilization information to a central manager.
D. It is used to communicate time synchronization information between systems.
8. Which port is assigned to the POP3 protocol?
A. 21
B. 123
C. 443
D. 110
9. When you are configuring a new server application, the manual tells you to enable access through port 443. What kind of application are you configuring?
A. A virtual terminal application
B. A web-based email application
C. An FTP server
D. A secure website
10. What is the purpose of a reverse lookup in DNS?
A. It resolves IP addresses to hostnames.
B. It identifies potential DNS intrusions.
C. It resolves hostnames to IP addresses.
D. It allows you to see who owns a particular domain name.
11. In SNMP, what message is sent by a system in the event of a threshold being triggered?
A. Alert
B. Trap
C. Catch
D. Signal
12. Which of the following port ranges is described as “well known”?
A. 0 to 1023
B. 1024 to 49151
C. 49152 to 65535
D. 65535 to 78446
13. Which of the following is considered an application protocol?
A. TCP
B. IP
C. UDP
D. FTP
14. Which of the following protocols is the Internet-standard protocol for the transport of real-time data?
A. RCP
B. RIP
C. RTP
D. SCP
15. Which of the following protocols is associated with network management?
A. SNMP
B. TCP
C. IP
D. UDP and TCP
16. You are troubleshooting a network and find that you are able to ping the IP address of a remote system but not its hostname. Which of the following protocols may not be functioning correctly?
A. SNMP
B. SCP
C. DNS
D. RTP
17. Which of the following top-level domain names is reserved for educational websites?
A. .lib
B. .educate
C. .edu
D. .univ
18. While tightening security on a computer system, you close port 23. Which of the following services would be affected?
A. FTP
B. SMTP
C. Telnet
D. SSH
19. TCP is an example of what kind of transport protocol?
A. Connection-oriented
B. Connection-reliant
C. Connection-dependent
D. Connectionless
20. Because of security concerns, you have been asked to block ports 143 and 25. Which of the following services are being blocked?
A. TFTP
B. IMAP4
C. SMTP
D. DNS
Answers to Exam Questions
1. A. Web browsers use HTTP to retrieve text and graphics files from web servers. Answer B describes NTP, answer C describes SSH or Telnet, and answer D describes the function of WINS. For more information, see the section “Transmission Control Protocol/Internet Protocol (TCP/IP) Protocol Suite” in this chapter.
2. C. The term lease is used to describe the amount of time a DHCP client is assigned an address. All the other terms are invalid. For more information, see the section “Dynamic Host Configuration Protocol (DHCP)” in this chapter.
3. A, C. Both UDP and TCP are transport protocols. IP is a network protocol, and NCP is an application protocol. For more information, see the section “Transmission Control Protocol/Internet Protocol (TCP/IP) Protocol Suite” in this chapter.
4. C. The mput command, which is an abbreviation for multiple put, allows more than one file to be uploaded at a time. mget is used to download multiple files in a single command, put is used to upload a single file, and get is used to download a single file. For more information, see the section “File Transfer Protocol (FTP)” in this chapter.
5. D. DNS is a system that resolves hostnames to IP addresses. The term FQDN is used to describe the entire hostname. None of the other services use FQDNs. For more information, see the section “The DNS Namespace” in this chapter.
6. C. ARP resolves IP addresses to MAC addresses. Answer A describes the function of RARP, answer B is incorrect because ARP is not used to secure RARP, and answer D describes the process of DNS resolution. For more information, see the section “Address Resolution Protocol (ARP) and Reverse Address Resolution Protocol (RARP)” in this chapter.
7. D. NTP is used to communicate time synchronization information between systems. NFS is typically associated with accessing shared folders on a Linux system. Utilization information is communicated to a central management system most commonly by using the SNMP protocol. For more information, see the section “Network Time Protocol (NTP)” in this chapter.
8. D. POP3 uses port 110 for network communication. Port 21 is used for FTP, port 123 is used by NTP, and port 443 is used by HTTPS. For more information, see the section “Identifying Common TCP/IP Port Numbers” in this chapter.
9. D. Port 443 is used by HTTPS. Therefore, the application you are configuring is likely to be a secure website application. A virtual terminal application is most likely to use Telnet on TCP/IP port 23, or SSH on port 22. A web-based email application is most likely to use the HTTP protocol on TCP/IP port 80. An FTP server would need access to the TCP/IP port for the FTP protocol, which is 20 and 21. For more information, see the section “Identifying Common TCP/IP Port Numbers” in this chapter.
10. A. A reverse lookup resolves an IP address to a hostname rather than the hostname-to-IP address resolution normally performed by DNS. Answer B is not valid, answer C describes the process of a standard DNS resolution, and answer D is not a valid answer. For more information, see the section “Transmission Control Protocol/Internet Protocol (TCP/IP) Protocol Suite” in this chapter.
11. B. The term used to refer to a message sent by an SNMP agent when a condition is met is trap message. None of the other terms are used to describe the message sent by SNMP. For more information, see the section “Simple Network Management Protocol (SNMP)” in this chapter.
12. A. Well-known ports are defined in the range 0 to 1023. Answer B describes the range known as registered ports 1024 to 49151. Answer C describes the dynamic, or private, ports, which range from 49152 to 65535. Answer D is not a valid answer. For more information, see the section “Identifying Common TCP/IP Port Numbers” in this chapter.
13. D. FTP is an application protocol. TCP and UDP are transport protocols, and IP is a network protocol. For more information, see the section “Transmission Control Protocol/Internet Protocol (TCP/IP) Protocol Suite” in this chapter.
14. C. The Real-time Transport Protocol (RTP) is the Internet-standard protocol for the transport of real-time data, including audio and video. SCP allows files to be copied securely between two systems. For more information see the section “Real-time Transport Protocol (RTP)” in this chapter.
15. A. SNMP allows network devices to communicate information about their state to a central system known as a manager. It also allows the central system to pass configuration parameters to the devices. In this way it is used to help monitor the network. For more information, see the section “Components of SNMP” in this chapter.
16. C. DNS performs an important function on TCP/IP-based networks. It resolves hostnames, such as www.examcram.com, to IP addresses, such as 209.202.161.67. If DNS is not present or working correctly, it would not be possible for a system to resolve hostnames to IP addresses. Refer to the section “Domain Name System (DNS)” for more information.
17. C. There are several top-level DNS names reserved. These include .com (commercial organizations), .edu (educational organizations/establishments), and .gov (government). For more information on DNS naming, refer to the section “The DNS Namespace.”
18. C. Telnet uses port 23. If an administrator blocked this port, the Telnet service would be unavailable. FTP uses port 21, SSH uses port 22, and SMTP uses port 25. For more information on DNS naming, refer to the section “Identifying Common TCP/IP Port Numbers” in this chapter.
19. A. TCP is an example of connection-oriented transport protocol. UDP is an example of a connectionless protocol. Connection-reliant and connection-dependent are not terms commonly associated with protocols. For more information, see the section “Transmission Control Protocol/Internet Protocol (TCP/IP) Protocol Suite” in this chapter.
20. B, C. If port 143 were blocked, the IMAP4 protocol would be blocked. IMAP4 is used to retrieve email from a email server. If port 25 were blocked, the SMTP service would be unavailable. SMTP is used to transport email throughout the network. Answer A is incorrect because TFTP uses port 69, and answer D is incorrect because DNS uses port 53. For more information, see the section “Identifying Common TCP/IP Port Numbers” in this chapter.