Академический Документы
Профессиональный Документы
Культура Документы
OSI Ref. Layer No. OSI Layer Equivalent TCP/IP Layer TCP/IP Proto
5,6,7 Application, presentation, session Application NFS, NIS, DN
rlogin, rsh, rc
and others
4 Transport Transport TCP, UDP, SC
3 Network Internet IPv4, IPv6, A
2 Data link Data link PPP, IEEE 80
1 Physical Physical network Ethernet (IEE
RS-232, FDD
The table shows the TCP/IP protocol layers and the OSI model equivalents. Also shown are examples
of the protocols that are available at each level of the TCP/IP protocol stack. Each system that is
involved in a communication transaction runs a unique implementation of the protocol stack.
Data-Link Layer
The data-link layer identifies the network protocol type of the packet, in this instance TCP/IP. The
data-link layer also provides error control and “framing.” Examples of data-link layer protocols are
Ethernet IEEE 802.2 framing and Point-to-Point Protocol (PPP) framing.
Internet Layer
The Internet layer, also known as the network layer or IP layer, accepts and delivers packets for the
network. This layer includes the powerful Internet Protocol (IP), the Address Resolution Protocol
(ARP), and the Internet Control Message Protocol (ICMP).
IP Protocol
The IP protocol and its associated routing protocols are possibly the most significant of the entire
TCP/IP suite. IP is responsible for the following:
• IP addressing – The IP addressing conventions are part of the IP protocol. Designing an IPv4
Addressing Scheme introduces IPv4 addressing and IPv6 Addressing Overview introduces IPv6
addressing.
• Host-to-host communications – IP determines the path a packet must take, based on the
receiving system's IP address.
• Packet formatting – IP assembles packets into units that are known as datagrams. Datagrams
are fully described in Internet Layer: Where Packets Are Prepared for Delivery.
• Fragmentation – If a packet is too large for transmission over the network media, IP on the
sending system breaks the packet into smaller fragments. IP on the receiving system then
reconstructs the fragments into the original packet.
Oracle Solaris supports both IPv4 and IPv6 addressing formats, which are described in this book. To
avoid confusion when addressing the Internet Protocol, one of the following conventions is used:
• When the term “IP” is used in a description, the description applies to both IPv4 and IPv6.
• When the term “IPv4” is used in a description, the description applies only to IPv4.
• When the term “IPv6” is used in a description, the description applies only to IPv6.
ARP Protocol
The Address Resolution Protocol (ARP) conceptually exists between the data-link and Internet layers.
ARP assists IP in directing datagrams to the appropriate receiving system by mapping Ethernet
addresses (48 bits long) to known IP addresses (32 bits long).
ICMP Protocol
The Internet Control Message Protocol (ICMP) detects and reports network error conditions. ICMP
reports on the following:
Chapter 8, Administering a TCP/IP Network (Tasks) contains more information on Oracle Solaris
commands that use ICMP for error detection.
Transport Layer
The TCP/IP transport layer ensures that packets arrive in sequence and without error, by swapping
acknowledgments of data reception, and retransmitting lost packets. This type of communication is
known as end-to-end. Transport layer protocols at this level are Transmission Control Protocol (TCP),
User Datagram Protocol (UDP), and Stream Control Transmission Protocol (SCTP). TCP and SCTP
provide reliable, end-to-end service. UDP provides unreliable datagram service.
TCP Protocol
TCP enables applications to communicate with each other as though they were connected by a physical
circuit. TCP sends data in a form that appears to be transmitted in a character-by-character fashion,
rather than as discrete packets. This transmission consists of the following:
TCP attaches a header onto the transmitted data. This header contains many parameters that help
processes on the sending system connect to peer processes on the receiving system.
TCP confirms that a packet has reached its destination by establishing an end-to-end connection
between sending and receiving hosts. TCP is therefore considered a “reliable, connection-oriented”
protocol.
SCTP Protocol
SCTP is a reliable, connection-oriented transport layer protocol that provides the same services to
applications that are available from TCP. Moreover, SCTP can support connections between systems
that have more than one address, or multihomed. The SCTP connection between sending and receiving
system is called an association. Data in the association is organized in chunks. Because SCTP supports
multihoming, certain applications, particularly applications used by the telecommunications industry,
need to run over SCTP, rather than TCP.
UDP Protocol
UDP provides datagram delivery service. UDP does not verify connections between receiving and
sending hosts. Because UDP eliminates the processes of establishing and verifying connections,
applications that send small amounts of data use UDP.
Application Layer
The application layer defines standard Internet services and network applications that anyone can use.
These services work with the transport layer to send and receive data. Many application layer
protocols exist. The following list shows examples of application layer protocols:
• Standard TCP/IP services such as the ftp, tftp, and telnet commands
• Name services, such as NIS and the domain name system (DNS)
• Router Discovery Server protocol (RDISC) and Routing Information Protocol (RIP) routing
protocols
Standard TCP/IP Services
• FTP and Anonymous FTP – The File Transfer Protocol (FTP) transfers files to and from a
remote network. The protocol includes the ftp command and the in.ftpd daemon. FTP enables a
user to specify the name of the remote host and file transfer command options on the local
host's command line. The in.ftpd daemon on the remote host then handles the requests from
the local host. Unlike rcp, ftp works even when the remote computer does not run a UNIX
based operating system. A user must log in to the remote system to make an ftp connection,
unless the remote system has been configured to allow anonymous FTP.
You can obtain an enormous amount of material from anonymous FTP servers that are
connected to the Internet. Universities and other institutions set up these servers to offer
software, research papers, and other information to the public domain. When you log in to this
type of server, you use the login name anonymous, hence the term “anonymous FTP server.”
Using anonymous FTP and setting up anonymous FTP servers is outside the scope of this
manual. However, many books, such as The Whole Internet User's Guide & Catalog, discuss
anonymous FTP in detail. Instructions for using FTP are in System Administration Guide:
Network Services. The ftp(1) man page describes all ftp command options that are invoked
through the command interpreter. The ftpd(1M) man page describes the services that are
provided by the in.ftpd daemon.
• TFTP – The Trivial File Transfer Protocol (tftp) provides functions that are similar to ftp, but the
protocol does not establish ftp's interactive connection. As a result, users cannot list the
contents of a directory or change directories. A user must know the full name of the file to be
copied. The tftp(1)man page describes the tftp command set.
Figure 5.26 shows the difference between a subnet mask and a supernet mask.
Asubnet mask that divides a block into eight subblocks has three more 1s (23= 8)
thanthe default mask; a supernet mask that combines eight blocks into one
superblock hasthree less 1s than the default mask.
Q.)State and explain reassembly module of IP Package.
Q.) Explain unicast, anycast and multicast address in Ipv6.
Unicast AddressA unicast address defines a single interface (computer or router). The packet sent
to aunicast address will be routed to the intended recipient. As we see shortly, IPv6 has des-ignated
a large block from which unicast addresses can be assigned to interfaces.
Anycast Address An anycast address defines a group of computers that all share a single address.
Apacket with an anycast address is delivered to only one member of the group, the mostreachable
one. An anycast communication is used, for example, when there are severalservers that can
respond to an inquiry. The request is sent to the one that is most reach-able. The hardware and
software generate only one copy of the request; the copyreaches only one of the servers. IPv6 does
not designate a block for anycasting; theaddresses are assigned from the unicast block.
Multicast AddressA multicast address also defines a group of computers. However, there is a
differencebetween anycasting and multicasting. In multicasting, each member of the group receives
a copy. As we will see shortly, IPv6 has designated a block for multicastingfrom which the same
address is assigned to the members of the group.
Theoretically, there are 2^32 IPv4 addresses, a little more than 4 billion IPv4 addresses. The number of
IPv4 available addresses is actually less than the theoretical number, since some of the addresses in a
network are reserved for broadcasting, multicasting or other special purposes, they cannot be assigned
to hosts.
With the explosion of devices online, the available IPv4 addresses are just not enough. NAT was
designed as a temporary solution to circumvent this problem and support IPv4 address reusability. NAT
resulted in IPv4 addresses being divided into two broad categories: Public and Private. The range of
private IPv4 addresses can be used by anyone and are unregistered, which means that they cannot be
recognized outside the network in which they are assigned.
Now, when a host with a private IP address wants to communicate with a server outside its private
network, it uses the public IP address of the NAT to do so. This way the internal/private address is
identified as the public address to the outside world because the server needs a unique and routable
address, on the internet, to reply. A NAT device uses the PAT (Port Address Translation) method to
remember the IP address and source port of the private host. It uses these records to translate the
packets received and send them to the original host that requested that info.
Another benefit of using NAT is that it keeps the private hosts hidden from the outside world.
Everyone, outside the private network, could only see the public address and nothing beyond it.
Q. 3)List the layers in OSI model. Explain any two of them in detail.
Ans.
Physical layer is concerned with the actual transmission and reception of raw bits over physical media.
At this level, you can talk about the physical media over which data is moving — ethernet, power lines,
radio signals, telephone wire, etc.
Data link layer is concerned with the correct transmission of data between two nodes over the
physical layer. Here, you're talking about how the network interfaces are actually sending and receiving
data over the physical layer, as opposed to merely observing that data is moving at all.
Network layer is concerned with the way nodes can find and communicate with each other over the
data link layer. After all, if the nodes can't find each other, they can't send or receive messages from
each other. There are different ways to approach this, and one size definitely does not fit all (see
network topologies).
Transport layer is concerned with the reliable transmission of segments of data, including how to deal
with faults and compensating for connection errors, over the network layer. At this level, you are
dealing with the realities of sending data over distance: the message can degrade before it arrives at its
destination.
Session layer is concerned with correctly addressing another network node or being addressed by one
over the transport layer. This makes sure a local node is ready to receive a message without being
interrupted, and that the remote node is ready to receive what the local node wants to send.
Presentation layer is concerned with the representation of information as data, sent over the
transport layer, mediated by the session layer. A major function of this is also making sure that data
going in can be used by the local node, and that data going out can be used by the remote node.
Finally, application layer is concerned with the actual use of data received over the network (by
decoding it, possibly displaying it or passing it on to another program), or allowing users/programs to
input/modify data to send via the presentation layer.
Q. 4)Write a short note on Ipv4. Compare IPV4 with IPV6.Differentiate betwen Ipv4 nd ipv6(IMP)
Ans.
Pv4 has 32-bit address length IPv6 has 128-bit address length
It Supports Manual and DHCP address It supports Auto and renumbering address configuration
configuration
In IPv4 end to end connection integrity is In IPv6 end to end connection integrity is Achievable
Unachievable
It can generate 4.29×109 address space Address space of IPv6 is quite large it can produce
3.4×1038 address space
Security feature is dependent IPSEC is inbuilt security feature in the IPv6 protocol
onapplication
Address representation of IPv4 in decimal Address Representation of IPv6 is in hexadecimal
Fragmentation performed by Sender and In IPv6 fragmentation performed only by sender
forwarding routers
In IPv4 Packet flow identification is not In IPv6 packetflow identification are Available and uses
available flow label field in the header
In IPv4 checksumfield is available In IPv6 checksumfield is not available
It has broadcast Message Transmission In IPv6 multicast and any cast message transmission
Scheme scheme is available
In IPv4 Encryption and Authentication In IPv6 Encryption and Authentication are provided
facility not provided
Q.5)Explain the four levels of addresses are used in the TCP/IP protocols.
Ans.
Four levels of addresses are used in the TCP/IP protocol: physical address, logical address, port
address, and application-specific address as shown in Figure.
Physical Addresses
• The physical address, also known as the link address, is the address of a node as defined by its
LAN or WAN.
• The size and format of these addresses vary depending on the network. For example, Ethernet
uses a 6-byte (48-bit) physical address.
• Physical addresses can be either unicast (one single recipient), multicast (a group of recipients),
or broadcast (to be received by all systems in the network.
• Example: Most local area networks use a 48-bit (6-byte) physical address written as 12
hexadecimal digits; every byte (2 hexadecimal digits) is separated by a colon, as shown below:
A 6-byte (12 hexadecimal digits) physical address 07:01:02:01:2C:4B
Logical Addresses
• Logical addresses are used by networking software to allow packets to be independent of the
physical connection of the network, that is, to work with different network topologies and
types of media.
• A logical address in the Internet is currently a 32-bit address that can uniquely define a host
connected to the Internet. An internet address in IPv4 in decimal numbers 132.24.75.9
• No two publicly addressed and visible hosts on the Internet can have the same IP address.
• The physical addresses will change from hop to hop, but the logical addresses remain the same.
• The logical addresses can be either unicast (one single recipient), multicast (a group of
recipients), or broadcast (all systems in the network). There are limitations on broadcast
addresses.
Port Addresses
• There are many application running on the computer. Each application run with a port no.
(logically) on the computer.
• A port number is part of the addressing information used to identify the senders and receivers
of messages.
• Port numbers are most commonly used with TCP/IP connections.
• These port numbers allow different applications on the same computer to share network
resources simultaneously.
• The physical addresses change from hop to hop, but the logical and port addresses usually
remain the same.
• Example: a port address is a 16-bit address represented by one decimal number 753
Application-Specific Addresses
• Some applications have user-friendly addresses that are designed for that specific application.
• Examples include the e-mail address (for example, forouzan@fhda.edu) and the Universal
Resource Locator (URL) (for example, www.mhhe.com). The first defines the recipient of an e-
mail; the second is used to find a document on the World Wide Web.
The different classes of IP addresses (Class A, Class B, Class C, Class D & Class E) were created to
allow for carving up the entire set of all IP addresses into chunks of different sizes that would 'fit' the
number of hosts on the network for which the IP address space was being supplied. The chart below
gives you a breakdown of how the Classful system breaks up the IP address space.
One solution that was created for reduce utilization of IP addresses was Network Address Translation.
This involved the use of private IP addresses and a device that translates private IP addresses into
public IP addresses.
As the list of available IP addresses was depleted it became clear that a new solution was needed that
provided more addresses and efforts turned towards developing what is called IP v6
Adds a target to Nping's target list. This option is provided for consistency but its use is
deprecated in favor of plain target specifications. See the section called “Target Specification”.
Sets the IP TOS field. The TOS field is used to carry information to provide quality of service
features. It is normally used to support a technique called Differentiated Services. See RFC 2474
for more information. <tos> must be a number in the range [0–255].
Sets the IPv4 Identification field. The Identification field is a 16-bit value that is common to all
fragments belonging to a particular message. The value is used by the receiver to reassemble the
original message from the fragments received. <id> must be a number in the range [0–65535].
Sets the Don't Fragment bit in sent packets. When an IP datagram has its DF flag set,
intermediate devices are not allowed to fragment it so if it needs to travel across a network with
a MTU smaller that datagram length the datagram will have to be dropped. Normally an ICMP
Destination Unreachable message is generated and sent back to the sender.
Sets the IPv4 Time-To-Live (TTL) field in sent packets to the given value. The TTL field specifies
how long the datagram is allowed to exist on the network. It was originally intended to
represent a number of seconds but it actually represents the number of hops a packet can
traverse before being dropped. The TTL tries to avoid a situation in which undeliverable
datagrams keep being forwarded from one router to another endlessly. <hops> must be a
number in the range [0–255].
Asks Nping to use an invalid IP checksum for packets sent to target hosts. Note that some
systems (like most Linux kernels), may fix the checksum before placing the packet on the wire, so
even if Nping shows the incorrect checksum in its output, the packets may be transparently
corrected by the kernel.
--ip-options <S|R [route]|L [route]|T|U ...>, --ip-options <hex string> (IP Options)
The IP protocol offers several options which may be placed in packet headers. Unlike the
ubiquitous TCP options, IP options are rarely seen due to practicality and security concerns. In
fact, many Internet routers block the most dangerous options such as source routing. Yet options
can still be useful in some cases for determining and manipulating the network route to target
machines. For example, you may be able to use the record route option to determine a path to a
target even when more traditional traceroute-style approaches fail. Or if your packets are being
dropped by a certain firewall, you may be able to specify a different route with the strict or loose
source routing options.
The most powerful way to specify IP options is to simply pass in hexadecimal data as the
argument to --ip-options. Precede each hex byte value with \x. You may repeat certain characters
by following them with an asterisk and then the number of times you wish them to repeat. For
example, \x01\x07\x04\x00*4 is the same as \x01\x07\x04\x00\x00\x00\x00.
Note that if you specify a number of bytes that is not a multiple of four, an incorrect IP header
length will be set in the IP packet. The reason for this is that the IP header length field can only
express multiples of four. In those cases, the length is computed by dividing the header length by
4 and rounding down. This will affect the way the header that follows the IP header is
interpreted, showing bogus information in Nping or in the output of any sniffer. Although this
kind of situation might be useful for some stack stress tests, users would normally want to
specify explicit padding, so the correct header length is set.
Nping also offers a shortcut mechanism for specifying options. Simply pass the letter R, T, or U
to request record-route, record-timestamp, or both options together, respectively. Loose or strict
source routing may be specified with an L or S followed by a space and then a space-separated
list of IP addresses.
For more information and examples of using IP options with Nping, see the mailing list post at
http://seclists.org/nmap-dev/2006/q3/0052.html.
This option sets a fictional MTU in Nping so IP datagrams larger than <size> are fragmented
before transmission. <size> must be specified in bytes and corresponds to the number of octets
that can be carried on a single link-layer frame.
For example you could break up the class C network 200.200.200.0/255.255.255.0 into two smaller
networks (potentially at separate locations) 200.200.200.0/255.255.255.128 and
200.200.200.128/255.255.255.128 assuming neither needed more than 126 hosts. In reality most
companies only get enough IPv4 addresses for the servers that need to be on the public Internet. I've
personally seen set ups with 32,16, & 8 address networks (that would be masks of 255.255.255.224,
255.255.255.240, & 255.255.255.248 respectively)
Having IP networks only in class size blocks was too restrictive in limited the number of networks that
could be allowed - the 127 class A networks taking half of the space. Not to mention that having a 24
billion node network is completely unmanageable Instead in 1993 Classless Inter-Domain Routing
(CIDR) was introduced to allow the networks to be split up.
Also to be clear the purpose of the subnet mask is to determine which hosts are on the local network
and which are outside of the network. Hosts can talk directly to hosts on the same network, but they
need to communicate with a router to talk to hosts on external networks.
To reduce the wastage of IP addresses in a block, we use sub-netting. What we do is that we use host
id bits as net id bits of a classful IP address. We give the IP address and define the number of bits for
mask along with it (usually followed by a ‘/’ symbol), like, 192.168.1.1/28. Here, subnet mask is found
by putting the given number of bits out of 32 as 1, like, in the given address, we need to put 28 out of
32 bits as 1 and the rest as 0, and so, the subnet mask would be 255.255.255.240.
1. Number of subnets : Given bits for mask – No. of bits in default mask
2. Subnet address : AND result of subnet mask and the given IP address
3. Broadcast address : By putting the host bits as 1 and retaining the network bits as in the IP address
4. Number of hosts per subnet : 2(32 – Given bits for mask) – 2
5. First Host ID : Subnet address + 1 (adding one to the binary representation of the subnet address)
Example : Given IP Address – 172.16.0.0/25, find the number of subnets and the number of hosts per
subnet. Also, for the first subnet block, find the subnet address, first host ID, last host ID and
broadcast address.
For the first subnet block, we have subnet address = 0.0, first host id = 0.1, last host id = 0.126 and
broadcast address = 0.127
The standard protocols used by Transport Layer to enhance its functionalities are TCP(Transmission
Control Protocol), UDP( User Datagram Protocol), DCCP( Datagram Congestion Control Protocol) etc.
Various responsibilities of a Transport Layer –
Q.12)How is the address space allocated for IPv6 Addresses? Ipv6 addressing.
So how big is the 2000::/3 block, from which allocations are made? That is 1/8 of the total IPv6
address space, or 2125 (about 4.25E+37) addresses. Unless you are a mathematician that is pretty much
a meaningless number. So let’s try to understand it in more meaningful terms.
IANA gave one /12 block of IPv6 to each of the the five RIRs. The RIRs are all still working on their first
allocation, and will be for quite a while. A normal ISP allocation is a /32. Each /12 has 1,048,576 /32
blocks. So each RIR can supply over a million normal ISP allocations before having to ask IANA for
another /12. In 2000 there were an estimated 10,000 or so ISPs in the entire world. Say there are
20,000 now. A single RIR could supply every ISP in the world 50 normal /32 allocations out of their /
12 block. The actual rules for APNIC’s allocations of IPv6 addresses to ISPs can be found here.
There are 512 /12 blocks in the 2000::/3 block. At this time, 507 of them are still in stock at IANA. I
will be amazed if any RIR asks for a second allocation anytime this century – well maybe APNIC. If
somehow we did manage to go through all 512 /12s in 2000::/3 (maybe deploying TCP/IP on trillions
of nano-machines?), there are another five /3 blocks in the address space, with 512 more /12 blocks
each, reserved for future use.
A normal organization gets a /48 block of IPv6. A typical /32 ISP allocation contains 65,536 /48 blocks,
so an ISP can provision over 65,000 organizations before having to ask their RIR for another /32. Not
many ISPs have that many organizational customers.
There are 248 /48 blocks in the entire IPv6 address space, so there are 1/8 that number, or 245 /48
blocks in 2000::/3. That is 35,184,372,088,832 /48 blocks. If you use the figure 7 billion for the
current world population, that works out to 5,026 /48 blocks for each man, woman and child alive. And
every one of those is large enough for the largest organization on Earth. The other five /3 blocks we
have in reserve brings that to over 30,000 /48 blocks per person alive.
We are not about to run out of IPv6 addresses. Please don’t deploy NAT66.
The official IANA allocation history for IPv6 similar to the one above for IPv4 /8 blocks is here.
There have been a number of small allocations in 2001::/16. The allocation that my /48
(2001:470:3d::/48) came from was granted to ARIN on July 1, 1999 (Hurricane Electric was a very
early adopter).
The initial /12 blocks were allocated to the five RIRs on Oct 3, 2006. They were as follows:
2400::/12 – APNIC
2600::/12 – ARIN
2800::/12 – LACNIC
2a00::/12 – RIPE NCC
2c00::/12 – AfriNIC
If you see an IPv6 unicast address starting with 26xx, now you know it likely came from the U.S. or
Canada (Mexico is in LACNIC).
• Payload length – 16-bit unsigned integer, which is the rest of the packet that follows the IPv6
header, in octets.
• Next header – 8-bit selector. Identifies the type of header that immediately follows the IPv6
header. Uses the same values as the IPv4 protocol field.
• Hop limit – 8-bit unsigned integer. Decremented by one by each node that forwards the packet.
The packet is discarded if the hop limit is decremented to zero.
• Source address – 128 bits. The address of the initial sender of the packet.
• Destination address – 128 bits. The address of the intended recipient of the packet. The
intended recipient is not necessarily the recipient if an optional routing header is present.
Transport Layer is the second layer of the TCP/IP model. It is an end-to-end layer used to deliver
messages to a host. It is termed as an end-to-end layer because it provides a point-to-point connection
rather than hop-to- hop, between the source host and destination host to deliver the services reliably.
The unit of data encapsulation in Transport Layer is a segment.
The standard protocols used by Transport Layer to enhance its functionalities are TCP(Transmission
Control Protocol), UDP( User Datagram Protocol), DCCP( Datagram Congestion Control Protocol) etc.
Various responsibilities of a Transport Layer –
Q. Ip fragmentation module.
The maximum sized datagram that can be transmitted through the next network is called the maximum
transmission unit (MTU).
If the total length is less than or equal the maximum transmission unit then submit this datagram to the
next step in datagram processing; otherwise cut the datagram into two fragments, the first fragment
being the maximum size, and the second fragment being the rest of the datagram. The first fragment is
submitted to the next step in datagram processing, while the second fragment is submitted to this
procedure in case it is still too large
n networking,
• The process of dividing a single network into multiple sub networks is called as subnetting.
• The sub networks so created are called as subnets.
Example-
Following diagram shows the subnetting of a big single network into 4 smaller subnets-
Advantages-
Subnet ID-
• Each subnet has its unique network address known as its Subnet ID.
• The subnet ID is created by borrowing some bits from the Host ID part of the IP Address.
• The number of bits borrowed depends on the number of subnets created.
Types of Subnetting-
Fixed length subnetting also called as classful subnetting divides the network into subnets where-
Variable length subnetting also called as classless subnetting divides the network into subnets where-
Subnetting Examples-
Example-01:
Consider-
• We have a big single network having IP Address 200.1.2.0.
• We want to do subnetting and divide this network into 2 subnets.
For creating two subnets and to represent their subnet IDs, we require 1 bit.
• 200.1.2.00000000 = 200.1.2.0
• 200.1.2.10000000 = 200.1.2.128
For 1st Subnet-
Example-02:
Consider-
For creating four subnets and to represent their subnet IDs, we require 2 bits.
So,
• 200.1.2.00000000 = 200.1.2.0
• 200.1.2.01000000 = 200.1.2.64
• 200.1.2.10000000 = 200.1.2.128
• 200.1.2.11000000 = 200.1.2.192
For 1st Subnet-
In the above diagram, a server having IPv4 as well as IPv6 address configured for it can now speak
with all the hosts on both the IPv4 as well as the IPv6 networks with the help of a Dual Stack Router.
The Dual Stack Router, can communicate with both the networks. It provides a medium for the hosts to
access a server without changing their respective IP versions.
Tunneling
In a scenario where different IP versions exist on intermediate path or transit networks, tunneling
provides a better solution where user’s data can pass through a non-supported IP version.
Image:
Tunneling]
The above diagram depicts how two remote IPv4 networks can communicate via a Tunnel, where the
transit network was on IPv6. Vice versa is also possible where the transit network is on IPv6 and the
remote sites that intend to communicate are on IPv4.
A host with IPv4 address sends a request to an IPv6 enabled server on Internet that does not
understand IPv4 address. In this scenario, the NAT-PT device can help them communicate. When the
IPv4 host sends a request packet to the IPv6 server, the NAT-PT device/router strips down the IPv4
packet, removes IPv4 header, and adds IPv6 header and passes it through the Internet. When a
response from the IPv6 server comes for the IPv4 host, the router does vice versa.
Q )Write a note on Classless addressing.
All IP addresses have a network and host portion. In classful addressing, the network portion ends on
one of the separating dots in the address (on an octet boundary). Classless addressing uses a variable
number of bits for the network and host portions of the address.
Fragment Offset
This field solves the problem of sequencing fragments by indicating to the recipient device where in the
overall message each particular fragment should be placed. The field is 13 bits wide, so the offset can
be from 0 to 8191. Fragments are specified in units of 8 bytes, which is why fragment length must be a
multiple of 8. Uncoincidentally, 8191 * 8 is 65,528, just about the maximum size allowed for an IP
datagram.
Let's take the same example from above. The first fragment would have a Fragment Offset of 0. The
second would have an offset of 410 (3,280 divided by 8). The third would have an offset of 820 (6,560
divided by 8). The fourth would have an offset of 1230
Unit 2
Route tag. This field carries information such as the autonomous system number. Itcan be used to
enable RIP to receive information from an interdomain routing protocol.❑Subnet mask. This is a 4-
byte field that carries the subnet mask (or prefix). Thismeans that RIP2 supports classless
addressing and CIDR. ❑Next-hop address. This field shows the address of the next hop. This is
particu-larly useful if two autonomous systems share a network (a backbone, for example).Then the
message can define the router, in the same autonomous system or anotherautonomous system, to
which the packet next goes.
Link state routing has a different philosophy from that of distance vector routing.
Inlink state routing, if each node in the domain has the entire topology of the
domain—the list of nodes and links, how they are connected including the type,
cost (metric), andthe condition of the links (up or down)—the node can use the
Dijkstra algorithm tobuild a routing table
The figure shows a simple domain with five nodes. Each node uses the same
topol-ogy to create a routing table, but the routing table for each node is unique
because thecalculations are based on different interpretations of the topology.
This is analogous toa city map. Two persons in two different cities may have the
same map, but each needsto take a different route to reach his destination.The
topology must be dynamic, representing the latest situation of each node
andeach link. If there are changes in any point in the network (a link is down, for
example),the topology must be updated for each node.How can a common
topology be dynamic and stored in each node? No node canknow the topology at
the beginning or after a change somewhere in the network. Linkstate routing is
based on the assumption that, although the global knowledge about thetopology
is not clear, each node has partial knowledge: it knows the state (type, condi-
tion, and cost) of its links. In other words, the whole topology can be compiled
from thepartial knowledge of each node.
In link state routing, four sets of actions are required to ensure that each node
has therouting table showing the least-cost node to every other node.
1.Creation of the states of the links by each node, called the link state packet or
LSP.
2.Dissemination of LSPs to every other router, called flooding,in an efficient
andreliable way.
3.Formation of a shortest path tree for each node.
4.Calculation of a routing table based on the shortest path tree.
Expiration Timer The expiration timer governs the validity of a route. When a
router receives updateinformation for a route, the expiration timer is set to 180 s
for that particular route.Every time a new update for the route is received, the
timer is reset. In normal situa-tions this occurs every 30 s. However, if there is a
problem on an internet and no updateis received within the allotted 180 s, the
route is considered expired and the hop countof the route is set to 16, which
means the destination is unreachable. Every route has itsown expiration timer.
Garbage Collection TimerWhen the information about a route becomes invalid,
the router does not immediatelypurge that route from its table. Instead, it
continues to advertise the route with a metricvalue of 16. At the same time, a
timer called the garbage collection timer is set to 120 sfor that route. When the
count reaches zero, the route is purged from the table. Thistimer allows
neighbors to become aware of the invalidity of a route prior to purging.
When the congestion router is far away from the source the ICMP will send hop by hop source quench
message so that every router will reduce the speed of transmission.
• Transient link: If there lies large number of routers attached to a network. There can be Lan,
wifi, several different routers then this configuration is termed as transient link.It can be
represented with two topology: Realistic and Unrealistic.
• Stub: It is a network that is connected with a single network. The data packets are sent and
received are through the same router.
• Virtual link: There may be some situation arises when link is broken due to some reason. At
that time the network administrator create a virtual link between the two communicating
routers. These types of link are called virtual link.
There are five different types of packet in the OSPF protocol and they are:
• Hello packet
• Database description
• Link state request
• Link state update
• Link state acknowledgement
Q
List different types of BGP Messages and write the purpose of
each. (IMP)
Hold Time
The Hold Time attribute sets the Hold Timer in seconds for each BGP neighbor. Upon receipt of an
UPDATE or KEEPALIVE, the Hold Timer resets to the initial value. If the Hold Timer reaches zero,
the BGP session is torn down, routes from that neighbor are removed, and an appropriate update route
withdraw message is sent to other BGP neighbors for the impacted prefixes. The Hold Time is a
heartbeat mechanism for BGP neighbors to ensure that the neighbor is healthy and alive.
When establishing a BGP session, the routers use the smaller Hold Time value contained in the two
router’s OPEN messages. The Hold Time value must be at least three seconds, or zero. For Cisco
routers the default hold timer is 180 seconds.
BGP Identifier
The BGP Router-ID (RID) is a 32-bit unique number that identifies the BGP router in the advertised
prefixes as the BGP Identifier. The RID can be used as a loop prevention mechanism for routers
advertised within an autonomous system. The RID can be set manually or dynamically for BGP. A
nonzero value must be set for routers to become neighbors. The dynamic RID allocation logic varies
between the following operating systems.
• IOS: IOS nodes use the highest IP address of the any up loopback interfaces. If there is not an
up loopback interface, then the highest IP address of any active up interfaces becomes the RID
when the BGP process initializes.
• IOS XR: IOS XR nodes use the IP address of the lowest up loopback interface. If there is not
any up loopback interfaces, then a value of zero (0.0.0.0) is used and prevents any BGP
adjacencies from forming.
• NX-OS: NX-OS nodes use the IP address of the lowest up loopback interface. If there is not
any up loopback interfaces, then the IP address of the lowest active up interface becomes the
RID when the BGP process initializes.
Router-IDs typically represent an IPv4 address that resides on the router, such as a loopback address.
Any IPv4 address can be used, including IP addresses not configured on the router. For IOS and IOS
XR, the command bgp router-id router-id is used, and NX-OS uses the command router-id router-id
under the BGP router configuration to statically assign the BGP RID. Upon changing the router-id, all
BGP sessions reset and need to be reestablished.
NOTE
Setting a static BGP RID is a best practice.
KEEPALIVE
BGP does not rely on the TCP connection state to ensure that the neighbors are still alive. Keepalive
messages are exchanged every one-third of the Hold Timer agreed upon between the two BGP routers.
Cisco devices have a default Hold Time of 180 seconds, so the default Keepalive interval is 60 seconds.
If the Hold Time is set for zero, no Keepalive messages are sent between the BGP neighbors.
UPDATE
The Update message advertises any feasible routes, withdraws previously advertised routes, or can do
both. The Update message includes the Network Layer Reachability Information (NLRI) that includes
the prefix and associated BGP PAs when advertising prefixes. Withdrawn NLRIs include only the
prefix. An UPDATE message can act as a Keepalive to reduce unnecessary traffic.
NOTIFICATION Message
A Notification message is sent when an error is detected with the BGP session, such as a hold timer
expiring, neighbor capabilities change, or a BGP session reset is requested. This causes the BGP
connection to close.
The purpose of Address Resolution Protocol (ARP) is to find out the MAC address of a device in your
Local Area Network (LAN), for the corresponding IPv4 address, which network application is trying to
communicate.
• ARP maintains the mapping between IP address and MAC address in a table in
memory called ARP cache.
• The entries in this table are dynamically added and removed.
• A host will update its ARP cache, only if the ARP request is for its IP address.
• Otherwise, it will discard the ARP request.
• Consider the above figure, in this a Host sends out the Request Message.
• It is looking for the MAC Address of the node with IP Address 192.168.1.220.
• The Node with the IP Address 192.168.1.220 sends out the Reply Message.
• In reply message it sends its MAC Address to the Host.
Q) State and Explain Dijkstra`s Algorithm
What is the use of Query Messages? Explain any one /Q. ICMP
timestamp message type
II) Query:
he query messages, which occur in pairs, help a host or a
network manager get specific information from a router or
another host.
In addition to error reporting, ICMP can diagnose some network problems. This is accomplished
through the query messages, a group of four different pairs of messages, as shown in Figure3
• Echo Request and Reply: The echo-request and echo-reply messages are designed for
diagnostic purposes. Network managers and users utilize this pair of messages to identify
network problems.
• Timestamp Request and Reply: Two machines (hosts or routers) can use the timestamp
request and timestamp reply messages to determine the round-trip time needed for an IP
datagram to travel between them. It can also be used to synchronize the clocks in two machines.
• Address-Mask Request and Reply: If the host knows the address of the router, it sends the
request directly to the router. If it does not know, it broadcasts the message. The router receiving
the address-mask-request message responds with an address-mask-reply message, providing the
necessary mask for the host.
• Router Solicitation and Advertisement: A host that wants to send data to a host on another
network needs to know the address of routers connected to its own network. Also, the host must
know if the routers are alive and functioning. The router-solicitation and router-advertisement
messages can help in this situation.
• Checksum: In ICMP the checksum is calculated over the entire message (header and data).
Draw and explain general format of ICMP messages.
ICMP Common Message Format
The structure of an ICMP message can be generally thought of as having a common part and
a unique part. The common part consists of three fields that have the same size and same
meaning in all ICMP messages (though the values in the fields aren't the same for each ICMP
message type, of course). The unique part contains fields that are specific to each type of
message.
Type 1 Type:Identifies the ICMP message type. For ICMPv6, values from 0
to 127 are error messages and values 128 to 255 are informational
messages. Common values for this field are given in the table in the
topic on ICMP message classes and types.
Message Variable Message Body:Contains the specific fields used to implement each
Body / message type. This is the unique part of the message as I
Data mentioned above.
Explain two-node instability in RIP.
1.Router LSA -the router announces its presence and lists the links to
other routers or networks in the same area, together with the metrics to
them. Type 1 LSAs are flooded across their own area only.
5.External LSA -these LSAs contain information imported into OSPF from
other routing processes. They are flooded to all areas (except stub areas)
Q)write an algorithm for Input module and output module in Arp
Process(IMP)
Sleep until an IP packet is received from IP software. Check cache table for an entry
corresponding to the destination of IP packet.
If (entry is found)
Extract the value of the hardware address from the entry. Send the packet and the
Return
} // end if
Return
}//end if2
}//end if
Create a cache entry with state set to PENDING and ATTEMPTS set to 1.
Create a queue.
Returnn
}//end if
//end module
Sleep until an ARP packet (request or reply) arrives. Check the cache table to find the
corresponding entry.
If (found)
{
{
While (the queue is not empty)
}//end if
}//end if
}//end if
If (not found)
{
}//end if
{
Send an ARP reply.
}//end if
Return
}//end module
Triangle Routing the less severe case, occurs when the remote host communicateswith a mobile
host that is not attached to the same network (or site) as the mobile host.When the mobile host
sends a packet to the remote host, there is no inefficiency. How-ever, when the remote host sends a
packet to the mobile host, the packet goes from theremote host to the home agent and then to the
mobile host. The packet travels the twosides of a triangle, instead of just one side.
Home AgentThe home agent is usually a router attached to the home network of the mobile
host.The home agent acts on behalf of the mobile host when a remote host sends a packet tothe
mobile host. The home agent receives the packet and sends it to the foreign agent.
Foreign AgentThe foreign agentis usually a router attached to the foreign network. The foreign
agentreceives and delivers packets sent by the home agent to the mobile host. The mobile host can
also act as a foreign agent. In other words, the mobile hostand the foreign agent can be the same.
However, to do this, a mobile host must be ableto receive a care-of address by itself, which can be
done through the use of DHCP. Inaddition, the mobile host needs the necessary software to allow it
to communicate withthe home agent and to have two addresses: its home address and its care-of
address.This dual addressing must be transparent to the application programs. When the mobile
host acts as a foreign agent, the care-of address is called acolocated care-of address.
Unit 3
Flow ControlUDP is a very simple protocol. There is no flow control, and hence no window
mecha-nism. The receiver may overflow with incoming messages. The lack offlow controlmeans that
the process using UDP should provide for this service, if needed.
Error ControlThere is no error control mechanism in UDP except for the checksum. This
meansthat the sender does not know if a message has been lost or duplicated. When thereceiver
detects an error through the checksum, the user datagram is silently dis-carded. The lack oferror
controlmeans that the process using UDP should provide forthis service if needed.
Keepalive Timer: A keepalive timer is used in some implementations to prevent a long idle
connectionbetween two TCPs. Suppose that a client opens a TCP connection to a server,
transferssome data, and becomes silent. Perhaps the client has crashed. In this case, the connec-
tion remains open forever. To remedy this situation, most implementations equip a server with a
keepalivetimer. Each time the server hears from a client, it resets this timer. The time-out is usu-ally
2 hours. If the server does not hear from the client after 2 hours, it sends a probesegment. If there
is no response after 10 probes, each of which is 75 s apart, it assumesthat the client is down and
terminates the connection.
TIME-WAIT Timer: The TIME-WAIT (2MSL) timer is used during connection termination. We
discussedthe reasons for this timer in Section 15.5 (State Transition Diagram).
Q.) write and explain psudo code of input module of UDP, Control Block Module and output module of
UDP
Ans. Input ModuleThe input module (Table 14.3) receives a user datagram
from the IP. It searches thecontrol-block table to find an entry having the same
port number as this user datagram.If the entry is found, the module uses the
information in the entry to enqueue the data.If the entry is not found, it
generates an ICMP message.
Input Module
1 UDP_INPUT_Module (user_datagram)
2 {
3 Look for the entry in the control_block table
4 if (found)
5 {
6 Check to see if a queue is allocated
7 If (queue is not allocated)
8 allocate a queue
9 else
10 enqueue the data
11} //end if
12else
13{
14 Ask ICMP to send an "unreachable port" message
15 Discard the user datagram
16 } //end else
17
18 Return.
19 } // end module
UDP_OUTPUT_MODULE (Data)
2{
3 Create a user datagram
4 Send the user datagram
5 Return.
6}
c Draw and explain TCP Segment format.
Sequence Number After the bytes have been numbered, TCP assigns a sequence number to each
segmentthat is being sent. The sequence number for each segment is the number of the first byteof
data carried in that segment
Half-CloseIn TCP, one end can stop sending data while still receiving data. This is called a half-close.
Either the server or the client can issue a half-close request. It can occur when theserver needs all
the data before processing can begin. A good example is sorting. Whenthe client sends data to the
server to be sorted, the server needs to receive all the databefore sorting can start. This means the
client, after sending all data, can close the con-nection in the client-to-server direction. However,
the server-to-client direction mustremain open to return the sorted data. The server, after receiving
the data, still needstime for sorting; its outbound direction must remain open.
The first two segments are the same as for a regular close: a FIN by the initiator, followed by an ACK
of the FIN by the recipient. The operation then differs from Figure 13-1, because the side that receives
the half-close can still send data. We show only one data segment, followed by an ACK, but any
number of data segments can be sent. (The exchange of data segments and acknowledgments is
detailed in Chapter 15.) When the end that received the half-close is done sending data, it closes its end
of the connection, causing a FIN to be sent, and this delivers an end-of-file indication to the application
that initiated the half-close. When this second FIN is acknowledged, the connection is completely
closed.
Unit 4
Q) short note SCTP. List SCTP Packets. Explain any two of them
Stream Control Transmission Protocol (SCTP) is a new reliable, message-oriented
transport-layer protocol.SCTP lies between the application layer and the network
layer and serves as the intermediary between the application programs and the
network operations.SCTP combines the best features of UDP and TCP. SCTP is a reliable messageoriented
protocol. It preserves the message boundaries and at the same time detects
lost data, duplicate data, and out-of-order data. It also has congestion control and
flow control mechanisms. Later we will see that SCTP has other innovative features
unavailable in UDP and TCP.
How Dynamic Host Configuration Protocol (DHCP) Works? dhcp Explain completely
(IMP)
The Dynamic Host Configuration Protocol (DHCP) client TCP/IP software is not configured with a
static IP address and it is configured to obtain an IP address dynamically from a Dynamic Host
Configuration Protocol (DHCP) Server. When a DHCP client device boots up, it not capable send and
receive network traffic, because TCP/IP is not configured. But it can participate in broadcast traffic.
DHCP Clients and DHCP Servers uses broadcast messages to communicate with each other. The scope
of a broadcast message is only within the local broadcast domain. Broadcast messages will never cross
the router to reach another network, because Routers drop Limited Broadcast IP Address.
Two important IPv4 addresses used in DHCPv4 messages are 0.0.0.0 and 255.255.255.255. IPv4
address 0.0.0.0 is used by an IPv4 device, when it has not yet been assigned an IPv4 address. When a
DHCP client boots up, it doesnt have a valid IPv4 Address.
IPv4 address 255.255.255.255 is also known as Limited Broadcast IP Address. An IPv4 datagram with
255.255.255.255 as destination IPv4 address is broadcasted in the LAN.
DHCPDISCOVER and DHCPREQUEST messages are sent from DHCP Client to DHCP Server.
DHCPOFFER and DHCPACK messages are sent from DHCP Server to DHCP Client.
The process of leasing TCP/IP configuration from the Dynamic Host Configuration Protocol (DHCP)
server involves four steps as listed below.
1. DHCPDISCOVER: The Dynamic Host Configuration Protocol (DHCP) client broadcasts a DHCP
discover message on the network containing its MAC address destined for UDP port number 68 (used
by BOOTP and Dynamic Host Configuration Protocol (DHCP) servers). This first datagram is known
as a DHCPDISCOVER message, which is a request to any DHCP Server that receives the datagram for
configuration information. As the name implies, the purpose of DHCPDISCOVER mesage is to
discover a DHCP server.
As you can see from the screenshot copied below, the destination MAC Address of a
DHCPDISCOVER message is ff:ff:ff:ff:ff:ff, which is the Broadcast MAC Address. An Ethernet Frame
with Broadcast MAC Address as the destination MAC Address is flooded to every port of the
connected LAN Switch. DHCPDISCOVER message is delivered to every connected computer in the
Broadcast Domain.
2. DHCPOFFER: DHCPDISCOVER Message was delivered to every connected computers in the
Broadcast Domain. Every DHCP Server in the Broadcast Domain which received the
DHCPDISCOVER message responds with a DHCPOFFER message. Other computers simply drop the
DHCPDISCOVER Message.
DHCPOFFER Message contains the offered TCP/IP Configuration values like IPv4 address and subnet
mask. If the DHCP client device received multiple DHCPOFFER, the DHCP client accepts the first
DHCPOFFER Message that arrives.
3. DHCPREQUEST: The Dynamic Host Configuration Protocol (DHCP) client accepts an offer and
broadcasts a DHCPREQUEST datagram. The DHCPREQUEST datagram contains the IP address of
the server that issued the offer and the physical address (MAC Address) of the DHCP client.
DHCPREQUEST message requests the selected DHCP server to assign the DHCP client an IP address
and other TCP/IP configuration values. DHCPREQUEST message also notifies all other DHCP servers
that their offers were not accepted by the DHCP client.
4. DHCPACK: When the DHCP server from which the offer was selected receives the
DHCPREQUEST datagram, it constructs a DHCPACK datagram. This datagram is known as a
DHCPACK (DHCP ACKNOWLEDGEMENT). The DHCPACK includes an IP address and subnet
mask for the DHCP client. It may include other TCP/IP configuration information like IP address of the
default gateway, IP addresses of DNS servers, IP addresses of WINS servers etc.
Fully Qualified Domain Name (FQDN) of a host in the DNS namespace hierarchyconsists of all the
labels from the node, up to the root of the namespace, separated by periods ("."). Fully Qualified
Domain Name (FQDN) must end with a empty string, which represnts the Root. Since there is no
need to represent empty string, Fully Qualified Domain Name (FQDN) ends with a period (.). The
trailing period (".") for the root domain is usually omitted in day to day use, but the DNS Resolver
(Client) and DNS Servers must use it during actual DNS name queries..
Using Fully Qualified Domain Name (FQDN) , we can identify a host's position from the Root of the
DNS namespace. An Fully Qualified Domain Name (FQDN) can unambiguously indicate the
position of a host relative to the DNS Root.
When you happen to see a Fully Qualified Domain Name (FQDN), you should understand its
structure as explained below. Remember, a dot (".") is used to separate two labels inside a Fully
Qualified Domain Name (FQDN).
Try to read it from right-most position, which represents the DNS Root.
Note: DNS Domain names can contain characters "a to z", "A to Z", "0 to 9", and "-"(hyphen) only.
Other common characters are not allowed.
A Partially Qualified Domain Name (PQDN) is used to specify a portion of a domain name, normally
the host portion of it. A Partially Qualified Domain Name (PQDN) starts with a host name, but it
may not reach up to the root.
Example of Partially Qualified Domain Name (PQDN) pc15. Usually the computers will add the
DNS suffix along with Partially Qualified Domain Name (PQDN) before sending a DNS query for
name resolution.
I
Q
Description
he type of the Dynamic Host Configuration Protocol (DHCP) message. Set to 1 in messages sent by a client (requests) and 2 in m
he network LAN architecture. For example, the ethernet type is specified when htype is set to 1.
ata-link layer) address length (MAC address)(in bytes); defines the length of hardware addressin the chaddr field. For Ethernet (
s 6.
relay agents that have forwarded this message.
ients to match responses from servers with previously transmitted requests.
me (in seconds) since the client began theDynamic Host Configuration Protocol (DHCP) process.
is called the broadcastbit, can be set to 1 to indicate that messages to the client must be broadcast
address; set by the client when the client has confirmed that its IP addressis valid.
address; set by the server to inform the client of the client s IP address.
of the next server for the client to use in the configuration process (for example, the server to contact for TFTP download of an o
t (gateway) IP address; filled in by the relay agent with the address of the interface through which Dynamic Host Configuration
1.The client sends the first packet, which contains an INIT chunk. The verificationtag(VT) of this
packet (defined in the general header) is 0 because no verificationtag has yet been defined for this
direction (client to server).The INIT tag includesan initiation tag to be used for packets from the
other direction (server to client).The chunk also defines the initial TSN for this direction and
advertises a value forrwnd. The value of rwnd is normally advertised in a SACK chunk; it is done
herebecause SCTP allows the inclusion of a DATA chunk in the third and fourth packets;the server
must be aware of the available client buffer size. Note that no other chunkscan be sent with the first
packet.
2.The server sends the second packet, which contains an INIT ACK chunk. The veri-fication tag is
the value of the initial tag field in the INIT chunk. This chunk ini-tiates the tag to be used in the
other direction, defines the initial TSN, for data flowfrom server to client, and sets the servers’
rwnd. The value of rwnd is defined toallow the client to send a DATA chunk with the third packet.
The INIT ACK also. sends a cookie that defines the state of the server at this moment. We will
discussthe use of the cookie shortly.
3.The client sends the third packet, which includes a COOKIE ECHO chunk. This isa very simple
chunk that echoes, without change, the cookie sent by the server.SCTP allows the inclusion of data
chunks in this packet.
4.The server sends the fourth packet, which includes the COOKIE ACK chunk thatacknowledges the
receipt of the COOKIE ECHO chunk. SCTP allows the inclu-sion of data chunks with this packet.
Ans.-
RECURSIVE Resolution
The client (resolver) can ask for a recursive answer from a name server. Thismeans that the
resolver expects the server to supply the final answer. If the server is theauthority for the domain
name, it checks its database and responds. If the server is notthe authority, it sends the request to
another server (the parent usually) and waits for theresponse. If the parent is the authority, it
responds; otherwise, it sends the query to yetanother server. When the query is finally resolved, the
response travels back until itfinally reaches the requesting client.
Iterative Resolution
ASCII (with the highest order bit set to be 0 or 1), this must first be agreed uponbetween the client
and the server using option negotiation. Control CharactersTo send control characters between
computers (from client toserver or vice versa), NVT uses an 8-bit character set in which the highest
order bit is setto 1 (see Figure 20.4). Table 20.1 lists some of the control characters and their
meanings.Later we will categorize these control characters on the basis of their functionalities.
Q. Component of Ssh(IMP)
SSH Transport-Layer Protocol (SSH-TRANS)Since TCP is not a secured transport layer protocol,
SSH first uses a protocol that cre-ates a secured channel on the top of TCP. This new layer is an
independent protocolreferred to as SSH-TRANS. When the software implementing this protocol is
called,the client and server first use the TCP protocol to establish an insecure proconnection.Then
they exchange several security parameters to establish a secure channel on the topof the TCP.
SSH Authentication Protocol (SSH-AUTH)After a secure channel is established between the client
and the server and the server isauthenticated for the client, SSH can call another software that can
authenticate the cli-ent for the server.
SSH Connection Protocol (SSH-CONN)After the secured channel is established and both server and
client are authenticated foreach other, SHH can call a piece of software that implements the third
protocol, SSH-CONN. One of the services provided by the SSH-CONN protocol is to do multiplex-
ing. SSH-CONN takes the secure channel established by the two previous protocolsand lets the
client create multiple logical channels over it.
SSH Applications After the connection phase is completed, SSH allows several application programs
touse the connection. Each application can create a logical channel as described aboveand then
benefit from the secured connection. In other words, remote login is one of theservices that can use
the SSH-CONN protocols; other applications, such as a file trans-fer application can use one of the
logical channels for this purpose. In the next chapter,we show how SSH can be used for secure file
transfer.
Communication over Control Connection FTP uses the same approach as TELNET or SMTP to
communicate across the controlconnection. It uses the NVT ASCII character set (see Figure 21.4).
Communication isachieved through commands and responses. This simple method is adequate for
thecontrol connection because we send one command (or response) at a time. Each com-mand or
response is only one short line so we need not worry about file format or file structure. Each line is
terminated with a two-character (carriage return and line feed)end-of-line token.
Communication over Data Connection The purpose and implementation of the data connection are
different from that of the con-trol connection. We want to transfer files through the data connection.
The client mustdefine the type of file to be transferred, the structure of the data, and the
transmission mode.Before sending the file through the data connection, we prepare for
transmission throughthe control connection. The heterogeneity problem is resolved by defining
three attributesof communication: file type, data structure, and transmission mode
Nonpersistent ConnectionI n a nonpersistent connection, one TCP connection is made for each
request/response.The following lists the steps in this strategy:1.The client opens a TCP connection
and sends a request.2.The server sends the response and closes the connection.3.The client reads
the data until it encounters an end-of-file marker; it then closes theconnection.In this strategy, if a
file contains link to N different pictures in different files (alllocated on the same server), the
connection must be opened and closed N +1 times.The nonpersistent strategy imposes high
overhead on the server because the serverneeds N +1 different buffers and requires a slow start
procedure each time a connec-tion is opened.
Persistent Connection HTTP version 1.1 specifies a persistent connection by default. In a persistent
connec-tion, the server leaves the connection open for more requests after sending a response.The
server can close the connection at the request of a client or if a time-out has beenreached. The
sender usually sends the length of the data with each response. However,there are some occasions
when the sender does not know the length of the data. This isthe case when a document is created
dynamically or actively. In these cases, the serverinforms the client that the length is not known and
closes the connection after sendingthe data so the client knows that the end of the data has been
reached.
Q.) define RRQ and WRQ messages in TFTP, Explain different messages of TFTP
RRQThe read request (RRQ) message is used by the client to establish a connection forreading data
from the server.
❑OpCode. The first field is a 2-byte operation code. The value is 1 for the RRQmessage.
❑File name. The next field is a variable-size string (encoded in ASCII) that definesthe name of the
file. Since the file name varies in length, termination is signaled bya 1-byte field of 0s.
❑Mode.The next field is another variable-size string defining the transfer mode. Themode field is
terminated by another 1-byte field of 0s. The mode can be one of twostrings: “netascii” (for an
ASCII file) or “octet” (for a binary file). The file nameand mode fields can be in upper- or lowercase,
or a combination of both.
WRQ
The write request (WRQ) message is used by the client to establish a connection forwriting data to
the server. The format is the same as RRQ except that the OpCode is 2
Q.) short note on different modes of TELNET Operations
Default Mode
The default mode is used if no other modes are invoked through option negotiation. In
this mode, the echoing is done by the client. The user types a character and the client
echoes the character on the screen (or printer) but does not send it until a whole line is
completed. After sending the whole line to the server, the client waits for the GA (go
ahead) command from the server before accepting a new line from the user. The operation
is half-duplex. Half-duplex operation is not efficient when the TCP connection
itself is full-duplex, and so this mode is becoming obsolete.
Character Mode
In the character mode, each character typed is sent by the client to the server. The
server normally echoes the character back to be displayed on the client screen. In this
mode the echoing of the character can be delayed if the transmission time is long (such
as in a satellite connection). It also creates overhead (traffic) for the network because
three TCP segments must be sent for each character of data:
1. The user enters a character that is sent to the server.
2. The server acknowledges the received character and echoes the character back (in
one segment).
3. The client acknowledges the receipt of the echoed character
Line Mode
A new mode has been proposed to compensate for the deficiencies of the default mode
and the character mode. In this mode, called the line mode, line editing (echoing,
character erasing, line erasing, and so on) is done by the client. The client then sendsthe whole line to the server. Although
the line mode looks like the default mode, it isnot. The default mode operates in the half-duplex mode; the line mode is full-
duplexwith the client sending one line after another, without the need for an intervening GA (go ahead) character from the
server
Q) Explain in detail hypertext and hyper media, web client(browser), webserver, Uniform
resource locator
Q.) Static,dyanamic and active web documents
Static documents are fixed-content documents that are created and stored in a server.The client can
get a copy of the document only. In other words, the contents of the fileare determined when the file
is created, not when it is used. Of course, the contents inthe server can be changed, but the user
cannot change them. When a client accesses thedocument, a copy of the document is sent. The user
can then use a browsing program todisplay the document
Static documents are prepared using one of the several languages: HypertextMarkup Language
(HTML), Extensible Markup Language (XML), ExtensibleStyle Language (XSL), and Extended
Hypertext Markup Language (XHTML).
A dynamic document is created by a Web server whenever a browser requests thedocument. When
a request arrives, the Web server runs an application program or ascript that creates the dynamic
document. The server returns the output of the programor script as a response to the browser that
requested the document. Because a freshdocument is created for each request, the contents of a
dynamic document may varyfrom one request to another. A very simple example of a dynamic
document is theretrieval of the time and date from a server. Time and date are kinds of
informationthat are dynamic in that they change from moment to moment. The client can ask
theserver to run a program such as the date program in UNIX and send the result of theprogram to
the client.
Active Documents For many applications, we need a program or a script to be run at the client
site.These are called active documents. F or example, suppose we want to run a programthat
creates animated graphics on the screen or a program that interacts with the user.The program
definitely needs to be run at the client site where the animation or inter-action takes place. When a
browser requests an active document, the server sends acopy of the document or a script. The
document is then run at the client (browser)site
Unit
6
Definition of POP3
Post Office Protocol version 3 (POP3) is a message accessing agent (MAA) that transfer the email
from mailbox at the server to the local computer of the user. There is a client POP3 software which is
installed on the recipient’s computer. The client POP3 software is invoked by the user which thereby
creates the connection to the server POP3.
The server POP3 software is installed on the mail server. The connection is made on the TCP port
110. To establish the connection the client has to send username and password for accessing the
mailbox. Once the client is authenticated, it can then list and retrieve the emails one by one.
The
POP3 protocol operates in two modes, the delete mode and the keep mode. The POP3 protocol
operates on delete mode when the user is working on its permanent computer. In delete mode, once
the mail is retrieved from the mailbox it gets deleted from the mailbox permanently. The mail retrieved
from the mailbox is organized on the user’s computer.
The POP3 protocol operates on keep mode when the user is not working on its permanent or
primary computer. In keep mode, the mail remains in the mailbox even after its retrieval. The mail is
read by the user, but it is kept in the mailbox for later retrieval and organizing of mail on users
permanent computer.
Definition of IMAP
Internet Mail Accessing Protocol (IMAP) is also a mail accessing agent like POP3. But it is more
powerful, has more features and is more complex than POP3. The POP3 protocol was found deficient
in many ways. So IMAP is introduced to overcome these deficiencies.
POP3 does not allow a user to organize mails on the mailbox. The user can not create different folders
on the server. The user can not partially check the content of emails before downloading them. The user
has to download an email to read it, in POP.
IMAP is used to access
the mail from the mailbox at the mail server. Using IMAP the user can check the email header before
downloading it. The user is able to check the content of the email for a particular string of character
that too before downloading the email.
In case, the bandwidth is limited, using IMAP the user can partially download the mail. It is useful in
case the email contains multimedia with high bandwidth requirement. The user can create, delete or
rename the mailboxes on the server. The user can also create a hierarchy of these mailboxes in a folder.
This is how IMAP is more powerful than POP3 protocol.
First Approach: Using a Web ServerA compressed audio/video file can be downloaded as a
text file. The client (browser)can use the services of HTTP and send a GET message to download the
file. The Webserver can send the compressed file to the browser. The browser can then use a
helpapplication,normally called a media player, to play the file.First Approach: Using a Web
ServerA compressed audio/video file can be downloaded as a text file. The client (browser)can use
the services of HTTP and send a GET message to download the file. The Webserver can send the
compressed file to the browser. The browser can then use a helpapplication,normally called a media
player, to play the file.
Second Approach: Using a Web Server with MetafileIn another approach, the media
player is directly connected to the Web server for down-loading the audio/video file. The Web server
stores two files: the actual audio/videofile and a metafile that holds information about the
audio/video file.
1.The HTTP client accesses the Web server using the GET message.
2.The information about the metafile comes in the response.
3.The metafile is passed to the media player.
4.The media player uses the URL in the metafile to access the audio/video file.
5.The Web server responds.
Third Approach: Using a Media ServerThe problem with the second approach is that the
browser and the media playerboth use the services of HTTP. HTTP is designed to run over TCP. This
is appropri-ate for retrieving the metafile, but not for retrieving the audio/video file. The reasonis
that TCP retransmits a lost or damaged segment, which is counter to the philoso-phy of streaming.
We need to dismiss TCP and its error control; we need to useUDP. However, HTTP, which accesses
the Web server, and the Web server itself aredesigned for TCP; we need another server, a media
server.
1.The HTTP client accesses the Web server using a GET message.
2.The information about the metafile comes in the response.
3.The metafile is passed to the media player.
4.The media player uses the URL in the metafile to access the media server to down-load the file.
Downloading can take place by any protocol that uses UDP.
5.The media server responds.
Q) draw and explain RTPPacket format
Ve r. This 2-bit field defines the version number. The current version is 2.
❑P. This 1-bit field, if set to 1, indicates the presence of padding at the end of thepacket. In this
case, the value of the last byte in the padding defines the length ofthe padding. Padding is the norm
if a packet is encrypted. There is no padding ifthe value of the P field is 0.
❑X.This 1-bit field, if set to 1, indicates an extra extension header between thebasic header and the
data. There is no extra extension header if the value of thisfield is 0.
❑Contributor count. This 4-bit field indicates the number of contributors. Note thatwe can have a
maximum of 15 contributors because a 4-bit field only allows anumber between 0 and 15.
------*****----------------------------
Explain in detail constructors used to create DatagramPacket.
Write TCP socket program that will give factorial of a number.
Explain ServerSocket class with its methods and properties.
Explain how UDP socket programming works?
Write UDP socket program that will display whether a string is palindrome or not.
Write a Client/server application where a client contacts the server to obtain random number. Use
Socket and Server Socket.