IP address

TRACEROUTE:
The Internet of Things (IoT) is the network of physical objects or "things" embedded with electronics,
software, sensors and connectivity to enable it to achieve greater value and service by exchanging data
with the manufacturer, operator and/or other connected devices. Each thing is uniquely identifiable
through its embedded computing system but is able to interoperate within the
existing Internet infrastructure.
Traceroute sends out three packets per TTL increment. Each column corresponds to the time is took to get
one packet back (round-trip-time).
This tries to account for situations such as:
A traceroute packet is routed along a different link than other attempts
11 130.117.3.201 (130.117.3.201) 109.762 ms 130.117.49.197 (130.117.49.197) 118.191 ms 107.262
ms
A traceroute packet is dropped
9 154.54.26.142 (154.54.26.142) 104.153 ms * *
-ROUND TRIP TIME:

Round-trip time (RTT), also called round-trip delay, is the time

required for a signal pulse or packet to travel from a specific source to a

specific destination and back again...
Bridge connection- a connection that needs to be established if you want to communicate with two different
clients which are not in the same network located in a small office for example. These 2 networks are
independent and a client from one network is not able to communicate with a client in the other network.
When a bridge connection is established then it is possible for all the client to communicate through the
bridged connection.

-Autonomni sustavi-koriste OSPF i RIP protokole!

ARP,RARP (pronalaze vezu
izmenu IP adrese i fizikalne adrese).

- usmjeravanje Classless Inter-Domain Routing (CIDR):

putevi usmjeravanja vie ne agregiraju prema klasama adresa, vec prema

mrenom prefiksu
- packet size is 1000 to 1500 bytes

-UDP uses a simple transmission model with a minimum of protocol mechanism. [1] It has
nohandshaking dialogues

-The Internet Assigned Numbers Authority (IANA)

-static ip adresses are rare, you can configure them yourself, servers rely on a static ip adrress.
-dynamic ip adresses are adresses wich are actually used, they are assigned to you via the DHCP
protocol (DHCP IS on application layer). Dynamic ip adresses are only active for a small period of
time.
-routers posses information table and by using this information tables they can send infomation to

the rigth destination.

-Broadcasts are used any time a device needs to make an announcement to the rest of the network or is
unsure of who the recipient of the information should be.
-router>switch, switch connects various lans but router connect two different types of network(actually same
ones but from the large scale perspecitve point of view different networks.(wans and lans)
NAT(network address translation)-is the way that routers translate the ip address that comes towards them.
-127.0.0.1 is a loopback address wich servers for private purpose and private testing. For example if you
make a get request to a server the server will respond back to your machine. This address does not reach
outside the local area network (LAN), instead they are automatically rerouted by the computers own
network adapter.(then ask how am i able to get to the somee.com server database when testing fpz
mobile)
-192.168.1.1(router address)192.168.1.1 is best known as the default IP address used by
Linksys routers on private networks. It can also be used by other devices connected to private
networks (i.e. it is not exclusive to Linksys). It is used to configurate the local netowork(set
passwords, keys, encyption ect...)
-port range number 1-65000
-Zahtjev za automatskim ponovnim slanjem (Automatic repeat request ARQ

-aloha: Aloha, also called the Aloha method, refers toa simple communications
scheme in which each source (transmitter) in a network sends data wheneverthere
is a frame to send. If the framesuccessfully reaches the destination (receiver), the
next frame is sent. If theframe fails to be received at the destination, it is sent
again. This protocol wasoriginally developed at the University of Hawaii for use
with satellite communication systems in the Pacific.
-ip addresses can go from 00000000-11111111(Ipv4)
NIC or Ethernet card is a circuit board or card that is installed in a computer so that
it can be connected to a network. A network interface card provides the computer
with a dedicated, full-time connection to a network.
Reserved adresses are the folowing:
0.0.0.0 -- This represents the default network, which is the abstract concept of just being connected
to a TCP/IP network.
255.255.255.255 -- This address is reserved for network broadcasts, or messages that should go to
all computers on the network.
127.0.0.1 -- This is called the loopback address, meaning your computer's way of identifying itself,
whether or not it has an assigned IP address.(computer talking to itself)
169.254.0.1 to 169.254.255.254 -- This is the Automatic Private IP Addressing (APIPA) range of
addresses assigned automatically when a computer's unsuccessful getting an address from a DHCP
server.

-briefly about SUBNETS!

Purpose: allows better security, network efficiency and performanse, The flow of network traffic
between HOSTS is segrageted based on the network configuration. THE WHOLE IDEA IS that a subnet is
actually a smaller network within a bigger network and therefore users or so called hosts can communicated

more quickly without sending the dana to the larger network but sending it to the smaller network
instead.Therefore the dana reaches the user more faster.
-subnet mask: conatins 32 bits and exist independently it must be a part of the ip adress.For a subnet mask
to be valid it has to have 2 parts:

the left side with all mask bits set to '1' (the extended network portion)

the right side with all bits set to '0' (the host portion), such as the first example above.

Example of a subnet mask ip address: 255.255.255.0

To conclude subnet mask: a subnet mask represents a filter which is built in in a IP adrress.

ETHERNET
Definition: Ethernet is a physical and data link layer technology for local area networks (LANs).
Ethernet was invented by engineer Robert Metcalfe.
When first widely deployed in the 1980s, Ethernet supported a maximum theoretical data rate of
10 megabits per second (Mbps). Later, so-called "Fast Ethernet" standards increased this maximum data
rate to 100 Mbps. Gigabit Ethernet technology further extends peak performance up to 1000 Mbps, and
10 Gigabit Ethernet technology also exists.
Higher level network protocols like Internet Protocol (IP) use Ethernet as their transmission medium. Data
travels over Ethernet inside protocol units called frames.
The run length of individual >Ethernet cables is limited to roughly 100 meters, but Ethernet networks can
be easily extended to link entire schools or office buildings using network bridge devices.
VPN-technology
Corporation use this kind of technology wich allows them to connect to a public network(Internet)
securily Anyone who wants to intercept the data can't read it.The Forerunner of the vpn was isdn(leased
line).

-Through VPN you can access your private network over Internet.
-A VPN is created by establishing a virtual point-to-point connection through the use of dedicated
connections, virtual tunneling protocols, or traffic encryptions.
-VPNs allow employees to securely access their company's intranet while traveling outside the office.
-VPN technology is also used by Internet users to connect to proxy servers for the purpose of protecting
personal identity and location.
INTRANET
Represent private internal network designed for use only by companyi employees. Intranet enable
distance colleagues to work together through technologies such as desktop sharing. By adding a vpn a
bussiness can extend all its intranet resources to employees working from remote offices or their homes.

POP: point of presence. A place for local users to access the company's network. Often through a local
phone or dedicated line.

HOW DNS WORK(very good explanation,caching included)

A browser contacts a local dns server wich then contacts the root dns server which could have the
page requested. If the root dns server does not have the page requested The root dns sever sends
back the information and tells the name server that it does not have the dns but knows (since the
root sever knows everything) a for example .com sever that does have such a dns. Our local name
sever than sends a request to the com server and the server returns the required web page. One of
the key to making this kind of work possible is redudancy( if one server fails there is another one
who will respond). The other key is caching(see how caching works). In this case caching is very
usefull because it actually stores temporarily our ip adrress and by that our computer with the
unique ip doesnt have to contact the root dns server when it requires a .com webpage respond, it
automaticaly goes to that .com server because the local server has CACHED the ip adrress of the
.com server and it reads it.
Difference between URI and URL
URI is actually the base of everything. It stands for uniform resource identifier and it can identify
any resource(URL)or name(URN). It can be used on the web but also to get pages for example in
windows phone page navigation (you use URI class). URL(uniform resource locator) is actually a
subset of URIs(remember the URI is the base of everything). URN stands for uniform resource
name, the best example for URN is the ISBN number which is used to uniquely identify a book.
URN is completely different from URL and it doesnt include a protocol.
DSL-digital subscriber line
DSL is a very high speed connection that uses the same wires as a regular telephone line.
Advatanges:

You can leave your Internet connection open and still use the phone line for voice calls.

The speed is much higher than a regular modem

DSL doesn't necessarily require new wiring; it can use the phone line you already have.

The company that offers DSL will usually provide the modem as part of the installation.

Disadvantages:

A DSL connection works better when you are closer to the provider's central office. The farther away

you get from the central office, the weaker the signal becomes.

The connection is faster for receiving data than it is for sending data over the Internet.

The service is not available everywhere.

The Transceiver

Most residential customers call their DSL transceiver a "DSL modem." The engineers at the telephone
company or ISP call it an ATU-R. Regardless of what it's called, it's the point where data from the user's
computer or network is connected to the DSL line.

DSL modem
Photo courtesy Allied Telesyn

The transceiver can connect to a customer's equipment in several ways, though most residential installation
uses USB or 10 base-T Ethernet connections. While most of the ADSL transceivers sold by ISPs and
telephone companies are simply transceivers, the devices used by businesses may combine
network routers, network switchesor other networking equipment in the same platform.
The DSLAM
The DSLAM at the access provider is the equipment that really allows DSL to happen. A DSLAM takes
connections from many customers and aggregates them onto a single, high-capacity connection to the
Internet. DSLAMs are generally flexible and able to support multiple types of DSL in a single central office,
and different varieties of protocol and modulation -- both CAP and DMT, for example -- in the same type of
DSL. In addition, the DSLAM may provide additional functions including routing or dynamic IP
address assignment for the customers.

FIREWALL VS ANTIVIRUS
.
Firewall :
Also known as a 'packet filter'. Basically, software which monitors network
traffic and connection attempts into and out of a network or computer and determines
whether or not to allow it to pass. Depending on the sophistication, this can be limited to
simple IP/port combinations or do full content-aware scans.
A firewall can be thought of as a screen or sieve that categorically strains out potentially
harmful data.
Antivirus:
A software which will find programs/files/software/etc that might compromise your
computer, either by being executable or by exploiting a vulnerability in the program
normally supposed to process them -- Rootkits, trojans, or other types of malware.
It detects these kinds of harmful programs that are already installed on your computer or

about to be installed.
It can perform various protective measures (based on the security settings in the Antivirus software) such as quarantine, permanent removal, fix, etc.,
It will also look for potentially harmful files that are downloaded from the internet or
attached to an email and notifies/removes it to protect your computer.
NOTE: Antivirus software has to be updated frequently; each new strain of virus will
likely have different signatures.

Firewalls use one or more of three methods to control traffic flowing in and out of the network:

Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that

make it through the filters are sent to the requesting system and all others are discarded.

Proxy service - Information from the Internet is retrieved by the firewall and then sent to the

requesting system and vice versa.

Stateful inspection - A newer method that doesn't examine the contents of each packet but instead

compares certain key parts of the packet to a database of trusted information. Information traveling from
inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is
compared to these characteristics. If the comparison yields a reasonable match, the information is allowed
through. Otherwise it is discarded.

REMEMBER: firewalls are implemented at protocol level.

Conclusion (Firewalls vs antivirus):
An antivirus is working at the file level where a firewall is working at the network protocol level.
An antivirus will analyze web pages downloaded (which are local files), and E-mail attachments
(which are also local files) to detect if they contain known signatures. A firewall will decide how the
protocols 80/tcp or 161/udp (for example) will be allowed or not toward the internal network.

Difference between PORT AND SOCKET

Port:
A port can refer to a physical connection point for peripheral devices such as serial, parallel, and USB ports.
The term port also refers to certain Ethernet connection points, such as those on a hub, switch, or router.
Socket:
A socket represents a single connection between two network applications. These two applications nominally
run on different computers, but sockets can also be used for interprocess communication on a single
computer. Applications can create multiple sockets for communicating with each other. Sockets are
bidirectional, meaning that either side of the connection is capable of both sending and receiving dana
Short brief answer.
A port can be described as an internal address within a host that identifies a program or process.
A socket can be described as a programming interface allowing a program talk to other programs or
processes, on the internet, or locally.
You can make an analogy port=phyisal connection, socket=virtual connection.

PROXY SERVER
A proxy server receives a request for an Internet service (such as a Web page
request) from a user. If it passes filtering requirements, the proxy server, assuming
it is also a cache server , looks in its local cache of previously downloaded Web
pages. If it finds the page, it returns it to the user without needing to forward the
request to the Internet. If the page is not in the cache, the proxy server, acting as
a client on behalf of the user, uses one of its own IP addresses to request the page
from the server out on the Internet. When the page is returned, the proxy server
relates it to the original request and forwards it on to the user.
To the user, the proxy server is invisible; all Internet requests and returned
responses appear to be directly with the addressed Internet server. (The proxy is
not quite invisible; its IP address has to be specified as a configuration option to
the browser or other protocol program.)
An advantage of a proxy server is that its cache can serve all users. If one or more
Internet sites are frequently requested, these are likely to be in the proxy's cache,
which will improve user response time. In fact, there are special servers called
cache servers. A proxy can also do logging.

PITANJA KOJA MORAMO ZNATI

1. Ad-hoc
2. Handshaking(connection establishment,defining protocols)It is usually a process that takes place when a computer is about to communicate with a foreign
device to establish rules for communication. When a computer communicates with another device
like a modem, printer, or network server, it needs to handshake with it to establish a connection

3. P2P
4. Coockies

5. Cheksumcalculating the checksum on the sender side by adding header and

payload(doing the ones complement), same process on the receiver side. And after
calculating the checksum on the receiver side just cheking if the checksum matches the
checksum header 16 bit field of the sender checksum. The reason we do 1's complement is
that when the 1's complement is added to the sum of all the values, and the result is trimmed to the
bit-length of the machine (16 bits in the example above), it is all 1's. CPUs have a feature to take 1's
complement of numbers, and taking the 1's complement of all-1 is all-0.

6. Bridge,switch,hub,router
7. Subnet mask
8. Cache, hard disk brzine
9.
10. Best effort serviceBest-effort delivery describes a network service in which the network does
not provide any guarantees that data is delivered or that a user is given a guaranteed quality of
service level or a certain priority. In a best-effort network all users obtain best-effort service,
meaning that they obtain unspecified variable bit rate and delivery time, depending on the current
traffic load.

11.
12. Socket
13. Rtt-round trip time

14. Proxy
15. RTP,RTSP
16. ASNAbstract Syntax Notation One (ASN.1) is a standard and notation that describes rules and
structures for representing, encoding, transmitting,

17. ICMP
18. and decoding data in telecommunications and computer networking. The formal rules enable
representation of objects that are independent of machine-specific encoding techniques. Formal
notation makes it possible to automate the task of validating whether a specific instance of data
representation abides by the specifications. In other words, software tools can be used for the
validation.[1]

UDP PROTOCOL
- UDP provides checksums for data integrity, and port numbers for addressing different functions at the
source and destination of the datagram.
--UDP uses a simple transmission model with a minimum of protocol mechanism. [1] It has
nohandshaking dialogues
-Time-sensitive applications often use UDP because dropping packets is preferable to waiting for delayed
packets, which may not be an option in a real-time system
-The UDP header consists of 4 fields, each of which is 2 bytes (16 bits). [2] The use of the fields "Checksum"
and "Source port" is optional in IPv4 (pink background in table). In IPv6 only the source port is optional (see
below).
Numerous key Internet applications use UDP, including: the Domain Name System (DNS), where queries
must be fast and only consist of a single request followed by a single reply packet, the Simple Network
Management Protocol (SNMP), the Routing Information Protocol (RIP)[2]and the Dynamic Host Configuration
Protocol (DHCP).

TCP PROTOCOL
Proccess of sending information:
While IP handles actual delivery of the data, TCP keeps track of the individual units of data transmission,
called segments, that a message is divided into for efficient routing through the network. For example, when
an HTML file is sent from a web server, the TCP software layer of that server divides the sequence of octets
of the file into segments and forwards them individually to the IP software layer (Internet Layer). The Internet
Layer encapsulates each TCP segment into an IP packet by adding a header that includes (among other
data) the destination IP address. When the client program on the destination computer receives them, the
TCP layer (Transport Layer) reassembles the individual segments and ensures they are correctly ordered
and error free as it streams them to an application.

CONCLUSION:
OSI 7 LAYERYS START FROM APPLICATION AND THEN ON THE CLIENT SIDE GOES
FROM PHYISAL LAYER. In this situation from transport layer(segments) to network layer
(packets) and then the client side which icludes network layer to transport layer.
Due to network congestion, traffic load balancing, or other unpredictable network behavior, IP packets can
be lost, duplicated, or delivered out of order. TCP detects these problems, requests retransmission of lost
data, rearranges out-of-order data, and even helps minimize network congestion to reduce the occurrence of
the other problems. Once the TCP receiver has reassembled the sequence of octets originally transmitted, it
passes them to the receiving application. Thus, TCP abstracts the application's communication from the
underlying networking details.

-TCP protocol operations may be divided into three phases. Connections must be properly established in a
multi-step handshake process (connection establishment) before entering the data transfer phase. After
data transmission is completed, the connection termination closes established virtual circuits and releases all
allocated resources.
Flags in tcp:

SYN (1 bit) Synchronize sequence numbers. Only the first packet sent from each end should have

this flag set. Some other flags and fields change meaning based on this flag, and some are only valid for
when it is set, and others when it is clear (making the connection possible packet)
-TCP has a 3 way handshake 1.handshake whent it asks to establish a
connection between the source and the destination. Then the destination
forwards a SYN(ACK) back to the source and a the end the 3rd. Handshake is
the confirmation of the SYN (ACK).

FIN (1 bit) No more data from sender (sending flag when connection is done)

URG (1 bit) indicates that the Urgent pointer field is significant

ACK (1 bit) indicates that the Acknowledgment field is significant. All packets after the
initial SYN packet sent by the client should have this flag set.

PSH (1 bit) Push function. Asks to push the buffered data to the receiving application.

RST (1 bit) Reset the connection

Flags- represent actions that has to occur when a state is reached.

A TCP connection is managed by an operating system through a programming interface that represents the
local end-point for communications, the Internet socket. During the lifetime of a TCP connection the local
end-point undergoes a series of state changes:[12]

Checksum (16 bits)

The 16-bit checksum field is used for error-checking of the header and data
Urgent pointer (16 bits)
if the URG flag is set, then this 16-bit field is an offset from the sequence number indicating the last
urgent data byte
Window size (16 bits)
the size of the receive window, which specifies the number of window size units (by default, bytes)
(beyond the sequence number in the acknowledgment field) that the sender of this segment is
currently willing to receive (see Flow control and Window Scaling)
Data offset (4 bits)
specifies the size of the TCP header in 32-bit words. The minimum size header is 5 words and the
maximum is 15 words thus giving the minimum size of 20 bytes and maximum of 60 bytes, allowing
for up to 40 bytes of options in the header. This field gets its name from the fact that it is also the
offset from the start of the TCP segment to the actual data.

-Tcp uses data loss for indincation that the traffic congestion is high.

A TCP connection is managed by an operating system through a programming interface that represents the
local end-point for communications, the Internet socket. During the lifetime of a TCP connection the local
end-point undergoes a series of state changes:[12]

TCP STATES
LISTEN
(server) represents waiting for a connection request from any remote TCP and port.
SYN-SENT
(client) represents waiting for a matching connection request after having sent a connection request.
SYN-RECEIVED
(server) represents waiting for a confirming connection request acknowledgment after having both
received and sent a connection request.
ESTABLISHED
(both server and client) represents an open connection, data received can be delivered to the user.
The normal state for the data transfer phase of the connection.
FIN-WAIT-1
(both server and client) represents waiting for a connection termination request from the remote TCP,
or an acknowledgment of the connection termination request previously sent.
FIN-WAIT-2
(both server and client) represents waiting for a connection termination request from the remote TCP.
CLOSE-WAIT
(both server and client) represents waiting for a connection termination request from the local user.
CLOSING
(both server and client) represents waiting for a connection termination request acknowledgment
from the remote TCP.
LAST-ACK
(both server and client) represents waiting for an acknowledgment of the connection termination
request previously sent to the remote TCP (which includes an acknowledgment of its connection
termination request).
TIME-WAIT
(either server or client) represents waiting for enough time to pass to be sure the remote TCP
received the acknowledgment of its connection termination request. [According to RFC 793 a
connection can stay in TIME-WAIT for a maximum of four minutes known as a MSL (maximum
segment lifetime).]
CLOSED
(both server and client) represents no connection state at all.

SNMP protocol
Simple Network Management Protocol (SNMP) is an "Internet-standard protocol for managing devices
on IP networks". Devices that typically support SNMP include routers, switches, servers, workstations,
printers, modem racks and more.
In typical SNMP uses, one or more administrative computers, called managers, have the task of monitoring
or managing a group of hosts or devices on a computer network. Each managed system executes, at all
times, a software component called an agent which reports information via SNMP to the manager.

SNMP agents expose management data on the managed systems as variables. The protocol also permits
active management tasks, such as modifying and applying a new configuration through remote modification
of these variables. The variables accessible via SNMP are organized in hierarchies. These hierarchies, and
other metadata (such as type and description of the variable), are described by Management Information
Bases (MIBs).
An SNMP-managed network consists of three key components:

Managed device

Agent software which runs on managed devices

Network management station (NMS) software which runs on the manager

A managed device is a network node that implements an SNMP interface that allows unidirectional (readonly) or bidirectional (read and write) access to node-specific information. Managed devices exchange nodespecific information with the NMSs. Sometimes called network elements, the managed devices can be any
type of device, including, but not limited to, routers, access servers, switches, bridges, hubs, IP
telephones, IP video cameras, computer hosts, andprinters.
An agent is a network-management software module that resides on a managed device. An agent
has local knowledge of management information and translates that information to or from an
SNMP-specific form.
A network management station (NMS) executes applications that monitor and control managed
devices. NMSs provide the bulk of the processing and memory resources required for network
management. One or more NMSs may exist on any managed network.

POP3 VS IMAP (mail protocols)

POP3 downloads all mail from the server from the inbox and stores it on your computer. The emails are removed from
the server and only stored locally in your mail client program. Emails are available when you're not connected to the
internet.
IMAP if you want to check email from multiple computers or devices. Use POP3 if you want your emails accessible
always, even when there's no internet connection.
If you have been using IMAP and have some mail stored in folders other than the inbox, move the emails to the inbox

SMTP
Short for Simple Network Management Protocol, a set of protocolsfor managing complex networks.

The first versions of SNMP were developed in the early 80s. SNMP works by sending messages,
called protocol data units (PDUs), to different parts of a network. SNMP-compliant devices,
called agents, store data about themselves in Management Information Bases (MIBs)and return this
data to the SNMP requesters
SMTP is a connection-oriented, text-based protocol in which a mail sender communicates with a mail
receiver by issuing command strings and supplying necessary data over a reliable ordered data stream
channel, typically a Transmission Control Protocol (TCP) connection
While electronic mail servers and other mail transfer agents use SMTP to send and receive mail messages,
user-level client mail applications typically use SMTP only for sending messages to a mail server
for relaying. For receiving messages, client applications usually use eitherPOP3 or IMAP.

Mrezni sloj
Forwarding - premjetanje
paketa sa ulaza na odgovarajuci izlaz rutera

IP CLASSESS
Class A
Class A addresses are assigned to networks with a very large number of hosts. The high-order
bit in a class A address is always set to zero. The next seven bits (completing the first octet)
complete the network ID. The remaining 24 bits (the last three octets) represent the host ID.
This allows for 126 networks and 16,777,214 hosts per network. Figure 1.4 illustrates the
structure of class A addresses.

Figure 1.4 Class A IP Addresses

Top Of Page

Class B

Class B addresses are assigned to medium-sized to large-sized networks. The two high-order
bits in a class B address are always set to binary 1 0. The next 14 bits (completing the first two
octets) complete the network ID. The remaining 16 bits (last two octets) represent the host ID.
This allows for 16,384 networks and 65,534 hosts per network. Figure 1.5 illustrates the
structure of class B addresses.

Figure 1.5 Class B IP Addresses

Top Of Page

Class C
Class C addresses are used for small networks. The three high-order bits in a class C address
are always set to binary 1 1 0. The next 21 bits (completing the first three octets) complete the
network ID. The remaining 8 bits (last octet) represent the host ID. This allows for 2,097,152
networks and 254 hosts per network. Figure 1.6 illustrates the structure of class C addresses.

Figure 1.6 Class C IP Addresses

Top Of Page

Class D

Class D addresses are reserved for IP multicast addresses. The four high-order bits in a class D
address are always set to binary 1 1 1 0. The remaining bits are for the address that interested
hosts recognize. Microsoft supports class D addresses for applications to multicast data to
multicast-capable hosts on an internetwork.
Top Of Page

Class E
Class E is an experimental address that is reserved for future use. The high-order bits in a class
E address are set to 1111.

H323
H.323. je ITU-ov standard pisan za ISDN mree, pa kasnije proiren na IP mree. Puni naziv H.323
preporuke je ITU-T Recommendation H.323: Packet based multimedia communication systems.
Preporuka opisuje
globalnu arhitekturu, elemente, protokole i procedure za viemedijske konferencijske sustave preko
paketnih mrea i
njihovu integraciju s mreama s komutacijom kanala. Podrka za govornu komunikaciju je
obavezna, dok je ona za
podatkovnu i video komunikaciju mogua, ali nije obavezna.

SIP,RTP,RTCP
Protokol za pokretanje sesije (SIP - Session Initiation Protocol) je signalizacijski protokol koji se
koristi za
uspostavu, modifikaciju i raskidanje viemedijskih sesija u mreama koje se baziraju na Internet
protokolu. SIP
poziv koristi se za kreiranje sesije i definiranje parametara sesije. Protokol je koncipiran neovisno o
transportnom
mediju tako da se moe implementirati na bilo kojoj vrsti mree. Podrana je mobilnost korisnika
pomou posrednih
i preusmjerenih posluitelja koji preusmjeravaju poziv na trenutnu lokaciju korisnika. Korisnici se
mogu
jednostavno registrirati na svoje nove lokacije, koje se zatim biljee na SIP posluiteljima. SIP

protokol je
jednostavan protokol koji se temelji na HTTP (Hypertext Transport Protocol) transakcijskom
modelu zahtjeva i
odgovora (tablica 1).

Tablica 1. Popis poruka i RFC-a u kojima su definirane

Metoda References
ACK RFC 3261
BYE RFC 3261
CANCEL RFC 3261
INFO RFC 2976
INVITE RFC 3261
MESSAGE RFC 3428
NOTIFY RFC 3265
OPTIONS RFC 3261
PRACK RFC 3262
PUBLISH RFC 3903
REFER RFC 3515
REGISTER RFC 3261
SUBSCRIBE RFC 3265
UPDATE RFC 3311
SIP se temelji na standardiziranim tekstualnim porukama. Razlikuju se dvije vrste
poruka: zahtjevi i odzivi.
Zahtjevi i odzivi koriste generiki oblik poruke koji se sastoji od: poetne linije,
jednog ili vie zaglavlja, prazne
linije za odvajanje zaglavlja poruke, i tijela poruke.
Osnovni tok poziva kod SIP sesije prikazan je slikom 7.
Slika 7. Osnovni tok pri uspostavi SIP sesije
SIP moe koristiti TCP ili UDP kao transportni protokol. Ako se koristi UDP
potrebno je u aplikacijskom
sloju implementirati mehanizme za pouzdanost kao to su retransmisija i detekcija
gubitaka.
2.4.2. Protokol prijenosa u stvarnom vremenu
Protokol prijenosa u stvarnom vremenu (RTP Real-Time Transport Protocol) opisan
je preporukom RFC
1889 (Request For Comments) i ukljuuje:
Protokol za prijenos u stvarnom vremenu RTP prua uslugu prijenosa podataka sa
stvarnovremenskim
svojstvima (npr. audio i video) s kraja na kraj, koristei skupno ili pojedinano
odailjanje na mrenom sloju. Pogodan je za koritenje za interaktivne usluge kao to
je IP
telefonija. RTP ukljuuje i neke mehanizme kojima pospjeuje kvalitetu prijenosa kao
to su
vremenske rekonstrukcije, detekcija gubitaka, sigurnost i identifikacija sadraja. RTP
radi na
transportnom sloju i neovisan je standard, pa ga koristi i SIP za prijenos.

 Protokol upravljanja u stvarnom vremenu (RTCP RTP Control Protocol) uloga

protokola je
prikupljanje povratne informacije od sudionika u vezi o kvaliteti usluge i moguim
zaguenjima u
9
mrei. U suradnji s RTP-om prua podrku konferenciji u stvarnom vremenu u IP
mreama za grupu
bilo koje veliine. Protokol sinkronizira razliite medijske tokove (govor, video), a
moe
identificirati i opisati izvor. Opis izvora ukljuuje ime sudionika, broj telefona, adresu
elektronike
pote itd.
U mreama za prijenos stvarno-vremenskih informacija koje zahtijevaju malo
kanjenje trebali bi postojati
mreni elementi koji prepoznaju RTP promet. Ako pritom ti elementi imaju ugraneno
razvrstavanje prometa,
mogue je izvesti kompresiju RTP zaglavlja. cRTP oznaava RTP protokol s
komprimiranim zaglavljem. Princip
ICMP PROTOCOL
Definition: ICMP is a network protocol useful in Internet Protocol (IP) network management and
administration. ICMP is a required element of IP implementations. ICMP is a control protocol, meaning
that it does not carry application data, but rather information about the status of the network itself. ICMP
can be used to report:

errors in the underlying communications of network applications

availability of remote hosts

network congestion
Perhaps the best known example of ICMP in practice is the ping utility, that uses ICMP to probe remote
hosts for responsiveness and overall round-trip time of the probe messages. ICMP also
supportstraceroute, that can identify intermediate "hops" between a given source and destination.
RIP PROTOCOL

RIP (Routing Information Protocol) is a widely-used protocol for

managing router information within a self-contained network such as a corporate
local area network (LAN) or an interconnected group of such LANs. RIP is classified
by the Internet Engineering Task Force (IETF) as one of several internal gateway
protocols (Interior Gateway Protocol).
Using RIP, a gateway host (with a router) sends its entire routing table (which lists
all the other hosts it knows about) to its closest neighbor host every 30 seconds.
The neighbor host in turn will pass the information on to its next neighbor and so
on until all hosts within the network have the same knowledge of routing paths

OSPF

OSPF (Open Shortest Path First) is a router protocol used within larger autonomous
systemnetworks in preference to the Routing Information Protocol (RIP), an older
routing protocol that is installed in many of today's corporate networks. Like RIP,
OSPF is designated by the Internet Engineering Task Force (IETF) as one of several
Interior Gateway Protocols (IGPs).
Using OSPF, a host that obtains a change to a routing table or detects a change in
the network immediately multicasts the information to all other hosts in the
network so that all will have the same routing table information. Unlike the RIP in
which the entire routing table is sent, the host using OSPF sends only the part that
has changed. With RIP, the routing table is sent to a neighbor host every 30
seconds. OSPF multicasts the updated information only when a change has taken
place.
Rather than simply counting the number of hops, OSPF bases its path descriptions
on "link states" that take into account additional network information. OSPF also
lets the user assign cost metrics to a given host router so that some paths are
given preference. OSPF supports a variable network subnet mask so that a
network can be subdivided.

WIRELESS CHANNEL

All of the versions of WiFi up to and including 802.11n (a, b, g, n) operate between the frequencies
of 2400 and 2500MHz. These paltry 100MHz are separated into 14 channels of 20MHz each. As
you have probably worked out, 14 lots of 20MHz is a lot more than 100MHz and as a result,
every 2.4GHz channel overlaps with at least two (but usually four) other channels (see diagram
above). As you can probably imagine, using overlapping channels is bad in fact, its the primary
reason for awful throughput on your wireless network.

5GHz WIRELESS
Prepare for lots and lots of antennas

The great thing about 5GHz (802.11n and 802.11ac), because theres much more free space at the
higher frequencies, is that offers 23 non-overlapping 20MHz channels!
Its also worth pointing out that, starting with 802.11n, wireless technology in general is alot more
advanced than the olden days of 802.11 b and g. If you own a modern 802.11n router (i.e. if you
bought a router in the last couple of years), it likely has some fancy hardware inside that chooses
the right channel and modifies the output power to maximize throughput and minimize interference.
If youre using the 5GHz band, and your walls arent paper-thin, then attenuation and the general
lack of 5GHz devices should mean that theres very little interference in your apartment, possibly
even allowing you to use the fatter 40, 80, and 160MHz channels if you feel like it.

TRACE ROUTE, TTL

All the tracerouting tools rely on the following principle: they send packets with a short life, and wait
for ICMP packets reporting the death of these packets. An IP packet has a field called "TTL" (as
"Time To Live") which is decremented at each hop; when it reaches 0, the packet dies, and the
router on which this happens is supposed to send back a "Time Exceeded" ICMP message. That
ICMP message contains the IP address of the said router, thus revealing it.
None of the tools you link to can do anything if some firewall blocks the "Time Exceeded" ICMP
packets. However, blocking such packets tend to break the Internet (because hosts adaptively
change the TTL in the packets they send in order to cope with long network paths, and they need
these ICMP for this process), so, on a general basis, the "Time Exceeded" ICMP packets are not
blocked.
What is often blocked, however, is the kind of short-lived packets that traceroute sends. These
are the packets with the artificially low TTL. If they are blocked by a firewall, they never get to die
"of old age", and thus no Time Exceeded ICMP. For TTL-processing and the "Time Exceeded"
ICMP, the type of packet does not matter; this occurs at the IP level. But firewalls also look at
packet contents. The goal is to fool firewalls so that they allow the short-lived packet to flow (and
then die).
Plain traceroute uses either UDP packets, or ICMP "Echo" packets, both kinds being routinely
blocked by (over)zealous sysadmins. tcptraceroute instead uses a TCP "SYN" packet, i.e. the
kind of packet that would occur as first step in the TCP "three-way handshake". That kind of packet
is not usually blocked by firewall, at least as long as the destination port is
"allowed". tcptraceroute will not complete any TCP handshake; it just relies on the ideas that SYN
packets are not shot on sight by firewalls.

Both traceroute and tcptraceroute work on the same basic principle:

1. Send a packet out with a really low TTL
2. See who sends back an ICMP TTL exceeded at TTL expiration
3. If send-backer is destination, stop
4. Otherwise, increment the TTL by 1 and go back to step #1
The only difference is what type of packet is sent out (default is UDP on Linux, ICMP on Windows,
and TCP is becoming a more popular option). All will generate ICMP error messages from helpful
devices in between when the TTL expires.
As such, there's nothing special about the UDP/ICMP/TCP packet that makes it traceroute-

y. The SYN flag is used because intervening devices like firewalls will often permit SYN but block
other TCP packets that aren't part of an established connection.
The same information is provided as with regular traceroute, but may be more likely to be
permitted in than regular traceroute. Take a web site like amazon.com. UDP-based traceroute
stops at 205.251.248.5, which is probably a firewall of some sort. TCP-based traceroute to
port 80 - which we know "amazon.com" permits - gets one step further to 72.21.194.212.

 Traceroute can be mitigated by not permitting packets in or by blocking ICMP responses

back. The former is why tcptraceroute has become more popular; any site that allows
connectivity on at least one TCP port - like a web site - is permitting packets in. Blocking ICMP
responses has the side effect of breaking necessary IP networking fundamentals, which varies
from mildly impolite to wildly counterproductive.