Unit-2 Security Protocols - Application Layer PDF

Unit 2
OSI Layer & Security Protocols
Unit-2 Security Protocols- Application Layer
P age |1
iNurture Education Solutions Pvt. Ltd., INDIA. 2014. All rights reserved
Unit 2
Contents
Unit-2 Security Protocols- Application Layer ................................................................................ 5
Objective ......................................................................................................................................... 5
Introduction ..................................................................................................................................... 5
Introduction to protocol concepts ................................................................................................... 5
1 BGP .............................................................................................................................................. 5
2 DHCP ........................................................................................................................................... 8
3 DNS............................................................................................................................................ 10
4 FTP ............................................................................................................................................. 13
5 HTTP.......................................................................................................................................... 15
6 LDAP ......................................................................................................................................... 17
7 MGCP ........................................................................................................................................ 18
8 NNTP ......................................................................................................................................... 18
9 NTP ............................................................................................................................................ 20
10 POP .......................................................................................................................................... 21
11 IMAP........................................................................................................................................ 23
12 RIP ........................................................................................................................................... 24
13 RPC .......................................................................................................................................... 26
14 RTSP ........................................................................................................................................ 28
15 SIP ............................................................................................................................................ 29
16 SMTP ....................................................................................................................................... 32
P age |2
Unit 2
17 SNMP....................................................................................................................................... 35
18 SOCKS..................................................................................................................................... 38
19 SSH .......................................................................................................................................... 42
20 Telnet ....................................................................................................................................... 42
21 TLS/SSL .................................................................................................................................. 46
22 XMPP....................................................................................................................................... 49
23WAP.......................................................................................................................................... 50
24 IRC ........................................................................................................................................... 50
25 Summary .................................................................................................................................. 51
26 Video Links .............................................................................................................................. 51
P age |3
Unit 2
Confidentiality & Proprietary Information
This is a confidential document prepared by iNurture. This document, or any portion thereof,
should not be made available to any persons other than the authorized and designated staff of the
company/institution/ Vendor to which it has been submitted.
No part of this document may be reproduced, stored in a retrieval system, or transmitted, in any
form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without
the prior written permission of iNurture.
P age |4
Unit 2
Unit-2 Security Protocols- Application Layer
Objective
1) Give the detail about the Protocol concepts like BGP, DHCP, DNS, FTP, HTTP, LDAP,
MGCP, NNTP, NTP, POP, IMAP, RIP and RPC.
2) Also explains about the protocols like RTSP, SIP, SMTP, SNMP, SOCKS, SSH, RTCP,
TLS/SSL, XMPP, WAP and IRC.
Introduction
The unit provides you the protocol concepts for BGP, DHCP, DNS, FTP, HTTP, LDAP, MGCP,
NNTP, NTP, POP, IMAP, RIP, RPC, RTSP, SIP, SMTP, SNMP, SOCKS, SSH, RTCP,
TLS/SSL, XMPP, WAP & IRC protocols.
Introduction to protocol concepts
1 BGP
Definition
Border Gateway Protocol (BGP) is a routing protocol used to send data and information among
various host gateways, the internet or independent systems. BGP is a Path Vector Protocol (PVP)
that remains paths to several hosts, networks and gateway routers and describes the routing
result, however choose the route related on path, network policies and strategy sets. At times,
BGP is defined as a reachability protocol instead of a routing protocol.
BGP is related to network administrators of huge corporations that link two or more ISPs which
have the link to various network suppliers. If you are the administrator of a small corporate
network or an end user, then you possibly dont want to know about the BGP.
P age |5
Unit 2
Explanation
BGP task contains
o Since it is a PVP, BGP links the whole independent system/network path topology to
various networks.
o Sustain its routing table along the topologies of entire linked networks.
o Maintain a classless interdomain routing (CIDR) that allots Internet Protocol(IP)
addresses to link Internet devices.
While utilized to assist communication among various autonomous systems, BGP is referred red
to as External BGP (EBGP). While utilized at host networks/independent systems, BGP is said to
as Internal BGP (IBGP). BGP was generated to expand and restore Exterior Gateway Protocol
(EGP).
BGP essentials
o The existing version of BGP is BGP version 4, related on RFC4271.

o BGP is the path-vector protocol which offer routing data for independent systems on the
Internet along AS-Path attribute.
o BGP is Layer 4 protocol which holds on top of TCP. It is simple than OSPF, since it
doesnt have to think on the things TCP would manage.
o Peers which have been physically set up to replace routing data would form a TCP link
and start speaking BGP. There is no innovation in BGP.
o Medium- Sized businesses normally receive BGP for the reason of true multi-homing for
all networks.
o A significant feature of BGP is AS-Path is an anti-loop method. Routers would not
import any route which has in the AS-path.
P age |6
Unit 2
Route updates
Different from Routing Information Protocol (RIP), a distance-vector routing protocol that use
the hop count as a routing metric, BGP do not show its whole routing table. At boot, the peer
would hand over its all table. After that, all depend on received updates.
Route updates are stocked up in a routing Information Base (RIB). A routing table would store
single route per destination, as RIB normally has various paths to a destination. It is up to the
router to choose the routes would generate it into the routing table, and then that path usually be
utilized. In the program which the route is reserved, the other route to the similar position is able
to take from the RIB.
The RIB is utilized to follow routes which would probably be used. If a route removal is
accepted and it only survives in the RIB, it is removed from the RIB. No update is sent to peers.
RIB access never time out. They maintain to survive till it is understood which the path is no
longer legitimate.
BGP path attributes
In most of the cases, there would be various routes to the similar destination. BGP follow path
attributes to select hoe to follow the traffic to definite networks. The simplest is Shortest
AS_Path. What it says the path that negotiates the low amount of AS wins?
The other significant attribute is Multi_Exit_Disc (Multi-exit discriminator, or MED). This
generates it probable to say a remote AS which if there are various exit points on to your
network, a definite exit point is chosen. The source attribute identify the initiation of a routing
update. If BGP has various routes and cause is one of the factors in describing the chosen route.
BGP problems
To obtain a real sense of how BGP performs, its significant to spend few times saying the
problem which outbreak the Internet.
P age |7
Unit 2
Initially, we have a very huge issue along routing table increases. If someone chooses not to
collect a network which uses to be a single /16 network, they would probably initiate ads
hundreds of new routes. All routers on the Internet would receive new path while this occur.
People are always pressured to collect, or unite various routes into a single advertisement.
Collection isnt often capable, especially if you need to break up a /19 into two geographically
splitted /20s. Routing tables are imminent 200,000 follows and for a time they are showing to
generate exponentially.
Second, often there is a concern which few will advertise the Internet. If huge ISPs client
rapidly chooses to advertise all, and the ISP recognizes the routes, entire Internets traffic would
be sent to the minimum clients AS. Theres few solution for this. Its known as route filtering.
Its simply to set up filters so that the routers would not recognize routes from clients which you
arent expecting, since most huge ISPs would still recognize the corresponding of default
along peers which have no likelihood capable to offer transit.
At last, we approach to flapping. BGP has a method to hold down follows which seems to be
flaky. Routes which flap or arrive and start normally arent dependable to send traffic to. If
routes flap often, the load on entire Internet routes would maximize suitable to the handle the
updates all time few disappears and reappears. Dampening would secure BGP peers from paying
attention to entire routing updates from flapping peers. The quantity of time one is in halt
maximize exponentially along every flap. Its irritating while you have a faulty link, as it can be
more than an hour before you can connect to more Internet sites, but it is essential. This rapid
discussion of BGP must be adequate to receive the right protocol.
2 DHCP
DHCP is general protocol and it is a difficult than it appears to be. DHCP IP address assignment
method goes along a few methods as described.
DHCP stands for Dynamic Host Control Protocol and it is utilized mechanically assign IP set up
to hosts linked to a network. The Dynamic Host Configuration Protocol (DHCP) offers a support
P age |8
Unit 2
for entering configuration data to hosts on a TCP/IP network. DHCP is related on the Bootstrap
Protocol (BOOTP). A DHCP client generates a request to a DHCP server which might not stay
on the same subnet. The regular distribution of IP configuration data to hosts easiness the
administrative burden handling IP networks. In its easy method, DHCP allocates the IP address,
subnet mask and default gateway to a host, instead can contain other configuration parameters
like name servers and netbios set up.
A DHCP client has six stages to go through the DHCP process. These stages are:
Initializing
Selecting
Requesting
Binding
Renewing
Rebinding
The DHCP client initiates the DHCP method by giving a DHCPDISCOVER text to its local
subnet on UDP port 67. Because the Customer will not know what subnet it leads to, a normal
broadcast is utilized (destination address 255.255.255.255). If the DHCP server is situated on
various subnets, a DHCP-relay agent should be utilized. The DHCP relay agent can take
various methods. The ip-helper IOS command is utilized to configure a DHCP-relay agent on a
CISCO router.
The DHCP-relay agent sends the DHCPDISCOVER text to a subnet which has a DHCP server.
If the DHCP server gets the DHCPDISCOVER text, it replies along DHCPOFFER text. The
DHCPOFFER text has the IP set up data for the client. The DHCPOFFER text is sent as a transit
on UDP port 68. The customer will know which the DHCP text is proposed for it since the
customers MAC address has the text. If the client is on various subnets than the server, the text
is sent unicast to the DHCP-relay agent on UDP port 67. The DHCP-relay agent transits the
DHCPOFFER on the clients subnet on UDP port 68.
P age |9
Unit 2
After the client accepts the DHCPOFFER, it sends a DHCPREQUEST text to the server. the
DHCPREQUEST text says the server which it receives the parameters given in the
DHCPOFFER text. The DHCPREQUEST is a broadcast text, but it contains the MAC address of
the server, so that the various DHCP servers on the network will know the server is serving the
client.
The DHCP server will send a DHCPPACK text to the customer to acknowledge the
DHCPREQUEST. The DHCPACK text has entire set up data which was demanded by the client.
After the client accepts the DHCPPACK, it attaches the IP address and is complete to link on the
network. If the server is not able to offer the demanded set up, the customer would resend the
DHCPREQUEST message. If the DHCPREQUEST text does not return a DHCPACK after four
try, the customer will initiate the DHCP process from the starting and send a new
DHCPDISCOVER text.
After the customer accepts the DHCPACK, it will send out an ARP request for the IP address
allocated. If it gets a reply to the ARP request, the IP address is normally in use on the network.
The client then sends a DHCPDECLINE to the server and sends a new DHCPREQUEST. This
stage neither is choice, and is always nor executed. However the DHCP performs on transit, two
pc that are on various networks (or VLANs) cannot execute on the DHCP protocol.
3 DNS
The DNS transforms Internet domain and host names to IP addresses. DNS mechanically change
the names we type in our Web browser address to the IP addresses of Web servers hosting those
links. DNS executes a distributed database to stock up this name and address data for entire
public hosts on the Internet. DNS presume IP addresses do not change.
The DNS databases exist on a stage of the definite database server. while customers such as Web
browsers provide request performing Internet host names, a section of software known as DNS
resolver (normally built into the network operating system) initially contacts a DNS server to
describe the servers IP address. If the DNS server does not has the required mapping, it would
in turn send the request to the other DNS server at the subsequent highere stage in the level, the
P a g e | 10
Unit 2
IP address for the given host ultimately starts at the resolver, that which end the request on
Internet Protocol.
The Internet and most of the larger private Internet Protocol (IP) networks, depend on the
Domain Name System to assist in showing the traffic. The DNS handles a distributed database of
network names and addresses and it offers technique for system to remotely query the database.
Few people call DNS the phone book of the Internet.
DNS and the World Wide Web
Entire public websites on servers link to the Internet along the public IP addresses. The Web
server at About.com, ex has address like 207.241.148.80. Though people can type address data
like http://www.about.com/ is usual. The Internet uses DNS as a worldwide name resolution
service for public websites. While few kinds a sites name into their surfer, DNS appears the
equivalent IP address for that link, the data needed to generate network link among Web
browsers and Web servers.
DNS Servers and Name Hierarchy
DNS utilize a client/server network structure. DNS servers are the system planned to stock DNS
database records (names and addresses), when clients of the DNS contain PCs, phones and
various end users. DNS servers interface along each other, performing as clients to each other
while required.
The DNS arrange its server into stages. For the Internet, so-called root name server resist at the
top of the DNS level. The Internet root name servers handle DNS server data for the Webs top
level domain (TLD) like .com and .uk definitely the names and IP addresses of the real DNS
servers capable for answering the questions like every TLD separately. Servers at the next low
level of the DNS level follow second-stage domain names and address such as about.com and
added stages handle Web domains such as compnetworking.about.com.
DNS servers are configures and handled by private businesses and Internet leading bodies
around the world. For the Internet, 13 root name servers maintain the hundreds of Internet top-
P a g e | 11
Unit 2
level domain, whileAbout.com supply concerns DNS server data for the link in its network.
Organizations can arrange DNS on their private networks alone on the smaller scale.
Configuring Networks for DNS
DNS clients called resolvers required to utilize DNS should have it set up on their network.
Resolvers question the DNS utilizing fixed (static) IP address of one or more DNS servers. On a
home network, DNS server address can be set up once on a broadband router and mechanically
selected by client devices or the address can be set up each client separately. Home network
administrators are able to receive DNS server address from Internet service provider of the third-
party Internet DNS suppliers like Google Public DNS and OpenDNS.
Types of DNS Lookups
DNS is the most usually utilized by Web browsers mechanically alters Internet domain names to
IP address. Next to these forward lookups, the DNS also is utilized for:
o Identifying the right servers to give Internet email.

o Reverse lookups which change the IP address back to a domain name, the network
request depend on DNS lookup perform on TCP and UDP, port 53 by default.
DNS Caches
For the best process high quantity of requests, the DNS uses caching. DNS cache stock up local
copy to recent-access DNS record at the real continues to produce network traffic up and along
the DNS server level. Though, if a DNS cache arrives expired, network link problems can result.
DNS cache has also been prone to harass by network hackers. Network administrators can glow
a DNS cache if required using ipconfig and same properties.
Dynamic DNS
Standard DNS need entire IP address data stocked in the database to be set. This performs well
for handling few Web sites but not the devices utilizing dynamic IP addresses like Internet Web
cams or home Web servers. Dynamic DNS (DDNS) insert network protocol extension to DNS to
allow name resolution service for dynamic clients.
P a g e | 12
Unit 2
Several third-party suppliers provide dynamic DNS package designed for those required to
remotely access their home network along the Internet. Configuring an Internet DDNS
environment needs signing up along the selected supplier and configures added software on the
local network. The DDNS supplier remotely checks subscribe devices and generates the needed
DNS name server updates.
Alternatives to DNS
The Microsoft Windows Internet Naming Service (WINS) maintain name resolution same to
DNS but performs only on Windows system and utilize various name space. WINS is utilized on
few private networks of Windows of Windows PCs. Dot-Bit is an open source project related on
Bitcoin method which is performing to add maintenance for a bit top-stage domain to the
Internet DNS.
4 FTP
FTP stands for File Transfer Protocol. It is the standard Internet Protocol for transmitting
documents from one system to the other. FTP is a section of the TCP/IP protocol suite. TCP/IP is
the essential protocol which performs the entire Internet. Whether you are glancing your email,
surfing the website or downloading the documents you are utilizing TCP/IP. There are a amount
of small protocols which perform on the top of TCP/IP like email, HTTP, Telnet. FTP is the one
in it. Its separate event is to shift a document from a server to a client of from a client to a server.
Network protocol
In order for two networked system to link, they require a protocol or a handshake. A protocol is
equally approved set of rules which allow both parties to know:
what to do to initiate an exchange
what to expect next
If you receive a call and say hello, you wait for the person at the other end of the line to say
helo as well. This is standard protocol for telephone conversation. The Internet performs on
TCP/IP (Transport Control Protocol/Internet Protocol). As the name recommends it is usually
P a g e | 13
Unit 2
two protocols. Internet Protocol (IP) is the low level protocol which routes packets from one
node to the other and concern itself along things as IP addresses (e.g. 192.168.1.254). TCP get
addressing for approved and concerns itself along higher stage events like session management
and data transfer. HTTP and FTP are mutually sections of TCP.
FTP working
FTP needs two systems, one performing an FTP server, the other performing an FTP client. The
replacement is started by the client that logs in under an established username and password.
Once this happens, a session is open and remains open till closed by either the client or the server
or till time out. When the session is open, the client might perform number of FTP command on
the server. These contain commands to alter directories, list files, get files and put files.
Passive and Active FTP
FTP is a strange protocol in which it utilizes two ports, one for commands and the other for data.
Active FTP was founded initially. The client starts a link on the servers command port. The
server then starts a link along the client from its data port. In passive FTP, the client starts mutual
links along server that stays passive.
Active FTP may cause issues if your customer is after a firewall. From the firewall point of view,
the FTP server is selecting to start a link along your client appears like an intruder is normally
blocked. This is why most of the users have hard in using FTP to store documents from behind a
firewall.
Passive FTP resolve this issue, but generates other issues, particularly the FTP server security is
disturbed. The server should pay attention on a huge number of ports. This needs the firewall to
allow lot of untrained traffic through. Most of the firewall administrators do not like this. As a
regulation, you do not require to be worried on passive and active FTP till it administers FTP
server or a firewall. If you experience tough in utilizing the FTP client from a firewall, this is the
reason. Possibly you must argue the issue along the firewall admin.
P a g e | 14
Unit 2
FTP is better than HTTP for downloading documents
HTTP is planned to obtain web pages. It is optimized for number of frequent fetches of small
items. FTP is planned for transmitting documents and provides fast entire throughput and perfect
error checking. It is not rare for a user to be unsuccessful always to download huge documents
along HTTP using the browser, only to be successful on their initial attempt using a dedicated
FTP client. If you download entire documents huge documents always and skilled difficulties
receive a devoted FTP client software event.
Anonymous FTP
FTP needs the client event to log into the server events finding themselves along a user name and
validating themselves along a password. Most of the FTP link survives though, which freely
provide data to the public. In order to conform along FTPs needs which a session be opened
along a username and a password, these links whose name is independent and who will accept
any syntactically applicable email address as a password. It allow the server to differentiate
among users, as email addresses are often same, yet permits entire users to differentiate among
users, as email addresses are often same, however all users to log in under the usual user name
anonymous.
5 HTTP
HTTP (Hypertext Transfer Protocol) is the protocol for transmitting documents (text, graphic
images, sound, video and various multimedia documents) on the World Wide Web. As the Web
user opens the Web browser, the client is ultimately using HTTP. HTTP is an application
protocol which performs on top of the TCP/IP group of set of rules.
HTTP concepts contain the scheme which the documents can have suggestions to various
documents whose choice will obtain added transfer request. Any web server system has added
web page documents and manages them while they start. Your Web browser is an HTTP client
sending request to server system. While the browser client enters document request by opening
a Web document or clicking on a hypertext website, the browser plan an HTTP request and send
P a g e | 15
Unit 2
it to the Internet Protocol address (IP address) signifies by the URL. The HTTP daemon is the
end server system accepts the request and send back the requested document or documents
linked along the request.
o Request Packet
The format of the Request packet header is revealed in the subsequent diagram:
Method Request URI HTTP version
HTTP request packet structure
Method
The method to be performed on the resource
Request-URI
The Uniform Resource Identifier, the resource upon which to apply the request, i.e. the network
resource
HTTP version
The HTTP version being used
o Response Packet
The format of the Response packet header is revealed in the subsequent diagram:
HTTP version Status code Reason phrase
HTTP response packet structure
HTTP version
The HTTP version being used
P a g e | 16
Unit 2
Status-code
A 3 digit integer result code of the attempt to understand and satisfy the request
Reason-phrase
A textual description of the status code
6 LDAP
The LDAP (Light Directory Access Protocol) offers access to X.500 list with DAP (Directory
Access Protocol). It is utilized for simple management applications and browser applications
which offers simple read/write interactive process to the X.500 list and must match the DAP.
X.500 technology has established to be more famous then led to efforts to minimize the high?
Cost of entry? Linked along it, till LDAP is also a directory protocol option however it is not
charged on definite software. As such it is proposed to be easy and less cost than accessing ones.
Major characteristics
o Protocol essentials are accepted direct to TCP or various transport layer protocol.
o Protocol data modules are determined in normal strings.
o Lightweight BER encoding is utilized to encode entire protocol methods.
LDAP performs by a client forwarding a request to a server. In the request the client denotes the
process to be executed. The server should then execute the necessary operation on the directory.
Subsequently, the server returns a response having the results or any mistakes.
LDAP messages are PDUs mapped straight onto the TCP byte stream and use port 389. The
LDAP text do not have the own header and are text related message related on ASN.1
P a g e | 17
Unit 2
7 MGCP
Media Gateway Control Protocol is the most significant protocol for the next generation
networks since it is liable for executing the migration from PSTN to IP telephony in huge
corporate, ISPs caries by changing now a day TDM circuits into tomorrows voice packets.
Media Gateway Controller Protocol (MGCP) is a device control protocol executed by IETF and
intended to control device such as Media Gateways and Integrated Access Devices (IADs) by
utilizing text format messages to configure, handle and end multimedia communication control
protocol system is which MGCP permits the endpoint in the network to manage the
communication session.
MGCP is a protocol which performs among a Media Gateway (MG) and a Media Gateway
Controller (MGC) also called Call Agents of Soft Switches permitting the Media Gateway
Controller to control the Media Gateway. MGCP implement the Media Gateway as the essential
element of multipoint, next generation, converged networks. MGCP was created as a section of
the convergence movement that gives voice and data along packet-switched Internet.
Key features of MGCP
o Fully automates the MGCP functionality testing.

o Simulates multiple Call Agents and Media Gateways.
o Generates and receives MGCP messages.
o Predefined test scenarios
8 NNTP
The Network News Transfer Protocol (NNTP) is a news transfer system on a Transmission
Control Protocol (TCP) network. NNTP can allocate, query, post and recover news items known
as newsgroups. As it is normally used TCP, it is a granted delivery system.
The News text exists on the News Server to permit download for different clients which were
updated. Example: If a client has not linked to the News Server for an hour, the client links and
P a g e | 18
Unit 2
get only the text that are novel. The other client might link that has not linked to the server for a
week. The client has more texts to download as they have are offline for longer time. For this
instance, text cannot be removed for those clients who have outdated data. For a severe case, few
might link to a News Server that has not ever linked before. In this method, the client would
require to download a perfect section of the database.
The Internet has most News Servers as the News Servers utilize NNTP to link along clients. The
News Servers link along one another to upgrade the database by utilizing Unix-to-Unix Copy
(UUCP).
There are two processes for getting messages that are an active and passive process:
1. Push (active) The server will push news messages to the attached clients
2. Pull (passive) The client will specify the messages it requires and the server will send
them
The Push process affects a huge server load on resources, so it is desirable to utilize the Pull
method.
There are a few NNTP commands which are not case sensitive:
ARTICLE informs the server to send a specific news article
HEAD - same as ARTICLE, but sends only the article header
BODY same as ARTICLE, but sends only the article body
STAT same as ARTICLE, but sends only the message ID
GROUP specifies a group to the server which replies with the number of articles in the
group
HELP sends help information from News Server to client
IHAVE lets the client inform the server that it has a new message
LAST specifies that the server should set the pointer to the last message in group
LIST retrieves list of groups on server as well as first and last article number in each
group
NEWGROUPS retrieves list of new groups from server
NEWNEWS requests a list of all new articles from a set date and time
P a g e | 19
Unit 2
NEXT move pointer to next article in group

POST informs server that the client has a new message to post
QUIT informs server that the client is terminating the NNTP session
9 NTP
The Network Time Protocol (NTP) is a time management system for system clocks along the
Internet network. It offers the method to coordinate time and manage time allocation in a huge,
diverse internet operating at rates from ordinary to light wave. It utilizes a returnable time plan at
that a distributed sub networks of time servers, performing in a self-organizing, ordered cal
master-slave set up; arranged logical clocks in the sub network and to national time standards
along the wire or radio.
The format of the header is shown in the following illustration:
LI VN Mode Stratum Poll Precision
2 3 3 7 6 7 bits
NTP header structure
LI Leap Indicator
A 2-bit code caution of approaching leap-second to be introduced at the end of the last day of the
current month. Bits are coded as follows:
00 No warning.
01 +1 second (following minute has 61 seconds).
10 -1 second (following minute has 59 seconds).
11 Alarm condition (clock not synchronized).
VN
Version number 3 bit code representing the version number.
P a g e | 20
Unit 2
Mode
The mode: This field can hold the subsequent values:
0 Reserved.
1 Symmetric active.
3 Client.
4 Server.
5 Broadcast.
6 NTP control message.
Stratum
an integer recognizing the stratum level of the local clock, Values are described as follows:
0 Unspecified.
1 Primary reference (e.g. radio clock).
2...n Secondary reference (via NTP).
Poll
Signed integer signifying the maximum interval among successive messages, in seconds to the
nearest power of 2.
Precision
Signed integer signifying the precision of the local clock, in seconds to the nearest power of 2.
10 POP
It stands for Post Office Protocol. POP3 sometimes referred to as simply POP, is just
consistent process of sending e-mail messages. A POP3 mail server gets e-mail and sorts them
into the suitable user folders. While a user links to the mail server to recover his mail, the text are
downloaded from mail server to the users hard disk.
While you set up the e-mail client, like Outlook (Windows) or Mail (Mac OS X), you want to
enter the form of mail server the e-mail account uses. This will normally be also a POP3 or
P a g e | 21
Unit 2
IMAP server. IMAP mail server is a complicated than POP3 server and permits e-mail text to be
read and stock on the server. Mostly webmail interface use IMAP mail server so that can
handle entire mail online.
Most mail servers utilize the POP3 mail protocol since it is easy and well-organized. You may
have to find along the ISP or who handles the mail account to identify what settings to utilize for
the set up of mail program. If your e-mail account is on POP3mail server, you would require
enter through the right POP3 server address on your e-mail program settings. Normally, this is
somewhat like mail.server.com or pop.servername.com. In fact, to effectively recover the
mail, you can enter a valid username and password also.
POP3 protocol
The POP3 protocol has three methods specify for managing the link among the mail server and
the POP3 e-mail client: the authentication process, the transaction process and the update
process. At the time of validation process, the POP3 e-mail client which is linked to the server
should be validated before users can get the e-mail. If the user name and password which are
offered by the e-mail client equivalent on the server, the user is validated and proceed to the
transaction state. If not, the user gets an error message and is not permitted to link to recover e-
mail.
To secure any violation to the mail store after the client has been authentic, the POP3 service
locks the users mailbox. New e-mail which is distributed to the mailbox after the user has been
authenticated is not required to download till the link has been ended. Also, only one client can
link to a mailbox at a time; added link request to the mailbox are avoided.
At the time of transaction state, the client sends POP3 command and the servers receive and
respond to them according to the POP3 protocol. Any client request the server accepts which do
not conform along POP3 protocol is avoided, and an error text is sent again. The update state
ends the link among the client and server. It is the last command the client transfers.
P a g e | 22
Unit 2
After the link is closed, the mail store is updated to imitate the alterations generated at the time
the user was linked to the mail server. Example: after the customer successfully accepts the e-
mail, the accepted e-mail is noticed for removing and then it is removed from the mail store, if
the users e-mail client is set up to do if not.
11 IMAP
IMAP stands for Internet Message Access Protocol and is marked eye-map. It is a process of
accessing e-mail text on a server without having to configure them to the local drive. An e-mail
access protocol offers a uniform, operating method-free of influencing message data on a remote
message store (repository). Mail user agents executes a protocol which can offer persons along a
reliable view of the text store, in spite of what kind of system they are utilizing, and despite of
where they are linked in the network. Most simultaneous sessions perform a single remote
mailbox and single sessions performing various remote mailboxes are mutually probable along
this method.
This alters along POP3 in which POP is a store and sends transport protocol which performs as
MUA to recover pending e-mail from a mail drop, while IMAP is alert on remote mailbox
exploitation rather than transport. IMAP change from several vendor-definite remote access
methods in which IMAP is an open protocol planned to scale well and contain diverse sections of
client operating systems. Security-based performance contains how to include secure
authentication methods while creating a session and capable links among Privacy enhanced Mail.
It is probable that most of the job of this set will be performed through e-mail. An aim is to
combine and update RFC 1176 and surviving IMAP2bis draft, subsequently submit the outcome
as an Internet-Draft before November 1993 IEFT meeting, that will then focus on complete view
of the text in executing for compliance as a Proposed Standard before the finish of 1993.
P a g e | 23
Unit 2
12 RIP
The Routing Information Protocol (RIP) is a moderately old Interior Gateway Protocol (IGP).
IGPs are utilized for routing in networks which are under a usual network administration, while
exterior gateway protocol is utilized to replace routing data among networks. As an IGP, RIP
executes routing in a single autonomous system. RIP is a standard distance vector routing
protocol which utilizes hop count as its metric for describing the best path to a target.
RIP Routing Updates

RIP sends routing update message at every 30-second interval and at the time of network
topology alters. RIP uses widespread User Datagram Protocol (UDP) data packets to replace
routing data. The routing update process is called advertising. While a router accepts routing
updates which contain alterations to an entry, it updates its routing table to reproduce the new
route. The metric value for the path is increased by 1, and the sender is specifying as another
hop. RIP routers handles the best path to a destination and after updating its routing table, the
router instantly starts routing updates to update various network routers of the alteration. These
updates are sent in addition to the repeatedly scheduled 30-second interval updates which RIP
routers send.
RIP Routing Metric

RIP utilizes a single routing metric (hop count) to determine the distance among the source and a
destination network. Every hop in a path along the source to destination is allocated a hop-count
value that is 1. While a router accepts a routing update which has a new or altered destination-
network entry, the router adds 1 to the metric value specifying in the update and come in the
network along routing table. The IP address of the sender is utilized as the subsequent hopping.
RIP secures routing loop from abiding indefinitely by executing a boundary on the number of
hops allowable along a path from the source to a destination. The maximum amount of hops in a
path is 15. If a router accepts a routing update which has a new or altered entry, and if
maximizing the metric value by 1 affects the metric to be infinity, the network target is measured
inaccessible.
P a g e | 24
Unit 2
RIP Scalability and Limitations

The minimum hop count of RIP is measured a scalability boundary for huge networks. An added
boundary is which RIP version (RIP-1) is a classful routing protocol and does not execute subnet
mask data in its routing update.
Note
RIP Version 2 (RIP-2) was initiated to address this boundary. The RIP-2 requirement permits
more data like subnet mask to be contained in RIP packets and offer a simple authentication
method.
Since, RIP-1 does not maintain the use of variable-length subnet masking (VLSM). VLSM offers
the capacity to denote various subnet masks for the similar network number, however on several
subnets. Before RIP-1 send out an update, it executes a check on the subnet mask of the network
which is to be advertised. If a VLSM has been allocated, the subnet gets drop from the
advertisement. This boundary also create scalability problem for huge networks in that address
space is partial.
RIP Stability Features

RIP executes methods like split horizon, hold-down timers, hop-count boundary and poison
reverse to secure routing loops and handles network stability as described in the record which
executes:
Split horizon- If a route is known on an interface, the data on the route is not sent back out the
interface that it was studied. In this method, split horizon secures routing loop in the network.
Hold-down timers- These timers reject routing update data for a definite period of time. Hold-
down timers can be rearranged while the timer expires, a routing update is established which has
a better metric, or a routing update is accepted specifying that the real path to the network is
valid. Hold-down timers are helpful in securing routing data from bulk network while network
connections are unstable.
P a g e | 25
Unit 2
Hop-count limit-This limits the number of hops permitted in a way from source to destination.
The maximum is 15 and 16 is considered unreachable. The hop-count bound secures routing
loop from abiding forever.
Poison reverse-A route is poisoned while a router points a route as unreachable by setting the
hop count to 16 and then exceeds this route to a neighboring router affecting the neighboring
router to delete the route from its routing table. This fasten the network diverts by securing
invalid routes from spreading over the network.
These characteristics permit RIP to regulate to network-topology alterations and secure loops
from being circulated and enduring indefinitely.
13 RPC
Microsoft Remote Procedure Call (RPC) is a authoritative technology for generating distributed
client/server programs. RPC is an Interprocess communication method which permits client and
server software to link. The Microsoft RPC capacity is well-matched along the Open Groups
distributed Computing Environment (DCE) requirement for remote procedure calls and is
interoperable along different DCE-related RPC systems like those for HP-UX and IBM AIX
Unix related operating system.
Computer operating system and programs have gradually got more intricate over years. Along
every release there are more characteristics. The rising difficulty of systems makes it tougher for
developers to skip errors at the development method. Always developers generate a solution for
their system or software receives while nearly same solution has by now been created. This copy
of effort receives time and money and adds difficulty to the complex system.
RPC is considered to diminish these problems by offering a general interface among

applications. RPC serves as a go-along for client/server communications. RPC is planned to
generate client/server communication simple and secure by factoring out general tasks like
P a g e | 26
Unit 2
security, synchronization and data flow managing into a general library so that developers do not
have to contribute the time and attempt in generating the own solution.
Terms and Definitions
The following terms are linked with RPC.

Client
A process like program or task which request a service offered by the other program. The client
process utilizes the requested service without deal along various works explanations on the
different program or a service.
Server
A process like program or task which react to request from a client

Endpoint
The name port or set of ports on a host system which is executed by a server program for
incoming client request. The endpoint is a network definite address of a server program for
remote procedure call. The names of the end point rely on the protocol method being utilized.
Endpoint Mapper (EPM)

Section of the RPC subsystem which determine dynamic endpoints in response to client request
in few set up actively allocate endpoints to servers.
Client Stub
Module in a client application having entire events essential for the client to generate remote
procedure calls utilizing the model of a traditional event call in a standalone software. The client
stub is applicable for appealing the assembly engine and few of the RPC application
programming interfaces (APIs).
Server Stub
Module in a server application or service which has entire functions essential for the server to
manage remote request utilizing local procedure calls.
P a g e | 27
Unit 2
RPC Dependencies and Interactions
RPC is a client/server technology in the most common sense. There is a sender and a receiver,
data is transmitted among them. This might be classic client/server or system service in the
system linked among each other. The latter is definitely general. The most Windows architecture
is collected of services which link among each other to complete a task. Most services build into
the Windows architecture utilize RPC to link along the other.
14 RTSP
The Real-Time Streaming Protocol (RTSP) is an application level protocol for control on the
delivery of data along real-time feature. RTSP offers an extensible structure to enable controlled,
on-demand delivery of real-time information like audio and video. Sources of information
contain live data supply and stored clips. This set of rules is planned to control various data
discharge sessions offer a method for selecting delivery channels like UDP, multicast UDP and
TCP and offer a means for selecting delivery method related on RTP.
The Streams executed by RTSP might use RTP however the RTSP does not rely on the transport
method utilized to execute flow of media. The protocol is purposely same in syntax and
performance to HTTP/1.1 so that extension method to HTTP can in most case be added to RTSP.
Though, RTSP alters in a number of significant methods from HTTP:
o RTSP establish a number of new processes and has a several protocol checker.
o An RTSP server requires handling state by default nearly every case, as defend to the
stateless nature of HTTP. Both RTSP server and client can provide requests.
o Data is approved out-of-band by various protocols.
o RTSP is described to utilize ISO 10646 (UTF-8) than ISO 8859-1, reliable along the
present HTML internationalization effort.
o The Request-URI often has the correct URI. Since of backward compatibility along a
historical blunder, HTTP/1.1 executes only the entire path in the request and executes the
host name in a definite header section.
P a g e | 28
Unit 2
This generate virtual hosting simple that a single host along single IP address hosts various file
trees.
RTSP is the control protocol for the execution of multimedia content on IP network. It is related
normally on TCP for consistent delivery and has a same operation and syntax to HTTP. RTSP is
utilized by the client application to link to the server data like media file being requested, the
kind of application the client is utilized, the method of delivery of the document and various
significant control data command like DESCRIBE, SETUP and PLAY. The usual multimedia
content is not normally distributed on the RTSP links; however it can be interleaved if necessary.
RTSP is analogous to the remote control of the streaming protocol.
Real Time Transport Protocol (RTTP)
RTP is the protocol utilized for the definite transport and release of the real-time audio and video
information. As the delivery of the definite information for audio and video is generally delay
responsive, the lighter weight UDP protocol is utilized as the Layer 4 delivery method, however
TCP might also be utilized in environment which endure higher packet loss. One interesting
section of the RTP execution is that the source port utilized by the server while sending the UDP
data is often even-however it is dynamically allocated. The destination port is selected by the
client and linked on the RTSP control links.
Real Time Control Protocol (RTCP)
RTCP is a complimentary protocol to RTP and is a bidirectional UDP related method to permit
the client to link stream-quality data back to the object server. The RTCP UDP link often uses
the subsequent UDP port up along that utilized by RTP stream and thus is often odd.
15 SIP
Session Initiation Protocol (SIP) described in RFC 3261 is an application level indicating
protocol for setting up, altering and ending real-time session among participants on an IP data
network. SIP can execute many kind of single-media or multi-media session containing
teleconferencing.
P a g e | 29
Unit 2
SIP is simply one component in the group of protocols and services required to maintain
multimedia exchange on the Internet. SIP is the indicating protocol which enables one party to
position a call to the other party and to discuss the parameters of multimedia session. The real
audio, video or different multimedia content is replaced among session participants utilizing a
proper transport protocol. In most of the cases, the transport protocol to use is the Real-Time
Transport Protocol (RTP). Directory access and lookup protocol are also required.
The Key driving force behind SIP is to enable Internet Telephony called Voice over IP (VoIP).
There is broad industry receiving that SIP would be the standard IP signaling method for voice
and multimedia calling services. Additionally, as older Private Branch Exchanges (PBXs) and
network switches are phased out, industry is moving on a voice networking method which is SIP
signaled, IP related and packet switched not in the broad area but also on the clients premises.
SIP maintains five facets of executing and ending multimedia links:

User location: Users can move to different places and access their telephony or various
application characteristics from remote locations.
User availability: This level contains describing the willingness of the called party to involve in
communications.
User Capability: In this process, the media and media parameters to be utilized are described.
Session setup: Point-to-point and multiparty calls are set up along agreed session parameters.
Session Management: This stage contains transfer and ending of sessions altering session
parameters and invoking services.
SIP executes planning elements extended for earlier protocols. SIP is related on an HTTP like
request/response transaction model. Every transaction contains a client request which appeal a
definite method of event on the server and at least one response. SIP utilizes most of the header
field, encoding rules and status code of HTTP. This offers a readable text-related format for
displaying data. SIP incorporates the use of a Session Description Protocol (SDP) that describes
P a g e | 30
Unit 2
session content utilizing a set of types same those used in Multipurpose Internet Mail Extensions
(MIME).
SIP Components and Protocols

A system utilizing SIP can be seen as contained elements described on two dimensions.
Client/server and individual network components, RFC 3261 describes client and server as the
subsequent:
Client- A client is any network component which send SIP request and accept SIP response.
Clients may or may not cooperate directly along a human user. User agent client and proxies
are clients.
Server- A server is a network component which gets request in order to service them and send
back response to those requests. Ex: Servers are proxies, user agent servers, redirect servers and
registrars.
The separate components of a ordinary SIP set up contains the subsequent:
User Agent: The User agent exists in every SIP end station. It execute in two role:
User Agent Client: Provides SIP request
User Agent Server (UAS): get SIP request and execute a response which accept, delete or divert
the request.
Redirect Server: The redirect server is utilized at the session starting to describe the address of the
called device. The redirect server gives back this data to the calling tool, expressing the UAC to
contact an alternate Universal Resource Identifier (URI). A URI is a common identifier utilized to
name various resources on the Internet. The URL utilized for Web addresses is a kind of URI.
P a g e | 31
Unit 2
Proxy Server: The Proxy server is an intermediate entity which performs as both a server and a
client for the point of creating a request on behalf of various clients. A proxy server initially plays
the role of routing which ensures the request sent to the other entity closer to the aimed user.
Proxies are also helpful for implementing policy. A proxy interprets and if essential rewrites
definite section of a request message before forwarding it.
Registrar: A registrar is a server which accept REGISTRAR request and locate the data in accepts
in the request into the place of service for the domain it manages.
Location Service: A location service is utilized by a SIP forward or proxy server to gain data on
a callers capable position. For this approach, the location service executes a database of SIP-
address/ IP-address mapping.
16 SMTP
Simple Mail Transfer Protocol (SMTP) handles the way e-mail is transmitted and distributed
across the Internet to the destination server. SMTP accepts and sends e-mail among servers. The
SMTP service is configured by default along the POP3 service to offer entire e-mail service.
The SMTP service is mechanically set up on the system while the POP3 service is set up to
permit user to send outgoing e-mail. While you generate a domain utilizing the POP3 service, the
domain is also new to the SMTP service to permit mailboxes in that domain to send outgoing e-
mail. The SMTP service on the mail server accepts incoming mail and transmits the e-mail to the
mail store.
E-mail relay
E-mail relay happen while users who are not members of the e-mail domain use a mail server
along SMTP to send e-mail. SMTP mail servers which are not set up to secure open relay are
P a g e | 32
Unit 2
always injured by those who required sending huge amount of unwanted commercial e-mail. The
Microsoft SMTP service is set up by evades securing e-mail relaying.
If you are required to enable e-mail relay, though you have the subsequent two choices, relying
on that authentication method you are utilizing:
o If you are utilizing Active Directory included authentication or local Windows accounts
authentication, you are able to arrange the mail server to need authentication before
getting outgoing e-mail.
o If you are utilizing encrypted password document required to set up e-mail relaying, you
should set up the mail server to permit relay related on either Internet Protocol (IP)
address or e-mail domain name.
Note
While an e-mail is not sending, the Simple Mail Transfer Protocol (SMTP) service return to the
sender along a non-delivery report (NDR). If the NDR cannot be delivered to the sender, a
replica of the message is put in the Badmail list. To secure the option of the operating system
performing out of a disk space, you should send the SMTP Badmail list to an amount other than
the one on which the OS in set up.
IETF RFC821 describes the SMTP that is a mail service planned on the FTP file transfer service.
SMTP transmits mail text among system and offer notification about incoming mail.
Commands
SMTP commands are ASCI messages sent among SMTP host. Probably commands are as
follow:
Command Description
DATA Begins message composition.
EXPN <string> Returns names on the specified mail list.
HELO <domain> Returns identity of mail server.
P a g e | 33
Unit 2
HELP <command> Returns information on the specified command.

MAIL FROM <host> Initiates a mail session from host.
NOOP Causes no action, except acknowledgement from
server.
QUIT Terminates the mail session.
RCPT TO <user> Designates who receives mail.
RSET Resets mail connection.
SAML FROM <host> Sends mail to user terminal and mailbox.
SEND FROM <host> Sends mail to user terminal.
SOML FROM <host> Sends mail to user terminal or mailbox.
TURN Switches role of receiver and sender.
VRFY <user> Verifies the identity of a user.
Messages
SMTP response messages have a response code followed by descriptive text, as follows:
Response Code Explanatory Text

211 (Response to system status or help
request).
214 (Response to help request).
220 Mail service ready.
221 Mail service closing connection.
250 Mail transfer completed.
251 User not local, forward to <path>.
354 Start mail message; end with
<CRLF><CRLF>.
421 Mail service unavailable.
450 Mailbox unavailable.
451 Local error in processing command.
P a g e | 34
Unit 2
452 Insufficient system storage.

500 Unknown command.
501 Bad parameter.
502 Command not implemented.
503 Bad command sequence.
504 Parameter not implemented.
550 Mailbox not found.
551 User not local, try <path>.
552 Storage allocation exceeded.
553 Mailbox name not allowed.
554 Mail transaction failed.
17 SNMP
A huge section of being a system administrator is gathering correct data about the servers and
infrastructure. There are a number of devices and selections for collecting and handling this kind
of data. Most of them are generated upon a technology known as SNMP.
SNMP stands for Simple Network Management Protocol. It is a path which servers are able to
gather data on the current situation and also a control through an admin able to alter pre-defined
values. Whereas the protocol itself is very easy, the structures of the event which execute SNMP
are able to be very difficult.
Basic Concepts
SNMP is a protocol which is executed on the application layer of the networking stock. The
protocol was generated as a path of collecting data from various systems in a constant method.
However it can be utilized in links to various array of systems, the process questioning data and
the way to the related data are consistent.
P a g e | 35
Unit 2
There are several versions of the SNMP protocol and various networked hardware device
execute few method of SNMP access. The most probably utilized version is SNMPv1, since it is
in most of the ways insecure. Its status mostly stems from its ubiquity and long time in the wild.
Generally, a network being profiled by SNMP would mostly contain devices having SNMP
agents. An agent is an event which collects data on a section of hardware, manage it into
executed entries and respond to queries using the SNMP protocol.
The element of this method which questions agent for data is known as SNMP manager. These
systems normally have information on entire SNMP executed devices in their network and can
offer requests to collect data and set definite features.
SNMP Agents
SNMP agents do the volume of the work. They are capable for collecting data on a local system
and stock them in a format which is able to be questioned updating a database known as
management information base or MIB.
The MIB is a hierarchy, pre-defined structure which stocks data which is able to be questioned or
set. This is capable to well-executed SNMP request generating from a host which has validating
along the accurate credentials.
The agent system set up that managers must have access to its data. It can also perform as an
mediator to report data on the devices it cam link to that are not set up for SNMP traffic. This
offers a lot of flexibility in receiving the elements online and SNMP accessible.
SNMP agent responds to most of the commands described by the protocol. These contain Get
Request, GetNextRequest, GetBulkRequest, SetRequest and InformRequest. Additionally, an
agent is planned to send Trap text.
SNMP Protocol Commands
P a g e | 36
Unit 2
One of the explanations which SNMP has observed heavy adoption is the ease of the commands
accessible. There is very little performance to execute or remember since they are ease enough to
address the advantages needed for the protocol.
The Subsequent PDUs or protocol data units demonstrate the correct texting type which is
permitted by the set of rules:
GetA
Get message is sent by a manager to an agent to request the rate of a definite OID. This request is
answered along a Response text which is sent back to the manager along the data.
GetNext
A GetNext text permits a manager to request the subsequent ordered object in the MIB. This is a
method which you can negotiate the structure of the MIB with no worrying on OIDs to question.
Set
A set message is sent by a manager to an agent to alter the worth held by a variable on the agent.
This can be utilized to manage configuration data of alter the state of remote host. This is the
only write operation described by the protocol.
GetBulk
This manager to agent request events as if various GetNext requests were made. The reply back
to the manager would have as much as information capable as the packet permits.
Response
This text, sent by an agent, is utilized to send any demanded data back to the manager. It serves
as both a transport for the data demanded and the acknowledgement of receipt of the request. If
the requested data cannot be given, the response has error field which can be grouped along data.
A response text should be returned for various requests and also Inform the text.
Trap
P a g e | 37
Unit 2
A trap message is normally sent by an agent to a manager. Traps are asynchronous notification in
which they are unwanted by the manager accepting them. They are generally utilized by agent to
notify managers of events which are happening on their handled devices.
Inform
To verify the receipt of a trap, a manager sends an Inform text back to the agent. If the agent
does not accept this text, it might execute to resend the trap text.
Along with these seven data unit kinds, SNMP is probable of questioning and sending data on
the networked devices.
18 SOCKS
SOCKS was originated by David Koblas and then altered and completed by version 4. It is
protocols which relay TCP sessions at a firewall host to permit application users transparent
access across the firewall. Since the protocol is free from the application protocol, it can utilize
for various services like telnet, ftp, finger, whois, gopher, WWW etc. Access control can be
utilized at the starting of every TCP session; then the server easily relays the information among
the client and the application server, acquiring minimum processing on. As SOCKS never has to
recognize anything about the application protocol, it must also be simple for it to hold
applications that utilize encryption to secure their traffic from nosey snoopers.
Two operations are defined: CONNECT and BIND.

1) CONNECT
The client links to the SOCKS server and send a CONNECT request while it require to start a
link to an application server. The client contains the request packet the IP address and the port
number of the destination host and userid in the subsequent form.
+----+----+----+----+----+----+----+----+----+----+---------+----+
| VN | CD | DSTPORT | DSTIP | USERID |NULL|
P a g e | 38
Unit 2
+----+----+----+----+----+----+----+----+----+----+---------+----+
# of bytes: 1 1 2 4 variable 1
VN is the SOCKS protocol version number and must be 4. CD is the SOCKS command code and
must be 1 for CONNECT request. NULL is a byte of entire zero bits.
The SOCKS server examines to observe whether a request must be produced related on any
mixture of source IP address, destination IP address, destination port number, the userid and the
data it might get by consulting IDENT, cf, RFC 1413. If the request is agreed, the SOCKS server
generates a link to the definite port of the destination host. A reply packet is sent to the client
while the link is recognized or while the request is removed or the operation is not successful.
+----+----+----+----+----+----+----+----+
| VN | CD | DSTPORT | DSTIP |
+----+----+----+----+----+----+----+----+
# of bytes: 1 1 2 4
VN is the version of the reply code and must be 0. CD is the result code along one of the
subsequent values:
90: request granted

91: request rejected or failed
92: request rejected because SOCKS server cannot connect to Identd on the client
93: request rejected because the client program and identd report different user-ids
The remaining field is deleted.

The SOCKS server ends its link suddenly after reporting the client of a failed or deleted request.
For a successful request, the SOCKS server gets ready to relay traffic on both paths. This permits
the client to do I/O on its link as if it were openly linked to the application server.
P a g e | 39
Unit 2
2) BIND
The client links to the SOCKS server and send a BIND request while it require arranging for an
inbound link from an application server. This must occur after an initial link to the application
server has been recognized along a CONNECT. Usually, this is section of the series of events:
-bind (): obtain a socket

-getsockname (): get the IP address and port number of the socket
-listen (): ready to accept call from the application server
-use the primary connection to inform the application server of the IP address and the port
number that it should connect to.
-accept (): accept a connection from the application server
The reason of SOCKS BIND performance is to maintain a series instead utilizing a socket on the
SOCKS server than on the client.
The client contains the request packet the IP address of the application server, the destination
port utilized in the initial link, and the userid.
+----+----+----+----+----+----+----+----+----+----+....+----+
| VN | CD | DSTPORT | DSTIP | USERID |NULL|
+----+----+----+----+----+----+----+----+----+----+....+----+
# of bytes: 1 1 2 4 variable 1
VN is again 4 for the SOCKS protocol version number. CD must be 2 to indicate BIND request.
The SOCKS server uses the client data to choose whether the request is to be approved. The
reply it send again to the client has the similar format as the reply for CONNECT request. i.e.
+----+----+----+----+----+----+----+----+
| VN | CD | DSTPORT | DSTIP |
+----+----+----+----+----+----+----+----+
P a g e | 40
Unit 2
# of bytes: 1 1 2 4
VN is the version of the reply code and must be 0. CD is the product code along one of the
subsequent values:
90: request granted

91: request rejected or failed
92: request rejected because SOCKS server cannot connect to identd on the client
93: request rejected because the client program and identd report different user-ids.
Though, for an approved request (CD is 90), the DSTPORT and DSTIP field are important. In
this case, the SOCKS server acquire a socket to wait for an incoming link and send port number
and the IP address of that socket to the client in DSTPORT and DTIP. If the DSTIP in the reply
is 0 then the client must reposition it along the IP address of the SCOKS server to that the client
is linked. These two numbers are generated to the application client program along the outcome
of the following getsockname () call. The application protocol should offer a path for these two
parts of data to be sent from the customer to the application server so that it should start the link
that links it to the SOCKS server rather than straight to the application client as it is usually, will.
The SOCKS server send next reply packet to the customer while the estimated link along the
application server is recognized. The SOCKS server examines the IP address of the initiating
host next to the value of DSTIP denoted in the clients BIND request. If a difference is
established, the CD area is the next reply set to 90 and the SOCKS server get started to relay the
traffic on its two links. From then on the client does I/O on its link to the SOCKS server as if it
were openly linked to the application server.
For both CONNECT and BIND performance, the server set a time boundary for the enterprise of
its link along the application server. If the link is still not recognized while the time limit
terminates, the server closes its link to the client and gives up.
P a g e | 41
Unit 2
19 SSH
Secure Shell (SSH) Protocol is a protocol for secure network link planned to be moderately easy
and cheap to execute. The initial version, SSH1 focused on offering a secure remote logon ability
to alter Telnet and other remote logon methods which offered no protection. SSH also offer a
huge common client-server ability and can be utilized to protect network events as file transfer
and e-mail. A new version, SSH2 offer a consistent definition of SSH and recover on SSH1 in
several methods. SSH2 is recognized as a planned standard in RFCs 4250 along 4256.
SSH client and server applications are broadly accessible for most operating system. It has
become the process of choice for remote login and X tunneling and quickly appropriate one of
the most persistent applications for encrypting technology outer the embedded system. SSH is
prepared as three protocols which normally run on top of TCP:
Transport Layer Protocol- Offers server authentication, data confidentiality and data integrity
along forward secrecy; the transport layer capable selectively and offer compression.
User Authentication Protocol- Authenticates the user to the server
Connection Protocol- Multiplexes various logical link channels on a single basic SSH link.
20 Telnet
TELNET is the terminal emulation protocol of TCP/IP. Present TELNET is a adaptable terminal
emulation because of many selections which has emerged from past twenty years. Choices gave
TELNET the capacity to alter binary data, support byte macros, follow graphic terminals and
suggest data to maintain centralized terminal management.
TELNET utilizes the TCP transport protocol to attain a real link among server and client. After
linking, TELNET server and client enter a stage of choice negotiation which describes the choice
which each side can maintain the link. Every linked system is capable to negotiate new selection
or renegotiate old selection at any time. In common, every result of the TELNET link aims to
execute all options which increase performance for the systems integrated.
P a g e | 42
Unit 2
In a distinctive execution, the TELNET client send single keystroke at the time TELNET server
can send one or more lines of features in response. Where the Echo selection is in use, the
TELNET server echoes keystrokes back to the TELNET client.
Dynamic Mode Negotiation
At the time of connection, enhanced features other than those provide by the NVT might be
negotiated either by the user or the application. This assignment is skilled by embedded
commands in the data stream. TELNET command code are one or more octets in length and are
leaded by interpret as command (IAC) feature, that is an octet along every bit set equal to one
(FF hex). The subsequent are the TELNET command codes:
Commands Code No. Description
Dec Hex
data All terminal input/output data.
End subNeg 240 FO End of option subnegotiation command.
No Operation 241 F1 No operation command.
Data Mark 242 F2 End of urgent data stream.
Break 243 F3 Operator pressed the Break key or the
Attention key.
Int process 244 F4 Interrupt current process.
Abort output 245 F5 Cancel output from current process.
You there? 246 F6 Request acknowledgment.
Erase char 247 F7 Request that operator erase the previous
character.
Erase line 248 F8 Request that operator erase the previous
line.
Go ahead! 249 F9 End of input for half-duplex connections.
SubNegotiate 250 FA Begin option subnegotiation.
Will Use 251 FB Agreement to use the specified option.
P a g e | 43
Unit 2
Wont Use 252 FC Reject the proposed option.

Start use 253 FD Request to start using specified option.
Stop Use 254 FE Demand to stop using specified option.
IAC 255 FF Interpret as command.
Each negotiable option has an ID, which immediately follows the command for option
negotiation, that is, IAC, command, option code. Following is a list of TELNET option codes:
OptionID Option Codes Description
Dec Hex
0 0 Binary Xmit Allows transmission of binary
data.
1 1 Echo Data Causes server to echo back all
keystrokes.
2 2 Reconnect Reconnects to another TELNET
host.
3 3 Suppress GA Disables Go Ahead! Command.
4 4 Message Sz Conveys approximate message
size.
5 5 Opt Status Lists status of options.
6 6 Timing Mark Marks a data stream position for
reference.
7 7 R/C XmtEcho Allows remote control of
terminal printers.
8 8 Line Width Sets output line width.
9 9 Page Length Sets page length in lines.
10 A CR Use Determines handling of carriage
returns.
11 B Horiz Tabs Sets horizontal tabs.
P a g e | 44
Unit 2
12 C Hor Tab Use Determines handling of

horizontal tabs.
13 D FF Use Determines handling of form
feeds.
14 E Vert Tabs Sets vertical tabs.
15 F Ver Tab Use Determines handling of vertical
tabs.
16 10 Lf Use Determines handling of line
feeds.
17 11 Ext ASCII Defines extended ASCII
characters.
18 12 Logout Allows for forced log-off.
19 13 Byte Macro Defines byte macros.
20 14 Data Term Allows subcommands for Data
Entry to be sent.
21 15 SUPDUP Allows use of SUPDUP display
protocol.
22 16 SUPDUP Outp Allows sending of SUPDUP
output.
23 17 Send Locate Allows terminal location to be
sent.
24 18 Term Type Allows exchange of terminal
type information.
25 19 End Record Allows use of the End of record
code (0xEF).
26 1A TACACS ID User ID exchange used to avoid
more than 1 log-in.
27 1B Output Mark Allows banner markings to be
sent on output.
P a g e | 45
Unit 2
28 1C Term Loc# A numeric ID used to identify

terminals.
29 1D 3270 Regime Allows emulation of 3270
family terminals.
30 1E X.3 PAD Allows use of X.3 protocol
emulation.
31 1F Window Size Conveys window size for
emulation screen.
32 20 Term Speed Conveys baud rate information.
33 21 Remote Flow Provides flow control (XON,
XOFF).
34 22 Linemode Provides linemode bulk
character transactions.
255 FF Extended options list Extended options list.
21 TLS/SSL
Definition of SSL
SSL is the secure communication protocol of selecting for a huge section of the Internet
community. There are various applications of SSL surviving, as it is applicable for securing any
transaction on TCP. Secure HTTP or HTTP is a famous application of SSL in an e-commerce or
password transaction. According to the Internet Draft of the SSL protocol, the point of the
protocol is to offer privacy and reliability among two link applications.
The Protocol release additionally that describes three points relate to offer link security. These
points are:
Privacy - connection through encryption
Identity authentication identification through certificates, and
P a g e | 46
Unit 2
Reliability dependable maintenance of a secure connection through message integrity checking.
The server validates itself to a client which is transferring data. However it is a better choice for
the user to have a digital certificate, it is not essential for the SSL link to be recognized. A
general application of SSL: A user without certificate required to examine her e-mail on a web-
related e-mail system. As the user request a secure link from e-mail we page, the user expect to
send the username and password to the e-mail link. The recognition of the e-mail server to the
present workplace is crucial. To the e-mail server though, it is not crucial which the customer has
finding certificate on the system since the user is capable to examine the e-mail from the system.
For this cause, SSL does not require a client certificate. Various practical applications of SSL
link are identified in e-mail and financial transaction communication.
Application to a Web System
The requirement to send susceptive data on the internet is maximizing and so it is essential to
secure data in transit with Internet. A general application of SSL along a web system is an online
store while a client system is sending a request to a customers server. To apply the SSL protocol
to a web system, few requirements should be met. As the SSL protocol is included into most web
browsers and those browsers are generally utilized to access web applications, no added set up is
needed from the clients side of the SSL link.
Configuration is moderately easy from the server side of the communication equation. Initially
the web server admin should obtain a digital certificate. This can be acquired from a Certificate
Authority (CA) like VeriSign or RSA data security. CAs need certificates be improved after a set
length of time, as a method for making sure the identity of the owner of the applications server.
The next need is the proper set up of the web server to permit SSL links. Example: The iPlanet
Web Server has the ability to store various certificates for several sites on a single web server.
This capacity permits the admin to confirm the identity if every application hosted by this server,
and permits the application customers to properly examine every application separately.
P a g e | 47
Unit 2
The third section of the puzzle is not essentially needed, but a strong idea: to add an accelerator
to the web server. SSL accelerator is PCI cards sold by various corporations (Cisco, Broadcom,
etc) to speed up the processing actions needed to encrypt data for secure links. There is a balance
hit regularly among security and performance and this balance alters on a case-bycase basis. SSL
link do slow links, mostly because to the exchanging of keys and different data at the time of the
startup stage of the session. The uses of public key cryptography need a sizeable amount of
data to be approved among the client and server systems. however there are various method to
minimize this problem, as the most generally established role is to use an SSL accelerator.
Transport Layer Security Protocol
Definition
TLS was released in response to the Internet communitys demand for a consistent protocol. The
IETF offered a position for the new protocol to be publicly discussed and encouraged developers
to offer their input to the protocol.
The Transport Layer Security (TLS) protocol was free in January 1999 to generate a standard
private links. The protocol permits client/server application to link in a path which is planned to
secure eavesdropping, tampering or message forgery.
According to the protocols generator, the aim of the TLS protocol is cryptographic security,
interoperability, extensibility and relative effectiveness. These aims are succeeded through
execution of the TLS protocol on two stages: the TLS Record protocol and the TLS Handshake
protocol.
TLS Record Protocol
The TLS Record negotiates a private, consistent link among the client and the server. however
the Record protocol can be utilized without encryption, it utilizes symmetric cryptography keys,
to make sure a private link. This link is protected through the use of hash function produces by
utilizing a Message Authentication Code.
P a g e | 48
Unit 2
TLS Handshake Protocol
The TLS Handshake protocol permits authenticated link to start among the server and client.
This protocol permits the client and server to speak the same language, permitting them to agree
upon an encryption algorithm and encryption keys before the chosen application protocol starts
to send information.
Utilizing the similar handshake protocol process as SSL, TLS offers for authentication of the
server and selectively the client. Various alterations were made to the handshake protocol.
22 XMPP
XMPP Extensible Messaging Presence Protocol is a protocol relates on Extensible Markup

Language (XML) and planned for Instant Messaging (IM) and online presence checking. It
performs among servers and assists near real time performance. The protocol may finally permit
Internet customers to send instant messages to anyone else on the Internet, in spite of various in
operating systems and browsers.
XMPP is also known as Jabber protocol, since this is a technical misnomer. Jabber, IM software
same to ICQ (I SEEK YOU) and the others is related on XMPP, since there are various
application beside Jabber which are related by XMPP. The IEEE XMPP perform group, a set of
engineers and programmers, is adjusting XMPP for use as an Internet Engineering Task Force
(IETF) technology. Additionally, the Messaging and Presence Interoperability Consortium
(MPIC) is related to XMPP as a significant interoperability technology. Ultimately, XMPP is
estimated to sustain IM applications along authentication, access control, a huge measure of
privacy, hop-by-hop encryption, end-to-end encryption and compatibility among different
protocols.
IBM and Microsoft are performing on same standard known as SIP for Instant messaging and
Presence Leveraging Extensions (SIMPLE) related on Session Initiation Protocol (SIP).
P a g e | 49
Unit 2
23WAP
Wireless application protocol (WAP) is a communication protocol which is utilized for wireless
data access with major mobile wireless networks. WAP improve wireless requirement
interoperability and assist instant link among cooperated wireless device and the Internet.
WAP performs in an open application environment and might produce various kinds of OS.
Mobile users choose WAP since its capability to effectively give electronic data.
WAP explanation
The WAP cascading style sheet (CSS) is a mobile providing World Wide Web which permits
programmers to format screen size for mobile device changing. Reformatting is not essential
while utilizing WAP CSS content that controls page layout compatibility along various mobile
device display screen.
The core interface of WAP structure is the WAP datagram protocol that handles the transmission
layer protocol of Internet model and assists performance among mobile wireless networks and
platforms, free of upper layer protocols. The transport layer deals among physical network
problem permitting wireless global performance to access wireless gateways. A WAP gateway is
a server which helps wireless network access.
The WAP Forum called Open Mobile Alliance (OMA) offer WAP device is testing, requirement
progressing and handle entire mobile service.
24 IRC
The IRC (Internet Relay Chat protocol) manage a worldwide network of servers and clients and
is stringing to handle along growth. It is a text-related protocol along the simplest customer being
different socket event applicable of linking to the server.
P a g e | 50
Unit 2
The IRC protocol was generated on system utilizing the TCP/IP network protocol however there
is no need which stays the single sphere in that it executes. It is a teleconferencing machine that
is recognized to perform on most of the systems in a distributed fashion. A distinctive
configuration has a single process generating a central point for clients to link executing the
needed text delivery/multiplexing and various events.
Servers and clients communicate by sending messages that may or may not execute a reply. If
the text has a suitable command, the client must imagine a reply as defined but it is not informed
to wait till the reply; client to server and server to server link is normally not similar in nature.
Every IRC text may have three sections: the prefix (selective), the command, and the command
parameters. The prefix, command and entire parameters are divided by single space characters.
Messages are as follows:

Server/Nick_Name
the Server/Nick_Name
User
The user name
Host
the host name
25 Summary
The unit provides you the protocol concepts for BGP, DHCP, DNS, FTP, HTTP, LDAP, MGCP,
NNTP, NTP, POP, IMAP, RIP, RPC, RTSP, SIP, SMTP, SNMP, SOCKS, SSH, RTCP,
TLS/SSL, XMPP, WAP & IRC protocols
26 Video Links
1) Border Gateway Protocol- https://www.youtube.com/watch?v=R1mGglKlEBY
P a g e | 51
Unit 2
2) SMTP, POP, IMAP tutorial- https://www.youtube.com/watch?v=8wUq5LxYWeI

3) DNS, Telnet and FTP tutorial- https://www.youtube.com/watch?v=K_hfQ_8f-j4
4) SIP protocol tutorial- https://www.youtube.com/watch?v=rFPYqikRNBo
5) SSL/TLS tutorial- https://www.youtube.com/watch?v=4nGrOpo0Cuc
P a g e | 52

Unit-2 Security Protocols - Application Layer PDF

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Unit-2 Security Protocols - Application Layer PDF

Hochgeladen von

Copyright:

Verfügbare Formate

Unit 2

OSI Layer & Security Protocols

Unit-2 Security Protocols- Application Layer

Introduction to protocol concepts ................................................................................................... 5

26 Video Links .............................................................................................................................. 51

Confidentiality & Proprietary Information

Unit-2 Security Protocols- Application Layer

Introduction to protocol concepts

BGP task contains

o The existing version of BGP is BGP version 4, related on RFC4271.

BGP path attributes

DNS and the World Wide Web

DNS Servers and Name Hierarchy

Configuring Networks for DNS

Types of DNS Lookups

o Identifying the right servers to give Internet email.

Passive and Active FTP

FTP is better than HTTP for downloading documents

Method Request URI HTTP version

HTTP request packet structure

HTTP version Status code Reason phrase

HTTP response packet structure

Key features of MGCP

o Fully automates the MGCP functionality testing.

NEXT move pointer to next article in group

The format of the header is shown in the following illustration:

LI VN Mode Stratum Poll Precision

NTP header structure

RIP Routing Updates

RIP Routing Metric

RIP Scalability and Limitations

RIP Stability Features

RPC is considered to diminish these problems by offering a general interface among

Terms and Definitions

The following terms are linked with RPC.

A process like program or task which react to request from a client

Endpoint Mapper (EPM)

RPC Dependencies and Interactions

Real Time Transport Protocol (RTTP)

Real Time Control Protocol (RTCP)

SIP maintains five facets of executing and ending multimedia links:

SIP Components and Protocols

The separate components of a ordinary SIP set up contains the subsequent:

HELP <command> Returns information on the specified command.

Response Code Explanatory Text

452 Insufficient system storage.

SNMP Protocol Commands

Two operations are defined: CONNECT and BIND.

90: request granted

The remaining field is deleted.

-bind (): obtain a socket

90: request granted

User Authentication Protocol- Authenticates the user to the server

Dynamic Mode Negotiation

Commands Code No. Description

Wont Use 252 FC Reject the proposed option.

OptionID Option Codes Description

12 C Hor Tab Use Determines handling of

28 1C Term Loc# A numeric ID used to identify

Privacy - connection through encryption

Identity authentication identification through certificates, and

Reliability dependable maintenance of a secure connection through message integrity checking.

Application to a Web System