Network Plus Certification/Technologies/Common Protocols

Objective 1.1: Explain the function of common networking protocols

In computing, a protocol is a convention or standard that controls or enables the connection, communication, and data transfer between computing endpoints. In its simplest form, a protocol can be defined as the rules governing the syntax, semantics, and synchronization of communication. Protocols may be implemented by hardware, software, or a combination of the two. At the lowest level, a protocol defines the behavior of a hardware connection.

While protocols can vary greatly in purpose and sophistication, most specify one or more of the following properties:


 * Detection of the underlying physical connection (wired or wireless), or the existence of the other endpoint or node
 * Handshaking (dynamically setting parameters of a communications channel)
 * Negotiation of various connection characteristics
 * How to start and end a message
 * How to format a message
 * What to do with corrupted or improperly formatted messages (error correction)
 * How to detect unexpected loss of the connection, and what to do next
 * Termination of the session and or connection.

TCP/IP (Transmission Control Protocol/Internet Protocol) suite
The Internet Protocol Suite (commonly known as TCP/IP) is the set of communications protocols used for the Internet and other similar networks. The Internet Protocol Suite, like many protocol suites, may be viewed as a set of layers. Each layer solves a set of problems involving the transmission of data, and provides a well-defined service to the upper layer protocols based on using services from some lower layers. Upper layers are logically closer to the user and deal with more abstract data, relying on lower layer protocols to translate data into forms that can eventually be physically transmitted. The TCP/IP model consists of four layers. From lowest to highest, these are the Link Layer, the Internet Layer, the Transport Layer, and the Application Layer.

Some have attempted to map the Internet Protocol model onto the seven-layer OSI Model. The mapping results in the TCP/IP Link Layer corresponding to the OSI Data Link and Physical layers in terms of functionality. The Internet Layer is usually directly mapped to the OSI's Network Layer. At the top of the hierarchy, the Transport Layer is always mapped directly into the OSI Layer 4 of the same name. OSI's Application Layer, Presentation Layer, and Session Layer are collapsed into TCP/IP's Application Layer.

The following table provides some examples of the protocols grouped in their respective layers. See the below sections for details on each protocol.

ARP (Address Resolution Protocol)
The Address Resolution Protocol (ARP) is a communications protocol used for resolution of Internet layer addresses into link layer addresses, a critical function in the Internet protocol suite. ARP was defined by RFC 826 in 1982, and is Internet Standard STD 37. ARP is also the name of the program for manipulating these addresses in most operating systems.

ARP is used for mapping a network address (e.g. an IPv4 address) to a physical address like an Ethernet address (also named a MAC address). ARP has been implemented with many combinations of network and data link layer technologies, like IPv4, Chaosnet, DECnet and Xerox PARC Universal Packet (PUP) using IEEE 802 standards, FDDI, X.25, Frame Relay and Asynchronous Transfer Mode (ATM). IPv4 over IEEE 802.3 and IEEE 802.11 is the most common usage.

In Internet Protocol Version 6 (IPv6) networks, the functionality of ARP is provided by the Neighbor Discovery Protocol (NDP).

generally ARP translate IP address to MAC.

DHCP (Dynamic Host Configuration Protocol)
This is a protocol that is used to assist users to configure multiple network devices from a single source. This protocol is used to assist a user in configuring multiple networks.

DNS (Domain Name System)
This is a protocol that assists the users by helping to link between common usernames/works to an IP address and back, e.g. instead of cramming the IP address for Wikibooks the user can easily type https://www.wikibooks.org to be able to access the content from there.

FTP (File Transfer Protocol)
FTP is a standard internet protocol for transmitting files between computers on the internet over TCP/IP connections. It is a client-server protocol that relies on two communications channels between client and server; a command channel for controlling the conversation and a data channel for transmitting files content. Clients initiate conversations with servers by requesting to download a file.

FTP sessions work in a passive and active mode after a client initiates a session via a command channel request, the server initiates a data connection back to the client and begins transferring data. In passive mode, the server instead uses the command channel to send the client the information it needs to open a data channel. It works across firewalls and Network Address Translation (NAT) gateways

HTTP (Hyper Text Transfer Protocol)
This was the initial protocol that was used to access web content. It was replaced by HTTPS due to its security vulnerabilities.

HTTPS (Hypertext Transfer Protocol Secure)
This is the secure version of HTTP that is now commonly used to access website content. HTTPS (port 443) strengthens HTTP by incorporating SSL or TLS. This protocol allow for the use of encryption. You can see when they are in use because the URL begins with HTTPS and a padlock icon appears in the status bar or browser bar in the browser window. HTTPS is the worldwide standard that is used for payment transactions and for other data-sensitive Internet transactions.

ICMP (Internet Control Message Protocol)
Internet Control Message Protocol (ICMP) provides feedback that you can use for diagnostics or to report logical errors. The most common ICMP type is the ping. The designers of ICMP envisioned a protocol that would be helpful and informative. Unfortunately, hackers have a different vision; they use ICMP to send the ping of death, craft Smurf DoS packets, query the timestamp of a system or its netmask, or even send ICMP type 5 packets to redirect traffic.

Version 3 of IGMP adds support for "source filtering", that is, the ability for a system to report interest in receiving packets *only* from specific source addresses, or from *all but* specific source addresses, sent to a particular multicast address. That information may be used by multicast routing protocols to avoid delivering multicast packets from specific sources to networks where there are no interested receivers.

IGMP (Internet Group Management Protocol)
IGMP is the protocol used by IPv4 systems to report their IP multicast group memberships to neighboring multicast routers.

IMAP4 (Internet Message Access Protocol version 4)
Internet Message Access Protocol version 4 (IMAP4) enables you to retrieve and download emails from SMTP servers. It is quite similar to POP3. However, the main difference is that it allows the user to read the emails while they are on the server which makes it optional for the user to download the email. In addition to this, IMAP4 is much more secure as the user authentication information is encrypted while it is transferred over the network.

NTP (Network Time Protocol)
It is a network protocol used for clock synchronization between computer systems over packet switched, variable latency data networks.

POP3 (Post Office Protocol version 3)
POP3 is an old and very simple protocol for downloading email from an email server (the "@servername.com" part of an email address). The "com" part is the top-level domain and depends on which TLD the server registered under. TLDs include "com", "org", "net", "biz", and more. POP3 is defined in [[rfc:1939 RFC1939] ]. POP3 allows the user's "user agent" (email program) to establish a connection, download messages, and optionally delete messages. POP3 begins when the user agent opens a TCP connection to the mail server on port 110. Next, POP3 progresses through three phases: authorization, transaction, and update.

Authorization phase
The user agent sends a user name and a password (in plain-text) to authenticate the user.

Example
In the code above, the lines are output on the user's command line. Line numbers 1, 3, and 5 are sent to the server. Lines 2, 4, and 6 are responses from the server.

If you misspell a command, the POP3 server will reply with an  message rather than a   message.

Transaction phase
Next, during the transaction phase, the user agent can retrieve messages, mark messages for deletion, remove deletion marks, and obtain mail statistics.

The user's mail program can typically be configured to download and delete messages or to download only, leaving the original unopened message on the server. The user can download the same message later from another program or computer. This is useful when the user has a home computer and an office computer.

Example
As an example, suppose the user has two messages in his or her mailbox. The client and server will talk to each other as follows: The client requests a list of messages and the server responds with a list of sizes of the messages and ends its transmission with a  stop signal. The client then retrieves the first message followed by a deletion command (marking it for deletion) and retrieves the second message and deletes it and ends the session with. This ends the transaction phase and ends the POP3 session. The client disconnects and the server proceeds to the update phase.

Update phase
The update phase happens after the user agent has issued the  command, ending the POP3 session; at this time, the mail server deletes the messages that were marked for deletion and closes its POP3 session.

RTP (Real-time Transport Protocol) - VoIP (Voice over Internet Protocol)
It is a network protocol for delivering audio and video over IP networks. RTP is used in communication and entertainment systems that involve streaming media, such as telephony, video teleconference applications including WebRTC, television services and web-based push-to-talk features.

SMTP (Simple Mail Transfer Protocol)
This is the protocol that is used to send and receive emails between servers.

SNMP2/3 (Simple Network Management Protocol version 2 or 3)
SNMP works by sending messages, called protocol data units (PDUs), to devices within your network that “speak” SNMP. These messages are called SNMP Get-Requests. Using these requests, network administrators can track virtually any data values they specify.

SSH (Secure Socket Shell)
Provides secure access to remote desktops. (Also refers to the suite of utilities that implement the protocol) Secure Shell (SSH) operates on the Application layer of the TCP/IP Model. Its basic purpose is to allow the users to access data remotely from a server. The users have the privilege to log on to a computer remotely and perform a number of tasks such as the download, modification or deletion of data. Furthermore, the data is kept encrypted during the whole process which makes it more secure as well. It can be used to move data within networks as well as between various networks.

TLS (Transport Layer Security)
Transport Layer Security (TLS) is the updated version of Secure Sockets Layer (SSL). TLS uses more secure cryptographic protocols and algorithms. TLS uses hybrid encryption, which means that it uses symmetric encryption for data and asymmetric encryption for key exchange of the symmetric key.