2-3 Protocols and Standards

2.11 Define the function of TCP / UDP (Transmission Control Protocol / User Datagram Protocol) ports.

> Transmission Control Protocol

A connection based Internet protocol responsible for breaking data into packets, which the IP protocol sends over the network. IP is located at the TCP/IP Internet layer which corresponds to the network layer of the OSI Model. IP is responsible for routing packets by their IP address.

> User Datagram Protocol

Runs on top of IP and is used as an alternative to TCP. UDP does not, however, provide any error checking for guaranteeing packet delivery. Because UDP is not as complex as TCP, it is also faster. It is often used for broadcast messages and for streaming audio and video. UDP is a connectionless transport protocol.

2.12 Identify the well-known ports associated with the following commonly used services and protocols:

Protocol	Common Port
FTP (File Transfer Protocol)	20, 21
SSH (Secure Shell)	22
Telnet	23
SMTP (Simple Mail Transfer Protocol)	25
DNS (Domain Name Service)	53
TFTP (Trivial File Transfer Protocol)	69
HTTP (Hypertext Transfer Protocol)	80
POP3 (Post Office Protocol version 3)	110
NNTP (Network News Transport Protocol)	119
NTP (Network Time Protocol)	123
IMAP4 (Internet Message Access Protocol version 4)	143
HTTPS (Hypertext Transfer Protocol Secure)	443

2.13 Identify the purpose of network services and protocols:

> DNS (Domain Name Service)

DNS name resolution is used on the Internet to map friendly names to IP addresses, and vice versa. For example instead of trying to remember an IP address composed of numbers, such as 198.46.8.34 you could with the DNS type HTTP://www.microsoft.com.

In Microsoft Windows 2000, Microsoft Windows Server™ 2003, and Microsoft Windows XP environments, DNS is the default name resolution method.

> NAT
(Network Address Translation)

Network Address Translation is a process that lets an entire network connect to a PPP server and appear as a single IP address, thus helping to conceal IP addresses from external hackers and to alleviate address space shortage.

> ICS (Internet Connection Sharing)

You can choose one computer to share an Internet connection with the rest of the computers on your home or small office network. This computer is called the Internet Connection Sharing (ICS) host computer.

To determine which computer should be your ICS host computer, use the following guidelines:

• The computer must be one that you can leave on at all times so that other computers on the network can access the Internet. If the computer is turned off, the connection to the Internet will not be available.
• If one computer has a DSL or cable modem, use that computer as the ICS host computer.
• If you plan to use a shared printer for your network, the printer should be installed on the ICS host computer.

> WINS (Windows Internet Name Service)

While DNS resolves host names to IP addresses, WINS resolves NetBIOS names to IP addresses. Windows Internet Name Service provides a dynamic database of IP address to NetBIOS name resolution mappings.

WINS, determines the IP address associated with a particular network computer. This is called name resolution. WINS supports network client and server computers running Windows.

WINS uses a distributed database that is automatically updated with the names of computers currently available and the IP address assigned to each one.

DNS is an alternative for name resolution suitable for network computers with fixed IP addresses.

> SNMP (Simple Network Management Protocol)

Simple Network Management Protocol, is a TCP/IP protocol for monitoring networks and network components. SNMP uses small utility programs called agents to monitor behavior and traffic on the network, in order to gather statistical data.

These agents can be loaded onto managed devices such as hubs, NIC's, servers, routers, and bridges. The gathered data is stored in a MIB (management information base).

To collect the information in a usable form, a management program console polls these agents and downloads the information from their MIB's, which then can be displayed as graphs, charts and sent to a database program to be analyzed.

> NFS (Network File System)

Network File System (NFS) is a distributed file system that allows users to access files and directories located on remote computers and treat those files and directories as if they were local.

> Zeroconf (Zero configuration)

Zero Configuration Networking is a set of techniques that automatically create a usable IP network without configuration or special servers. This allows unknowledgeable users to connect computers, networked printers, and other items together and expect them to work automatically. Without Zeroconf or something similar, a knowledgeable user must either set up special servers, like DHCP and DNS, or set up each computer's network settings manualy.

Zeroconf currently solves three problems :

• Choose numeric network addresses for networked items
• Figure out which computer has a certain name
• Figure out where to get services, like printing.

> SMB (Server Message Block)

A file-sharing protocol designed to allow networked computers to transparently access files that reside on remote systems over a variety of networks. The SMB protocol defines a series of commands that pass information between computers. SMB uses four message types: session control, file, printer, and message. It is mainly used by Microsoft Windows equipped computers.

SMB works through a client-server approach, where a client makes specific requests and the server responds accordingly. One section of the SMB protocol is specifically for filesystem access, such that clients may make requests to a file server. The SMB protocol was optimised for local subnet usage, but one could use it to access different subnets across the Internet on which MS Windows file-and-print sharing exploits usually focus.

Client computers may have their own hard disks, which are not publicly shared, yet also want access to the shared file systems and printers on the server, and it is for this primary purpose that SMB is best known and most heavily used.

> AFP (Apple File Protocol)

The file sharing protocol used in an AppleTalk network. In order for non-Apple networks to access data in an AppleShare server, their protocols must translate into the AFP language.

AFP versions 3.0 and greater rely exclusively on TCP/IP (port 548 or 427) for establishing communication, supporting AppleTalk only as a service discovery protocol. The AFP 2.x family supports both TCP/IP and AppleTalk for communication and service discovery.

> LPD (Line Printer Daemon) and Samba).

LPD is the primary UNIX printing protocol used to submit jobs to the printer. The LPR component initiates commands such as "print waiting jobs," "receive job," and "send queue state," and the LPD component in the print server responds to them.

The most common implementations of LPD are in the official BSD UNIX operating system and the LPRng project. The Common Unix Printing System (or CUPS), which is more common on modern Linux distributions, borrows heavily from LPD.

Unix and Mac OS X Servers use the Open Source SAMBA to provide Windows users with Server Message Block (SMB) file sharing.

2.14 Identify the basic characteristics (For example: speed, capacity and media) of the following WAN (Wide Area Networks) technologies:

> Packet switching

Packet switching offers more efficient use of a telecommunication provider's network bandwidth. With packet switching, the switching mechanisms on the network route each data packet from switch to switch individually over the network using the best-available path. Any one physical link in a packet-switched network can carry packets from many different senders and for many different destinations. Where as in a circuit switched connection, the bandwidth is dedicated to one sender and receiver only.

> Circuit switching

With circuit switching, data travels over a fixed path that is established at the beginning of the connection and remains open until the connection is terminated. A telephone call is an example of a circuit switched link. When you dial a number the telecommunication provider, establishes an open circuit between your phone and the phone of the person you are calling. No other calls can be placed over this circuit until you hang up.

> ISDN (Integrated Services Digital Network)

Integrated Services Digital Network adapters can be used to send voice, data, audio, or video over standard telephone cabling. ISDN adapters must be connected directly to a digital telephone network. ISDN adapters are not actually modems, since they neither modulate nor demodulate the digital ISDN signal.

Like standard modems, ISDN adapters are available both as internal devices that connect directly to a computer's expansion bus and as external devices that connect to one of a computer's serial or parallel ports. ISDN can provide data throughput rates from 56 Kbps to 1.544 Mbps using a T1 service.

ISDN hardware requires a NT (network termination) device, which converts network data signals into the signaling protocols used by ISDN. Some times, the NT interface is included, or integrated, with ISDN adapters and ISDN-compatible routers. In other cases, an NT device separate from the adapter or router must be implemented.

ISDN works at the physical, data link, network, and transport layers of the OSI Model.

> FDDI (Fiber Distributed Data Interface)

Fiber Distributed Data Interface, shares many of the same features as token ring, such as a token passing, and the continuous network loop configuration. But FDDI has better fault tolerance because of its use of a dual, counter-rotating ring that enables the ring to reconfigure itself in case of a link failure. FDDI also has higher transfer speeds, 100 Mbps for FDDI, compared to 4 - 16 Mbps for Token Ring.

Unlike Token Ring, which uses a star topology, FDDI uses a physical ring. Each device in the ring attaches to the adjacent device using a two stranded fiber optic cable. Data travels in one direction on the outer strand and in the other direction on the inner strand. When all devices attached to the dual ring are functioning properly, data travels on only one ring. FDDI transmits data on the second ring only in the event of a link failure.

Media	MAC Method	Signal Propagation Method	Speed	Topologies	Maximum Connections
Fiber-optic	Token passing	Forwarded from device to device (or port to port on a hub) in a closed loop	100 Mbps	Double ring Star	500 nodes

> T1 (T Carrier level 1)

A 1.544 Mbps point to point dedicated, digital circuit provided by the telephone companies. T1 lines are widely used for private networks as well as interconnections between an organizations LAN and the telco.

A T1 line uses two pairs of wire one to transmit, and one to receive. and time division multiplexing (TDM) to interleave 24 64-Kbps voice or data channels. The standard T1 frame is 193 bits long, which holds 24 8-bit voice samples and one synchronization bit with 8,000 frames transmitted per second. T1 is not restricted to digital voice or to 64 Kbps data streams. Channels may be combined and the total 1.544 Mbps capacity can be broken up as required.

> T3 (T Carrier level 3)

A T3 line is a super high-speed connection capable of transmitting data at a rate of 45 Mbps. A T3 line represents a bandwidth equal to about 672 regular voice-grade telephone lines, which is wide enough to transmit real time video, and very large databases over a busy network. A T3 line is typically installed as a major networking artery for large corporations, universities with high-volume network traffic and for the backbones of the major Internet service providers.

> OCx (Optical Carrier)

Optical Carrier,
designations are used to specify the speed of fiber optic networks that
conforms to the SONET standard.

Level	Speed
OC-1	51.85 Mbps
OC-3	155.52 Mbps
OC-12	622.08 Mbps
OC-24	1.244 Gbps
OC-48	2.488 Gbps

> X.25

An X.25 network transmits data with a packet-switching protocol, bypassing noisy telephone lines. This protocol relies on an elaborate worldwide network of packet-forwarding nodes that can participate in delivering an X.25 packet to its designated address.

Network Connections supports X.25 by using packet assemblers/disassemblers (PADs) and X.25 cards. You can also use a modem and special dial-up X.25 carriers (such as Sprintnet and Infonet) in place of a PAD or X.25 smart card on your computer.

Remote access clients running Windows XP Professional or Windows 2000 Server or later can use either an X.25 card or dial in to an X.25 PAD to create connections. To accept incoming connections on a computer using X.25 running Windows XP Professional or Windows 2000 Server or later, you must use an X.25 card.

2.15 Identify the basic characteristics of the following internet access technologies:

> xDSL (Digital Subscriber Line)

xDSL is a term referring to a variety of new Digital Subscriber Line technologies. Some of these varieties are asymmetric with different data rates in the downstream and upstream directions. Others are symmetric. Downstream speeds range from 384 Kbps (or "SDSL") to 1.5-8 Mbps (or "ADSL").

Asymmetric Digital Subscriber Line (ADSL) A high-bandwidth digital transmission technology that uses existing phone lines and also allows voice transmissions over the same lines. Most of the traffic is transmitted downstream to the user, generally at rates of 512 Kbps to about 6 Mbps.

> Broadband Cable (Cable modem)

Cable modems use a broadband connection to the Internet through cable television infrastructure. These modems use frequencies that do not interfere with television transmission.

> POTS / PSTN (Plain Old Telephone Service / Public Switched Telephone Network)

POTS / PSTN use modem's, which is a device that makes it possible for computers to communicate over telephone lines. The word modem comes from Modulate and Demodulate. Because standard telephone lines use analog signals, and computers digital signals, a sending modem must modulate its digital signals into analog signals. The computers modem on the receiving end must then demodulate the analog signals into digital signals.

Modems can be external, connected to the computers serial port by an RS-232 cable or internal in one of the computers expansion slots. Modems connect to the phone line using standard telephone RJ-11 connectors.

> Wireless

A wireless network consists of wireless NICs and access points. NICs come in different models including PC Card, ISA, PCI, etc. Access points act as wireless hubs to link multiple wireless NICs into a single subnet. Access points also have at least one fixed Ethernet port to allow the wireless network to be bridged to a traditional wired Ethernet network, such as the organization’s network infrastructure. Wireless and wired devices can coexist on the same network.

• WLAN (Wireless Local Area Network) A group of computers and associated devices that communicate with each other wirelessly.
• WPA (Wi-Fi Protected Access) A security protocol for wireless networks that builds on the basic foundations of WEP. It secures wireless data transmission by using a key similar to WEP, but the added strength of WPA is that the key changes dynamically. The changing key makes it much more difficult for a hacker to learn the key and gain access to the network.
• WPA2 (Wi-Fi Protected Access 2) WPA2 is the second generation of WPA security and provides a stronger encryption mechanism through Advanced Encryption Standard (AES), which is a requirement for some government users.
• WPA-Personal A version of WPA that uses long and constantly changing encryption keys to make them difficult to decode.
• WPA-Enterprise A version of WPA that uses the same dynamic keys as WPA-Personal and also requires each wireless device to be authorized according to a master list held in a special authentication server.