Chapter 2 – Networking

Chapter 2 – Networking

 2.1 What is a Network?

A collection of computers, servers, mainframes, network devices, peripherals, or other devices connected to one another allowing for data to be shared and used. A great example of a network is the Internet, connecting millions of people all over the world together.
A network is a group of two or more computer systems linked together. There are many types of computer computers, including:

local-area networks (LANs) : The computers are geographically close together (that is, in the same building).
 wide-area networks (WANs) : The computers are farther apart and are connected by telephone lines or radio waves.
campus-area networks (CANs): The computers are within a limited geographic area, such as a campus or military base.
metropolitan-area networks MANs): A data network designed for a town or city.


home-area networks (HANs): A network contained within a user's home that connects a person's digital devices.


2.2Network Topologies


In computer networking,topology refers to the layout of connected devices. This article introduces the standard topologies of networking.

Topology in Network Design

Think of a topology as a network's virtual shape or structure. This shape does not necessarily correspond to the actual physical layout of the devices on the network. For example, the computers on a home LAN may be arranged in a circle in a family room, but it would be highly unlikely to find a ring topology there.
Network topologies are categorized into the following basic types:
·         bus
·         ring
·         star
·         tree
·         mesh

More complex networks can be built as hybrids of two or more of the above basic topologies.

Bus Topology


Bus networks (not to be confused with the system bus of a computer) use a common backbone to connect all devices. A single cable, the backbone functions as a shared communication medium that devices attach or tap into with an interface connector. A device wanting to communicate with another device on the network sends a broadcast message onto the wire that all other devices see, but only the intended recipient actually accepts and processes the message.
Ethernet bus topologies are relatively easy to install and don't require much cabling compared to the alternatives. 10Base-2 ("ThinNet") and 10Base-5 ("ThickNet") both were popular Ethernet cabling options many years ago for bus topologies. However, bus networks work best with a limited number of devices. If more than a few dozen computers are added to a network bus, performance problems will likely result. In addition, if the backbone cable fails, the entire network effectively becomes unusable.

Ring Topology


In a ring network, every device has exactly two neighbors for communication purposes. All messages travel through a ring in the same direction (either "clockwise" or "counterclockwise"). A failure in any cable or device breaks the loop and can take down the entire network.
To implement a ring network, one typically uses FDDI, SONET, or Token Ring technology. Ring topologies are found in some office buildings or school campuses.

Star Topology


Many home networks use the star topology. A star network features a central connection point called a "hub node" that may be a network hub , switch or router . Devices typically connect to the hub with Unshielded Twisted Pair (UTP) Ethernet.
Compared to the bus topology, a star network generally requires more cable, but a failure in any star network cable will only take down one computer's network access and not the entire LAN. (If the hub fails, however, the entire network also fails.)

Tree Topology

Tree topologies integrate multiple star topologies together onto a bus. In its simplest form, only hub devices connect directly to the tree bus, and each hub functions as the root of a tree of devices. This bus/star hybrid approach supports future expandability of the network much better than a bus (limited in the number of devices due to the broadcast traffic it generates) or a star (limited by the number of hub connection points) alone.

 Mesh Topology

A network topology characterized by the intertwining of nodes through links connecting them together directly, rather than through one or more intermediate points of interconnection.There are two types of mesh topologies: full mesh and partial mesh.


2.3   Networking Devices and Cables

Twisted Pair
One of the oldest and still most common transmission media is twisted pair. As shown in Figure 15 a twisted pair consists of two insulated copper wires, typically about 1 mm thick. The wires are twisted together in a helical form. Twisting is done because two parallel wires constitute a fine antenna. When the wires are twisted, the waves from different twists cancel out, so the wire radiates less effectively.
Twisted pairs can be used for transmitting either analog or digital signals. The bandwidth depends on the thickness of the wire and the distance traveled, but several Mb/s can be achieved for a few kilometers in many cases. The frequency range of twisted-pair cables is approximately 0 to 1 MHz. Due to their adequate properties and low cost, twisted pairs are widely used and are likely to remain so for years to come.
Twisted pair cables are often shielded in attempt to prevent electromagnetic interference. Because the shielding is made of metal, it may also serve as a ground. However, usually a shielded or a screened twisted pair cable has a special grounding wire added called a drain wire. This shielding can be applied to individual pairs, or to the collection of pairs. When shielding is applied to the collection of pairs, this is referred to as screening. The shielding must be grounded for the shielding to work. In contrast to FTP (foiled twisted pair) and STP (shielded twisted pair) cabling, UTP (unshielded twisted pair) cable is not surrounded by any shielding. It is the primary wire type for telephone usage and computer networking, especially as patch cables. UTP comes in several varieties:
  • Category 3: Was the earliest successful implementation of UTP. It’s primarily used for voice and lower-speed data applications. It’s rated for a maximum of 10 Mbps.
  • Category 4: Never achieved the popularity of Cat 3 or Cat 5. It’s primarily used for voice and lower-speed data at a maximum of 16 Mbps.
  • Category 5: As Fast Ethernet became a standard, Cat 5 became the basis for most high-speed data implementations. Cat 5 runs at a maximum of 100 Mbps.
  • Category 5e: With the need for higher speeds, Gigabit Ethernet has become the new replacement for Fast Ethernet. To make it work, Cat 5e extends the life of Cat 5 cable. It can run at a maximum of 1,000 Mbps.
  • Category 6: Cat 5e can run at gigabit speeds, but with 10-Gigabit Ethernet on the horizon, Cat 5e has stretched the Cat 5 standard to its limits. Cat 6 can currently run at 1,000 Mbps (1 Gbps). The Category 6 specification was released for publication very recently, however as designed, Category 6 cabling will be able to support speeds up to at least 10 Gbps.
Nowdays Cat 5e and Cat 6 should be used.



                                
                                            Figure 15: UTP pairs (cable)



Figure 16: RJ-45 connector


UTP Cable Termination Standards EIA/TIA 568A and EIA/TIA 568B
In 1985 many companies from the telecommunications industry, becoming concerned about the lack of a third party premises cabling standard and their governing body the CCIA (Computer Communications Industry Association) requested that the EIA (Electronics Industry Association) develop this standard.
The first draft of the standard wasn’t released until July of 1991 this was given the name EIA/TIA-568. The new standard provided backward compatibility for phones that used two pairs instead of just one enabling them to operate on pairs 1 and 2. Later in 1991 a Technical Systems Bulletin (TSB-36) was released with references to category 4 and 5 cables. Twelve months later TSB-40 was published addressing higher speed UTP for hardware connecting, this was revised in January of 1994 to include RJ-45 modular jacks and fly leads. At this time EIA/TIA-568 was also revised and renamed EIA/TIA 568A, the existing AT&T standard 258A was included and referred to as EIA/TIA 568B. As both these standards were popular and widely used they were both adopted into the International Standards titled Generic Cabling for Customer Premises Cabling (ISO/IEC 11801:1995).
By looking at the specifications shown in Figure 17 we see that the only difference is that the green and orange pairs are terminated to different pins, there is no difference as to what signal is used on what pin, only what colour wire is terminated onto it. Technically the standards are the same, they operate in the same manner and neither one is technically superior to another when used in Ethernet applications.


Figure 17: EIA/TIA 568A and 568B


Straight-Through Cable - Four-pair, eight-wire, straight-through cable, which means that the color of wire on Pin 1 on one end of the cable is the same as that of Pin 1 on the other end. Pin 2 is the same as Pin 2, and so on. The cable is wired to either EIA/TIA T568B or T568A standards for 10BASE-T Ethernet, which determines what color wire is on each pin.
Crossover Cable - A crossover cable means that the second and third pairs on one end of the cable will be reversed on the other end. The pin-outs are T568A on one end and T568B on the other end. All 8 conductors (wires) should be terminated with RJ-45 modular connectors. Crossover cable conforms to the structured cabling standards. If the crossover cable is used between switches, it's considered to be part of the "vertical" cabling. Vertical cabling is also called backbone cabling. A crossover cable can be used as a backbone cable to connect two or more switches in a LAN, or to connect two isolated hosts to create a mini-LAN. This will allow the connection of two hosts or a server and a host without the need for a hub between them. This can be very helpful for testing and training. To connect more than two hosts, a switch is needed.
Rollover Cable - A 4-pair "rollover" cable. This type of cable is typically 3.05 m long but can be as long as 7.62 m. A rollover cable can be used to connect a host or dumb terminal to the console port on the back of a router or switch. Both ends of the cable have RJ-45 connectors on them. One end plugs directly into the RJ-45 console management port on the back of the router or switch. Plug the other end into an RJ-45-to-DB9 terminal adapter. This adapter converts the RJ-45 to a 9-pin female D connector for attachment to the PC or dumb terminal serial (COM) port. A DB25 terminal adapter is also available to connect with a PC or dumb terminal. This adapter uses a 25 pin connector. 


Figure 18: Rollover Console Cable Kit


 Cable is called a rollover because the pins on one end are all reversed on the other end as though one   end of the cable was rotated or rolled over. 



                                           Connecting a Networking Devices


Fiber Optics
An optical transmission system has three key components: the light source, the transmission medium, and the detector. Conventionally, a pulse of light indicates a 1 bit and the absence of light indicates a 0 bit. The transmission medium is an ultra-thin fiber of glass or plastic. The detector generates an electrical pulse when light falls on it. By attaching a light source to one end of an optical fiber and a detector to the other, we have a unidirectional data transmission system that accepts an electrical signal, converts and transmits it by light pulses, and then reconverts the output to an electrical signal at the receiving end. Higher bandwidth links can be achieved using optical fibers. One of the best substances used to make optical fibers is ultrapure fused silica. These fibers are more expensive than regular glass fibers. Plastic fibers are normally used for short-distance links where higher losses are tolerable.
Optical fiber links are used in all types of networks, LAN and WAN. The frequency range of fiber optics is approximately 180 THz to 330 THz. There are two types of fiber optics cables:
  • Multimode fiber
  • Single-mode fiber
Multimode fiber - Light rays can only enter the core if their angle is inside the numerical aperture of the fiber. Once the rays have entered the core of the fiber, there are a limited number of optical paths that a light ray can follow through the fiber. These optical paths are called modes. If the diameter of the core of the fiber is large enough so that there are many paths that light can take through the fiber, the fiber is called "multimode" fiber. Single-mode fiber has a much smaller core that only allows light rays to travel along one mode inside the fiber.
Fiber-optic cable used for networking consists of two glass fibers encased in separate sheaths. One fiber carries transmitted data from host A to host B. The second fiber carries data from host B to host A. The fibers are similar to two one-way streets going in opposite directions. This provides a full-duplex communication link. Fiber-optic circuits use one fiber strand to transmit and one to receive. Typically, these two fiber cables will be in a single outer jacket until they reach the point at which connectors are attached.
Until the connectors are attached, there is no need for shielding, because no light escapes when it is inside a fiber. There are no crosstalk issues with fiber. It is very common to see multiple fiber pairs encased in the same cable. One cable can contain 2 to 48 or more separate fibers. Fiber can carry many more bits per second and carry them farther than UTP can.
Usually, five parts make up each fiber-optic cable. The parts are the core, the cladding, a buffer, a strength material, and an outer jacket.
The core is the light transmission element at the center of the optical fiber. All the light signals travel through the core. A core is typically glass made from a combination of silicon dioxide and other elements. Multimode uses a type of glass, called graded index glass for its core. This glass has a lower index of refraction towards the outer edge of the core. The outer area of the core is less optically dense than the center and light can go faster in the outer part of the core. This design is used because a light ray following a mode that goes straight down the center of the core does not have as far to travel as a ray following a mode that bounces around in the fiber. All rays should arrive at the end of the fiber together. Then the receiver at the end of the fiber receives a strong flash of light rather than a long, dim pulse.
Surrounding the core is the cladding. Cladding is also made of silica but with a lower index of refraction than the core. Light rays traveling through the fiber core reflect off this core-to-cladding interface as they move through the fiber by total reflection. Standard multimode fiber-optic cable is the most common type of fiber-optic cable used in LANs. A standard multimode fiber-optic cable uses an optical fiber with either a 62.5 or a 50µm core and a 125µm diameter cladding. This is commonly designated as 62.5/125 or 50/125 micron optical fiber.
Surrounding the cladding is a buffer material that is usually plastic. The buffer material helps shield the core and cladding from damage. There are two basic cable designs. They are the loose-tube and the tight-buffered cable designs. Most of the fiber used in LANs is tight-buffered multimode cable. Tight-buffered cables have the buffering material that surrounds the cladding in direct contact with the cladding. The most practical difference between the two designs is the applications for which they are used. Loose-tube cable is primarily used for outside-building installations, while tight-buffered cable is used inside buildings. The strength material surrounds the buffer, preventing the fiber cable from being stretched when installers pull it. The material used is often Kevlar, the same material used to produce bulletproof vests.
The final element is the outer jacket. The outer jacket surrounds the cable to protect the fiber against abrasion, solvents, and other contaminants. The color of the outer jacket of multimode fiber is usually orange.
Infrared Light Emitting Diodes (LEDs) types of light source usually used with multimode fiber. LEDs are cheap to build and require somewhat less safety concerns than lasers. However, LEDs cannot transmit light over cable as far as the lasers. Multimode fiber (62.5/125) can carry data distances of up to 2 km.
Single-mode fiber - Consists of the same parts as multimode. The outer jacket of single-mode fiber is usually yellow. The major difference between multimode and single-mode fiber is that single-mode allows only one mode of light to propagate through the smaller, fiber-optic core. The single-mode core is eight to ten µm in diameter. Nine-micron cores are the most common. A 9/125 marking on the jacket of the single-mode fiber indicates that the core fiber has a diameter of 9 microns and the surrounding cladding is 125 µm in diameter.
An infrared laser is used as the light source in single-mode fiber. The ray of light it generates enters the core at a 90-degree angle. The data carrying light ray pulses in single-mode fiber are essentially transmitted in a straight line right down the middle of the core. This greatly increases both the speed and the distance that data can be transmitted.
Single-mode fiber is capable of higher bandwidth and greater cable run distances than multimode fiber. Single-mode fiber can carry LAN data up to 3 km. Although this distance is considered a standard, newer technologies have increased this distance. Multimode is only capable of carrying up to 2 km. Lasers and single-mode fibers are more expensive than LEDs and multimode fiber. Because of these characteristics, single-mode fiber is often used for inter-building connectivity. Multimode and single-mode fibers are shown in Figure 20.
Warming: The laser light used with single-mode has a longer wavelength than can be seen. The laser can seriously damage eyes. Do not look at the near end of a fiber that is connected to a device at the far end. Do not look into the transmit port on a NIC, switch, or router. Remember to keep protective covers over the ends of fiber and inserted into the fiber-optic ports of switches and routers. Be very careful!





2.4 Concept of Ports and Services

The port numbers are divided into three ranges: the Well Known Ports,
the Registered Ports, and the Dynamic and/or Private Ports.

The Well Known Ports are those from 0 through 1023.

DCCP Well Known ports SHOULD NOT be used without IANA registration.
The registration procedure is defined in [RFC4340], Section 19.9.

The Registered Ports are those from 1024 through 49151

DCCP Registered ports SHOULD NOT be used without IANA registration.
The registration procedure is defined in [RFC4340], Section 19.9.

The Dynamic and/or Private Ports are those from 49152 through 65535


************************************************************************
* PLEASE NOTE THE FOLLOWING:                                           *
*                                                                      *
* 1. UNASSIGNED PORT NUMBERS SHOULD NOT BE USED.  THE IANA WILL ASSIGN *
* THE NUMBER FOR THE PORT AFTER YOUR APPLICATION HAS BEEN APPROVED.    *
*                                                                      *
* 2. ASSIGNMENT OF A PORT NUMBER DOES NOT IN ANY WAY IMPLY AN          *
* ENDORSEMENT OF AN APPLICATION OR PRODUCT, AND THE FACT THAT NETWORK  *
* TRAFFIC IS FLOWING TO OR FROM A REGISTERED PORT DOES NOT MEAN THAT   *
* IT IS "GOOD" TRAFFIC. FIREWALL AND SYSTEM ADMINISTRATORS SHOULD      *
* CHOOSE HOW TO CONFIGURE THEIR SYSTEMS BASED ON THEIR KNOWLEDGE OF    *
* THE TRAFFIC IN QUESTION, NOT WHETHER THERE IS A PORT NUMBER          *
* REGISTERED OR NOT.                                                   *
************************************************************************


WELL KNOWN PORT NUMBERS

The Well Known Ports are assigned by the IANA and on most systems can
only be used by system (or root) processes or by programs executed by
privileged users.

Ports are used in the TCP [RFC793] to name the ends of logical
connections which carry long term conversations.  For the purpose of
providing services to unknown callers, a service contact port is
defined.  This list specifies the port used by the server process as
its contact port.  The contact port is sometimes called the
"well-known port".

To the extent possible, these same port assignments are used with the
UDP [RFC768].

The range for assigned ports managed by the IANA is 0-1023.

Ports for Internet Services

Service
TCP
UDP
Notes
SSH
22

Secure Shell *
HTTP
80

HyperText Transfer Protocol * (e.g. for web browsing). Currently (2003-07-05) HTTP/1.1 is officially described in RFC 2616.
HOSTS2 Name Server
81
81
* An interesting story. The name attached to this port in the IANA list, Earl Killian, says he shouldn't be. He says "I don't know what 81 is, or whether it is still in use." Since Mr. Killian doesn't know what HOSTS2 is/was, and with Postel gone, I wonder if there's anyone left in the world who knows what 81 was/is for and who actually requested it.
XFER Utility
82
82
* Another interesting story. The name attached to this port in the IANA list, Thomas M. Smith of Lockheed Martin, says Sorry... there is no publicly available information regarding the details of the XFER Utility and its use of tcp and udp port # 82. XFER employs a proprietary protocol which has not been disclosed.
RPC Endpoint Mapper
135
135
* registered as "epmap - DCE endpoint resolution". Used by Microsoft for RPC locator service. See additional information.
LDAP
389
389
Lightweight Directory Access Protocol *
MS NetMeeting
LDAP or ULP, dyn >=1024, 1503, H.323 HostCall, MS ICCP
dyn >=1024
videoconferencing
Timbuktu
407, 1417-1420
407
remote control *
SLP
427
427
Service Location Protocol * Used by MacOS and NetWare.
HTTPs
443

secure HTTP (SSL) *
LPD / printer
515
515
printing * LPD stands for Line Printer Daemon. Also see printing section.
ULP
522
522
User Location Protocol (Microsoft) *
AppleTalk Filing Protocol (AFP)
548
548
*
QuickTime 4
RTSP
RTP-QT4
streaming audio, video *
RTSP
554

Real Time Streaming Protocol *. Currently (2003-07-05) described in RFC 2326.
NNTPs
563

secure NNTP news (SSL) *
Internet Printing Protocol (IPP)
631
631
print remotely to any IPP enabled printer through the Internet * The Common Unix Printing System (CUPS) is based on IPP. Also see printing section.
LDAPs
636
636
secure LDAP * (LDAP protocol over TLS/SSL)
Doom
666
666
network game *
Remotely Possible (ControlIT)
799

remote control. CA ControlIT support.
VMware Virtual Machine Console
902

remote control and viewing of virtual machines. vmware-authd.
SOCKS
1080

internet proxy *. Also used by Trojans.
OpenVPN
1194
1194
*
Kazaa
1214
1214
peer-to-peer file sharing *
WASTE
1337
1337
peer-to-peer. Also see InfoAnarchy WASTE FAQ. This port is officially registered for Men and Mice DNS (QuickDNS Remote).
Lotus Notes Domino
1352

*
VocalTec Internet Phone
1490, 6670, 25793
22555
videoconferencing *
Citrix ICA
1494, dyn >=1023
1604, dyn >=1023
remote application access *
Virtual Places
1533

conferencing *, also see VP voice
Xing StreamWorks

1558
streaming video *
Novell GroupWise (Remote Client)
1677
1677
group collaboration * NOTE: Other features of GroupWise use many other ports.
H.323 Host Call
1720
1720
H.323 host call *
PPTP
1723

virtual private network (VPN) * Note PPTP also uses the GRE protocol. However Microsoft says in Understanding PPTP: "PPTP can be used with most firewalls and routers by enabling traffic destined for port 1723 to be routed through the firewall or router."
MS ICCP
1731
1731
audio call control (Microsoft) *
MS NetShow
1755
1755, dyn >=1024 <=5000
streaming video *
MSN Messenger
1863

instant messenging *. NOTE: For detailed info on ports for file transfers, voice and video, see the Windows and MSN Messenger section below.
Netopia netOctopus
1917, 1921
1917
network management *
Big Brother
1984
1984
network monitoring *
ICU II
2000-2003

videoconferencing. NOTE: security risk on TCP port 50000
iSpQ
2000-2003

videoconferencing. Note: support docs are inconsistent on what ports are required
glimpseserver
2001

search engine
Distributed.Net RC5/DES
2064

distributed computation
SoulSeek
2234, 5534
2234, 5534
file sharing
Microsoft DirectX gaming (DirectPlay) 7
2300-2400, 47624
2300-2400
networked multiplayer games, * only 47624 is registered as "Direct Play Server", if needed also see MSN Gaming Zone
Microsoft DirectX gaming (DirectPlay) 8

2302-2400, 6073
networked multiplayer games, * only 6073 is registered as DirectPlay8, if needed also see MSN Gaming Zone
MADCAP - Multicast Address Dynamic Client Allocation Protocol
2535
2535
* defined in RFC 2730 - Multicast Address Dynamic Client Allocation Protocol (MADCAP). Also used by Trojans.
Netrek
2592

network game *
ShareDirect
2705
2705
peer-to-peer (P2P) filesharing. Officially registered for Sun SDS Admin.
URBISNET
2745
2745
* Alex Tronin reports was used for Urbis geolocation service... now not operational, but may be revived. Also used by Trojans.
Borland Interbase database
3050
3050
* gds_db. See CERT Advisory CA-2001-01 for potential security risk.
squid
3128
3130
web proxy cache. Also used by Trojans.
iSNS
3205
3205
* Internet Storage Name Service, see iSCSI section
iSCSI default port
3260
3260
* SCSI over IP, see iSCSI section
Windows Remote Desktop Protocol (RDP)
3389

* registered as ms-wbt-server. RDP 5.1 is the current version. See below for more information. Remote Desktop Web Connection also uses HTTP.
NetworkLens SSL Event
3410
3410
* Also used by Trojans.
Virtual Places Voice Chat
3450, 8000-9000

voice chat, also see Virtual Places
Apple iTunes music sharing (DAAP)
3689
3689
Digital Audio Access Protocol *
Mirabilis ICQ
dyn >=1024
4000
locator, chat (note: see newer AOL ICQ)
Blizzard / Battle.net
4000, 6112-6119
4000, 6112-6119
network gaming - support (captured 2001-11-11), proxy and firewall info
Abacast
4000-4100, 4500, 9000-9100

peer-to-peer audio and video streaming. NOTE: This software will create OUTGOING streams to other users if it can.
GlobalChat client, server
4020
4020
chat rooms, used to be called ichat
PGPfone

4747
secure phone
PlayLink
4747, 4748, 10090
6144
online games
radmin
4899
4899
remote control *
Yahoo Messenger - Voice Chat
5000-5001
5000-5010
voice chat
GnomeMeeting
H.323 HostCall, 30000-30010
5000-5003, 5010-5013
audio and videoconference. 5000-5003 is RTP and RTCP range for this app.
Yahoo Messenger - messages
5050

messaging. NOTE: It will try ports 5050, 80, any port.
SIP
5060
5060
Session Initiation Protocol *. For audio and video. Currently (2003-07-05) see RFCs 3261, 3262, 3263, 3264, 3265
Apple iChat AV

SIP, RTP-iChatAV
audio and video conferencing. May also need iChat local port.
Yahoo Messenger - Webcams
5100

video
AOL Instant Messenger (AIM)
5190
5190
America OnLine * Also used by Apple iChat (in AIM compatibility mode).
AIM Video IM
1024-5000 ?
1024-5000 ?
video chat. It is unclear from their FAQ whether you need to open both TCP and UDP ports.
AOL ICQ
5190, dyn >=1024

messaging
AOL
5190-5193
5190-5193
America OnLine *
XMPP / Jabber
5222, 5269
5222, 5269
* Extensible Messaging and Presence Protocol. Also see Using Jabber behind firewalls. Defined by XMPP specs (RFCs now issued), specs created by IETF group.
Qnext
5235-5237
5235-5237
audio / video conference, fileshare, everything. Port 5236 is officially assigned to "padl2sim".
iChat local traffic
5298
5298
Some Rendezvous thing.
Multicast DNS
5353
5353
* Mac OS X 10.2: About Multicast DNS. Related to Zeroconf which Apple has implemented as Rendezvous. (Note: the regular Domain Name Service port is 53.)
Dialpad.com
5354, 7175, 8680-8890, 9000, 9450-9460
dyn >=1024
telephony
HotLine
5500-5503

peer-to-peer filesharing.
SGI ESP HTTP
5554
5554
* SGI Embedded Support Partner (ESP) web server. Also used by Trojans, see SGI Security Advisory 20040501-01-I.
InfoSeek Personal Agent
5555
5555
* I don't know if InfoSeek Personal Agent exists anymore. This port is commonly used by HP OpenView Storage Data Protector (formerly HP OmniBack).
pcAnywhere
5631
5632
remote control *
eShare Chat Server
5760


eShare Web Tour
5761


eShare Admin Server
5764


VNC
5800+, 5900+

remote control
GNUtella
6346, 6347
6346, 6347
peer-to-peer file sharing *
Netscape Conference
H.323 HostCall, 6498, 6502
2327
audioconferencing
Danware NetOp Remote Control
6502
6502
remote control
common IRC
6665-6669

Internet Relay Chat *
Net2Phone CommCenter
selected
6801, selected
telephony, admin should select one TCP and UDP port in the range 1-3000. Same ports are used by Yahoo Messenger - PC-to-Phone.
BitTorrent
6881-6889, 6969

distributed data download, newer versions TCP 6881-6999. Alternate FAQ link.
RTP-QT4

6970-6999
Realtime Transport Protocol. (These ports are specifically for the Apple QT4 version.)
VDOLive
7000
user-specified
streaming video
Real Audio & Video
RTSP, 7070
6970-7170
streaming audio and video
CU-SeeMe, Enhanced CUSM
7648, 7649, LDAP
7648-7652, 24032
videoconferencing
common HTTP
8000, 8001, 8080


Apache JServ Protocol v12 (ajp12)
8007
8007
(default port) See Workers HowTo for config info.
Apache JServ Protocol v13 (ajp13)
8009
8009
(default port) e.g. Apache mod_jk Tomcat connector using ajp13. See Workers HowTo for config info.
Grouper
8038
8038
peer-to-peer (P2P) filesharing
PDL datastream
9100
9100
printing * PDL is Page Description Language. Used commonly by HP printers and by Apple. Also see printing section.
MonkeyCom
9898
9898
* video-chat, also used by Trojans
iVisit

9943, 9945, 56768
videoconferencing
The Palace
9992-9997
9992-9997
chat environment *
common Palace
9998

chat environment
NDMP
10000
10000
Network Data Management Protocol *. Used for storage backup. Also used by Trojans.
Amanda
10080
10080
backup software *. Also used by Trojans.
Yahoo Games
11999

network games
Italk
12345
12345
network chat supporting multiple access methods * Appears mostly used in Japan. There are many other applications calling themselves "italk". TrendMicro OfficeScan antivirus also uses this port. Commonly used by Trojans.
RTP-iChatAV

16384-16403
Used by Apple iChat AV.
RTP

16384-32767
Realtime Transport Protocol. RTP in general is described in RFC 3550. This range is not registered (it never could be, being so broad) but it seems to be somewhat common. See Are there specific ports assigned to RTP?
Palm Computing Network Hotsync
14237
14238
data synchronization
Liquid Audio
18888

streaming audio
FreeTel

21300-21303
audioconferencing
VocalTec Internet Conference
22555
22555
audio & document conferencing *
Quake
26000
26000
network game *
MSN Gaming Zone
28800-29100
28800-29100
network gaming (zone.com, zone.msn.com), also see DirectPlay 7 and DirectPlay 8
Sygate Manager

39213



iSCSI

iSCSI is specified in RFC 3720 - Internet Small Computer Systems Interface.
The well-known user TCP port number for iSCSI connections assigned by IANA is 3260 and this is the default iSCSI port. Implementations needing a system TCP port number may use port 860, the port assigned by IANA as the iSCSI system port; however in order to use port 860, it MUST be explicitly specified - implementations MUST NOT default to use of port 860, as 3260 is the only allowed default.
Also associated with iSCSI is iSNS, Internet Storage Name Service, on port 3205.
These services essentially open up your storage to the Internet in ways even more deep than CIFS, NFS and other file-level sharing services. Therefore you should be very careful about security and may want to block these ports completely, or tightly limit access to them.

Printing

There are several port numbers that may be involved with printing.
Print Server Port Numbers is a useful guide.
The three main ones are LPD ("printer") on port 515, IPP on 631, and PDL-datastream on 9100.
Apple MacOS X Rendezvous Printing (PDF) will discover printers that are advertising their services. They give the example
For example, the Apple LaserWriter 8500 would register the following services,
assuming the default domain is "local."

Apple LaserWriter 8500._printer._tcp.local.        Port 515
Apple LaserWriter 8500._ipp._tcp.local.            Port 631
Apple LaserWriter 8500._pdl-datastream._tcp.local. Port 9100

Napster

After examining Napster, I decided it was such a complex protocol that it deserved its own section. The first thing to be aware of is that there are two versions of Napster. The "original" flavor is what most people will be interested in. This is the full music file-sharing service. This original service provided by Napster.com has now been shut down. Napster.com will be providing a new service with much more controlled music sharing. However, the original protocol lives on, and the protocol has been analyzed so that people could write compatible applications for many different operating systems.
There is information on the protocol (and how to get it through your firewall) from:
Here is a summary of the TCP ports it uses. I have put the notation (primary) after the main port, if more than one port is listed.
  • metaserver / redirector: 8875
  • directory servers: 4444, 5555, 6666, 7777, 8888 (primary)
  • client: 6600 to 6699 (primary)

PalTalk

PalTalk is another messy service that uses many ports, more than I want to summarize here. Visit their support page: PalTalk Networking Support.

Ultima Online

Information from What are the port numbers I need to play UO behind a firewall or proxy server?
Service
Ports
Notes
Game
5001-5010

Login
7775-7777

Patch
8888
overlaps with common HTTP port
UO Messenger
8800-8900
includes port 8866 which is also used by Trojan
Patch
9999

Windows and MSN Messenger Application

A related note: the Messenger Service that runs at the Windows SERVICE level is different from the Windows Messenger or MSN Messenger application. For information about the Messenger APPLICATION see
Service
TCP
UDP
Notes
Windows Messenger - voice (computer to phone)

2001-2120, 6801, 6901
from Q324214. NOTE: 6801 is Net2Phone.
MSN Messenger - file transfers
6891-6900

from Q278887. Allows up to 10 simultaneous transfers.
MSN Messenger - voice communications (computer to computer)
6901
6901
from Q278887
For Windows Messenger in a non-UPnP environment, unfortunately Microsoft requires dynamic UDP ports across a very wide range. This is a tremendous security risk. Try to establish a UPnP environment if possible. Nevertheless, here is what they say To support [audio and video] in both directions through the firewall, all UDP ports between 5004 and 65535 must be opened to allow signaling (SIP) and media streams (RTP) to traverse the firewall.
Also note: I don't know how much information for WINDOWS Messenger applies to MSN Messenger and vice versa. I also don't know how much information for MSN Messenger Windows version applies to MSN Messenger Mac version. And last but not least, there are multiple different versions of Messenger, which may differ in various ways.

Email Ports

Email is sent around the Internet mainly from server to server using SMTP. Once delivered, clients may access it in a variety of ways, including POP3 and IMAP. This section DOES NOT cover Microsoft Exchange or other proprietary mail protocols.
The major upcoming change to email is the use of TCP port 587 "submission" for email, as defined in section 3.1 of RFC 2476 - Message Submission. This is planned to replace the traditional use of TCP port 25, SMTP.
3.1. Submission Identification

Port 587 is reserved for email message submission as specified in this document. Messages received on this port are defined to be submissions. The protocol used is ESMTP [SMTP-MTA, ESMTP], with additional restrictions as specified here.

While most email clients and servers can be configured to use port 587 instead of 25, there are cases where this is not possible or convenient. A site MAY choose to use port 25 for message submission, by designating some hosts to be MSAs and others to be MTAs.
This initiative is being promoted by, amongst others, the Anti-Spam Technical Alliance. See Anti-Spam Technical Alliance Technology and Policy Proposal, Version 1.0, 22 June 2004 (PDF)
We further recommend that SMTP authentication be implemented on the standard Mail Submission Port, port 587, and that ISPs encourage their customers to switch their mail client software (for example, MS Outlook, Eudora, and so on) to this port. Using this port will provide seamless connectivity that does not depend on if a network allows port 25 traffic.
In addition to SMTP, the other main email protocols are POP3 and IMAP, these are protocols for email clients to access their mailboxes. There are many other topics that are outside the scope of this page. For example, email addresses are described in RFC 2822 (obsoletes RFC 822), and SMTP authentication is covered in RFC 2554 - SMTP Service Extension for Authentication. Transport Layer Security (TLS) is covered in RFC 2246 - The TLS Protocol Version 1.0. SMTP over TLS is covered in RFC 3207 - SMTP Service Extension for Secure SMTP over Transport Layer Security.
The Network Sorcery RFC Sourcebook entry for SMTP also links to many relevant RFCs that cover the details of the protocol itself.
Service
TCP Port
Notes
SMTP - Simple Mail Transfer Protocol
25
* As part of the anti-spam best practices, you should block this outgoing for any machine that doesn't need to send email directly.
SMTPs - secure SMTP
465
Port 465 shows up Appendix A of the 1996 non-standard standard The SSL Protocol Version 3.0 as "Simple Mail Transfer Protocol with SSL". Unfortunately, it's not registered for SMTPs, it's registered for URD - "URL Rendesvous Directory for SSM" by Cisco. The recommended approach, at least for authentication, is to use START TLS encryption on submission port 587.
(SMTP email) submission
587
* See RFC 2476 - Message Submission.
POP2 - Post Office Protocol 2
109
* obsolete
POP3 - Post Office Protocol 3
110
*
POP3s - secure POP3
995
* Full description is "pop3 protocol over TLS/SSL (was spop3)".
IMAP3 - Interactive Mail Access Protocol v3
220
* obsolete
IMAP4 - Internet Message Access Protocol 4
143
* Also referred to by version as IMAP4.
IMAPs - secure IMAP
993
* Full description is "imap4 protocol over TLS/SSL". Use 993 instead of TCP port 585 "imap4-ssl", which is deprecated.

Oracle Database TCP/IP Ports

I have a separate page for Oracle ports.

Obsolete Services

Apple released QuickTime 4 some time ago. I am unsure of the status of their older QuickTime Conferencing (MovieTalk) protocol. All of the applications that supported it (Connectix VideoPhone, Apple VideoPhone, Netscape CoolTalk, QuickTime TV) are no longer supported and the QuickTime Conferencing website is gone.

Service
TCP
UDP
Notes
QuickTime Conferencing (MovieTalk)
458
458, dyn >= 7000
videoconferencing *
Apple VideoPhone
MovieTalk
MovieTalk
videoconferencing *
Connectix VideoPhone
MovieTalk
MovieTalk, dyn >=1024, 4242
videoconferencing
Netscape CoolTalk
6499, 6500
13000
videoconferencing



2.4 ISO - OSI Model

Importance and illustration of ISO Model
International Standards Organization/Open System Interconnection (ISO/OSI) model is a standard reference model for communication between two end users in a network. It can be helpful to have a basic understanding of how your network works in order to troubleshoot future problems.
It would be difficult to overstate the importance of the OSI model. Virtually all networking vendors and users understand how important it is that network computing products adhere to and fully support the networking standards this model has generated. When a vendor’s products adhere to the standards the ISO model has generated, connecting those products to other vendors’ products is relatively simple. Conversely, the further a vendor departs from those standards, the more difficult it becomes to connect that vendor’s products to those of other vendors.
In addition, if a vendor were to depart from the communication standards the model has engendered, software development efforts would be very difficult because the vendor would have to build every part of all necessary software, rather than being able to build on the existing work of other vendors.
The first two problems give rise to a third significant problem for vendors: a vendor’s products become less marketable as they become more difficult to connect with other vendors’ products.
Thus, the ISO model defines a networking framework for implementing protocols according to seven layers. Each layer is functionally independent of the others, but provides services to the layer above it and receives services from the layer below it.
The layers are in two groups. The upper four layers are used whenever a message passes from or to a user. The lower three layers are used when any message passes through the host computer. Messages intended for this computer pass to the upper layers. Messages destined for some other host are not passed up to the upper layers but are forwarded to another host.







The seven ISO layers are explained in more detail below:
Layer 7— The application layer: This is the layer at which communication partners are identified, quality of service is identified, user authentication and privacy are considered, and any constraints on data syntax are identified. (This layer is not the application itself, although some applications may perform application layer functions). It represents the services that directly support applications such as software for file transfers, database access, email, and network games.
Layer 6—The presentation layer: This is a layer, usually part of an operating system, that converts incoming and outgoing data from one presentation format to another (for example, from a text stream into a popup window with the newly arrived text). This layer also manages security issues by providing services such as data encryption and compression. It’s sometimes called the syntax layer.
Layer 5—The session layer: This layer allows applications on different computers to establish, use, and end a session/connection. This layer establishes dialog control between the two computers in a session, regulating which side transmits, and when and how long it transmits.
Layer 4—The transport layer: This layer handles error recognition and recovery, manages the end-to-end control (for example, determining whether all packets have arrived) and error-checking. It ensures complete data transfer.
Layer 3—The network layer: This layer handles the routing of the data, addresses messages and translates logical addresses and names into physical addresses. It also determines the route from the source to the destination computer and manages traffic problems (flow control), such as switching, routing, and controlling the congestion of data packets.
Layer 2—The data-link layer: This layer package raw bit from the Physical layer into frames (logical, structures packets for data). It is responsible for transferring frames from one computer to another, without errors. After sending a frame, it waits for an acknowledgment from the receiving computer.
Layer 1—The physical layer: This layer transmits bits from one computer to another and regulates the transmission of a stream of bits over a physical medium. This layer defines how the cable is attached to the network adapter and what transmission technique is used to send data over the cable.


Besides, the principles that led to these 7 layers were the following:
Every time a new level of abstraction for a layer is necessary; every layer has well defined functions, the functions of each layer must be chosen in the objective of the international standardization of protocols. Boundaries between layers must be chosen so as to minimize the flows of data through interfaces.
Data Transmission in OSI Model
                               
                        Message Passing between processes in a Network utilizing OSI
The low layers (1, 2, 3 and 4) are necessary to the routing of information between the two concerned ends and depend on the physical medium. The higher layers (5, 6 and 7) are responsible for the data processing relative to the management of exchanges between information processing systems. In addition, layers 1 to 3 intervene between close machines, but not between ending machines that can be separated by several routers. On the contrary, layers 4 to 7 intervene only between distant hosts.
2.6 TCP/IP Protocol Suite
This section presents an in-depth introduction to the protocols that are included in TCP/IP. Although the information is conceptual, you should learn the names of the protocols. You should also learn what each protocol does.
“TCP/IP” is the acronym that is commonly used for the set of network protocols that compose the Internet Protocol suite. Many texts use the term “Internet” to describe both the protocol suite and the global wide area network. In this book, “TCP/IP” refers specifically to the Internet protocol suite. “Internet” refers to the wide area network and the bodies that govern the Internet.
To interconnect your TCP/IP network with other networks, you must obtain a unique IP address for your network. At the time of this writing, you obtain this address from an Internet service provider (ISP).
If hosts on your network are to participate in the Internet Domain Name System (DNS), you must obtain and register a unique domain name. The InterNIC coordinates the registration of domain names through a group of worldwide registries..
Protocol Layers and the Open Systems Interconnection Model
Most network protocol suites are structured as a series of layers, sometimes collectively referred to as a protocol stack. Each layer is designed for a specific purpose. Each layer exists on both the sending and receiving systems. A specific layer on one system sends or receives exactly the same object that another system's peer process sends or receives. These activities occur independently from activities in layers above or below the layer under consideration. In essence, each layer on a system acts independently of other layers on the same system. Each layer acts in parallel with the same layer on other systems.
OSI Reference Model
Most network protocol suites are structured in layers. The International Organization for Standardization (ISO) designed the Open Systems Interconnection (OSI) Reference Model that uses structured layers. The OSI model describes a structure with seven layers for network activities. One or more protocols is associated with each layer. The layers represent data transfer operations that are common to all types of data transfers among cooperating networks.
The OSI model lists the protocol layers from the top (layer 7) to the bottom (layer 1). The following table shows the model.
Table 1-1 Open Systems Interconnection Reference Model
Layer No.
Layer Name
Description
7
Application
Consists of standard communication services and applications that everyone can use.
6
Presentation
Ensures that information is delivered to the receiving system in a form that the system can understand.
5
Session
Manages the connections and terminations between cooperating systems.
4
Transport
Manages the transfer of data. Also assures that the received data are identical to the transmitted data.
3
Network
Manages data addressing and delivery between networks.
2
Data link
Handles the transfer of data across the network media.
1
Physical
Defines the characteristics of the network hardware.
The OSI model defines conceptual operations that are not unique to any particular network protocol suite. For example, the OSI network protocol suite implements all seven layers of the OSI model. TCP/IP uses some of OSI model layers. TCP/IP also combines other layers. Other network protocols, such as SNA, add an eighth layer.
TCP/IP Protocol Architecture Model
The OSI model describes idealized network communications with a family of protocols. TCP/IP does not directly correspond to this model. TCP/IP either combines several OSI layers into a single layer, or does not use certain layers at all. The following table shows the layers of the Oracle Solaris implementation of TCP/IP. The table lists the layers from the topmost layer (application) to the bottommost layer (physical network).
Table 1-2 TCP/IP Protocol Stack
OSI Ref. Layer No.
OSI Layer Equivalent
TCP/IP Layer
TCP/IP Protocol Examples
5,6,7
Application, session, presentation
Application
NFS, NIS, DNS, LDAP, telnetftprloginrshrcp, RIP, RDISC, SNMP, and others
4
Transport
Transport
TCP, UDP, SCTP
3
Network
Internet
IPv4, IPv6, ARP, ICMP
2
Data link
Data link
PPP, IEEE 802.2
1
Physical
Physical network
Ethernet (IEEE 802.3), Token Ring, RS-232, FDDI, and others
The table shows the TCP/IP protocol layers and the OSI model equivalents. Also shown are examples of the protocols that are available at each level of the TCP/IP protocol stack. Each system that is involved in a communication transaction runs a unique implementation of the protocol stack.
Physical Network Layer
The physical network layer specifies the characteristics of the hardware to be used for the network. For example, physical network layer specifies the physical characteristics of the communications media. The physical layer of TCP/IP describes hardware standards such as IEEE 802.3, the specification for Ethernet network media, and RS-232, the specification for standard pin connectors.
Data-Link Layer
The data-link layer identifies the network protocol type of the packet, in this instance TCP/IP. The data-link layer also provides error control and “framing.” Examples of data-link layer protocols are Ethernet IEEE 802.2 framing and Point-to-Point Protocol (PPP) framing.
Internet Layer
The Internet layer, also known as the network layer or IP layer, accepts and delivers packets for the network. This layer includes the powerful Internet Protocol (IP), the Address Resolution Protocol (ARP), and the Internet Control Message Protocol (ICMP).
IP Protocol
The IP protocol and its associated routing protocols are possibly the most significant of the entire TCP/IP suite. IP is responsible for the following:
·         IP addressing – The IP addressing conventions are part of the IP protocol. Designing an IPv4 Addressing Scheme introduces IPv4 addressing and IPv6 Addressing Overview introduces IPv6 addressing.
·         Host-to-host communications – IP determines the path a packet must take, based on the receiving system's IP address.
·         Packet formatting – IP assembles packets into units that are known as datagrams. Datagrams are fully described in Internet Layer: Where Packets Are Prepared for Delivery.
·         Fragmentation – If a packet is too large for transmission over the network media, IP on the sending system breaks the packet into smaller fragments. IP on the receiving system then reconstructs the fragments into the original packet.
Oracle Solaris supports both IPv4 and IPv6 addressing formats, which are described in this book. To avoid confusion when addressing the Internet Protocol, one of the following conventions is used:
·         When the term “IP” is used in a description, the description applies to both IPv4 and IPv6.
·         When the term “IPv4” is used in a description, the description applies only to IPv4.
·         When the term “IPv6” is used in a description, the description applies only to IPv6.
ARP Protocol
The Address Resolution Protocol (ARP) conceptually exists between the data-link and Internet layers. ARP assists IP in directing datagrams to the appropriate receiving system by mapping Ethernet addresses (48 bits long) to known IP addresses (32 bits long).
ICMP Protocol
The Internet Control Message Protocol (ICMP) detects and reports network error conditions. ICMP reports on the following:
·         Dropped packets – Packets that arrive too fast to be processed
·         Connectivity failure – A destination system cannot be reached
·         Redirection – Redirecting a sending system to use another router
Transport Layer
The TCP/IP transport layer ensures that packets arrive in sequence and without error, by swapping acknowledgments of data reception, and retransmitting lost packets. This type of communication is known as end-to-end. Transport layer protocols at this level are Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Stream Control Transmission Protocol (SCTP). TCP and SCTP provide reliable, end-to-end service. UDP provides unreliable datagram service.
TCP Protocol
TCP enables applications to communicate with each other as though they were connected by a physical circuit. TCP sends data in a form that appears to be transmitted in a character-by-character fashion, rather than as discrete packets. This transmission consists of the following:
·         Starting point, which opens the connection
·         Entire transmission in byte order
·         Ending point, which closes the connection.
TCP attaches a header onto the transmitted data. This header contains many parameters that help processes on the sending system connect to peer processes on the receiving system.
TCP confirms that a packet has reached its destination by establishing an end-to-end connection between sending and receiving hosts. TCP is therefore considered a “reliable, connection-oriented” protocol.
SCTP Protocol
SCTP is a reliable, connection-oriented transport layer protocol that provides the same services to applications that are available from TCP. Moreover, SCTP can support connections between systems that have more than one address, or multihomed. The SCTP connection between sending and receiving system is called an association. Data in the association is organized in chunks. Because SCTP supports multihoming, certain applications, particularly applications used by the telecommunications industry, need to run over SCTP, rather than TCP.
UDP Protocol
UDP provides datagram delivery service. UDP does not verify connections between receiving and sending hosts. Because UDP eliminates the processes of establishing and verifying connections, applications that send small amounts of data use UDP.
Application Layer
The application layer defines standard Internet services and network applications that anyone can use. These services work with the transport layer to send and receive data. Many application layer protocols exist. The following list shows examples of application layer protocols:
·         Standard TCP/IP services such as the ftptftp, and telnet commands
·         UNIX “r” commands, such as rlogin and rsh
·         Name services, such as NIS and the domain name system (DNS)
·         Directory services (LDAP)
·         File services, such as the NFS service
·         Simple Network Management Protocol (SNMP), which enables network management
·         Router Discovery Server protocol (RDISC) and Routing Information Protocol (RIP) routing protocols
Standard TCP/IP Services
·         FTP and Anonymous FTP – The File Transfer Protocol (FTP) transfers files to and from a remote network. The protocol includes the ftp command and the in.ftpd daemon. FTP enables a user to specify the name of the remote host and file transfer command options on the local host's command line. The in.ftpd daemon on the remote host then handles the requests from the local host. Unlike rcpftp works even when the remote computer does not run a UNIX based operating system. A user must log in to the remote system to make anftp connection, unless the remote system has been configured to allow anonymous FTP.
You can obtain an enormous amount of material from anonymous FTP servers that are connected to the Internet. Universities and other institutions set up these servers to offer software, research papers, and other information to the public domain. When you log in to this type of server, you use the login name anonymous, hence the term “anonymous FTP server.”
·         Telnet – The Telnet protocol enables terminals and terminal-oriented processes to communicate on a network that runs TCP/IP. This protocol is implemented as the telnet program on local systems and the in.telnetd daemon on remote machines. Telnet provides a user interface through which two hosts can communicate on a character-by-character or line-by-line basis.
·         TFTP – The Trivial File Transfer Protocol (tftp) provides functions that are similar to ftp, but the protocol does not establish ftp's interactive connection. As a result, users cannot list the contents of a directory or change directories. A user must know the full name of the file to be copied.
·         UNIX “r” Commands
The UNIX “r” commands enable users to issue commands on their local machines that run on the remote host. These commands include the following:
·         rcp
·         rlogin
·         rsh
Name Services
Oracle Solaris provides the following name services:
·         DNS – The domain name system (DNS) is the name service provided by the Internet for TCP/IP networks. DNS provides host names to the IP address service. DNS also serves as a database for mail administration..
·         /etc files – The original host-based UNIX name system was developed for standalone UNIX machines and then adapted for network use. Many old UNIX operating systems and computers still use this system, but it is not well suited for large complex networks.
·         NIS – Network Information Service (NIS) was developed independently of DNS and has a slightly different focus. Whereas DNS focuses on making communication simpler by using machine names instead of numerical IP addresses, NIS focuses on making network administration more manageable by providing centralized control over a variety of network information. NIS stores information about machine names and addresses, users, the network itself, and network services. NIS name space information is stored in NIS maps.
Directory Service
Oracle Solaris supports LDAP (Lightweight Directory Access Protocol) in conjunction with the Sun Open Net Environment (Sun ONE) Directory Server, as well as other LDAP directory servers. The distinction between a name service and a directory service is in the differing extent of functionality. A directory service provides the same functionality of a naming service, but provides additional functionalities as well.
File Services
The NFS application layer protocol provides file services for Oracle Solaris
Network Administration
The Simple Network Management Protocol (SNMP) enables you to view the layout of your network and the status of key machines. SNMP also enables you to obtain complex network statistics from software that is based on a graphical user interface (GUI). Many companies offer network management packages that implement SNMP.
Routing Protocols
The Routing Information Protocol (RIP) and the Router Discovery Server Protocol (RDISC) are two available routing protocols for TCP/IP networks.

2.7 Client Server Relationship
 The client–server model of computing is a distributed application structure that partitions tasks or workloads between the providers of a resource or service, called servers, and service requesters, called clients. Often clients and servers communicate over a computer network on separate hardware, but both client and server may reside in the same system. A server host runs one or more server programs which share their resources with clients. A client does not share any of its resources, but requests a server's content or service function. Clients therefore initiate communication sessions with servers which await incoming requests



Client and server roles
The client–server characteristic describes the relationship of cooperating programs in an application. The server component provides a function or service to one or many clients, which initiate requests for such services.
Servers are classified by the services they provide. For instance, a web server serves web pages and a file server serves computer files. A shared resource may be any of the server computer's software and electronic components, from programs and data to processors and storage devices. The sharing of resources of a server constitute a service.
Whether a computer is a client, a server, or both, is determined by the nature of the application that requires the service functions. For example, a single computer can run web server and file server software at the same time to serve different data to clients making different kinds of requests. Client software can also communicate with server software within the same computer. Communication between servers, such as to synchronize data, is sometimes called inter-server or server-to-server communication.

Client and server communication

In general, a service is an abstraction of computer resources and a client does not have to be concerned with how the server performs while fulfilling the request and delivering the response. The client only has to understand the response based on the well-known application protocol, i.e. the content and the formatting of the data for the requested service.
Clients and servers exchange messages in a request-response messaging pattern: The client sends a request, and the server returns a response. This exchange of messages is an example of inter-process communication. To communicate, the computers must have a common language, and they must follow rules so that both the client and the server know what to expect. The language and rules of communication are defined in a communications protocol. All client-server protocols operate in the application layer. The application-layer protocol defines the basic patterns of the dialogue. To formalize the data exchange even further, the server may implement an API (such as a web service).[3]The API is an abstraction layer for such resources as databases and custom software. By restricting communication to a specific content format, it facilitates parsing. By abstracting access, it facilitates cross-platform data exchange.[4]
A server may receive requests from many different clients in a very short period of time. Because the computer can perform a limited number of tasks at any moment, it relies on a scheduling system to prioritize incoming requests from clients in order to accommodate them all in turn. To prevent abuse and maximize uptime, the server's software limits how a client can use the server's resources. Even so, a server is not immune from abuse. A denial of service attack exploits a server's obligation to process requests by bombarding it with requests incessantly. This inhibits the server's ability to respond to legitimate requests.
Examples of computer applications that use the client–server model are Email, network printing, and the World Wide Web.

Example

When a bank customer accesses online banking services with a web browser (the client), the client initiates a request to the bank's web server. The customer's login credentials may be stored in a database, and the web server accesses the database server as a client. An application server interprets the returned data by applying the bank's business logic, and provides the output to the web server. Finally, the web server returns the result to the client web browser for display.
In each step of this sequence of client–server message exchanges, a computer processes a request and returns data. This is the request-response messaging pattern. When all the requests are met, the sequence is complete and the web browser presents the data to the customer.
This example illustrates a design pattern applicable to the client–server model: separation of concerns.

 2.8  IP Address

Internet Protocol Address (or IP Address) is an unique address that computing devices use to identify itself and communicate with other devices in the Internet Protocol network. Any device connected to the IP network must have an unique IP address within its network. An IP address is analogous to a street address or telephone number in that it is used to uniquely identify a network device to deliver mail message, or call ("view") a website.
Dotted Decimals
The traditional IP Addresses (IPv4) uses a 32-bit number to represent an IP address, and it defines both network and host address. Due to IPv4 addresses running out, a new version of the IP protocol (IPv6) has been invented to offer virtually limitless number of unique addresses. An IP address is written in "dotted decimal" notation, which is 4 sets of numbers separated by period each set representing 8-bit number ranging from (0-255). An example of IPv4 address is 216.3.128.12, which is the IP address assigned to topwebhosts.org.
An IPv4 address is divided into two parts: network and host address. The network address determines how many of the 32 bits are used for the network address, and remaining bits for the host address. The host address can further divided into subnetwork and host number.
Class A, B, C and CIDR networks
Traditionally IP network is classified as A, B or C network. The computers identified the class by the first 3 bits (A=000, B=100, C=110), while humans identify the class by first octet(8-bit) number. With scarcity of IP addresses, the class-based system has been replaced by Classless Inter-Domain Routing (CIDR) to more efficiently allocate IP addresses.
Class
Network Address
Number of Hosts
Netmask
CIDR
/4
240,435,456
240.0.0.0
CIDR
/5
134,217,728
248.0.0.0
CIDR
/6
67,108,864
252.0.0.0
CIDR
/7
33,554,432
254.0.0.0
A
/8 (1-126)
16,777,216
255.0.0.0
CIDR
/9
8,388,608
255.128.0.0
CIDR
/10
4,194,304
255.192.0.0
CIDR
/11
2,097,152
255.224.0.0
CIDR
/12
1,048,576
255.240.0.0
CIDR
/13
524,288
255.248.0.0
CIDR
/14
262,144
255.252.0.0
CIDR
/15
131,072
255.254.0.0
B
/16 (128-191)
65,534
255.255.0.0
CIDR
/17
32,768
255.255.128.0
CIDR
/18
16,384
255.255.192.0
CIDR
/19
8,192
255.255.224.0
CIDR
/20
4,096
255.255.240.0
CIDR
/21
2,048
255.255.248.0
CIDR
/22
1,024
255.255.252.0
CIDR
/23
512
255.255.254.0
C
/24 (192-223)
256
255.255.255.0
CIDR
/25
128
255.255.255.128
CIDR
/26
64
255.255.255.192
CIDR
/27
32
255.255.255.224
CIDR
/28
16
255.255.255.240
CIDR
/29
8
255.255.255.248
CIDR
/30
4
255.255.255.252
Note: (1) 127 Network Address reserved for loopback test. (2) Class D (224-247, Multicast) and Class E (248-255, Experimental) are not intended to be used in public operation. 

Public and Private IP Addresses 



In order to maintain uniqueness within global namespace, the IP addresses are publicly registered with the Network Information Center (NIC) to avoid address conflicts. Devices that need to be publicly identified such as web or mail servers must have a globally unique IP address, and they are assigned a public IP address. Devices that do not require public access may be assigned a private IP address, and make it uniquely identifiable within one organization. For example, a network printer may be assigned a private IP address to prevent the world from printing from it. To allow organizations to freely assign private IP addresses, the NIC has reserved certain address blocks for private use. A private network is a network that uses RFC 1918 IP address space. The following IP blocks are reserved for private IP addresses.
Class
Starting IP Address
Ending IP Address
A
10.0.0.0
10.255.255.255
B
172.16.0.0
172.31.255.255
C
192.168.0.0
192.168.255.255
In addition to above classful private addresses, 169.254.0.0 through 169.254.255.255 addresses are reserved for Zeroconf (or APIPA, Automatic Private IP Addressing) to automatically create the usable IP network without configuration.

What is loopback IP address? 



The loopback IP address is the address used to access itself. The IPv4 designated 127.0.0.1 as the loopback address with the 255.0.0.0 subnet mask. A loopback interface is also known as a virtual IP, which does not associate with hardware interface. On Linux systems, the loopback interface is commonly called lo or lo0. The corresponding hostname for this interface is called localhost.
The loopback address is used to test network software without physically installing a Network InterfaceCard (NIC), and without having to physically connect the machine to a TCP/IP network. A good example of this is to access the web server running on itself by using http://127.0.0.1 or http://localhost.




2.9  Networking Protocols

  ARP (Address Resolution Protocol)

2.10 Virtualization

 Introduction to Virtualization
1. Brief History of Virtualization
2. Hypervisor
The IT industry's focus on virtualization technology has increased considerably in the past few years. However, the concept has been around much longer, as you can read in the brief history below. This section also provides a high level view of the virtualization technology and methods that exist today, and highlights a number of reasons why organizations are embracing virtualization more and more.

1. Brief History of Virtualization

The concept of virtualization is generally believed to have its origins in the mainframe days in the late 1960s and early 1970s, when IBM invested a lot of time and effort in developing robust time-sharing solutions. Time-sharing refers to the shared usage of computer resources among a large group of users, aiming to increase the efficiency of both the users and the expensive computer resources they share. This model represented a major breakthrough in computer technology: the cost of providing computing capability dropped considerably and it became possible for organizations, and even individuals, to use a computer without actually owning one. Similar reasons are driving virtualization for industry standard computing today: the capacity in a single server is so large that it is almost impossible for most workloads to effectively use it. The best way to improve resource utilization, and at the same time simplify data center management, is through virtualization.
Data centers today use virtualization techniques to make abstraction of the physical hardware, create large aggregated pools of logical resources consisting of CPUs, memory, disks, file storage, applications, networking, and offer those resources to users or customers in the form of agile, scalable, consolidated virtual machines. Even though the technology and use cases have evolved, the core meaning of virtualization remains the same: to enable a computing environment to run multiple independent systems at the same time.

2. Hypervisor

If virtualization is defined as enabling multiple operating systems to run on a single host computer, then the essential component in the virtualization stack is the hypervisor. This hypervisor, also called Virtual Machine Monitor (VMM), creates a virtual platform on the host computer, on top of which multiple guest operating systems are executed and monitored. This way, multiple operating systems, which are either multiple instances of the same operating system, or different operating systems, can share the hardware resources offered by the host.
Hypervisors are commonly classified as one of these two types, as show in Table 1.1, “Hypervisor Types”.

Table  Hypervisor Types

Classification
Characteristics and Description
Type 1: native orbare metal
Native hypervisors are software systems that run directly on the host's hardware to control the hardware, and to monitor the guest operating systems. Consequently, the guest operating system runs on a separate level above the hypervisor. Examples of this classic implementation of virtual machine architecture are Oracle VM, Microsoft Hyper-V, VMWare ESX and Xen.
Type 2: hosted
Hosted hypervisors are designed to run within a traditional operating system. In other words, a hosted hypervisor adds a distinct software layer on top of the host operating system, and the guest operating system becomes a third software level above the hardware. A well-known example of a hosted hypervisor is Oracle VM VirtualBox. Others include VMWare Server and Workstation, Microsoft Virtual PC, KVM, QEMU and Parallels.

VM VirtualBox

Oracle VM VirtualBox (formerly Sun VirtualBox, Sun xVM VirtualBox and Innotek VirtualBox) is a virtualization software package for x86 and AMD64/Intel64-based computers from Oracle Corporation. Innotek GmbH first developed the product;Sun Microsystems purchased it in 2008; Oracle has continued development since 2010.
The VirtualBox package installs on an existing host operating system as an application; this host application allows additional guest operating systems, each known as a Guest OS, to load and run, each with its own virtual environment.
Supported host operating systems include Linux, Mac OS X, Windows XP, Windows Vista, Windows 7, Windows 8, Solaris, and OpenSolaris; there are also ports to FreeBSD and Genode.
Supported guest operating systems include versions and derivations of Windows, Linux, BSD, OS/2, Solaris, Haiku and others Since release 3.2.0, VirtualBox also allows limited virtualization of Mac OS X guests on Apple hardware, thoughOSX86 can also be installed using VirtualBox.
Since version 4.3 (released in October 2013), Microsoft Windows guests on supported hardware can take advantage of the recently implemented WDDM driver included in the guest additions; this allows Windows Aero to be enabled along withDirect3D support.
Guest Additions should be installed in order to achieve the best possible experience.The Guest Additions can be installed inside a virtual machine after the installation of the guest operating system. They consist of device drivers and system applications that optimize the guest operating system for better performance and usability.

VMware Workstation

VMware Workstation is a hypervisor that runs on x86 or x86-64 computers; it enables users to set up one or more virtual machines(VMs) on a single physical machine, and use them simultaneously along with the actual machine. Each virtual machine can execute its own operating system, including versions of Microsoft Windows, Linux, BSD, and MS-DOS. VMware Workstation is developed and sold by VMware, Inc., a division of EMC Corporation.
VMware Workstation supports bridging existing host network adapters and share physical disk drives and USB devices with a virtual machine. In addition, it can simulate disk drives. It can mount an existing ISO image file into a virtual optical disc drive so that the virtual machine sees it as a real one. Likewise, virtual hard disk drives are made via .vmdk files.
VMware Workstation can save the state of a virtual machine (a "snapshot") at any instant. These snapshots can later be restored, effectively returning the virtual machine to the saved state.
VMware Workstation includes the ability to designate multiple virtual machines as a team which can then be powered on, powered off, suspended or resumed as a single object, making it particularly useful for testing client-server environments.
The VMware Player, a virtualization package of basically similar, but reduced, functionality, is also available, and is free of charge for non-commercial use, or for distribution or other use by written agreement

 

2.10  Linux

Linux is one of popular version of UNIX operating System. It is open source as its source code is freely available. It is free to use. Linux was designed considering UNIX compatibility. It's functionality list is quite similar to that of UNIX.

Components of Linux System

Linux Operating System has primarily three components
Kernel - Kernel is the core part of Linux. It is responsible for all major activities of this operating system. It is consists of various modules and it interacts directly with the underlying hardware. Kernel provides the required abstraction to hide low level hardware details to system or application programs.

System Library - System libraries are special functions or programs using which application programs or system utilities accesses Kernel's features. These libraries implements most of the functionalities of the operating system and do not requires kernel module's code access rights.

System Utility - System Utility programs are responsible to do specialized, individual level tasks.

Kernel Mode vs User Mode

Kernel component code executes in a special privileged mode called kernel mode with full access to all resources of the computer. This code represents a single process, executes in single address space and do not require any context switch and hence is very efficient and fast. Kernel runs each processes and provides system services to processes, provides protected access to hardwares to processes.
Support code which is not required to run in kernel mode is in System Library. User programs and other system programs works in User Mode which has no access to system hardwares and kernel code. User programs/ utilities use System libraries to access Kernel functions to get system's low level tasks.

Basic Features

Following are some of the important features of Linux Operating System.
Portable - Portability means softwares can works on different types of hardwares in same way.Linux kernel and application programs supports their installation on any kind of hardware platform.
Open Source - Linux source code is freely available and it is community based development project. Multiple teams works in collaboration to enhance the capability of Linux operating system and it is continuously evolving.
Multi-User - Linux is a multiuser system means multiple users can access system resources like memory/ ram/ application programs at same time.
Multiprogramming - Linux is a multiprogramming system means multiple applications can run at same time.
Hierarchical File System - Linux provides a standard file structure in which system files/ user files are arranged.
Shell - Linux provides a special interpreter program which can be used to execute commands of the operating system. It can be used to do various types of operations, call application programs etc.
Security - Linux provides user security using authentication features like password protection/ controlled access to specific files/ encryption of data.

Architecture


Linux System Architecture is consists of following layers
Hardware layer - Hardware consists of all peripheral devices (RAM/ HDD/ CPU etc).
Kernel - Core component of Operating System, interacts directly with hardware, provides low level services to upper layer components.
Shell - An interface to kernel, hiding complexity of kernel's functions from users. Takes commands from user and executes kernel's functions.
Utilities - Utility programs giving user most of the functionalities of an operating systems.


Basic Linux Commands

Command
Example
Description
cat
Sends file contents to standard output. This is a way to list the contents of short files to the screen. It works well with piping.
cat .bashrc
Sends the contents of the ".bashrc" file to the screen.
cd
Change directory
cd /home
Change the current working directory to /home. The '/' indicates relative to root, and no matter what directory you are in when you execute this command, the directory will be changed to "/home".
cd httpd
Change the current working directory to httpd, relative to the current location which is "/home". The full path of the new working directory is "/home/httpd".
cd ..
Move to the parent directory of the current directory. This command will make the current working directory "/home.
cd ~
Move to the user's home directory which is "/home/username". The '~' indicates the users home directory.
cp
Copy files
cp myfile yourfile
Copy the files "myfile" to the file "yourfile" in the current working directory. This command will create the file "yourfile" if it doesn't exist. It will normally overwrite it without warning if it exists.
cp -i myfile yourfile
With the "-i" option, if the file "yourfile" exists, you will be prompted before it is overwritten.
cp -i /data/myfile .
Copy the file "/data/myfile" to the current working directory and name it "myfile". Prompt before overwriting the file.
cp -dpr srcdir destdir
Copy all files from the directory "srcdir" to the directory "destdir" preserving links (-p option), file attributes (-p option), and copy recursively (-r option). With these options, a directory and all it contents can be copied to another directory.
dd
dd if=/dev/hdb1 of=/backup/
Disk duplicate. The man page says this command is to "Convert and copy a file", but although used by more advanced users, it can be a very handy command. The "if" means input file, "of" means output file.
df
Show the amount of disk space used on each mounted filesystem.
less
less textfile
Similar to the more command, but the user can page up and down through the file. The example displays the contents of textfile.
ln
Creates a symbolic link to a file.
ln -s test symlink
Creates a symbolic link named symlink that points to the file test Typing "ls -i test symlink" will show the two files are different with different inodes. Typing "ls -l test symlink" will show that symlink points to the file test.
locate
A fast database driven file locator.
slocate -u
This command builds the slocate database. It will take several minutes to complete this command. This command must be used before searching for files, however cron runs this command periodically on most systems.
locate whereis
Lists all files whose names contain the string "whereis".
logout
Logs the current user off the system.
ls
List files
ls
List files in the current working directory except those starting with . and only show the file name.
ls -al
List all files in the current working directory in long listing format showing permissions, ownership, size, and time and date stamp
more
Allows file contents or piped output to be sent to the screen one page at a time.
more /etc/profile
Lists the contents of the "/etc/profile" file to the screen one page at a time.
ls -al |more
Performs a directory listing of all files and pipes the output of the listing through more. If the directory listing is longer than a page, it will be listed one page at a time.
mv
Move or rename files
mv -i myfile yourfile
Move the file from "myfile" to "yourfile". This effectively changes the name of "myfile" to "yourfile".
mv -i /data/myfile .
Move the file from "myfile" from the directory "/data" to the current working directory.
pwd
Show the name of the current working directory
more /etc/profile
Lists the contents of the "/etc/profile" file to the screen one page at a time.
shutdown
Shuts the system down.
shutdown -h now
Shuts the system down to halt immediately.
shutdown -r now
Shuts the system down immediately and the system reboots.
whereis
Show where the binary, source and manual page files are for a command
whereis ls
Locates binaries and manual pages for the ls command.
Editors: emacs, vi, pico, jed, vim

.


No comments:

Post a Comment

Subscribe to: Posts (Atom)