Chapter 2 – Networking
2.1 What is a Network?
A collection of
computers, servers, mainframes, network devices, peripherals, or other devices
connected to one another allowing for data to be shared and used. A great
example of a network is the Internet, connecting millions of people all over the world
together.
A network is a group of two or more computer systems linked together. There are many types of computer
computers, including:
local-area networks
(LANs) : The
computers are geographically close together (that is, in the same building).
wide-area networks (WANs) : The computers are farther apart and are
connected by telephone lines or radio waves.
campus-area networks
(CANs): The computers are within a limited
geographic area, such as a campus or military base.
metropolitan-area
networks MANs): A data network designed for a town or
city.
home-area networks
(HANs): A network contained within a user's home
that connects a person's digital devices.
2.2Network Topologies
In computer
networking,topology refers
to the layout of connected devices. This article introduces the standard
topologies of
networking.
Topology
in Network Design
Think of a topology
as a network's virtual shape or structure. This shape does not necessarily
correspond to the actual physical layout of the devices on the network. For
example, the computers on a home LAN may be arranged in a circle in a family room, but it
would be highly unlikely to find a ring topology there.
Network topologies are categorized into the following
basic types:
·
bus
·
ring
·
star
·
tree
·
mesh
More
complex networks can be built as hybrids of two or more of the above basic
topologies.
Bus
Topology
Bus networks (not to
be confused with the system bus of a computer) use a common backbone to
connect all devices. A single cable, the backbone functions as a shared
communication medium that devices attach or tap into with an interface
connector. A device wanting to communicate with another device on the network
sends a broadcast
message onto the wire that all other devices see, but only the
intended recipient actually accepts and processes the message.
Ethernet bus topologies
are relatively easy to install and don't require much cabling compared to the
alternatives. 10Base-2 ("ThinNet") and 10Base-5
("ThickNet") both were popular Ethernet cabling options many years ago for bus topologies. However, bus networks
work best with a limited number of devices. If more than a few dozen computers
are added to a network bus, performance problems will likely result. In
addition, if the backbone cable fails, the entire network effectively becomes
unusable.
Ring
Topology
In a ring network,
every device has exactly two neighbors for communication purposes. All messages
travel through a ring in the same direction (either "clockwise" or
"counterclockwise"). A failure in any cable or device breaks the loop
and can take down the entire network.
To implement a ring
network, one typically uses FDDI, SONET, or Token Ring technology. Ring
topologies are found in some office buildings or school campuses.
Star
Topology
Many home
networks use the star topology. A star network features a central
connection point called a "hub node" that may be a network hub , switch or router . Devices typically connect to the hub with Unshielded
Twisted Pair (UTP) Ethernet.
Compared to the bus
topology, a star network generally requires more cable, but a failure in any
star network cable will only take down one computer's network access and not
the entire LAN. (If the hub fails, however, the entire network also
fails.)
Tree
Topology
Tree topologies
integrate multiple star topologies together onto a bus. In its simplest form,
only hub devices connect directly to the tree bus, and each hub functions as
the root of a tree of devices. This bus/star hybrid approach supports future
expandability of the network much better than a bus (limited in the number of
devices due to the broadcast traffic it generates) or a star (limited by the
number of hub connection points) alone.
Mesh Topology
A network topology
characterized by the intertwining of nodes through links connecting them
together directly, rather than through one or more intermediate points of
interconnection.There are two types of mesh topologies: full mesh and partial
mesh.
2.3 Networking Devices and Cables
Twisted Pair
One of the oldest and
still most common transmission media is twisted pair. As shown in Figure 15 a
twisted pair consists of two insulated copper wires, typically about 1 mm
thick. The wires are twisted together in a helical form. Twisting is done
because two parallel wires constitute a fine antenna. When the wires are
twisted, the waves from different twists cancel out, so the wire radiates less
effectively.
Twisted pairs can be
used for transmitting either analog or digital signals. The bandwidth depends on
the thickness of the wire and the distance traveled, but several Mb/s can be
achieved for a few kilometers in many cases. The frequency range of
twisted-pair cables is approximately 0 to 1 MHz. Due to their adequate
properties and low cost, twisted pairs are widely used and are likely to remain
so for years to come.
Twisted pair cables are
often shielded in attempt to prevent electromagnetic interference. Because the
shielding is made of metal, it may also serve as a ground. However, usually a
shielded or a screened twisted pair cable has a special grounding wire added
called a drain wire. This shielding can be applied to individual pairs, or to
the collection of pairs. When shielding is applied to the collection of pairs,
this is referred to as screening. The shielding must be grounded for the
shielding to work. In contrast to FTP (foiled twisted pair) and STP (shielded
twisted pair) cabling, UTP (unshielded twisted pair) cable is not surrounded by
any shielding. It is the primary wire type for telephone usage and computer
networking, especially as patch cables. UTP comes in several varieties:
- Category 3:
Was the earliest successful implementation of UTP. It’s primarily used for
voice and lower-speed data applications. It’s rated for a maximum of 10
Mbps.
- Category 4:
Never achieved the popularity of Cat 3 or Cat 5. It’s primarily used for
voice and lower-speed data at a maximum of 16 Mbps.
- Category 5:
As Fast Ethernet became a standard, Cat 5 became the basis for most
high-speed data implementations. Cat 5 runs at a maximum of 100 Mbps.
- Category 5e:
With the need for higher speeds, Gigabit Ethernet has become the new
replacement for Fast Ethernet. To make it work, Cat 5e extends the life of
Cat 5 cable. It can run at a maximum of 1,000 Mbps.
- Category 6:
Cat 5e can run at gigabit speeds, but with 10-Gigabit Ethernet on the
horizon, Cat 5e has stretched the Cat 5 standard to its limits. Cat 6 can
currently run at 1,000 Mbps (1 Gbps). The Category 6 specification was
released for publication very recently, however as designed, Category 6
cabling will be able to support speeds up to at least 10 Gbps.
Nowdays Cat 5e and Cat 6
should be used.
Figure 15: UTP pairs (cable)
Figure 16: RJ-45 connector
UTP Cable Termination Standards EIA/TIA 568A and EIA/TIA 568B
In 1985 many companies
from the telecommunications industry, becoming concerned about the lack of a
third party premises cabling standard and their governing body the CCIA
(Computer Communications Industry Association) requested that the EIA
(Electronics Industry Association) develop this standard.
The first draft of the
standard wasn’t released until July of 1991 this was given the name
EIA/TIA-568. The new standard provided backward compatibility for phones that
used two pairs instead of just one enabling them to operate on pairs 1 and 2.
Later in 1991 a Technical Systems Bulletin (TSB-36) was released with
references to category 4 and 5 cables. Twelve months later TSB-40 was published
addressing higher speed UTP for hardware connecting, this was revised in
January of 1994 to include RJ-45 modular jacks and fly leads. At this time
EIA/TIA-568 was also revised and renamed EIA/TIA 568A, the existing AT&T
standard 258A was included and referred to as EIA/TIA 568B. As both these
standards were popular and widely used they were both adopted into the
International Standards titled Generic Cabling for Customer Premises Cabling
(ISO/IEC 11801:1995).
By looking at the
specifications shown in Figure 17 we see that the only difference is that the
green and orange pairs are terminated to different pins, there is no difference
as to what signal is used on what pin, only what colour wire is terminated onto
it. Technically the standards are the same, they operate in the same manner and
neither one is technically superior to another when used in Ethernet
applications.
Figure 17: EIA/TIA 568A and 568B
Straight-Through Cable - Four-pair, eight-wire, straight-through
cable, which means that the color of wire on Pin 1 on one end of the cable is
the same as that of Pin 1 on the other end. Pin 2 is the same as Pin 2, and so
on. The cable is wired to either EIA/TIA T568B or T568A standards for 10BASE-T
Ethernet, which determines what color wire is on each pin.
Crossover Cable - A crossover cable means that the second
and third pairs on one end of the cable will be reversed on the other end. The
pin-outs are T568A on one end and T568B on the other end. All 8 conductors
(wires) should be terminated with RJ-45 modular connectors. Crossover cable
conforms to the structured cabling standards. If the crossover cable is used
between switches, it's considered to be part of the "vertical" cabling.
Vertical cabling is also called backbone cabling. A crossover cable can be used
as a backbone cable to connect two or more switches in a LAN, or to connect two
isolated hosts to create a mini-LAN. This will allow the connection of two
hosts or a server and a host without the need for a hub between them. This can
be very helpful for testing and training. To connect more than two hosts, a
switch is needed.
Rollover Cable - A 4-pair "rollover" cable.
This type of cable is typically 3.05 m long but can be as long as 7.62 m. A
rollover cable can be used to connect a host or dumb terminal to the console
port on the back of a router or switch. Both ends of the cable have RJ-45
connectors on them. One end plugs directly into the RJ-45 console management
port on the back of the router or switch. Plug the other end into an
RJ-45-to-DB9 terminal adapter. This adapter converts the RJ-45 to a 9-pin
female D connector for attachment to the PC or dumb terminal serial (COM) port.
A DB25 terminal adapter is also available to connect with a PC or dumb
terminal. This adapter uses a 25 pin connector.
Figure 18: Rollover Console Cable Kit
Cable is called a
rollover because the pins on one end are all reversed on the other end as
though one end of the cable was rotated or rolled over.
Connecting a Networking Devices
Fiber Optics
An optical transmission
system has three key components: the light source, the transmission medium, and
the detector. Conventionally, a pulse of light indicates a 1 bit and the
absence of light indicates a 0 bit. The transmission medium is an ultra-thin fiber
of glass or plastic. The detector generates an electrical pulse when light
falls on it. By attaching a light source to one end of an optical fiber and a
detector to the other, we have a unidirectional data transmission system that
accepts an electrical signal, converts and transmits it by light pulses, and
then reconverts the output to an electrical signal at the receiving end. Higher
bandwidth links can be achieved using optical fibers. One of the best
substances used to make optical fibers is ultrapure fused silica. These fibers
are more expensive than regular glass fibers. Plastic fibers are normally used
for short-distance links where higher losses are tolerable.
Optical fiber links are
used in all types of networks, LAN and WAN. The frequency range of fiber optics
is approximately 180 THz to 330 THz. There are two types of fiber optics
cables:
- Multimode fiber
- Single-mode fiber
Multimode fiber - Light rays can only enter the core if
their angle is inside the numerical aperture of the fiber. Once the rays have
entered the core of the fiber, there are a limited number of optical paths that
a light ray can follow through the fiber. These optical paths are called modes.
If the diameter of the core of the fiber is large enough so that there are many
paths that light can take through the fiber, the fiber is called
"multimode" fiber. Single-mode fiber has a much smaller core that
only allows light rays to travel along one mode inside the fiber.
Fiber-optic cable used
for networking consists of two glass fibers encased in separate sheaths. One
fiber carries transmitted data from host A to host B. The second fiber carries
data from host B to host A. The fibers are similar to two one-way streets going
in opposite directions. This provides a full-duplex communication link.
Fiber-optic circuits use one fiber strand to transmit and one to receive.
Typically, these two fiber cables will be in a single outer jacket until they
reach the point at which connectors are attached.
Until the connectors are
attached, there is no need for shielding, because no light escapes when it is
inside a fiber. There are no crosstalk issues with fiber. It is very common to
see multiple fiber pairs encased in the same cable. One cable can contain 2 to
48 or more separate fibers. Fiber can carry many more bits per second and carry
them farther than UTP can.
Usually, five parts make
up each fiber-optic cable. The parts are the core, the cladding, a buffer, a
strength material, and an outer jacket.
The core is the light
transmission element at the center of the optical fiber. All the light signals
travel through the core. A core is typically glass made from a combination of
silicon dioxide and other elements. Multimode uses a type of glass, called
graded index glass for its core. This glass has a lower index of refraction
towards the outer edge of the core. The outer area of the core is less
optically dense than the center and light can go faster in the outer part of
the core. This design is used because a light ray following a mode that goes straight
down the center of the core does not have as far to travel as a ray following a
mode that bounces around in the fiber. All rays should arrive at the end of the
fiber together. Then the receiver at the end of the fiber receives a strong
flash of light rather than a long, dim pulse.
Surrounding the core is
the cladding. Cladding is also made of silica but with a lower index of
refraction than the core. Light rays traveling through the fiber core reflect
off this core-to-cladding interface as they move through the fiber by total
reflection. Standard multimode fiber-optic cable is the most common type of
fiber-optic cable used in LANs. A standard multimode fiber-optic cable uses an
optical fiber with either a 62.5 or a 50µm core and a 125µm diameter cladding.
This is commonly designated as 62.5/125 or 50/125 micron optical fiber.
Surrounding the cladding
is a buffer material that is usually plastic. The buffer material helps shield
the core and cladding from damage. There are two basic cable designs. They are
the loose-tube and the tight-buffered cable designs. Most of the fiber used in
LANs is tight-buffered multimode cable. Tight-buffered cables have the
buffering material that surrounds the cladding in direct contact with the
cladding. The most practical difference between the two designs is the
applications for which they are used. Loose-tube cable is primarily used for
outside-building installations, while tight-buffered cable is used inside
buildings. The strength material surrounds the buffer, preventing the fiber
cable from being stretched when installers pull it. The material used is often
Kevlar, the same material used to produce bulletproof vests.
The final element is the
outer jacket. The outer jacket surrounds the cable to protect the fiber against
abrasion, solvents, and other contaminants. The color of the outer jacket of
multimode fiber is usually orange.
Infrared Light Emitting
Diodes (LEDs) types of light source usually used with multimode fiber. LEDs are
cheap to build and require somewhat less safety concerns than lasers. However,
LEDs cannot transmit light over cable as far as the lasers. Multimode fiber
(62.5/125) can carry data distances of up to 2 km.
Single-mode fiber - Consists of the same parts as multimode.
The outer jacket of single-mode fiber is usually yellow. The major difference
between multimode and single-mode fiber is that single-mode allows only one
mode of light to propagate through the smaller, fiber-optic core. The
single-mode core is eight to ten µm in diameter. Nine-micron cores are the most
common. A 9/125 marking on the jacket of the single-mode fiber indicates that
the core fiber has a diameter of 9 microns and the surrounding cladding is 125
µm in diameter.
An infrared laser is
used as the light source in single-mode fiber. The ray of light it generates
enters the core at a 90-degree angle. The data carrying light ray pulses in
single-mode fiber are essentially transmitted in a straight line right down the
middle of the core. This greatly increases both the speed and the distance that
data can be transmitted.
Single-mode fiber is
capable of higher bandwidth and greater cable run distances than multimode
fiber. Single-mode fiber can carry LAN data up to 3 km. Although this distance
is considered a standard, newer technologies have increased this distance.
Multimode is only capable of carrying up to 2 km. Lasers and single-mode fibers
are more expensive than LEDs and multimode fiber. Because of these
characteristics, single-mode fiber is often used for inter-building connectivity.
Multimode and single-mode fibers are shown in Figure 20.
Warming: The laser light used with single-mode has a
longer wavelength than can be seen. The laser can seriously damage eyes.
Do not look at the near end of a fiber that is connected to a device at the far
end. Do not look into the transmit port on a NIC, switch, or router. Remember
to keep protective covers over the ends of fiber and inserted into the
fiber-optic ports of switches and routers. Be very careful!
2.4 Concept of Ports and Services
The port numbers are divided into three ranges: the Well
Known Ports,
the Registered Ports, and the Dynamic and/or Private Ports.
The Well Known Ports are those from 0 through 1023.
DCCP Well Known ports SHOULD NOT be used without IANA registration.
The registration procedure is defined in [RFC4340], Section
19.9.
The Registered Ports are those from 1024 through 49151
DCCP Registered ports SHOULD NOT be used without IANA
registration.
The registration procedure is defined in [RFC4340], Section
19.9.
The Dynamic and/or Private Ports are those from 49152
through 65535
************************************************************************
* PLEASE NOTE THE FOLLOWING: *
*
*
* 1. UNASSIGNED PORT NUMBERS SHOULD NOT BE USED. THE IANA WILL ASSIGN *
* THE NUMBER FOR THE PORT AFTER YOUR APPLICATION HAS BEEN
APPROVED. *
*
*
* 2. ASSIGNMENT OF A PORT NUMBER DOES NOT IN ANY WAY IMPLY
AN *
* ENDORSEMENT OF AN APPLICATION OR PRODUCT, AND THE FACT
THAT NETWORK *
* TRAFFIC IS FLOWING TO OR FROM A REGISTERED PORT DOES NOT
MEAN THAT *
* IT IS "GOOD" TRAFFIC. FIREWALL AND SYSTEM
ADMINISTRATORS SHOULD *
* CHOOSE HOW TO CONFIGURE THEIR SYSTEMS BASED ON THEIR
KNOWLEDGE OF *
* THE TRAFFIC IN QUESTION, NOT WHETHER THERE IS A PORT
NUMBER *
* REGISTERED OR NOT. *
************************************************************************
WELL KNOWN PORT NUMBERS
The Well Known Ports are assigned by the IANA and on most
systems can
only be used by system (or root) processes or by programs
executed by
privileged users.
Ports are used in the TCP [RFC793] to name the ends of
logical
connections which carry long term conversations. For the purpose of
providing services to unknown callers, a service contact
port is
defined. This list
specifies the port used by the server process as
its contact port. The
contact port is sometimes called the
"well-known port".
To the extent possible, these same port assignments are used
with the
UDP [RFC768].
The range for assigned ports managed by the IANA is 0-1023.
Ports for Internet Services
Service
|
TCP
|
UDP
|
Notes
|
SSH
|
22
|
|
Secure Shell *
|
80
|
|
HyperText Transfer Protocol * (e.g. for web browsing).
Currently (2003-07-05) HTTP/1.1 is officially described in RFC 2616.
|
|
HOSTS2 Name Server
|
81
|
81
|
* An interesting story. The name attached to this port in
the IANA list, Earl Killian, says he shouldn't be. He says "I don't know
what 81 is, or whether it is still in use." Since Mr. Killian doesn't
know what HOSTS2 is/was, and with Postel gone, I wonder if there's anyone
left in the world who knows what 81 was/is for and who actually requested it.
|
XFER Utility
|
82
|
82
|
* Another interesting story. The name attached to this
port in the IANA list, Thomas M. Smith of Lockheed Martin, says Sorry...
there is no publicly available information regarding the details of the XFER
Utility and its use of tcp and udp port # 82. XFER employs a proprietary
protocol which has not been disclosed.
|
RPC Endpoint Mapper
|
135
|
135
|
* registered as "epmap - DCE endpoint
resolution". Used by Microsoft for RPC locator service. See additional information.
|
LDAP
|
389
|
389
|
Lightweight Directory Access Protocol *
|
dyn >=1024
|
videoconferencing
|
||
407, 1417-1420
|
407
|
remote control *
|
|
427
|
427
|
Service Location Protocol * Used by MacOS and NetWare.
|
|
HTTPs
|
443
|
|
secure HTTP (SSL) *
|
515
|
515
|
printing * LPD stands for Line Printer Daemon. Also see printing section.
|
|
ULP
|
522
|
522
|
User Location Protocol (Microsoft) *
|
AppleTalk Filing Protocol (AFP)
|
548
|
548
|
*
|
streaming audio, video *
|
|||
RTSP
|
554
|
|
Real Time Streaming Protocol *. Currently (2003-07-05)
described in RFC 2326.
|
NNTPs
|
563
|
|
secure NNTP news (SSL) *
|
631
|
631
|
print remotely to any IPP enabled printer through the
Internet * The Common Unix Printing System
(CUPS) is based on IPP. Also see printing section.
|
|
LDAPs
|
636
|
636
|
secure LDAP * (LDAP protocol over TLS/SSL)
|
Doom
|
666
|
666
|
network game *
|
Remotely Possible (ControlIT)
|
799
|
|
remote control. CA ControlIT support.
|
902
|
|
remote control and viewing of virtual machines.
vmware-authd.
|
|
1080
|
|
internet proxy *. Also used by Trojans.
|
|
1194
|
1194
|
*
|
|
1214
|
1214
|
peer-to-peer file sharing *
|
|
1337
|
1337
|
peer-to-peer. Also see InfoAnarchy WASTE
FAQ. This port is officially registered for Men and Mice DNS (QuickDNS Remote).
|
|
Lotus Notes Domino
|
1352
|
|
*
|
VocalTec Internet Phone
|
1490, 6670, 25793
|
22555
|
videoconferencing *
|
1494, dyn >=1023
|
1604, dyn >=1023
|
remote application access *
|
|
Virtual Places
|
1533
|
|
conferencing *, also see VP voice
|
|
1558
|
streaming video *
|
|
1677
|
1677
|
group collaboration * NOTE: Other features of GroupWise
use many other ports.
|
|
H.323 Host Call
|
1720
|
1720
|
H.323 host call *
|
PPTP
|
1723
|
|
virtual private network (VPN) * Note PPTP also uses the
GRE protocol.
However Microsoft says in Understanding
PPTP: "PPTP can be used with most firewalls and routers by enabling traffic
destined for port 1723 to be routed through the firewall or router."
|
MS ICCP
|
1731
|
1731
|
audio call control (Microsoft) *
|
MS NetShow
|
1755
|
1755, dyn >=1024 <=5000
|
streaming video *
|
1863
|
|
instant messenging *. NOTE: For detailed
info on ports for file transfers, voice and video, see the Windows and MSN Messenger
section below.
|
|
1917, 1921
|
1917
|
network management *
|
|
1984
|
1984
|
network monitoring *
|
|
2000-2003
|
|
videoconferencing. NOTE: security risk on
TCP port 50000
|
|
2000-2003
|
|
videoconferencing. Note: support docs are inconsistent on
what ports are required
|
|
2001
|
|
search engine
|
|
2064
|
|
distributed computation
|
|
SoulSeek
|
2234, 5534
|
2234, 5534
|
file sharing
|
2300-2400, 47624
|
2300-2400
|
networked multiplayer games, * only 47624 is registered as
"Direct Play Server", if needed also see MSN Gaming Zone
|
|
|
2302-2400, 6073
|
networked multiplayer games, * only 6073 is registered as
DirectPlay8, if needed also see MSN Gaming Zone
|
|
MADCAP - Multicast Address Dynamic Client Allocation
Protocol
|
2535
|
2535
|
* defined in RFC 2730 - Multicast Address
Dynamic Client Allocation Protocol (MADCAP). Also used by Trojans.
|
2592
|
|
network game *
|
|
2705
|
2705
|
peer-to-peer (P2P) filesharing. Officially registered for
Sun SDS Admin.
|
|
2745
|
2745
|
* Alex Tronin reports was used for Urbis geolocation
service... now not operational, but may be revived. Also used by Trojans.
|
|
3050
|
3050
|
* gds_db. See CERT Advisory
CA-2001-01 for potential security risk.
|
|
3128
|
3130
|
web proxy cache. Also used by Trojans.
|
|
3205
|
3205
|
* Internet Storage Name Service, see iSCSI section
|
|
iSCSI default port
|
3260
|
3260
|
* SCSI over IP, see iSCSI section
|
3389
|
|
* registered as ms-wbt-server. RDP 5.1 is the current
version. See below for more
information. Remote Desktop Web Connection also uses HTTP.
|
|
3410
|
3410
|
* Also used by Trojans.
|
|
Virtual Places Voice Chat
|
3450, 8000-9000
|
|
voice chat, also see Virtual Places
|
Apple iTunes music sharing (DAAP)
|
3689
|
3689
|
Digital Audio Access Protocol *
|
Mirabilis ICQ
|
dyn >=1024
|
4000
|
locator, chat (note: see newer AOL ICQ)
|
Blizzard / Battle.net
|
4000, 6112-6119
|
4000, 6112-6119
|
|
4000-4100, 4500, 9000-9100
|
|
peer-to-peer audio and video streaming. NOTE: This
software will create OUTGOING streams to other users if it
can.
|
|
GlobalChat
client, server
|
4020
|
4020
|
chat rooms, used to be called ichat
|
|
4747
|
secure phone
|
|
PlayLink
|
4747, 4748, 10090
|
6144
|
online games
|
4899
|
4899
|
remote control *
|
|
5000-5001
|
5000-5010
|
voice chat
|
|
H.323 HostCall,
30000-30010
|
5000-5003, 5010-5013
|
audio and videoconference. 5000-5003 is RTP and RTCP range
for this app.
|
|
5050
|
|
messaging. NOTE: It will try ports 5050, 80, any port.
|
|
SIP
|
5060
|
5060
|
|
|
audio and video conferencing. May also need iChat local port.
|
||
5100
|
|
video
|
|
AOL Instant
Messenger (AIM)
|
5190
|
5190
|
America OnLine * Also used by Apple iChat (in AIM
compatibility mode).
|
1024-5000 ?
|
1024-5000 ?
|
video chat. It is unclear from their FAQ whether you need
to open both TCP and UDP ports.
|
|
5190, dyn >=1024
|
|
messaging
|
|
5190-5193
|
5190-5193
|
America OnLine *
|
|
XMPP / Jabber
|
5222, 5269
|
5222, 5269
|
* Extensible Messaging and Presence Protocol. Also see Using Jabber behind firewalls.
Defined by XMPP specs (RFCs now
issued), specs created by IETF group.
|
5235-5237
|
5235-5237
|
audio / video conference, fileshare, everything. Port 5236
is officially assigned to "padl2sim".
|
|
5298
|
5298
|
Some Rendezvous thing.
|
|
5353
|
5353
|
* Mac OS X 10.2:
About Multicast DNS. Related to Zeroconf
which Apple has implemented as Rendezvous. (Note:
the regular Domain Name Service port is 53.)
|
|
5354, 7175, 8680-8890, 9000, 9450-9460
|
dyn >=1024
|
telephony
|
|
5500-5503
|
|
peer-to-peer filesharing.
|
|
SGI ESP HTTP
|
5554
|
5554
|
* SGI Embedded Support Partner (ESP) web server. Also used
by Trojans,
see SGI
Security Advisory 20040501-01-I.
|
InfoSeek Personal Agent
|
5555
|
5555
|
* I don't know if InfoSeek Personal Agent exists anymore.
This port is commonly used by HP
OpenView Storage Data Protector (formerly HP OmniBack).
|
5631
|
5632
|
remote control *
|
|
eShare Chat Server
|
5760
|
|
|
eShare Web Tour
|
5761
|
|
|
eShare Admin Server
|
5764
|
|
|
5800+, 5900+
|
|
remote control
|
|
GNUtella
|
6346, 6347
|
6346, 6347
|
peer-to-peer file sharing *
|
Netscape Conference
|
H.323 HostCall,
6498, 6502
|
2327
|
audioconferencing
|
6502
|
6502
|
remote control
|
|
common IRC
|
6665-6669
|
|
Internet Relay Chat *
|
selected
|
6801, selected
|
telephony, admin should select one TCP and UDP port in the
range 1-3000. Same ports are used by Yahoo Messenger
- PC-to-Phone.
|
|
6881-6889, 6969
|
|
distributed data download, newer versions TCP 6881-6999. Alternate FAQ link.
|
|
RTP-QT4
|
|
6970-6999
|
Realtime Transport Protocol. (These ports are specifically
for the Apple QT4 version.)
|
VDOLive
|
7000
|
user-specified
|
streaming video
|
RTSP,
7070
|
6970-7170
|
streaming audio and video
|
|
CU-SeeMe, Enhanced CUSM
|
7648, 7649, LDAP
|
7648-7652, 24032
|
videoconferencing
|
common HTTP
|
8000, 8001, 8080
|
|
|
Apache JServ Protocol v12 (ajp12)
|
8007
|
8007
|
(default port) See Workers
HowTo for config info.
|
8009
|
8009
|
(default port) e.g. Apache mod_jk Tomcat connector using
ajp13. See Workers
HowTo for config info.
|
|
8038
|
8038
|
peer-to-peer (P2P) filesharing
|
|
PDL datastream
|
9100
|
9100
|
printing * PDL is Page Description Language. Used commonly
by HP printers and by Apple. Also see printing section.
|
9898
|
9898
|
* video-chat, also used by Trojans
|
|
|
9943, 9945, 56768
|
videoconferencing
|
|
The Palace
|
9992-9997
|
9992-9997
|
chat environment *
|
common Palace
|
9998
|
|
chat environment
|
10000
|
10000
|
Network Data Management Protocol *. Used for storage
backup. Also used by Trojans.
|
|
10080
|
10080
|
backup software *. Also used by Trojans.
|
|
11999
|
|
network games
|
|
12345
|
12345
|
network chat supporting multiple access methods * Appears
mostly used in Japan. There are many other applications calling themselves
"italk". TrendMicro OfficeScan antivirus also uses this port.
Commonly used by Trojans.
|
|
RTP-iChatAV
|
|
16384-16403
|
Used by Apple iChat AV.
|
RTP
|
|
16384-32767
|
Realtime Transport Protocol. RTP in general is described
in RFC 3550. This range
is not registered (it never could be, being so broad) but it seems to be
somewhat common. See Are there specific
ports assigned to RTP?
|
Palm Computing Network Hotsync
|
14237
|
14238
|
data synchronization
|
18888
|
|
streaming audio
|
|
FreeTel
|
|
21300-21303
|
audioconferencing
|
VocalTec Internet Conference
|
22555
|
22555
|
audio & document conferencing *
|
Quake
|
26000
|
26000
|
network game *
|
28800-29100
|
28800-29100
|
||
|
39213
|
|
iSCSI
iSCSI is specified in RFC 3720 - Internet Small Computer
Systems Interface.
The well-known user TCP port number for iSCSI
connections assigned by IANA is 3260 and this is the default
iSCSI port. Implementations needing a system TCP port number may use port 860,
the port assigned by IANA as the iSCSI system port; however in order to use
port 860, it MUST be explicitly specified - implementations MUST NOT default to
use of port 860, as 3260 is the only allowed default.
Also associated with iSCSI is iSNS, Internet Storage Name Service,
on port 3205.
These services essentially open up your storage to the Internet in
ways even more deep than CIFS, NFS and other file-level sharing services.
Therefore you should be very careful about security and may want to block these
ports completely, or tightly limit access to them.
Printing
There are several port numbers that may be involved with printing.
Print
Server Port Numbers is a useful guide.
Apple MacOS X Rendezvous
Printing (PDF) will discover printers that are advertising their services.
They give the example
For example, the Apple LaserWriter 8500 would register the
following services,
assuming the default domain is "local."
Apple LaserWriter 8500._printer._tcp.local. Port 515
Apple LaserWriter 8500._ipp._tcp.local. Port 631
Apple LaserWriter 8500._pdl-datastream._tcp.local. Port 9100
Napster
After examining Napster, I decided it was such a complex protocol
that it deserved its own section. The first thing to be aware of is that there
are two versions of Napster. The "original" flavor is what most
people will be interested in. This is the full music file-sharing service. This
original service provided by Napster.com
has now been shut down. Napster.com will be providing a new service with much
more controlled music sharing. However, the original protocol lives on, and the
protocol has been analyzed so that people could write compatible applications
for many different operating systems.
There is information on the protocol (and how to get it through
your firewall) from:
Here is a summary of the TCP ports it uses. I have put the
notation (primary) after the main port, if more than one port is listed.
- metaserver / redirector: 8875
- directory servers: 4444, 5555, 6666, 7777, 8888 (primary)
- client: 6600 to 6699 (primary)
PalTalk
PalTalk is another messy service that uses many ports, more than I
want to summarize here. Visit their support page: PalTalk
Networking Support.
Ultima Online
Service
|
Ports
|
Notes
|
Game
|
5001-5010
|
|
Login
|
7775-7777
|
|
Patch
|
8888
|
overlaps with common HTTP port
|
UO Messenger
|
8800-8900
|
includes port 8866 which is also used by Trojan
|
Patch
|
9999
|
|
Windows and MSN Messenger Application
A related note: the Messenger Service that runs at the Windows
SERVICE level is different
from the Windows Messenger or MSN
Messenger application. For information about the Messenger APPLICATION see
- For file transfer or voice chat ports and NAT information for MSN Messenger 3 see MS Support article Q278887.
- Microsoft Knowledge Base Article Q324214 - You cannot make phone calls or start voice or video conversations with Windows Messenger
- Windows Messenger 5.0 in Windows XP: Working With Firewalls and Network Address Translation Devices
- Microsoft Support WebCast - Microsoft Windows Messenger for Windows XP: New Features, Common Issues, and Troubleshooting July 17, 2002
Service
|
TCP
|
UDP
|
Notes
|
Windows Messenger - voice (computer to phone)
|
|
2001-2120, 6801, 6901
|
from Q324214. NOTE: 6801 is Net2Phone.
|
MSN Messenger - file transfers
|
6891-6900
|
|
from Q278887. Allows up to 10 simultaneous transfers.
|
MSN Messenger - voice communications (computer to
computer)
|
6901
|
6901
|
from Q278887
|
For Windows Messenger in a non-UPnP environment, unfortunately
Microsoft requires dynamic UDP ports across a very wide range. This is a
tremendous security risk. Try to establish a UPnP environment if possible.
Nevertheless, here is what they say To support [audio and video] in both
directions through the firewall, all UDP ports between 5004 and 65535 must be
opened to allow signaling (SIP) and media streams (RTP) to traverse the
firewall.
Also note: I don't know how much information for WINDOWS Messenger
applies to MSN Messenger and vice versa. I also don't know how much information
for MSN Messenger Windows version applies to MSN Messenger Mac version. And
last but not least, there are multiple different versions of Messenger, which
may differ in various ways.
Email Ports
Email is sent around the Internet mainly from server to server
using SMTP. Once delivered, clients may access it in a variety of ways,
including POP3 and IMAP. This section DOES NOT cover Microsoft Exchange or
other proprietary mail protocols.
The major upcoming change to email is the use of TCP port 587
"submission" for email, as defined in section 3.1 of RFC 2476 - Message
Submission. This is planned to replace the traditional use of TCP port 25,
SMTP.
3.1. Submission Identification
Port 587 is reserved for email message submission as specified in this document. Messages received on this port are defined to be submissions. The protocol used is ESMTP [SMTP-MTA, ESMTP], with additional restrictions as specified here.
While most email clients and servers can be configured to use port 587 instead of 25, there are cases where this is not possible or convenient. A site MAY choose to use port 25 for message submission, by designating some hosts to be MSAs and others to be MTAs.
Port 587 is reserved for email message submission as specified in this document. Messages received on this port are defined to be submissions. The protocol used is ESMTP [SMTP-MTA, ESMTP], with additional restrictions as specified here.
While most email clients and servers can be configured to use port 587 instead of 25, there are cases where this is not possible or convenient. A site MAY choose to use port 25 for message submission, by designating some hosts to be MSAs and others to be MTAs.
This initiative is being promoted by, amongst others, the
Anti-Spam Technical Alliance. See Anti-Spam Technical
Alliance Technology and Policy Proposal, Version 1.0, 22 June 2004 (PDF)
We further recommend that SMTP authentication be
implemented on the standard Mail Submission Port, port 587, and that ISPs
encourage their customers to switch their mail client software (for example, MS
Outlook, Eudora, and so on) to this port. Using this port will provide seamless
connectivity that does not depend on if a network allows port 25 traffic.
In addition to SMTP, the other main email protocols are POP3 and
IMAP, these are protocols for email clients to access their mailboxes. There
are many other topics that are outside the scope of this page. For example,
email addresses are described in RFC
2822 (obsoletes RFC 822), and SMTP authentication is covered in RFC 2554 - SMTP Service Extension
for Authentication. Transport Layer Security (TLS) is covered in RFC 2246 - The TLS Protocol
Version 1.0. SMTP over TLS is covered in RFC 3207 - SMTP Service Extension
for Secure SMTP over Transport Layer Security.
The Network Sorcery RFC Sourcebook entry for SMTP also links
to many relevant RFCs that cover the details of the protocol itself.
Service
|
TCP Port
|
Notes
|
SMTP - Simple Mail Transfer Protocol
|
25
|
* As part of the anti-spam best practices, you should
block this outgoing for any machine that doesn't need to send email directly.
|
SMTPs - secure SMTP
|
465
|
Port 465 shows up Appendix A of the 1996 non-standard
standard The SSL
Protocol Version 3.0 as "Simple Mail Transfer Protocol with
SSL". Unfortunately, it's not registered for SMTPs, it's registered for
URD - "URL Rendesvous Directory for SSM" by Cisco. The recommended
approach, at least for authentication, is to use START TLS encryption on
submission port 587.
|
(SMTP email) submission
|
587
|
|
POP2 - Post Office Protocol 2
|
109
|
* obsolete
|
POP3 - Post Office Protocol 3
|
110
|
*
|
POP3s - secure POP3
|
995
|
* Full description is "pop3 protocol over TLS/SSL
(was spop3)".
|
IMAP3 - Interactive Mail Access Protocol v3
|
220
|
* obsolete
|
IMAP4 - Internet Message Access Protocol 4
|
143
|
* Also referred to by version as IMAP4.
|
IMAPs - secure IMAP
|
993
|
* Full description is "imap4 protocol over
TLS/SSL". Use 993 instead of TCP port 585 "imap4-ssl", which
is deprecated.
|
Oracle Database TCP/IP Ports
I have a separate page
for Oracle ports.
Obsolete Services
Apple released QuickTime 4 some time ago. I am unsure of the
status of their older QuickTime Conferencing (MovieTalk) protocol. All of the
applications that supported it (Connectix VideoPhone, Apple VideoPhone,
Netscape CoolTalk, QuickTime TV) are no longer supported and the QuickTime Conferencing
website is gone.
Service
|
TCP
|
UDP
|
Notes
|
QuickTime Conferencing (MovieTalk)
|
458
|
458, dyn >= 7000
|
videoconferencing *
|
Apple VideoPhone
|
videoconferencing *
|
||
Connectix VideoPhone
|
MovieTalk,
dyn >=1024, 4242
|
videoconferencing
|
|
6499, 6500
|
13000
|
videoconferencing
|
2.4 ISO - OSI Model
Importance
and illustration of ISO Model
International Standards
Organization/Open System Interconnection (ISO/OSI) model is a standard reference model for
communication between two end users in a network. It can be helpful to have a
basic understanding of how your network works in order to troubleshoot future
problems.
It would be
difficult to overstate the importance of the OSI model. Virtually all
networking vendors and users understand how important it is that network
computing products adhere to and fully support the networking standards this
model has generated. When a vendor’s products adhere to the standards the ISO
model has generated, connecting those products to other vendors’ products is
relatively simple. Conversely, the further a vendor departs from those
standards, the more difficult it becomes to connect that vendor’s products to
those of other vendors.
In addition,
if a vendor were to depart from the communication standards the model has
engendered, software development efforts would be very difficult because the
vendor would have to build every part of all necessary software, rather than
being able to build on the existing work of other vendors.
The first two
problems give rise to a third significant problem for vendors: a vendor’s
products become less marketable as they become more difficult to connect with
other vendors’ products.
Thus, the ISO model defines a
networking framework for implementing protocols according to seven layers. Each layer is functionally
independent of the others, but provides services to the layer above it and
receives services from the layer below it.
The layers are in two groups. The upper four layers are used whenever a message passes
from or to a user. The lower three layers are used when any message passes
through the host computer. Messages intended for this computer pass to the
upper layers. Messages destined for some other host are not passed up to the
upper layers but are forwarded to another host.
The seven ISO layers are explained in more detail below:
Layer
7— The application layer: This is the layer at which communication partners are
identified, quality of service is identified, user authentication and privacy
are considered, and any constraints on data syntax are identified. (This layer
is not the application itself, although some applications may perform
application layer functions). It represents the services that directly support
applications such as software for file transfers, database access, email, and
network games.
Layer
6—The presentation layer: This is a layer, usually part of an operating system,
that converts incoming and outgoing data from one presentation format to
another (for example, from a text stream into a popup window with the newly
arrived text). This layer also manages security issues by providing services
such as data encryption and compression. It’s sometimes called the syntax
layer.
Layer
5—The session layer: This layer allows applications on different computers to establish,
use, and end a session/connection. This layer establishes dialog control
between the two computers in a session, regulating which side transmits, and
when and how long it transmits.
Layer
4—The transport layer: This layer handles error recognition and recovery, manages the
end-to-end control (for example, determining whether all packets have arrived)
and error-checking. It ensures complete data transfer.
Layer
3—The network layer: This layer handles the routing of the data, addresses messages and
translates logical addresses and names into physical addresses. It also
determines the route from the source to the destination computer and manages
traffic problems (flow control), such as switching, routing, and controlling the congestion of data
packets.
Layer
2—The data-link layer: This layer package raw bit from the Physical layer into frames
(logical, structures packets for data). It is responsible for transferring
frames from one computer to another, without errors. After sending a frame, it
waits for an acknowledgment from the receiving computer.
Layer
1—The physical layer: This layer transmits bits from one computer to another and regulates
the transmission of a stream of bits over a physical medium. This layer defines
how the cable is attached to the network adapter and
what transmission technique is used to send data over the cable.
Besides, the principles that led to these 7 layers were the
following:
Every time a
new level of abstraction for a layer is necessary; every layer has well defined
functions, the functions of each layer must be chosen in the objective of the
international standardization of protocols. Boundaries between layers must be
chosen so as to minimize the flows of data through interfaces.
Data Transmission in OSI Model
Message Passing between processes in a Network utilizing OSI
The low layers
(1, 2, 3 and 4) are necessary to the routing of information between the two
concerned ends and depend on the physical medium. The higher layers (5, 6 and
7) are responsible for the data processing relative to the management of
exchanges between information processing systems. In addition, layers 1 to 3
intervene between close machines, but not between ending machines that can be
separated by several routers. On the contrary, layers 4 to 7 intervene only
between distant hosts.
2.6 TCP/IP Protocol Suite
This section presents an in-depth introduction to the protocols
that are included in TCP/IP. Although the information is conceptual, you should
learn the names of the protocols. You should also learn what each protocol
does.
“TCP/IP” is the acronym that is commonly used
for the set of network protocols that compose the Internet Protocol
suite. Many texts use the term “Internet” to describe both the protocol
suite and the global wide area network. In this book, “TCP/IP” refers
specifically to the Internet protocol suite. “Internet” refers to the wide area
network and the bodies that govern the Internet.
To interconnect your TCP/IP network with other networks, you must
obtain a unique IP address for your network. At the time of this writing, you
obtain this address from an Internet service provider (ISP).
If hosts on your network are to participate in the Internet Domain
Name System (DNS), you must obtain and register a unique domain name. The
InterNIC coordinates the registration of domain names through a group of
worldwide registries..
Most network protocol suites are structured as a series of layers,
sometimes collectively referred to as a protocol stack. Each layer
is designed for a specific purpose. Each layer exists on both the sending and
receiving systems. A specific layer on one system sends or receives exactly the
same object that another system's peer process sends or
receives. These activities occur independently from activities in layers above
or below the layer under consideration. In essence, each layer on a system acts
independently of other layers on the same system. Each layer acts in parallel
with the same layer on other systems.
Most network protocol suites are structured in
layers. The International Organization for Standardization (ISO) designed the
Open Systems Interconnection (OSI) Reference Model that uses structured layers.
The OSI model describes a structure with seven layers for network activities.
One or more protocols is associated with each layer. The layers represent data
transfer operations that are common to all types of data transfers among
cooperating networks.
The OSI model lists the protocol layers from the
top (layer 7) to the bottom (layer 1). The following table shows the model.
|
The OSI model defines conceptual operations that are not unique to
any particular network protocol suite. For example, the OSI network protocol
suite implements all seven layers of the OSI model. TCP/IP uses some of OSI
model layers. TCP/IP also combines other layers. Other network protocols, such
as SNA, add an eighth layer.
The OSI model describes idealized network communications with a
family of protocols. TCP/IP does not directly correspond to this model. TCP/IP
either combines several OSI layers into a single layer, or does not use certain
layers at all. The following table shows the layers of the Oracle Solaris
implementation of TCP/IP. The table lists the layers from the topmost layer
(application) to the bottommost layer (physical network).
|
The table shows the TCP/IP protocol layers and
the OSI model equivalents. Also shown are examples of the protocols that are
available at each level of the TCP/IP protocol stack. Each system that is
involved in a communication transaction runs a unique implementation of the
protocol stack.
The physical network layer specifies the
characteristics of the hardware to be used for the network. For example,
physical network layer specifies the physical characteristics of the
communications media. The physical layer of TCP/IP describes hardware standards
such as IEEE 802.3, the specification for Ethernet network media, and RS-232,
the specification for standard pin connectors.
The data-link layer identifies the network
protocol type of the packet, in this instance TCP/IP. The data-link layer also
provides error control and “framing.” Examples of data-link layer protocols are
Ethernet IEEE 802.2 framing and Point-to-Point Protocol (PPP) framing.
The Internet layer, also known as the network layer or IP
layer, accepts and delivers packets for the network. This layer includes
the powerful Internet Protocol (IP), the Address Resolution Protocol (ARP), and
the Internet Control Message Protocol (ICMP).
The IP protocol and its associated routing protocols are possibly
the most significant of the entire TCP/IP suite. IP is responsible for the
following:
·
IP
addressing – The IP addressing conventions are part
of the IP protocol. Designing an IPv4 Addressing Scheme introduces IPv4 addressing and IPv6 Addressing Overview introduces IPv6 addressing.
·
Host-to-host
communications – IP determines the path a packet must
take, based on the receiving system's IP address.
·
Packet
formatting – IP assembles packets into units that are
known as datagrams. Datagrams are fully described in Internet Layer: Where Packets Are Prepared for
Delivery.
·
Fragmentation – If a packet is too large for
transmission over the network media, IP on the sending system breaks the packet
into smaller fragments. IP on the receiving system then reconstructs the
fragments into the original packet.
Oracle Solaris supports both IPv4 and IPv6
addressing formats, which are described in this book. To avoid confusion when
addressing the Internet Protocol, one of the following conventions is used:
·
When the term “IP” is
used in a description, the description applies to both IPv4 and IPv6.
·
When the term “IPv4” is
used in a description, the description applies only to IPv4.
·
When the term “IPv6” is
used in a description, the description applies only to IPv6.
The Address Resolution Protocol (ARP) conceptually exists between
the data-link and Internet layers. ARP assists IP in directing datagrams to the
appropriate receiving system by mapping Ethernet addresses (48 bits long) to
known IP addresses (32 bits long).
The Internet Control Message Protocol (ICMP) detects and reports
network error conditions. ICMP reports on the following:
·
Connectivity
failure – A destination system cannot be reached
·
Redirection – Redirecting a sending system to use
another router
The TCP/IP transport layer ensures that packets
arrive in sequence and without error, by swapping acknowledgments of data
reception, and retransmitting lost packets. This type of communication is known
as end-to-end. Transport layer protocols at this level are
Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Stream
Control Transmission Protocol (SCTP). TCP and SCTP provide reliable, end-to-end
service. UDP provides unreliable datagram service.
TCP enables applications to communicate with each other as though
they were connected by a physical circuit. TCP sends data in a form that
appears to be transmitted in a character-by-character fashion, rather than as
discrete packets. This transmission consists of the following:
·
Starting point, which
opens the connection
·
Entire transmission in
byte order
·
Ending point, which
closes the connection.
TCP attaches a header onto the transmitted data. This header
contains many parameters that help processes on the sending system connect to
peer processes on the receiving system.
TCP confirms that a packet has reached its
destination by establishing an end-to-end connection between sending and
receiving hosts. TCP is therefore considered a “reliable, connection-oriented”
protocol.
SCTP is a reliable, connection-oriented transport layer protocol
that provides the same services to applications that are available from TCP.
Moreover, SCTP can support connections between systems that have more than one
address, or multihomed. The SCTP connection between sending and
receiving system is called an association. Data in the association
is organized in chunks. Because SCTP supports multihoming, certain
applications, particularly applications used by the telecommunications
industry, need to run over SCTP, rather than TCP.
UDP provides datagram delivery service. UDP does not verify
connections between receiving and sending hosts. Because UDP eliminates the
processes of establishing and verifying connections, applications that send small
amounts of data use UDP.
The application layer defines standard Internet
services and network applications that anyone can use. These services work with
the transport layer to send and receive data. Many application layer protocols
exist. The following list shows examples of application layer protocols:
·
Standard TCP/IP services
such as the ftp, tftp, and telnet commands
·
UNIX “r” commands, such
as rlogin and rsh
·
Name services, such as
NIS and the domain name system (DNS)
·
Directory services
(LDAP)
·
File services, such as
the NFS service
·
Simple Network
Management Protocol (SNMP), which enables network management
·
FTP
and Anonymous FTP – The File Transfer Protocol (FTP)
transfers files to and from a remote network. The protocol includes the ftp command and the in.ftpd daemon. FTP enables a user to specify the
name of the remote host and file transfer command options on the local host's
command line. The in.ftpd daemon on the remote host then handles the requests from the
local host. Unlike rcp, ftp works even when the remote computer does not run a UNIX
based operating system. A user must log in to the remote system to make anftp connection, unless the remote system has been configured to
allow anonymous FTP.
You can obtain an enormous amount of material from anonymous
FTP servers that are connected to the Internet. Universities and other
institutions set up these servers to offer software, research papers, and other
information to the public domain. When you log in to this type of server, you
use the login name anonymous, hence the term “anonymous FTP server.”
·
Telnet – The Telnet protocol enables terminals
and terminal-oriented processes to communicate on a network that runs TCP/IP.
This protocol is implemented as the telnet program on local systems and the in.telnetd daemon on remote machines. Telnet provides
a user interface through which two hosts can communicate on a
character-by-character or line-by-line basis.
·
TFTP – The Trivial File Transfer Protocol (tftp) provides functions that are similar to ftp, but the protocol does not establish ftp's interactive connection. As a result, users cannot list the
contents of a directory or change directories. A user must know the full name
of the file to be copied.
·
UNIX
“r” Commands
The UNIX “r” commands
enable users to issue commands on their local machines that run on the remote
host. These commands include the following:
·
rcp
·
rlogin
·
rsh
·
DNS – The domain name system (DNS) is the name
service provided by the Internet for TCP/IP networks. DNS provides host names
to the IP address service. DNS also serves as a database for mail
administration..
·
/etc files – The original
host-based UNIX name system was developed for standalone UNIX machines and then
adapted for network use. Many old UNIX operating systems and computers still
use this system, but it is not well suited for large complex networks.
·
NIS – Network Information Service (NIS) was
developed independently of DNS and has a slightly different focus. Whereas DNS
focuses on making communication simpler by using machine names instead of
numerical IP addresses, NIS focuses on making network administration more
manageable by providing centralized control over a variety of network
information. NIS stores information about machine names and addresses, users,
the network itself, and network services. NIS name space information is stored
in NIS maps.
Oracle Solaris supports LDAP (Lightweight
Directory Access Protocol) in conjunction with the Sun Open Net Environment
(Sun ONE) Directory Server, as well as other LDAP directory servers. The
distinction between a name service and a directory service is in the differing
extent of functionality. A directory service provides the same functionality of
a naming service, but provides additional functionalities as well.
The Simple Network
Management Protocol (SNMP) enables you to view the layout of your network and
the status of key machines. SNMP also enables you to obtain complex network
statistics from software that is based on a graphical user interface (GUI).
Many companies offer network management packages that implement SNMP.
The Routing Information
Protocol (RIP) and the Router Discovery Server Protocol (RDISC) are two
available routing protocols for TCP/IP networks.
2.7 Client Server Relationship
The client–server model of computing is a distributed application structure
that partitions tasks or workloads between the providers of a resource or
service, called servers, and service requesters, called clients.
Often clients and servers communicate over a computer network on separate hardware, but both client and server may
reside in the same system. A server host runs one or more server programs which
share their resources with clients. A client does not share any of its
resources, but requests a server's content or service function. Clients
therefore initiate communication sessions with servers which await incoming
requests
Client and server roles
The client–server characteristic describes the
relationship of cooperating programs in an application. The server component
provides a function or service to one or many clients, which initiate requests
for such services.
Servers
are classified by the services they provide. For instance, a web server serves web pages and a file server serves computer files. A shared resource may
be any of the server computer's software and electronic components, from programs and data to processors and storage
devices. The sharing of resources of a server constitute a service.
Whether a
computer is a client, a server, or both, is determined by the nature of the
application that requires the service functions. For example, a single computer
can run web server and file server software at the same time to serve different
data to clients making different kinds of requests. Client software can also
communicate with server software within the same computer. Communication between servers, such as
to synchronize data, is sometimes called inter-server or server-to-server communication.
Client and server communication
In
general, a service is an abstraction of computer resources and a client
does not have to be concerned with how the server performs while
fulfilling the request and delivering the response. The client only has to
understand the response based on the well-known application protocol, i.e. the
content and the formatting of the data for the requested service.
Clients
and servers exchange messages in a request-response messaging pattern: The client sends a
request, and the server returns a response. This exchange of messages is an
example of inter-process
communication. To communicate, the computers must have a common language, and
they must follow rules so that both the client and the server know what to
expect. The language and rules of communication are defined in a communications protocol. All
client-server protocols operate in the application
layer. The application-layer protocol defines the basic patterns of the
dialogue. To formalize the data exchange even further, the server may implement
an API (such as a web service).[3]The API is
an abstraction layer for such resources as databases and custom software. By restricting
communication to a specific content
format, it facilitates parsing.
By abstracting access, it facilitates cross-platform data exchange.[4]
A server
may receive requests from many different clients in a very short period of
time. Because the computer can perform a limited number of tasks at any moment, it relies on a scheduling system to prioritize incoming requests
from clients in order to accommodate them all in turn. To prevent abuse and
maximize uptime, the server's software limits how a client can use the
server's resources. Even so, a server is not immune from abuse. A denial of service attack exploits a server's obligation to
process requests by bombarding it with requests incessantly. This inhibits the
server's ability to respond to legitimate requests.
Examples of computer applications that use the client–server model are Email, network
printing, and the World
Wide Web.
Example
When a bank customer
accesses online banking services with a web browser (the client), the client initiates a
request to the bank's web server. The customer's login credentials may be stored in a database, and the web server accesses
the database server as a client. An application server interprets the returned data by applying
the bank's business logic, and
provides the output to the web server. Finally, the web
server returns the result to the client web browser for display.
In each
step of this sequence of client–server message exchanges, a computer processes
a request and returns data. This is the request-response messaging pattern.
When all the requests are met, the sequence is complete and the web browser
presents the data to the customer.
This
example illustrates a design
pattern applicable to the
client–server model: separation
of concerns.
2.8 IP Address
Internet Protocol Address (or IP
Address) is an unique address that computing devices use to identify itself and
communicate with other devices in the Internet Protocol network. Any device
connected to the IP network must have an unique IP address within its network.
An IP address is analogous to a street address or telephone number in that it
is used to uniquely identify a network device to deliver mail message, or call
("view") a website.
Dotted Decimals
The traditional IP Addresses (IPv4) uses a 32-bit
number to represent an IP address, and it defines both network and host
address. Due to IPv4 addresses running out, a new version of the IP protocol
(IPv6) has been invented to offer virtually limitless number of unique
addresses. An IP address is written in "dotted decimal" notation,
which is 4 sets of numbers separated by period each set representing 8-bit
number ranging from (0-255). An example of IPv4 address is 216.3.128.12, which
is the IP address assigned to topwebhosts.org.
An IPv4 address is divided into two
parts: network and host address. The network address determines how many of the
32 bits are used for the network address, and remaining bits for the host
address. The host address can further divided into subnetwork and host number.
Class A, B, C and CIDR networks
Traditionally IP network is classified as A, B or
C network. The computers identified the class by the first 3 bits (A=000,
B=100, C=110), while humans identify the class by first octet(8-bit) number.
With scarcity of IP addresses, the class-based system has been replaced by Classless Inter-Domain Routing (CIDR) to more
efficiently allocate IP addresses.
|
|||
Class
|
Network Address
|
Number of Hosts
|
Netmask
|
|
|||
CIDR
|
/4
|
240,435,456
|
240.0.0.0
|
|
|||
CIDR
|
/5
|
134,217,728
|
248.0.0.0
|
|
|||
CIDR
|
/6
|
67,108,864
|
252.0.0.0
|
|
|||
CIDR
|
/7
|
33,554,432
|
254.0.0.0
|
|
|||
A
|
/8 (1-126)
|
16,777,216
|
255.0.0.0
|
|
|||
CIDR
|
/9
|
8,388,608
|
255.128.0.0
|
|
|||
CIDR
|
/10
|
4,194,304
|
255.192.0.0
|
|
|||
CIDR
|
/11
|
2,097,152
|
255.224.0.0
|
|
|||
CIDR
|
/12
|
1,048,576
|
255.240.0.0
|
|
|||
CIDR
|
/13
|
524,288
|
255.248.0.0
|
|
|||
CIDR
|
/14
|
262,144
|
255.252.0.0
|
|
|||
CIDR
|
/15
|
131,072
|
255.254.0.0
|
|
|||
B
|
/16 (128-191)
|
65,534
|
255.255.0.0
|
|
|||
CIDR
|
/17
|
32,768
|
255.255.128.0
|
|
|||
CIDR
|
/18
|
16,384
|
255.255.192.0
|
|
|||
CIDR
|
/19
|
8,192
|
255.255.224.0
|
|
|||
CIDR
|
/20
|
4,096
|
255.255.240.0
|
|
|||
CIDR
|
/21
|
2,048
|
255.255.248.0
|
|
|||
CIDR
|
/22
|
1,024
|
255.255.252.0
|
|
|||
CIDR
|
/23
|
512
|
255.255.254.0
|
|
|||
C
|
/24 (192-223)
|
256
|
255.255.255.0
|
|
|||
CIDR
|
/25
|
128
|
255.255.255.128
|
|
|||
CIDR
|
/26
|
64
|
255.255.255.192
|
|
|||
CIDR
|
/27
|
32
|
255.255.255.224
|
|
|||
CIDR
|
/28
|
16
|
255.255.255.240
|
|
|||
CIDR
|
/29
|
8
|
255.255.255.248
|
|
|||
CIDR
|
/30
|
4
|
255.255.255.252
|
|
Note: (1) 127 Network Address reserved for
loopback test. (2) Class D (224-247, Multicast) and Class E (248-255,
Experimental) are not intended to be used in public operation.
Public and Private IP Addresses
In order to maintain uniqueness within global
namespace, the IP addresses are publicly registered with the Network Information Center (NIC) to avoid address
conflicts. Devices that need to be publicly identified such as web or mail
servers must have a globally unique IP address, and they are assigned a public
IP address. Devices that do not require public access may be assigned a private
IP address, and make it uniquely identifiable within one organization. For
example, a network printer may be assigned a private IP address to prevent the
world from printing from it. To allow organizations to freely assign private IP
addresses, the NIC has reserved certain address blocks for private use. A
private network is a network that uses RFC
1918 IP address space. The
following IP blocks are reserved for private IP addresses.
|
||
Class
|
Starting IP
Address
|
Ending IP
Address
|
|
||
A
|
10.0.0.0
|
10.255.255.255
|
|
||
B
|
172.16.0.0
|
172.31.255.255
|
|
||
C
|
192.168.0.0
|
192.168.255.255
|
|
In addition to above classful
private addresses, 169.254.0.0 through 169.254.255.255 addresses are reserved
for Zeroconf (or APIPA, Automatic Private IP Addressing) to automatically
create the usable IP network without configuration.
What is loopback IP address?
The loopback IP address is the address used to
access itself. The IPv4 designated 127.0.0.1 as the loopback address with the
255.0.0.0 subnet mask. A loopback
interface is also known as a virtual IP, which does not associate with hardware
interface. On Linux systems, the loopback interface is commonly called lo or lo0.
The corresponding hostname for this interface is called localhost.
The loopback address is used to test
network software without physically installing a Network InterfaceCard (NIC), and
without having to physically connect the machine to a TCP/IP network. A good
example of this is to access the web server running on itself by using
http://127.0.0.1 or http://localhost.
2.9 Networking Protocols
DHCP (Dynamic Host Configuration Protocol)
DNS (Domain Name System)
FTP (File Transfer Protocol)
HTTP (Hypertext Transfer Protocol)
HTTPS (Hypertext Transfer Protocol Secure)
ICMP (Internet Control Message Protocol)
IGMP (Internet Group Management Protocol)
IMAP4 (Internet Message Access Protocol version 4)
NTP (Network Time Protocol)
POP3 (Post Office Protocol version 3)
RTP (Real-time Transport Protocol) - VoIP (Voice over Internet Protocol)
SIP (Session Initiation Protocol) - VoIP (Voice over Internet Protocol)
SMTP (Simple Mail Transfer Protocol)
SNMP2/3 (Simple Network Management Protocol version 2 or 3)
SSH (Secure Shell)
TCP (Transmission Control Protocol)
Telnet[]
TFTP (Trivial File Transfer Protocol)
TLS (Transport Layer Security)
UDP (User Datagram Protocol)
2.10 Virtualization
Introduction to Virtualization
1. Brief History of Virtualization
2. Hypervisor
The
IT industry's focus on virtualization technology has increased considerably in
the past few years. However, the concept has been around much longer, as you
can read in the brief history below. This section also provides a high level
view of the virtualization technology and methods that exist today, and
highlights a number of reasons why organizations are embracing virtualization
more and more.
1. Brief
History of Virtualization
The concept of
virtualization is generally believed to have its origins in the mainframe days
in the late 1960s and early 1970s, when IBM invested a lot of time and effort
in developing robust time-sharing solutions. Time-sharing refers to the shared
usage of computer resources among a large group of users, aiming to increase
the efficiency of both the users and the expensive computer resources they
share. This model represented a major breakthrough in computer technology: the
cost of providing computing capability dropped considerably and it became
possible for organizations, and even individuals, to use a computer without
actually owning one. Similar reasons are driving virtualization for industry
standard computing today: the capacity in a single server is so large that it
is almost impossible for most workloads to effectively use it. The best way to
improve resource utilization, and at the same time simplify data center
management, is through virtualization.
Data centers today use
virtualization techniques to make abstraction of the physical hardware, create
large aggregated pools of logical resources consisting of CPUs, memory, disks,
file storage, applications, networking, and offer those resources to users or
customers in the form of agile, scalable, consolidated virtual machines. Even
though the technology and use cases have evolved, the core meaning of
virtualization remains the same: to enable a computing environment to run
multiple independent systems at the same time.
2. Hypervisor
If virtualization is
defined as enabling multiple operating systems to run on a single host
computer, then the essential component in the virtualization stack is the
hypervisor. This hypervisor, also called Virtual Machine Monitor (VMM), creates
a virtual platform on the host computer, on top of which multiple guest
operating systems are executed and monitored. This way, multiple operating
systems, which are either multiple instances of the same operating system, or
different operating systems, can share the hardware resources offered by the
host.
Hypervisors are commonly
classified as one of these two types, as show in Table 1.1, “Hypervisor Types”.
Table Hypervisor
Types
Classification
|
Characteristics and
Description
|
Type 1: native orbare metal
|
Native hypervisors are software systems that run
directly on the host's hardware to control the hardware, and to monitor the
guest operating systems. Consequently, the guest operating system runs on a
separate level above the hypervisor. Examples of this classic implementation
of virtual machine architecture are Oracle VM, Microsoft Hyper-V, VMWare ESX
and Xen.
|
Type 2: hosted
|
Hosted hypervisors are designed to run within a
traditional operating system. In other words, a hosted hypervisor adds a
distinct software layer on top of the host operating system, and the guest
operating system becomes a third software level above the hardware. A
well-known example of a hosted hypervisor is Oracle VM VirtualBox. Others
include VMWare Server and Workstation, Microsoft Virtual PC, KVM, QEMU and
Parallels.
|
VM VirtualBox
Oracle VM VirtualBox (formerly Sun
VirtualBox, Sun xVM
VirtualBox and Innotek VirtualBox) is a virtualization software package for x86 and AMD64/Intel64-based computers from Oracle Corporation. Innotek GmbH first
developed the product;Sun Microsystems purchased
it in 2008; Oracle has continued development since 2010.
The
VirtualBox package installs on an existing host
operating system as an
application; this host application allows additional guest operating systems,
each known as a Guest OS,
to load and run, each with its own virtual environment.
Supported
host operating systems include Linux, Mac OS X, Windows XP, Windows Vista, Windows 7, Windows 8, Solaris, and OpenSolaris; there are also ports to FreeBSD and Genode.
Supported
guest operating systems include versions and derivations of Windows, Linux, BSD, OS/2, Solaris, Haiku and others Since release 3.2.0, VirtualBox also
allows limited virtualization of Mac OS X guests
on Apple hardware, thoughOSX86 can
also be installed using VirtualBox.
Since
version 4.3 (released in October 2013), Microsoft Windows guests on supported
hardware can take advantage of the recently implemented WDDM driver
included in the guest additions; this allows Windows
Aero to be enabled along withDirect3D support.
Guest
Additions should be installed in order to achieve the best possible experience.The
Guest Additions can be installed inside a virtual machine after the
installation of the guest operating system. They consist of device drivers and
system applications that optimize the guest operating system for better
performance and usability.
VMware Workstation
VMware
Workstation is a hypervisor that runs on x86 or x86-64 computers; it enables users to set up
one or more virtual machines(VMs)
on a single physical machine, and use them simultaneously along with the actual
machine. Each virtual machine can execute its own operating system, including
versions of Microsoft Windows, Linux, BSD, and MS-DOS. VMware Workstation is
developed and sold by VMware,
Inc., a division of EMC
Corporation.
VMware Workstation supports bridging existing host network adapters and share physical disk drives and USB devices with a virtual machine. In
addition, it can simulate disk drives. It can mount an existing ISO image file into a virtual optical disc drive so that the virtual machine sees it as
a real one. Likewise, virtual hard
disk drives are made via .vmdk files.
VMware Workstation can save the state of a virtual
machine (a "snapshot") at any instant. These snapshots can later be
restored, effectively returning the virtual machine to the saved state.
VMware Workstation includes the ability to designate
multiple virtual machines as a team which can then be powered on, powered off,
suspended or resumed as a single object, making it particularly useful for
testing client-server environments.
The VMware
Player, a virtualization package of basically similar, but reduced,
functionality, is also available, and is free of charge for non-commercial use,
or for distribution or other use by written agreement
2.10 Linux
Linux is one of popular version of UNIX operating System.
It is open source as its source code is freely available. It is free to use.
Linux was designed considering UNIX compatibility. It's functionality list is
quite similar to that of UNIX.
Components of Linux System
Linux Operating System has primarily three components
Kernel - Kernel is the core part of Linux. It is responsible for
all major activities of this operating system. It is consists of various
modules and it interacts directly with the underlying hardware. Kernel provides
the required abstraction to hide low level hardware details to system or
application programs.
System Library - System libraries are special functions or programs using
which application programs or system utilities accesses Kernel's features.
These libraries implements most of the functionalities of the operating system
and do not requires kernel module's code access rights.
System Utility - System Utility programs are responsible to do
specialized, individual level tasks.
Kernel
Mode vs User Mode
Kernel component code executes in a
special privileged mode called kernel
mode with full access to all
resources of the computer. This code represents a single process, executes in
single address space and do not require any context switch and hence is very
efficient and fast. Kernel runs each processes and provides system services to
processes, provides protected access to hardwares to processes.
Support code which is not required
to run in kernel mode is in System Library. User programs and other system
programs works in User Mode which has no access to system
hardwares and kernel code. User programs/ utilities use System libraries to
access Kernel functions to get system's low level tasks.
Basic Features
Following are some of the important features of Linux
Operating System.
Portable - Portability means softwares can works on different types
of hardwares in same way.Linux kernel and application programs supports their
installation on any kind of hardware platform.
Open Source - Linux source code is freely available and it is community
based development project. Multiple teams works in collaboration to enhance the
capability of Linux operating system and it is continuously evolving.
Multi-User - Linux is a multiuser system means multiple users can
access system resources like memory/ ram/ application programs at same time.
Multiprogramming - Linux is a multiprogramming system means multiple
applications can run at same time.
Hierarchical
File System - Linux provides a
standard file structure in which system files/ user files are arranged.
Shell - Linux provides a special interpreter program which can be
used to execute commands of the operating system. It can be used to do various
types of operations, call application programs etc.
Security - Linux provides user security using authentication
features like password protection/ controlled access to specific files/
encryption of data.
Architecture
Linux System Architecture is consists of following layers
Hardware layer - Hardware consists of all peripheral devices (RAM/ HDD/
CPU etc).
Kernel - Core component of Operating System, interacts directly
with hardware, provides low level services to upper layer components.
Shell - An interface to kernel, hiding complexity of kernel's
functions from users. Takes commands from user and executes kernel's functions.
Utilities - Utility programs giving user most of the functionalities
of an operating systems.
Basic Linux Commands
|
.
No comments:
Post a Comment