What layer, in the tcp/ip stack, do applications and protocols, such as http and telnet, operate?

A protocol is a set of rules that governs the communications between computers on a network. In order for two computers to talk to each other, they must be speaking the same language. Many different types of network protocols and standards are required to ensure that your computer (no matter which operating system, network card, or application you are using) can communicate with another computer located on the next desk or half-way around the world. The OSI (Open Systems Interconnection) Reference Model defines seven layers of networking protocols. The complexity of these layers is beyond the scope of this tutorial; however, they can be simplified into four layers to help identify some of the protocols with which you should be familiar (see fig 1).

Inhaltsverzeichnis Show

Ethernet (Physical/Data Link Layers)
Fast Ethernet
Gigabit Ethernet
Older Network Protocols
IP and IPX (Network Layer)
TCP and SPX (Transport Layer)
HTTP, FTP, SMTP and DNS (Session/Presentation/Application Layers)

OSI Layer	Name	Common Protocols
7	Application	HTTP \| FTP \| SMTP \| DNS \| Telnet
6	Presentation
5	Session
4	Transport	TCP \| SPX
3	Network	IP \| IPX
2	Data Link	Ethernet
1	Physical

Fig 1. OSI model related to common network protocols

Figure 1 illustrates how some of the major protocols would correlate to the OSI model in order to communicate via the Internet. In this model, there are four layers, including:

Ethernet (Physical/Data Link Layers)
IP/IPX (Network Layer)
TCP/SPX (Transport Layer)
HTTP, FTP, Telnet, SMTP, and DNS(combined Session/Presentation/Application Layers)

Assuming you want to send an e-mail message to someone in Italy, we will examine the layers "from the bottom up" -- beginning with Ethernet (physical/data link layers).

Ethernet (Physical/Data Link Layers)

The physical layer of the network focuses on hardware elements, such as cables, repeaters, and network interface cards. By far the most common protocol used at the physical layer is Ethernet. For example, an Ethernet network (such as 10BaseT or 100BaseTX) specifies the type of cables that can be used, the optimal topology (star vs. bus, etc.), the maximum length of cables, etc. (See the Cabling section for more information on Ethernet standards related to the physical layer).

The data link layer of the network addresses the way that data packets are sent from one node to another. Ethernet uses an access method called CSMA/CD (Carrier Sense Multiple Access/Collision Detection). This is a system where each computer listens to the cable before sending anything through the network. If the network is clear, the computer will transmit. If some other node is already transmitting on the cable, the computer will wait and try again when the line is clear. Sometimes, two computers attempt to transmit at the same instant. When this happens a collision occurs. Each computer then backs off and waits a random amount of time before attempting to retransmit. With this access method, it is normal to have collisions. However, the delay caused by collisions and retransmitting is very small and does not normally effect the speed of transmission on the network.

Ethernet

The original Ethernet standard was developed in 1983 and had a maximum speed of 10 Mbps (phenomenal at the time) over coaxial cable. The Ethernet protocol allows for bus, star, or tree topologies, depending on the type of cables used and other factors. This heavy coaxial cabling was expensive to purchase, install, and maintain, and very difficult to retrofit into existing facilities.

The current standards are now built around the use of twisted pair wire. Common twisted pair standards are 10BaseT, 100BaseT, and 1000BaseT. The number (10, 100, 1000) ands for the speed of transmission (10/100/1000 megabits per second); the "Base" stands for "baseband" meaning it has full control of the wire on a single frequency; and the "T" stands for "twisted pair" cable. Fiber cable can also be used at this level in 10BaseFL.

Fast Ethernet

The Fast Ethernet protocol supports transmission up to 100 Mbps. Fast Ethernet requires the use of different, more expensive network concentrators/hubs and network interface cards. In addition, category 5 twisted pair or fiber optic cable is necessary. Fast Ethernet standards include:

100BaseT - 100 Mbps over 2-pair category 5 or better UTP cable.
100BaseFX - 100 Mbps over fiber cable.
100BaseSX -100 Mbps over multimode fiber cable.
100BaseBX - 100 Mbps over single mode fiber cable.

Gigabit Ethernet

Gigabit Ethernet standard is a protocol that has a transmission speed of 1 Gbps (1000 Mbps). It can be used with both fiber optic cabling and copper. (see the Cabling section for more information).

1000BaseT - 1000 Mbps over 2-pair category 5 or better UTP cable.
1000BaseTX - 1000 Mbps over 2-pair category 6 or better UTP cable.
1000BaseFX - 1000 Mbps over fiber cable.
1000BaseSX -1000 Mbps over multimode fiber cable.
1000BaseBX - 1000 Mbps over single mode fiber cable.

The Ethernet standards continue to evolve. with 10 Gigabit Ethernet (10,000 Mbps) and 100 Gigabit Ethernet (100,000 Mbps),

Ethernet Protocol Summary

Protocol	Cable	Speed
Ethernet	Twisted Pair, Coaxial, Fiber	10 Mbps
Fast Ethernet	Twisted Pair, Fiber	100 Mbps
Gigabit Ethernet	Twisted Pair, Fiber	1000 Mbps

Older Network Protocols

Several very popular network protocols, commonly used in the 90's and early 21st century have now largely fallen into disuse. While you may hear terms from time to time, such as "Localtalk" (Apple) or "Token Ring" (IBM), you will rarely find these systems still in operation. Although they played an important role in the evolution of networking, their performance and capacity limitations have relegated them to the past, in the wake of the standardization of Ethernet driven by the success of the Internet.

IP and IPX (Network Layer)

The network layer is in charge of routing network messages (data) from one computer to another. The common protocols at this layer are IP (which is paired with TCP at the transport layer for Internet network) and IPX (which is paired with SPX at the transport layer for some older Macintosh, Linus, UNIX, Novell and Windows networks). Because of the growth in Internet-based networks, IP/TCP are becoming the leading protocols for most networks.

Every network device (such as network interface cards and printers) have a physical address called a MAC (Media Access Control) address. When you purchase a network card, the MAC address is fixed and cannot be changed. Networks using the IP and IPX protocols assign logical addresses (which are made up of the MAC address and the network address) to the devices on the network, This can all become quite complex -- suffice it to say that the network layer takes care of assigning the correct addresses (via IP or IPX) and then uses routers to send the data packets to other networks.

TCP and SPX (Transport Layer)

The transport layer is concerned with efficient and reliable transportation of the data packets from one network to another. In most cases, a document, e-mail message or other piece of information is not sent as one unit. Instead, it is broken into small data packets, each with header information that identifies its correct sequence and document.

When the data packets are sent over a network, they may or may not take the same route -- it doesn't matter. At the receiving end, the data packets are re-assembled into the proper order. After all packets are received, a message goes back to the originating network. If a packet does not arrive, a message to "re-send" is sent back to the originating network.

TCP, paired with IP, is by far the most popular protocol at the transport level. If the IPX protocol is used at the network layer (on networks such as Novell or Microsoft), then it is paired with SPX at the transport layer.

HTTP, FTP, SMTP and DNS (Session/Presentation/Application Layers)

Several protocols overlap the session, presentation, and application layers of networks. There protocols listed below are a few of the more well-known:

DNS - Domain Name System - translates network address (such as IP addresses) into terms understood by humans (such as Domain Names) and vice-versa
DHCP - Dynamic Host Configuration Protocol - can automatically assign Internet addresses to computers and users
FTP - File Transfer Protocol - a protocol that is used to transfer and manipulate files on the Internet
HTTP - HyperText Transfer Protocol - An Internet-based protocol for sending and receiving webpages
IMAP - Internet Message Access Protocol - A protocol for e-mail messages on the Internet
IRC - Internet Relay Chat - a protocol used for Internet chat and other communications
POP3 - Post Office protocol Version 3 - a protocol used by e-mail clients to retrieve messages from remote servers
SMTP - Simple Mail Transfer Protocol - A protocol for e-mail messages on the Internet

A(n) _______ is the logical, not physical, component of a TCP connection.ISNSocketPort

SYN

Each Class C IP address supports up to ___ host computers.25451265, 000

16 million

In TCP, the __________________________ is a 32 bit number that tracks the packets received by the node and allows reassembling of large packets that have been broken into smaller packets.

initial sequence number (ISN)

In the TCP/IP stack, the _______________ layer represents the physical network pathway and the network interface card.

In the TCP/IP stack the _________________ layer is responsible for getting data packets to and from the Application layer by using port numbers.

In the TCP/IP stack, the ____ layer uses IP addresses to route packets.Answer Internet Network Transport Application

In the TCP/IP stack, the ____ layer is where applications and protocols, such as HTTP and Telnet, operate.Answer Internet Network Transport

Application

In the TCP/IP stack, the ____ layer is concerned with physically moving electrons across a medium.Answer Internet Network Transport Application

In the TCP/IP stack, the ____ layer is concerned with controlling the flow of data, sequencing packets for reassembly, and encapsulating the segment with a TCP or UDP header.Answer Internet Network Transport Application

In the TCP/IP stack, the Transport layer includes network services and client software.

No matter what medium connects computers on a network—copper wires, fiber-optic cables, or a wireless setup—the same protocol must be running on all computers if communication is going to function correctly.

Often technical personnel who aren’t familiar with security techniques think that restricting access to ports on a router or firewall can protect a network from attack. Is this a good solution?

This is easier said than done. After all, if a firewall prevents any traffic from entering or exiting a network on port 80, you have indeed closed a vulnerable port to access from hackers. However, you have also closed the door to Internet access for your users, which probably isn’t acceptable to your company. The tricky (and almost impossible) part for security personnel is attempting to keep out the bad guys while allowing the good guys to work and use the Internet.

The IP in TCP/IP stands for ____________________.

The HTTP service uses port ____.Answer 25 53 69 80

The DNS service uses port ____.Answer 25 53 69 80

TCP stands for ____.Answer Transfer Control Protocol Transmission Control Protocol Transfer Congestion Protocol THE Control Protocol

Transmission Control Protocol

TCP is a(n) ____________________ protocol, which means the sender doesn’t send any data to the destination node until the destination node acknowledges that it’s listening to the sender.

The Microsoft RPC service uses port ____.Answer 110 119 135 139

The NetBIOS service uses port ____.Answer 110 119 135

139

The Network News Transport Protocol service uses port ____.Answer 110 119 135 139

The POP3 service uses port ____.Answer 110 119 135 139

The SMTP service uses port ____.Answer 25 53 69 80

The TFTP service uses port ____.Answer 25 53 69 80

The ____-layer protocols are the front ends to the lower-layer protocols in the TCP/IP stack.Answer Internet Network Transport Application

The most widely used is protocol is ____.Answer IPX/SPX ATM TCP/IP NetBIOS

UDP stands for ____.Answer User Datagram Protocol Universal Datagram Protocol User Data Packet Universal Data Packet

To retrieve e-mail from a mail server, you most likely access port 119.

Internet Control Message Protocol (ICMP) is used to send messages that relate to network operations. For example, if a packet cannot reach its destination, you might see the “Destination Unreachable” error. ICMP makes it possible for network professionals to troubleshoot network connectivity problems (with the Ping command) and to track the route a packet traverses from a source IP address to a destination IP address (with the Traceroute command).

Most networks require a DNS server so that users can connect to Web sites with URLs instead of IP addresses. When a user enters a URL, such as www.yahoo.com, the DNS server resolves the name to an IP address. The DNS server might be internal to the company, or each computer might be configured to point to the IP address of a DNS server that’s serviced by the company’s ISP.

What steps are involved in TCP’s “three-way handshake”?

Answer: 1. Host A sends a TCP packet with the SYN flag set (that is, a SYN packet) to Host B.2. After receiving the packet, Host B sends Host A its own SYN packet with an ACK flag (a SYN-ACK packet) set.

3. In response to the SYN-ACK packet from Host B, Host A sends Host B a TCP packet with the ACK flag set (an ACK packet).

A hex number is written with two characters, each representing a byte.

An octal digit can be represented with only three bits because the largest digit in octal is seven.

Based on the starting decimal number of the ____ byte, you can classify IP addresses as Class A, Class B, or Class C.

What is the main protocol for transmitting e-mail messages across the Internet

What is the primary protocol used to communicate over the World Wide Web?

What allows allows different operating systems to transfer files between one another

What is primarily used to monitor devices on a network, such as remotely monitoring a router’s state?

What is a TCP header flag used to deliver data directly to an application?

What enables multiple users to communicate over the Internet in discussion forums?

What is a TCP header flag that signifies the beginning of a session called?

What enables a remote user to log on to a server and issue commands?

What is a TCP header flag that is used to signify urgent data called?

In a(n) ____, the tester does more than attempt to break in; he or she also analyzes the company’s security policy and procedures and reports any vulnerabilities to management.

____ takes penetration testing to a higher level.