Internet Protocols
Internet Protocols
Internet Protocols
- Internet
- TCP/IP Suite: Protocol Model
- Network Layer: IP, ICMP
- Transport Layer: TCP, UDP, RTP
- Application Layer: Telnet, DNS, FTP, HTTP, SNMP
INTERNET
Examples of Networks:
ARPANET (Advanced Research Project Agency NETwork)
TCP/IP is a suite of protocols that are first designed for the Defense
Advanced Research Project Agency (DARPA) network called ARPAnet
in the early 1970s. In the early 1980s, TCP/IP was included as an
integral part of Berkeley's UNIX version 4.2. Today, it is the protocol
used by ARPAnet, MILnet and many other networks.
Network Layer:
This layer encapsulates the packet into datagram, and performs
routing. It corresponds to OSI's network layer.
Transport Layer:
This layer is responsible for providing communication between
applications residing in different hosts. It provides either reliable
service (TCP) or unreliable service (UDP).
Application Layer:
This layer provides applications such as file transfer (FTP), mail
transfer (SMTP), remote terminal access (Telnet), address
assignment (DHCP), network management (SNMP). It could use
either TCP or UDP for transport.
The correspondence between the OSI reference model and the TCP/IP
protocol suite is as follows:
ICMP
In the above, the data link layer and the physical layer are assumed to
be LAN. However, it can be other protocols, such as PPP, frame relay,
ATM, X.25, etc. Note that X.25 includes the network layer.
Session 520 554 5005 5004 5060 67 161 53 23 20 80 532 109 25 179
68 162 21 110
Port No.
802.2 Frame
Link FUNI AAL5
PPP, SLIP X.25 Relay
802.3 802.5 802.6 FDDI ATM
Server Client
Router Router
ATM Network
FTP FTP
TCP IP IP TCP
IP LLC SNAP SNAP LLC IP
LLC AAL5 AAL5 LLC
MAC MAC
MAC ATM ATM ATM MAC
Ether- Ether-
Ethernet Phy. Phy. Phy. Ethernet
net net
MPEG MPEG
TS TS
RTCP RTSP RTCP RTSP
RTP RTP
IP IP
UDP UDP
SNAP SNAP
IP IP
LLC LLC
IP
Header IP Data
bit
0 4 8 16 19 24 31
Source IP Address
Destination IP Address
Options Padding
INTERNET PROTOCOL: IP V4
bits
0 1 2 3 4 5 6 7
Precedence D T R nor used
Precedence Bits
Value Precedence
111 Network Control
110 Interwork Control
101 CRITIC
100 Flash Override
011 Flash
010 Immediate
001 Priority
000 Routine
INTERNET ADDRESS
When IP was standardized in 1981, the specification required that each
user be assigned a unique 32-bit Internet address. Some network
equipment, such as routers may have interfaces to several networks. In
this case, each interface needs a unique IP address. IP addresses are
expressed as four decimal numbers, each separated by a dot. This is
called dotted-decimal notation. Examples are 2.15.38.9,
129.19.140.34, 210.120.19.8.
With the rapid growth of the Internet users, the available IP addresses
are running out quickly. In the next generation IP, i.e., IPv6, a new IP
address has been defined. We will discuss that later.
The 32-bit IP address consists of two parts: network address and the
host address. In order to provide the flexibility required to support
networks of different sizes, the IP addresses are divided into five
classes: A, B, C, D and E.
Class A IP address
0 1 7 8 31
A class A address has the leading bit set to 0, a 7-bit network number and a 24-bit
host number. 126 (i.e., 2^7 -2) network numbers can be assigned. Network numbers
with all 0s and all 1s have been reserved. Each network can have up to 16,777,214
(i.e., 2^24 -2) hosts. Class A networks are also referred to as “/8s” since they have
an 8-bit network address. These networks are identified by their network numbers,
such as 5.0.0.0/8, 53.0.0.0/8, 122.0.0.0/8.
Class B IP address
0 1 2 15 16 31
A class B address has the two leading bits set to 1-0, a 14-bit network number field,
and a 16-bit host number field. 16,382 class B networks can be assigned with up to
with 65,534 hosts in each network. Class B networks are also referred to as “/16s”
since they have a 16-bit network number field. Examples of class B networks are
129.52.0.0/16, 190.3.0.0/16.
Class C IP address
0 1 2 3 23 24 31
Class D IP address
0 1 2 3 4 31
1 1 1 0 Multicast Number
Class D is used for multicast. The leading 4 bits are set to 1-1-1-0.
Class E IP address
Class E addresses have their leading 4 bits set to 1-1-1-1, and are reserved for
experimental use.
Note that the address spaces of classes A, B and C are 50%, 25% and
12.5% respectively of the total IPv4 unicast address space.
There are some special IP addresses that have been assigned for
special purposes. They are as follows:
All 0s
2. Y. Rekhter, et. Al., “Address Allocation for Private Internets,” RFC 1918, Feb., 1996.
3. 169.254.0.0 through 169.254.255.255 are reserved for use as self-assigned addresses when
DHCP fails or is not available.
All 1s
This address is used for broadcast within the local network. An example
is broadcast within a local area network. It is never a valid source
address.
This address is used for broadcast within the network identified by the
network number. It is not a valid source address.
Subnetting is to further divide the host number field into subnet number
field and host number field. In another word, it makes the two-level
address hierarchy (network number + host number) into a three-level
hierarchy (network number + subnet number + host number). The
address format is as follows;
For example, if you have a class B network (i.e., /16 address space) of
148.75.00 and there is no subnetworks, then the subnet mask is
255.255.0.0. However, if you have many subnetworks and you want to
use the entire third octet to represent the subnetwork number, you have
a subnet mask of 255.255.255.0.
If you have a class B network and you have 16 subnetworks with each
subnetwork has more than 256 users connecting to it, you may want to
use the first 4 bits in the third octet as the subnet number field. In this
case, the subnet mask is 255.255.240.0.
Exercise:
Explain why in the last example, the subnet mask is 255.255.240.0.
Question:
What class of network address do these two networks belong to?
Problem:
Solution:
Using the broadcast capability, the node broadcast a RARP packet with
its physical address to all the nodes on the same Ethernet. Upon
receiving the RARP packet, the controller responds by sending a packet
with the inquiring node's Internet address to the inquiring node.
Bits
0 15
Hardware Address Space: type of hardware used in the network interface layer (set
to 1 for Ethernet)
Protocol Address Space: protocol used in the network interface layer
Hardware Address Length: in octets (=6 for Ethernet)
Protocol Address Length: in octets (=4 for IP)
Operation Code: type of packet (e.g., ARP request, ARP response, etc.)
IP Datagram
0 7 8 15 16 31
Type field is used to identify the ICMP message. There are 15 different
types. Each type may have different codes to provide further
information. The 16-bit checksum covers the entire ICMP message.
Optional Data
Destination unreachable
The code field describes the problem. ICMP message includes a short
prefix of the IP datagram that can not be delivered. This information will
let the originating host know exactly which datagram causes problem.
Note that the first 8-byte of the IP datagram data could include the
whole UDP header or the first 8-byte of the TCP header. In either case,
it includes the port number.
Source quenching
0 7 8 15 16 31
Type (4) Code (0) Checksum
The IP header and the first 8-byte of the IP datagram data will inform
the originating host the datagram discarded.
Timestamping
0 7 8 15 16 31
Type (13 or 14) Code (0) Checksum
Identifier Sequence Number
Originate timestamp
Receive timestamp
Transmit timestamp
0 7 8 15 16 31
Type (12) Code (0 or 1) Checksum
The code indicates the problem. The pointer field identifies the octet in
the datagram’s header that causes problems.
Redirect
4 W. Stallings, “IPv6: The New Internet Protocol,” IEEE Communications Mag., pp. 96-108,
July, 1996.
R. M. Hinden, “IP Next Generation: Overview,” Communications of the ACM, vol. 39, no. 6,
pp. 61-71, June 1996.
5 RFC 1752, “The Recommendation for the IP Next Generation Protocol”
RFC 1825, “Security Architecture for the Internet Protocol”
RFC 1826, “IP Authentication Header”
RFC 2460, “Internet Protocol, Version 6 Specification”
RFC 1884, “IP Version 6 Address Architecture”
RFC 1885, “Internet Control Message Protocol (ICMPv6) for the Internet Protocol version
(Ipv6) Specification”
RFC 1933, “Transition Mechanisms for Ipv6 Hosts and Routers”
RFC 2406, “IP Encapsulating Payload (ESP)”
NH Fragment Header 8
NH
Encapsulation Security
Payload Header Variable
NH
Data
Where NH is the 8-bit Next Header field, which indicates the type of
header or protocol ID that immediately follows.
Bit
0 4 12 16 24 31
Octet
1 Version Traffic Class Flow Label
3
4 Source Address
5
6
7
8
Destination Address
9
10
Note that the length of the IPv6 header is 40 octets. The fields are:
Version (4 bits): 6 for IPv6.
Traffic Class (8 bits): Indicates the class and priority of the packet.
Flow Label (24 bits): May be used by the host to label a sequence of
packets that require special handling. It is used by DiffServ
(differentiated Services).
Payload Length (16 bits): Length of the remainder of the IPv6 packet
following the header.
Next Header (8 bits): Indicates the type of header immediately
follows the IPv6 header.
Hop Limit (8 bits): The remaining number of allowable hops for this
packet.
Source Address (128 bits): The IP address for the source host.
Destination Address (128 bits): The IP address for the destination.
Bit
0 8 16 24 31
Options
Where length is the length of the header. Each option consists of three
fields: Type (8 bits), Length (8 bits) and Value (variable length).
2 Reserved
3 Address 0
4 Address 1
N+3 Address N
Routing type field specifies the type of routing information; the only one
type has been defined, type 0, corresponds to loose source routing.
Loose source routing means there can be intermediate nodes in
between. Segment left field indicates the number of addresses that
remain in the list. Address N is the true final destination address.
Bit
0 8 16 29 31
2 Identification
RS field is reserved. M is the more bit that indicates there are packets to
come. The fragment offset and the identification fields are the same as
those of IP v4.
195.104.0.140.0.0.149.10.80.98.115.38.140.0.200.12
C368:8C:0:950A:5062:7326:8C00:C80C
A371:23C8:0:0:0:A12:0:C80A
can be rewritten as
A371:23C8::A12:0:C80A
Note that zero compression can only be used once in order to avoid
ambiguity.
0:0:0:0:132.82.10.100
::132.82.10.100
The 16-bit field contains 0000 if the node also has conventional IPv6
addresses and FFFF if it does not.
IPv6 supports CIDR. The notation is similar to that for IPv4. Thus,
IPv6 anycast addresses are allocated from the unicast address space
and are using the defined unicast address formats. A unicast address is
turned into an anycast address when it is assigned to more than one
interface. The devices to which the anycast address is assigned must
be explicitly configured to know that its IP address is an anycast
address.
The following figure illustrates the IPv6 unicast address structure. Each
address consists of three parts: the global routing prefix, the subnet
identifier, and the interface identifier. The interface identifier identifies a
particular interface and is 64 bits long. It contains the hardware address,
such as Ethernet MAC address. The global routing prefix is used to
route the packets, and the subnet identifier is used to identify the
subnetwork.
N bits 64-N bits 64 bits
128 bits
CCCCCC0GCCCCCCCCCCCCCCC
0 24 40 63
CCCCCC1GCCCCCCCCCCCCCCC1111111111111110
Note that the C bits in the OUI portion of the MAC address are used to
identify the company. The 6th bit in the first byte of the MAC address,
which is used to indicate whether the address has global scope, is
changed from to 0 to 1.
7 M. Crawford, “Transmission of IPv6 Packets over Ethernet Networks,” RFC 2462, Decd.
1998.
Multiplexing Service
Error Reporting
OPEN
- Passive Open
- Active Open
- Open Parameters
Addressing
Time out
Security
Quality of Service
DATA TRANSFER
- Send
Urgent
Push
Time out
- Allocate (receive)
TERMINATE
- Close
- Abort
STATUS
PORT
Both TCP and UDP may provide services to more than one application
processes. They use port number as the ultimate destination within a
computer to identify the application process.
SEQUENCE NUMBER
124
123
122
121
127
126
125
PUSH
URGENT
URGENT flag indicates that the data packet is urgent and needs to be
processed immediately.
Both the active and passive ends of the connection must create a data
structure known as the Transmission Control Block (TCB).
CONNECTION ESTABLISHMENT
Active Passive
Closed Listen
SYN - send
(send SYN SEQ=200) <SEQ=200, CTL=SYN>
SYN - received
send SYN
<SEQ=400, ACK=201, (SEQ=400, ACK=201)
CTL=SYN, ACK>
Connection established
(receive SYN-ACK)
Connection established
<DATA>
The TCP packet header includes a window field. It indicates the range
of sequence numbers that it is willing to receive. When the receiver
buffer starts to fill up, the window starts to decrease. At the time, the
transmitter will send smaller data segments. After the data in the
receiver buffer have been sent to the application process, the receiver
window size can be increased. The sender will then send larger data
segments.
A TCP process with zero send window must periodically send probe
packets with invalid sequence and acknowledgment number and a
single byte of invalid data. The receiving TCP process then responds by
sending an ACK with a window size possibly greater than zero.
Timer Expires
Transmitting 1 11 21 31 41 51 61 71 21 31 41 81 91 101
TCP
1
Ack 1
Ac 91
01
1
k8
k2
k1
k
Ac
Ac
Ac
Receiving
TCP 1 11 E 31 41 51 61 71 21 31 41 81 91 101
Buffered Discarded
TIME-OUT VALUE
TCP uses "SMOOTHED ROUND-TRIP DELAY" to define the time-out
value for retransmission.
TCP FORMAT
Bits
0 8 16 24 31
Source Port Destination Port
Sequence Number
Acknbowledgement Number
Header
Data UAP RS F
Reserve R C S S Y I Window
Offset
GKHT NN
Checksum Urgent Pointer
Options Padding
Data
TCP FORMAT
Source Port Identifies the application at the source computer
Destination Port Identifies the application at the destination
Sequence Number The sequence number of the first data octet in
the segment
Acknowledgment Applies only if the ACK field is set to 1
acknowledges the reception of data up to (ack.
number - 1)
Data Offset Specifies the number of 32 bit words in the TCP
header
Reserved
Control Bits Controls the handshaking and data transfer
URG - Urgent
ACK - Acknowledgment
PSH - Push flag
RST - Reset the connection
SYN - Synchronize the sequence number
FIN - No more data from sender
Window The number of octets beginning with the one in
the acknowledgment field, that can be accepted
Checksum Checksum for the whole TCP packet (TCP
header + data) and the pseudo header (source
and destination IP addresses, protocol and total
length)
Urgent Pointer Only significant if URG is set. The value is a
offset from the sequence number, and indicates
the end of the urgent data
Options
Padding
Data Transfer
Upper Layer A Upper Layer B
10. Send data 15. Deliver data 12. Deliver data 13. Send data
(50 octets) (100 octets) (50 octets) (100 octets)
Graceful Close
Upper Layer A Upper Layer B
-- Dependent on IP
-- Low overhead
-- No loss, mis-ordered, or duplication protection
-- Checksum optional
Bits
0 8 16 24 31
Source Port Destination Port
Header
Length Checksum
Data
8H. Schulzrinne, S. Casner, R. Frederick, and V. Jacobson, “RTP: A Transport Protocol for Real-
Time Applications”, RFC 3550, July 2003.
H. Schulzrinne, A. Rao and R. Lanphier, “Real Time Streaming Protocol (RTSP)”, RFC 2326, April
1998.
The following sections describe some aspects of the use of RTP. The
examples were taken from RFC1889 to illustrate the basic operation of
applications using RTP, not to limit what RTP may be used for. In these
examples, RTP is carried on top of IP and UDP.
An IETF working group meets to discuss the latest protocol draft, using
the IP multicast services of the Internet for voice communications. The
working group chair, through some allocation mechanism, obtains a
multicast group address (class D IP address) and pair of ports. One port
is used for audio data, and the other is used for control (RTCP) packets.
This address and port information is distributed to the intended
participants.
Since members of the working group join and leave during the
conference, it is useful to know who is participating at any moment and
how well they are receiving the audio data. For that purpose, each
instances of the audio application in the conference periodically
multicasts a reception report plus the name of its user on the RTCP
(control) port. The reception report indicates how well the current
speaker is being received and may be used to control adaptive
If both audio and video media are used in a conference, they are
transmitted as separate RTP sessions. RTCP packets are transmitted
for each medium using two different UDP port pairs and/or multicast
addresses. There is no direct coupling at the RTP level between the
audio and video sessions, except that a user participating in both
sessions should use the same distinguished (canonical) name in the
RTCP packets for both, so that the sessions can be associated.
Now, consider the case where participants in one area are connected
through a low-speed link to the majority of the conference participants
who enjoy high-speed network access. Instead of forcing everyone to
use a lower-bandwidth, reduced-quality audio encoding, an RTP-level
relay called a mixer may be placed near the low-bandwidth area. This
mixer resynchronizes incoming audio packets to reconstruct the
constant 20 ms spacing generated by the sender, mixes these
reconstructed audio streams into a single stream, translates the audio
encoding to a lower-bandwidth one and forwards the lower-bandwidth
packet stream across the low-speed link. These packets might be
unicast to a single recipient or multicast on a different address to
multiple recipients. The RTP header includes a means for mixers to
identify the sources that contributed to a mixed packet so that correct
talker indication can be provided at the receivers.
Voice Video
RTP
UDP
IP
Network Interface
0 4 8 9 15 16 31
V P X CC M Payload Type Sequence Number
Timestamp
Where:
V (2 bit): version number.
P (1 bit): padding. If this bit is set, the packet contains one or more additional
padding octets at the end of the payload. The last octet of the padding contains
a count of how many padding octets should be ignored.
X (1 bit): extension bit. If set, the fixed header is followed by exactly one extension
header.
CC (4 bits): CSRC count. The number of CSRC identifiers in the header.
M (1 bit): marker. The interpretation of the marker is defined by a profile. It is
intended to allow significant events, such as frame boundaries to be marked in
the packet stream. For example, it is set to mark the end of a video frame, or the
beginning of a talk spurt.
Payload Type (7 bits): identifies the media type of the payload and the format of the
data, such as compression, encryption.
Sequence Number (16 bits): For the receiver to reorder the packets received and to
identify any packet loss. Note that some long data stream (e.g., a video frame)
maybe splitted into several packets. These packets all have the same
timestamp. Thus, sequence number is needed.
Timestamp (32 bits): timestamp of the first octet of data in the payload.
Synchronous source identifier (32 bits): unique identifier of the synchronization
source. This identifier is randomly chosen.
Contributing source identifier (32 bits): Identifiers of the contributing sources for the
payload contained in this packet. The number of identifiers is given in the CC field.
RTCP:
RR: Receiver report, for reception statistics from participants that are
not active senders.
Request = Request-Line
*( General-header
| Request header
| Entity header )
CRLF
[message body]
Put these three, RTP, RTCP and RTSP, together, we have the following
scenario.
Monitor Audio/RTP/UDP
Video/RTP/UDP
Client RTCP Media
Server
RTSP Request PAUSE
Speaker
RTSP Request PLAY
Audio/RTP/UDP
Video/RTP/UDP
RTCP
TELNET
Telnet
Telnet Application
Client
Server
User
Client Server
The client operating system provides the terminal driver and the TCP/IP
protocol. The user invokes and input to the Telnet client via the terminal
driver. The client Telnet then requests a TCP connection to the server.
9 J. Postel, J.K. Reynolds, “Telnet Protocol Specification,” RFC 854, May 1983.
The Telnet server deals with a terminal driver (or pseudo-terminal driver
in UNIX case). To the application program (e.g., login shell) at the
server, it is invoked by the terminal driver.
o NVT data bytes use seven-bit USA ASCII character set. The initial
bit is set to zero.
o Data bytes are sent a line at a time.
o Each line ends with an ASCII carriage return and line feed.
o Bytes with the high order bit set to 1 are command codes. For
example code 236 (decimal) is end-of-file, 243 (decimal) is break,
and 249 for go-ahead.
o It is a half duplex operation. After transmitting the data, the client
waits for the response from the server. The server sends its
response and then sends a go-ahead command to indicate that the
client can send another line of data.
o Telnet uses in-band signaling in both directions. The byte 255
decimal is called “interpreted as command” (IAC). The next byte is
the command byte.
Login: david
Password:
Last login: Fri Sep 3 11:31:20
TERM=vt100, PRINTER=1p
Data Representation
- Text file
- Non-text file
- Format control
File Structures
- File structure
- Record structure
- Page structure
Transmission Modes
- Stream mode
- Block mode
- Compresses
During the ftp process, actually, two TCP connections are established:
one for FTP command and reply, the other for data transfer. The
command and reply connection uses port number 20 and the other port
number 21. The user uses the control connection to login and to
request for file transfer. The data connection is then established to
transfer data from the server to the user.
10 J. Postel, J.K. Reynolds, “File Transfer Protocol,” RFC 959, Oct. 1985.
User
Interface
Name: david
Password: *******
ftp> binary
Type set to I
ftp> quit
Goodbye
Sun %
With the rapid growth of hosts and servers, the number of names of the
hosts and servers has increased dramatically. Currently, there are
millions of devices connected to the Internet. Each one requires a
name. With this huge number of names, a flat naming system can not
used. A hierarchical namespace is used. In addition, a decentralized
naming mechanism with delegated authority for parts of the namespace
and distributed responsibility of mapping between names and IP
address is used.
11 P.V. Mockapetris, “Domain names - implementation and specification,” RFC 1035, Nov.1987.
Root
Level 0
Level 1 edu
com gov zw
Level 3 ee cse ee
Level 4
Root
Server
Operation of DNS
Cache
Addition References
Cache
Domain Name System uses the service of UDP or TCP, with the port
number of 53. The format of the DNS messages is as following:
Bit
0 16 31
Identification Parameters
Number of question records Number of answer records
Number of authoritative records Number of additional records
Question section
Answer section
Authoritative section
Client Server
Request IP addr.
68 67 Config.
Response
BOOTP12,13
BOOTP is used by hosts (Clients) that require configuration parameters,
including IP addresses, at the bootstrap. Another protocol, RARP, is
also used for the diskless hosts to obtain the IP addresses. However,
there are two problems with RARP: (1) It only returns IP address, not
other configuration parameters, and (2) RARP relies on link layer
broadcast, its requests are not forwarded by routers, thus every network
will need a RARP server. BOOTP solves these two shortcomings.
where:
op =1 if the message is a request, =0 if it is a reply.
hop Hop count is set to zero by the host. Each proxy server increases hop count
by 1.
Transaction ID is set by the host and returned by the server. It is used to match a
response with the request.
Seconds elapsed is set by the host to the time since it started trying to bootstrap.
If the host already knows its IP address, it fills in the client IP address. Otherwise
the host set this to zero. In the latter case, the server fills in your IP address
field with the host’s IP address.
The server IP address is filled by the server.
If a proxy server is used, the proxy server fills in its gateway IP address.
The client hardware address is the host’s hardware address, such as Ethernet MAC
address.
The server name is filled by the server.
The boot filename is filled by the server. Once the host (client) receives the boot
filename, it uses TFTP to retrieve it.
The vendor specific area is used for various extensions to BOOTP and provides
additional parameters.
Options may be fixed length or variable length. All options begin with a
tag octet, which uniquely identifies the option. Fixed-length options
without data consist of only a tag octet. Only options 0 and 255 are
fixed length. All other options are variable-length with a length octet
following the tag octet. The value of the length octet does not include
the two octets specifying the tag and length. The length octet is
followed by "length" octets of data.
DHCP14,15
DHCP extends the capabilities of BOOTP, and has many
enhancements over BOOTP. It is easier to administer. It allows
automatic configuration of the client computers. It allows the client to
request for specific configuration parameter values. It adds new
message types that support more robust client/server interactions.
The DHCP message format is the same as that for BOOTP. The
exception is that the vendor specific area is renamed to options field
and the length of this field is a variable (instead of 64 bytes in BOOTP).
The DHCP message format is as following:
bit 0 7 8 15 23 31
op htype hlen (Hardware hop
(Hardware type) address length)
xid (Transaction ID)
Options (variable)
The 16-bit flag field is used by the client to request server to respond by
using broadcast instead of unicast. The DHCP request message
contains the client’s hardware address, a server normally send its
response to the client hardware address using unicast. The client can
set the leftmost bit of the flag to indicate that it requests the response be
sent using broadcast.
The options field in the DHCP Message can contain all the options
defined for the vendor specific area in the BOOTP message. In
addition, many new options have been defined. These new items all
use the same coding (tag, length, value).
2. There may be more than one DHCP servers. Each server may
respond with a DHCPOFFER message that offers an available
network address in the 'yiaddr' field and other configuration
parameters in DHCP options.
Host boots
Initialize
DHCPDISCOVER
DHCPNAK DHCPNAK
In this diagram, the messages in bold are sent by the client and the
messages in italic and underlined are those received by the client.
Activities in parentheses are the actions taken by the client.
The following figure shows how to select DHCP from windows network
configuration menu in control panel.
The following figure shows the window produced by winipcfg after the
host has been configured by DHCP.
HTTP16
Host w/ Server
Browser
HTTP request message
HEWLETT
PACKARD
Vectra
Office
TCP Connection
16. R. Fielding, et. al, Hypertext Transfer Protocol – HTTP/1.1, RFC2616, June 1999.
Host w/ Server
Browser HTTP Request HTTP Request
Inter-
Proxy
TCP Connection mediary TCP Connection
HEWLETT Vectra
PACKARD Office
Gateway
Inter-
TCP Connection mediary TCP Connection
HEWLETT Vectra
PACKARD Office
The proxy can be a firewall of a network, and the client is part of the
network. The proxy acts as a server in interacting with a client, and as a
client in interacting with a server. The proxy can also serve as an
intermediary if the client and the server are running different version of
HTTP. In this case, the proxy implements both versions and performs
the mapping.
The tunnel performs simply as a relay point for the two TCP
connections. The HTTP messages are unchanged. An example of a
tunnel is a firewall of a network which neither the client nor the server
belong to.
Request Line
General Header
Request Header
Entity Header
Entity Body
Status Line
General Header
Response Header
Entity Header
Entity Body
Where:
o Request Line: identifies the request method and the requested
resource.
o Status Line: provides status information about this response.
Examples are OK, forbidden.
o General Header: provides information that is applicable to both
request and response messages. Examples are cache
instructions, TCP connection.
o Request Header: provides information about the request and the
client. Examples are image types that the client can handle, if the
requested resource has been modified since some date then
send it.
o Response Header: provides information about the response.
The request line indicates the request method used. HTTP/1.1 defines
many request methods. Some of these methods are shown in the
following:
o GET: A request to retrieve a resource.
o HEAD: A request to the server to return only the headers, not the
entity body.
o POST: A request to the server to accept the attached block of
data as a new subordinate to the identified URI.
o PUT: A request to the server to accept the attached block of data
and stored it under the supplied URI.
o PATCH: Similar to PUT, except the entity contains a list of
differences from the original resource identified in the URI.
o COPY: A request to the server to copy a resource identified by the
URI in the Request Line to the location identified by the URI
Header field in the Entity Header.
o DELETE: A request to the server to delete the resource identified
by the URI in the Request Line.
o MOVE: A request to the server that the resource identified by the
URI in the Request Line be moved to the location identified in the
URI Header field in the Entity Header.
o OPTION: A request about the options available.
o TRACE: A request to the server to return whatever received as
the entity body in the response.
HTTP/1.1 200 OK
Server: xyz
Content-Loction: http://www.xyz.com/index.html
Date: Sun 05 Sep 1999 19:35:50 GMT
Content-Type: text/html
Accept-Ranges: bytes
Last-Modified: Sun 05 Sep 1999 13:25:30 GMT
Etag: “28esdf34fg:53sc”
Content-Length: 23527
<HTM>
<HEAD>
<TITLE> ….
MIB MIB
17 J. Case, et. al., Introduction to Version 2 of the Internet Standard Network Management
Framework, RFC 1441, April 1993.
D. Harrington, et. al., An Architecture for Describing Simple Network Management Protocol
(SNMP) Management Framework, RFC 3411, December 2002.
SNMP Protocol
SNMP protocol is an application layer protocol running over UDP/IP.
There are three versions of SNMP.
SNMPv118 was the first SNMP protocol introduced, and it is still
widely used. It defines “GetRequest”, “GetNextRequest”,
“GetResponse”, “SetRequest”, and “Trap” packets.
Variable Bindings
GetBulkRequest PDU
where
Version number— Version of the SNMP that is being used.
Community name— Serve as a weak form of authentication
because devices that do not know the proper community name
are precluded from SNMP operations
PDU type—Identifies the type of PDU transmitted
Request ID—An ID that associates SNMP requests with
responses.
Error status—Indicates one of a number of errors and error
types. Only the response operation sets this field. Other
operations set this field to zero.
Error index—Associates an error with a particular object
instance. Only the response operation sets this field. Other
operations set this field to zero.
Variable bindings—Serves as the data field of the SNMPv2
PDU. Each variable binding associates a particular object
instance with its current value (with the exception of Get and
GetNext requests, for which the value is ignored).
Non repeaters—Specifies the number of object instances in the
variable bindings field that should be retrieved no more than once
from the beginning of the request. This field is used when some of
the instances are scalar objects with only one variable.
21 ITU X.690, “Information technology - ASN.1 encoding rules: Specification of Basic Encoding
Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DE),” July
1994.
The length field is one or more bytes. If it is only one byte, the most
significant bit is zero, the remaining seven bits specifies the length of
the data. The following shows a single byte indicating the length of 5.
0 0 0 0 0 1 0 1
If it is more than one byte, the most significant bit must be 1. The
remaining seven bit of the first byte (the shaded area in the following
figure) specifies the number of bytes used to define the length. The
following shows two bytes are used to indicate the length of 263 bytes
for the data field.
1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 1 1
Root
3 org(3)
dod(6)
6
internet(1)
1
private(4)
4
directory(1) 1
2 mgmt(2)
3 experimental(3)
1 Enterprise(1)
mib-2(1)
1
system(1)
sysDescr (1) 1
1 interfaces(2) 2 3
6
Addr. ip(4) 4 5 7
Trans. (3) Icmp(5) tcp(6) udp(7)
2 3
sysObjectID (2)
sysUpTime(3)
In BER, there are two rules concerning the encoding of OID. The first
rule applies when encoding the first two numbers in the OID. According
to BER, the first two numbers of any OID (x.y) are encoded as one
value using the formula (40*x)+y. The first two numbers in an SNMP
OID are always 1.3. Therefore, the first two numbers of an SNMP OID
are encoded as 43 in decimal or 0x2B in hex, because (40*1)+3 = 43.
After the first two numbers are encoded, the subsequent numbers in the
OID are each encoded as a byte. However, another special rule is
required for large numbers. Large numbers may not be represented by
one byte. For example, the number 2680 cannot be encoded using a
single byte. The rule for encoding large numbers states that only the
lower 7 bits in the byte are used for holding the value (0-127). The
highest order bit is used as a flag to let the recipient know that this
number spans more than one byte. Therefore, any number over 127
must be encoded using more than one byte. According to this rule, the
number 2680 must be encoded 0x94 0x78. Since the most significant
bit is set in the first byte (0x94), the recipient knows to use the lower 7
bits from each byte (0x14 and 0x78) and decode the two bytes as (0x14
*128) + 0x78 = 2680.
An example is system group, which has OID of 1.3.6.1.2.1.1 and has
the following objects: sysDescr, sysObjectID, sysUpTime, sysContact,
etc. The syntax for the sysUpTime object is
sysUpTime OBJECT-TYPE
SYNTAX INTEGER
ACCESS read-only
STATUS mandatory
DESCRIPTION
“The time (in hundredths of a second) since the
network management portion of the system was last
re-initialized.”
::= {system 3}
It shows that the sysUpTime object has an integer value, the access is
read-only, and it is a mandatory object. This object is in the system
group.
Another example of a MIB group is ip, which has the OID of
1.3.6.1.2.1.4. This group is used to store information about the
transactions related to IP. The syntax for the ipInHdrErrors object is
ipInHdrErrors OBJECT-TYPE
SYNTAX Counter
ACCESS read-only
STATUS mandatory
DESCRIPTION
“The number of input datagrams discarded due to
errors in their IP headers, including bad checksums,
version number mismatch, other format errors, time-
to-live exceeded, errors discovered in processing their
IP options, etc.”
::= {ip4}
30 29 02 01 01
SEQUENCE length=41 INTEGER Length=1 version=2 (1 for vesion2)
04 06 07 75 62 6C 69 63
OCTETSTRING len=6 P u b l I c
A0 1C 02 04 05 AE 56 02
GetRequest len=28 INTEGER Len=4 -- request ID (4 char) --
02 01 00 02 01 00
INTEGER len=1 Status INTEGER Len=1 Error Index
30 0E 30 0C 06 08
SEQUENCE len=14 SEQUENCE Len=12 OBJECTID Len-8
2B 06 01 02 01 01 01 00
1.3 6 1 2 l I 1 0
05 00
NULL len=0
This string of message is encapsulated by UDP header and IP header,