2.

OSI and TCP/IP Models and Network Protocols

2.1.
2.1.1.OSI Open Systems Interconnect (OSI)
2.1.2.OSI describes a network architecture that enables data to be passed between computer systems
2.2.The Networking Models
2.2.1.Two models are commonly referenced for networking OSI model and TCP/IP model
2.2.2.Both models offer a framework, theoretical and actual, for how networking is implemented.
2.2.3.The OSI Seven-Layer Model
2.2.3.1.Figure 2.1 The OSI seven-layer model

2.2.3.2.function of layers
2.2.3.2.1.Physical Layer (Layer 1)
2.2.3.2.2.Data Link Layer (Layer 2)
2.2.3.2.3.Network Layer (Layer 3)
2.2.3.2.4.Transport Layer (Layer 4)
2.2.3.2.5.Session Layer (Layer 5)
2.2.3.2.6.Presentation Layer (Layer 6)
2.2.3.2.7.Application Layer (Layer 7)
2.2.3.3.OSI Model Summary
2.2.3.3.1.Table 2.1 OSI Model Summary

2.2.4.The TCP/IP Four-Layer Model
2.2.4.1.TCP/IP predates OSI
2.2.4.2.Figure 2.2 The TCP/IP model compared to the OSI model

2.2.4.3.function of layers
2.2.4.3.1.Network Interface layer
2.2.4.3.1.1.aka Network Access or Link layer
2.2.4.3.1.2.this is where Ethernet, FDDI, or any other physical technology can run
2.2.4.3.2.Internet layer
2.2.4.3.2.1.this is where IP runs (along with ICMP, ARP, and others)
2.2.4.3.3.Transport layer
2.2.4.3.3.1.this is where TCP and its counterpart UDP operates
2.2.4.3.4.Application layer
2.2.4.3.4.1.this layer enables any number of protocols to be plugged in, such s HTTP, SMTP, SNMP, DNS, and many others.
2.2.4.4.Identifying the OSI Layers at Which Various Network Components Operate
2.2.4.4.1.Table 2.2 Mapping Network Devices to the OSI Model

2.3.Protocols
2.3.1.
2.3.1.1.protocol
2.3.1.2.RFC
2.3.2.Connection-Oriented Protocols Versus Connectionless Protocols
2.3.3.Internet Protocol (IP)
2.3.3.1.defined in RFC 791
2.3.3.2.is connectionless
2.3.3.3.to ensure that transmissions sent via IP are completed, a higher-level protocol such as TCP is required
2.3.3.4.functions
2.3.3.4.1.providing best effort delivery
2.3.3.4.2.performs fragmentation and reassembly tasks for network transmissions because maximum transmission unit (MTU)
size is limited in IP
2.3.3.4.3.addressing
2.3.4.Transmission Control Protocol (TCP)
2.3.4.1.
2.3.4.2.How TCP works
2.3.4.3.
2.3.5.User Datagram Protocol (UDP)
2.3.6.File Transfer Protocol (FTP)
2.3.6.1.provides for the uploading and downloading of files from a remote host running FTP server software
2.3.6.2.also enables you to view the contents of folders on an FTP server and rename and delete files and directories if you have the
necessary permissions.
2.3.6.3.defined in RFC 959
2.3.6.4.uses TCP as a transport protocol to guarantee delivery of packets
2.3.6.5.has security mechanism to authenticate users rather than creating a user account for every user, FTP server software can also
accept anonymous logons
2.3.6.6.popular mechanism for distributing files to general public and sharing of files in organizations over networks such as internet
2.3.6.7.examples of third-party utilities CuteFTP, SmartFTP
2.3.6.8.transfer mode
2.3.6.8.1.FTP assumes that files are uploaded or downloaded are straight text (that is, ASCII) files. If files are not text, which is
likely, the transfer mode must be changed to binary
2.3.6.8.2.sophisticated FTP clients like CuteFTP switch transfer modes automatically
2.3.6.9.Table 2.3 Commonly Used FTP Commands in case of a command-line FTP client

2.3.7.Secure File Transfer Protocol (SFTP)
2.3.7.1.One of the problems with FTP
2.3.7.1.1.considered insecure
2.3.7.1.2.susceptible to simple hacking approaches
2.3.7.1.3.transmits data between sender and receiver in an unencrypted format
2.3.7.2.based on Secure Shell (SSH) technology
2.3.7.3.provides encryption capabilities
2.3.7.4.implemented through client and server software available for all commonly used computing platforms
2.3.8.Trivial File Transfer Protocol (TFTP)
2.3.8.1.a variation on FTP
2.3.8.2.does not have security capability or the level of functionality that FTP has
2.3.8.3.defined in RFC 1350
2.3.8.4.most often associated with simple downloads, such as those associated with transferring firmware to a device such as router
and booting diskless workstations
2.3.8.5.does not offer directory navigation requires that you request not only exactly what you want but also the particular location
2.3.8.6.uses UDP
2.3.9.Simple Mail Transfer Protocol (SMTP)
2.3.9.1.defined in RFC 821
2.3.9.2.is a protocol that defines how mail messages are sent between hosts
2.3.9.3.uses TCP connections to guarantee error-free delivery of messages
2.3.9.4.is not overly sophisticated and requires that the destination host always be available for this reason mail systems spool
incoming mail so that users can read it later hoe the user then reads the mail depends on how the client accesses the SMTP
server
2.3.9.5.difference between SMTP, POP3, IMAP4
2.3.9.5.1.SMTP can be used to both send receive mail
2.3.9.5.2.Post Office Protocol version 3 (POP3) and Internet Message Access Protocol version 4 (IMAP4) can be used only to
receive mail
2.3.10. Hypertext Transfer Protocol (HTTP)
2.3.10.1. defined in RFC 2068
2.3.10.2. is the protocol that enables text, graphics, multimedia, and other material to be downloaded from an HTTP server
2.3.10.3. defines what actions can be requested by clients and how servers should answer those requests
2.3.10.4. practical implementation HTTP clients (web browsers) make requests in an HTTP format to servers running HTTP server
applications (web servers), files created in a special language such as Hypertext Markup Language (HTML) are returned to the
client, and connection is closed
2.3.10.5. uses a uniform resource locator (URL) to determine what page should be downloaded from the remote server
2.3.10.6. URL (for example, http://www.microsoft.com/support) contains
2.3.10.6.1. type of request (for example, http://)
2.3.10.6.2. name of server contacted (for example, www.microsoft.com)
2.3.10.6.3. optionally the page requested (for example, /support)
2.3.11. Hypertext Transfer Protocol Secure (HTTPS)
2.3.11.1. HTTP requests are sent in clear text for some applications, such as e-commerce, this method to exchange information is
unsuitable
2.3.11.2. HTTPS uses a system known as Secure Socket Layer (SSL), which encrypts the information sent between the client and
host
2.3.11.3. For HTTPS to be used, both the client and server must support it all popular browsers now support HTTPS, as do web
server products, such as Microsoft Internet Information Services (IIS), Apache, and almost other web server applications that
provide sensitive applications
2.3.11.4. When you access an application that uses HTTPS, the URL start with https example https://www.mybankonline.com
2.3.12. Post Office Protocol Version 3/Internet Message Access Protocol Version 4 (POP3/IMAP4)
2.3.12.1. POP3 defined in RFC 1939
2.3.12.2. IMAP4 defined in RFC 1731
2.3.12.3. both are mechanism for downloading, or pulling, email from a server
2.3.12.3.1. although the mail is transported around network via SMTP, users cannot always immediately read it, so it must be
stored in a central location. From this location, it needs to be downloaded or retrieved, which is what POP3 and IMAP4
are required for
2.3.12.3.2. examples of POP3 and IMAP4 clients Microsoft Outlook, Netscape Navigator, Eudora, etc
2.3.12.3.3. One of the problems with POP3 password used to access a mailbox is transmitted across the network in clear text
2.3.12.3.4. IMAP4 uses a more sophisticated authentication system
2.3.12.4. internet based mail accessing system are anytime/anywhere solution
2.3.13. Telnet
2.3.13.1. defined in RFC 854
2.3.13.2. is a virtual terminal protocol
2.3.13.3. enables sessions to be opened on a remote host, and then commands can be executed on that remote host
2.3.13.4. uses
2.3.13.4.1. earlier clients used to access multiuser systems such as mainframes and minicomputers was also connection
method choice or UNIX systems
2.3.13.4.2. today commonly used to access routers and other managed network devices
2.3.13.5. one of the problems telnet is not secure
2.3.13.6. solution SSH
2.3.14. Secure Shell (SSH)
2.3.14.1. a secure alternative to Telnet
2.3.14.2. provides security by encrypting data as it travels between systems
2.3.14.3. provides more robust authentication systems than Telnet
2.3.14.4. two versions of SSH SSH1 and SSH2
2.3.14.4.1. SSH2 is considered more secure
2.3.14.4.2. two versions are incompatible if you use an SSH client program, the server implementation of SSH that you connect
to must be the same version
2.3.14.5. Although SSH, like Telnet, is associated primarily with UNIX and Linux systems, implementations of SSH are available for
all commonly used computing platforms, including Windows and Macintosh
2.3.14.6. SSH is foundational technology for Secure File Transfer Protocol (SFTP)
2.3.15. Internet Control Message Protocol (ICMP)
2.3.15.1. defined in RFC 792
2.3.15.2. is a protocol that works with the IP layer to provide error checking and reporting functionality is a tool that IP uses in its
quest to provide best-effort delivery
2.3.15.3. functions
2.3.15.3.1. most common function widely used and incredibly useful ping utility ping can send a stream of ICMP echo
requests to a remote host, if the host can respond, it does so by sending echo reply messages back to the sending host
enables the verification of the protocol suite configuration of both sending and receiving nodes and any intermediate
network
2.3.15.3.2. ICMP can return error messages such as Destination unreachable (this message is reported when a destination cannot
be contacted) and Time exceeded (this message is reported when the Time To Live (TTL) of a datagram has been
exceeded)
2.3.15.3.3. ICMP performs source quench in a source quench scenario, the receiving host cannot handle the influx of data at the
same rate as the data is sent. To slow down the sending host, the receiving host sends a ICMP source quench messages,
telling the sender to slow down. This action prevents packets from dropping and having to be re-sent.
2.3.16. Address Resolution Protocol (ARP)/Reverse Address Resolution Protocol (RARP)
2.3.16.1. ARP
2.3.16.1.1. defined in RFC 826
2.3.16.1.2. responsible for resolving IP addresses to Media Access Control (MAC) addresses
2.3.16.1.3. ARP process
2.3.16.1.3.1. When a system attempts to contact another host, IP first determines whether the other host is on the same
network it is on by looking at the IP address.
2.3.16.1.3.2. If the IP determines that the destination is on the local network, it consults the ARP cache to see whether it has a
corresponding entry.
2.3.16.1.3.3. ARP cache The ARP cache is a table on the local system that stores mappings between data link layer
addresses (the MAC address or physical address) and network layer addresses (IP addresses). Following is a sample
of the ARP cache

2.3.16.1.3.4. If the ARP cache doesnt have an entry for the host, a broadcast on the local network asks the host with the target
to send back its MAC address. The communication is sent as a broadcast because without the target systems MAC
address, the source system cannot communicate directly with the target system. Because the communication is a
broadcast, every system on the network picks it up. However, only the target system replies because it is the only
device whose IP address matches the request. The target system, recognizing that the ARP request is targeted at it,
replies directly to the source system. It can do this because the ARP request contain the MAC address of the system
that sent it.
2.3.16.1.3.5. If the destination host is determined to be on a different subnet than the sending host, the ARP process is
performed against the default gateway and then repeated for each step of the journey between the sending and the
requesting host
2.3.16.1.4. Table 2.4 Commonly Used arp Command Switches

2.3.16.1.5. When you work with the ARP cache, you can dynamically or statically make entries
2.3.16.1.5.1. Dynamic
2.3.16.1.5.1.1. With dynamic entries, the ARP cache is automatically updated. The ARP cache is maintained with no
intervention from the user.
2.3.16.1.5.1.2. Dynamic entries are the ones most used
2.3.16.1.5.2. Static
2.3.16.1.5.2.1. Static entries are configured manually using the arp s command.
2.3.16.1.5.2.2. The static entry becomes a permanent addition to the ARP cache until it is removed using the arp d
command
2.3.16.2. RARP
2.3.16.2.1. it performs the same function as ARP, but in reverse it resolves MAC addresses to IP addresses
2.3.16.2.2. it makes it possible for applications or systems to learn their own IP address from a router or Domain Name Service
(DNS) server such a resolution is useful for tasks such as performing reverse lookups in DNS
2.3.16.2.3. is defined in RFC 903
2.3.16.3. Do not confuse ARP with DNS or WINS, which also perform resolution functions, but for different things
2.3.17. Network Time Protocol (NTP)
2.3.17.1. defined in RFC 958
2.3.17.2. is the part of the TCP/IP protocol suite that facilitates the communication of time between systems
2.3.17.3. one system configured as a time provider transmits time information to other systems that can be both time receivers and
time providers for other systems.
2.3.17.4. importance of time synchronization
2.3.17.4.1. Time synchronization is important in todays IT environment because of the distributed nature of applications.
2.3.17.4.2. two examples of situations in which time synchronization is important are
2.3.17.4.2.1. email and directory services systems
2.3.17.4.2.2. in each of these cases, having time synchronized between devices is important because without it there would be
no way to keep track of changes to data and applications
2.3.17.5. In many environments, external time sources such as radio clocks, global positioning system (GPS) devices, and Internet-
based time servers are used as sources of NTP time. In others systems BIOS clock is used. Regardless of what source is used,
the time information is communicated between devices by using NTP
2.3.17.6. NTP server and client software is available for a wide variety of platforms and devices if you want a way to ensure time
synchronization between devices, look to NTP as a solution
2.3.18. Network News Transfer Protocol (NNTP)
2.3.18.1. is a protocol associated with posting and retrieving messages to and from newsgroup
2.3.18.2. newsgroup is a discussion forum hosted on remote system
2.3.18.3. by using NNTP client software, like that included with many common email clients, users can post, reply to, and retrieve
messages
2.3.18.4. distinction between web-based discussion forums and NNTP newsgroups
2.3.18.4.1. in case of NNTP newsgroup messages are retrieved from the server to be read
2.3.18.4.2. in case of web-based discussion forum, the messages are not downloaded they are simply viewed from a remote
location.
2.3.18.5. is defined in RFC 977
2.3.18.6. is an application layer protocol that uses TCP as its transport mechanism
2.3.19. Secure Copy Protocol (SCP)
2.3.19.1. is another protocol based on SSH technology
2.3.19.2. provides a secure means to copy files between systems on a network
2.3.19.3. by using SSH technology, it encrypts data as it travels across the network, thereby securing it from eavesdropping
2.3.19.4. is intended as a more secure substitute for Remote Copy Protocol (RCP)
2.3.19.5. available as a command-line utility, or as part of application software for most commonly used computing platforms
2.3.20. Lightweight Directory Access Protocol (LDAP)
2.3.20.1. is a protocol that provides a mechanism to access and query directory services systems
2.3.20.2. examples of directory services systems Novell Directory Services (NDS) and Microsofts Active Directory
2.3.20.3. Although LDAP supports command-line queries executed directly against the directory database, most LDAP interactions
are via utilities such as an authentication program (network logon) or locating a resource in the directory through a search
utility
2.3.21. Internet Group Management Protocol (IGMP)
2.3.21.1. is the protocol within the TCP/IP protocol suite that manages multicast groups
2.3.21.2. for example, it enables one computer on the Internet to target content to a specific group of computers that will receive
content from the sending system
2.3.21.3. Multicasting
2.3.21.3.1. is a mechanism by which groups of network devices can send and receive data between the members of the group at
one time, instead of separately sending messages to each device in the group
2.3.21.3.2. The multicasting grouping is established by each device configured with the same multicast IP address. These
multicast IP addresses are from the IPv4 Class D range, including 224.0.0.0 to 239.255.255.255 address ranges
2.3.21.4. IGMP is used to register devices into a multicast group, as well as to discover what other devices on the network are
members of the same multicast group
2.3.21.5. Common applications for multicasting include groups of routers on an inter-network and videoconferencing clients
2.3.22. Transport Layer Security (TLS)
2.3.22.1. is a security protocol designed to ensure privacy between communicating client/server applications
2.3.22.2. When a server and client communicate, TLS ensures that no one can eavesdrop and intercept or otherwise tamper with the
data message
2.3.22.3. TLS is successor to SSL
2.3.22.4. TLS is composed of two layers
2.3.22.4.1. TLS record protocol uses a reliable transport protocol such as TCP and ensures that the connection mage between
systems is private using data encryption
2.3.22.4.2. TLS handshake protocol used for authentication between the client and server
2.3.23. Session Initiation Protocol (SIP)/Real-Time Transport Protocol (RTP)
2.3.23.1. VoIP
2.3.23.1.1. VoIP technology enables regular voice conversation to occur by traveling through IP packets and via the Internet
2.3.23.1.2. avoids high cost of regular phone calls by using the existing infrastructure of the Internet No monthly bills or
expensive long-distance charges are required
2.3.23.1.3. Two of the protocols used by VoIP
2.3.23.1.4. SIP
2.3.23.1.4.1. is an application layer protocol designed to establish and maintain multimedia sessions, such as Internet
telephony calls
2.3.23.1.4.2. can create communication sessions for audio/videoconferencing, online gaming, and person-to-person
conversations over the Internet
2.3.23.1.4.3. SIP does not operate alone it uses TCP or UDP as a transport protocol
2.3.23.1.5. RTP
2.3.23.1.5.1. is the Internet-standard protocol for the transport of real-time data, including audio and video
2.3.23.1.5.2. can use either TCP or UDP as transport mechanism. However, UDP is used more often because applications
using RTP are less sensitive to packet loss but typically sensitive to delays, and also UDP is faster because packet
delivery is not guaranteed
2.3.23.1.5.3. RTP is often used with VoIP VoIP data packet live in RTP packets, which are inside UDP-IP packets
2.3.23.1.5.4. RTP has two parts data part and control part
2.3.23.1.5.4.1. data part supports applications with real-time properties such as continuous media (such as audio and
video), including timing reconstruction, loss detection, security, and content identification
2.3.23.1.5.4.2. control part (RTCP) supports real-time conferencing of groups of any size within an internet
2.3.24. TCP/IP Protocol Suite Summary
2.3.24.1. Table 2.5 TCP/IP Protocol Suite Summary


2.4.Domain Name Service (DNS)
2.4.1.Function of DNS on TCP/IP-based networks it resolves hostnames (such as www.quepublishing.com) to IP addresses (such as
209.202.161.67) such a resolution makes it possible for people to remember the names of and refer to frequently used hosts using
easy-to-remember hostnames rather then hard-to-remember IP addresses.
2.4.2.Like other TCP/IP-based services, DNS is a platform-independent protocol.
2.4.3.HOSTS file
2.4.3.1.earlier network used a text file called HOSTS to perform name resolution
2.4.3.2.HOSTS file was regularly updated with changes and distributed to other servers
2.4.3.3.sample of some entries from HOSTS file
2.4.3.3.1.

2.4.3.3.2.comments are preceded by a hash (#) symbol
2.4.3.3.3.in first entry
2.4.3.3.3.1.192.168.3.45 IP address
2.4.3.3.3.2.server1 name of the host
2.4.3.3.3.3.s1 alias of the name of host
2.4.3.4.as the network was growing, such a method was both cumbersome and prone to error, so DNS came into existence as solution
2.4.3.5.HOSTS file resolution is still supported by most platforms. If you need to resolve just a few hosts that will not change often or
at all, you can still use the HOSTS file for this
2.4.4.name servers
2.4.4.1.DNS solves the problem of name resolution by offering resolution through servers configured to act as name servers
2.4.4.2.name servers run DNS server software, which enables them to receive, process, and reply to requests from systems that want
to resolve hostnames to IP addresses.
2.4.4.3.resolvers (or DNS clients) systems that ask DNS servers for a hostname-to-IP address mapping
2.4.5.Figure 2.3 The DNS resolution process

2.4.6.DNS relay request
2.4.6.1.Because DNS namespace is large, a single server cannot hold all the records for the entire namespace. As a result, there is a
good chance that a given DNS server might not resolve the request for a certain entry. In this case, the DNS server asks
another DNS server if it has an entry for the host.
2.4.7.Dynamic DNS (DDNS)
2.4.7.1.One of the problems with DNS is that, despite all its automatic resolution capabilities, entries and changes to those entries
must still be manually performed.
2.4.7.2.A strategy to solve this problem is to use Dynamic DNS (DDNS), a newer system that enables hosts to be dynamically
registered with DNS server. By making changes in real time to hostnames, addresses, related information, there is less
likelihood of not finding a server or site that has been recently added or changed
2.4.8.The DNS Namespace
2.4.8.1.DNS operates in the DNS namespace
2.4.8.2.This space has logical divisions hierarchically organized
2.4.8.2.1.At the top level are domains such as .com (commercial) and .edu (education), as well as domains for countries, such as
.uk (United Kingdom) and .de (Germany)
2.4.8.2.2.Below the top level are subdomains or second-level domains associated with organizations or commercial companies
such as Red Hat and Microsoft
2.4.8.2.3.Within these domains, hosts or other subdomains can be assigned
2.4.8.2.4.example server ftp.redhat.com would be in the redhat.com domain
2.4.8.2.5.Figure 2.4 A DNS hierarchical namespace

2.4.8.2.6.Fully qualified domain name (FQDN)
2.4.8.2.6.1.The domain name, along with any subdomains, is called the FQDN because it includes all the components fro m
the top of the DNS namespace to the host.
2.4.8.2.6.2.For this reason many people refer to DNS as resolving FQDNs to IP addresses.
2.4.8.2.6.3.example of an FQDN www.comptia.org www is the host, comptia is the second-level domain, and .org is the
top-level domain
2.4.8.2.7.
2.4.8.2.7.1.The lower domains are largely open to use in whatever way the domain name holder sees fit. How ever, the top-
level domains are relatively closely controlled.
2.4.8.2.7.2.Table 2.6 Selected Top-Level Domains in the DNS Namespace


2.4.8.2.8.Reverse Lookup
2.4.8.2.8.1.Although the primary function of DNS is to resolve hostnames to IP addresses, you can also have DNS perform IP
address-to-hostname resolution. This process is called reverse lookup, which is accomplished by using pointer
(PTR) records.
2.4.8.3.Types of DNS Entries
2.4.8.3.1.most common entry in a DNS database is
2.4.8.3.1.1.A (address) record maps a hostname to an IP address
2.4.8.3.2.DNS can hold numerous other types of entries as well
2.4.8.3.2.1.MX record - which can map entries that correspond to mail exchanger systems
2.4.8.3.2.2.CNAME (canonical record name) which can create alias records for a system
2.4.8.3.3.A system can have an A record and then multiple CNAME entries for its aliases
2.4.8.3.4.A DNS table with all these types of entries might look like this:
rather than map to an actual IP address, the
CNAME and MX record entries map to another host, which DNS in turn can resolve to an IP address
2.4.8.4.DNS Records
2.4.8.4.1.DNS resource records - each DNS name server maintains information about its zone, or domain, in a series of records,
known as DNS resource records
2.4.8.4.2.There are several DNS resource records; each contains information about the DNS domain and the systems within it.
These records are text entries stored on the DNS server.
2.4.8.4.3.Some of the DNS resource records include the following:
2.4.8.4.3.1.Start of Authority (SOA)
2.4.8.4.3.1.1.A record of information containing data on DNS zones and other DNS records
2.4.8.4.3.1.2.A DNS zone is the part of a domain for which an individual DNS server is responsible
2.4.8.4.3.1.3.Each zone contains a single SOA record
2.4.8.4.3.2.Name Server (NS)
2.4.8.4.3.2.1.sores information that identifies the name server in the domain that store information for that domain
2.4.8.4.3.3.Canonical Name (CNAME)
2.4.8.4.3.3.1.Stores additional hostnames, or aliases, for hosts in the domain.
2.4.8.4.3.3.2.A CNAME specifies an alias or nickname for a canonical hostname record in a domain name service (DNS)
database
2.4.8.4.3.3.3.CNAME records give a single computer multiple names (aliases)
2.4.8.4.3.4.Pointer (PTR)
2.4.8.4.3.4.1.A pointer to the canonical name, which is used to perform a reverse DNS lookup, in which case the name is
returned when the query originates with an IP address
2.4.8.4.3.5.IPv6 Address (AAAA)
2.4.8.4.3.5.1.Stores information for IPv6 (128-bit) addresses.
2.4.8.4.3.5.2.It is most commonly used to map hostnames to an IP address for a host
2.4.8.4.3.6.Mail Exchange (MX)
2.4.8.4.3.6.1.Stores information about where mail for the domain should be delivered
2.4.8.5.DNS in a Practical Implementation
2.4.8.6.Windows Internet Name Service (WINS)
2.4.8.6.1.On Windows networks, WINS can be used to enable Network Basic Input/Output System (NetBIOS) names to be
resolved to IP addresses
2.4.8.6.2.NetBIOS name resolution can be performed in three ways on a network
2.4.8.6.2.1.using WINS server on the network
2.4.8.6.2.2.using an LMHOSTS file
2.4.8.6.2.3.using broadcasts
2.5.Simple Network Management Protocol (SNMP)
2.5.1.SNMP enables
2.5.1.1.network devices to communicate information about their state to a central system
2.5.1.2.the central system to pass configuration parameters to the devices
2.5.2.Components of SNMP
2.5.2.1.In an SNMP configuration
2.5.2.1.1.a central system known as a manager acts as the central communication point for all the SNMP-enabled devices on the
network
2.5.2.1.2.on each device to be managed and monitored via SNMP, software called an SNMP agent is set up and configured with
the managers IP address
2.5.2.2.Depending on the configuration, the SNMP manager then communicates with and retrieves information from devices running
the SNMP agent software
2.5.2.3.The agent can communicate the occurrence of certain events to the SNMP manager as they happen. These messages are
known as traps
2.5.2.4.Figure 2.6 How SNMP works

2.5.3.SNMP Management Systems
2.5.3.1.An SNMP management system is a computer running a special piece of software called a Network Management System
(NMS)
2.5.3.2.
2.5.3.3.some people call SNMP managers or NMSs trap managers. This reference is misleading, however, because NMS can do more
than just accept trap messages from agents
2.5.3.4.
2.5.4.SNMP Agents
2.5.4.1.Although the SNMP manager resides on a PC, each device that is part of the SNMP structure also needs to have SNMP
functionality enabled. This is performed through a software component called an agent
2.5.4.2.An SNMP agent can be any device that can run a small software component that facilitates communication with an SNMP
manager
2.5.4.3.
2.5.5.Management Information Bases (MIBs)
2.5.6.SNMP Communities
2.5.7.SNMPv3
2.5.7.1.difference from SNMPv1 and SNMPv2
2.5.7.1.1.SNMPv3 supports authentication and encryption
2.6.Dynamic Host Configuration Protocol (DHCP)
2.6.1.defined in RFC 2131
2.6.2.enables ranges of IP addresses, known as scopes, to be defined on a system running a DHCP server application
2.6.3.When another system configured as a DHCP client is initialized, it asks the server for an address. If all things are as they should be,
the server assigns an address from the scope to the client for a predetermined amount of time, known as the lease
2.6.4.lease renewing and expiration
2.6.4.1.At various points during the lease (normally the 50% and 85% points), the client attempts to renew the lease from the server.
If the server cannot perform a renewal, the lease expires at 100 percent, and the client stops using the address
2.6.5.In addition to an IP address and the subnet mask, the DHCP server can supply many other pieces of information; exactly what can
be provided depends on the DHCP server implementation. In addition to the address information, default gateway is often supplied
along with DNS information
2.6.6.reservation and exclusion
2.6.6.1.In addition to having DHCP supply a random address from the scope, administrator can configure it to supply a specific
address to a client. Such an arrangement is known as reservation. Reservations are a means by which you can still use DHCP
for a system but at the system time guarantee that it always has the same IP address.
2.6.6.2.DHCP can also be configured for exclusions. In this scenario, certain IP addresses are not given out to client systems.
2.6.7.Advantages
2.6.7.1.administrators do not need to manually configure each system
2.6.7.2.human error such as the assignment of duplicate IP addresses is eliminated
2.6.7.3.DHCP removes the need to reconfigure systems if they move from one subnet to another, or if you decide to nake a wholesale
change in the IP addressing structure
2.6.7.4.From an administrative perspective, after initial configuration, DHCP is about as maintenance-free as a service can get, with
only occasional monitoring normally required
2.6.8.Downside
2.6.8.1.DHCP traffic is broadcast-based and thus generates network traffic-albeit a small amount
2.6.8.2.DHCP server software must be installed and configured on a server, which can place additional processor load (though
minimal) on that system
2.6.9.The DHCP Process
2.6.9.1.When a system configured to use DHCP comes on the network, it broadcasts a special packet that looks for a DHCP server.
This packet is known as DHCPDISCOVER packet
2.6.9.2.The DHCP server, which is always on the lookout for DHCPDISCOVER packet, picks up the packet and compares the
request with scopes it has defined. If it finds that it has a scope for the network from which the packet originated, it chooses an
address from the scope, reserves it, and sends the address, along with any other information, such as the lease duration, to the
client. This is known as DHCPOFFER packet. Because the client still does not have an IP address, this communication is also
achieved via broadcast.
2.6.9.3.When the client receives the offer, it looks at the offer to determine if it is suitable.
2.6.9.4.If more than one offer is received, which can happen more than one DHCP server is configured, the offers are compared to
see which is best. Best in this context can involve a variety of criteria but normally is the length of the lease.
2.6.9.5.When the selection process completes, the client notifies the server that the offer has been accepted, through a packet called a
DHCPREQUEST packet.
2.6.9.6.At this point the server finalizes the offer and sends the client an acknowledgement. This last message, which is sent as a
broadcast, is known as a DHCPACK packet.
2.6.9.7.After the client system receives the DHCPACK, it initializes the TCP/IP suite and can communicate on the network
2.6.10. DHCP and DNS Suffixes
2.6.10.1. In DNS, suffixes define the DNS servers to be used and the order in which to use them
2.6.10.2. DHCP settings can push a domain suffix search list to DNS clients
2.6.10.3. When such a list is specifically given to a client, the client uses only that list for name resolution
2.6.10.4. In Linux clients, this can occur by specifying entries in the resolve.conf file