Sunteți pe pagina 1din 91
UNIVERSITY INSTITUTE OF ENGINEERING COMPUTER SCIENCE AND ENGINEERING Bachelor of Engineering (Computer Science &

UNIVERSITY INSTITUTE OF ENGINEERING

COMPUTER SCIENCE AND ENGINEERING

Bachelor of Engineering (Computer Science & Engineering)

Simple Network Protocols

Code: CSC-424

Secured Network Protocols CSC-424/ CCC-424

Secured Network Protocols

CSC-424/ CCC-424

Secured Network Protocols CSC-424/ CCC-424
Associated Program Outcome I. Po1 Graduates will evolve as effective professionals by solving real life

Associated Program Outcome

I. Po1 Graduates will evolve as effective professionals by solving real life problems using computer science knowledge along with focus on team work, effective communication, divergent thinking and problem solving skills.

II.PO 2 Graduates with their agility would readily adapt to changing environments by having learnt new and upcoming technologies.

Course Outcome

CO1 — Knowledge of different protocols and security loopholes

CO 2 — Network Security technologies and protocols

CO1 — Knowledge of different protocols and security loopholes CO 2 — Network Security technologies and
Contents S.No. Item Page No. 4.1 Important Definitions 4-1 4.2 ISO Layer Protocols 4-2 4.3

Contents

S.No.

Item

Page No.

4.1

Important Definitions

4-1

4.2

ISO Layer Protocols

4-2

4.3

TCP/IP

4-2

4.4

HTTP

4-2

4.5

SHTTP

4-2

4.6

LDAP

4-2

4.7

MIME

4-3

4.8

POP

4-3

4.9

POP3

4-3

4.10

IMAP

4-3

4.11

RMON

4-3

4.12

SNTP

4-4

4.13

SNMP

4-4

4.14

RPC protocols

4-4

4.15

ITOT

4-4

4.16

RDP

4-4

4.17

RUDP

4-5

4.18

TALI

4-5

4.19

TCP

4-5

4.20

UDP

4-5

4-4 4.16 RDP 4-4 4.17 RUDP 4-5 4.18 TALI 4-5 4.19 TCP 4-5 4.20 UDP 4-5
S.No. Item Page No. 4.21 Compressed TCP 4-5 4.22 Routing protocols 4-6 4.23 Border gateway

S.No.

Item

Page No.

4.21 Compressed TCP

4-5

4.22 Routing protocols

4-6

4.23 Border gateway protocol

4-6

4.24 Storage Area Network and SAN Protocols

4-16

4.25 FDMA

4-17

4.26 Mobile IP

4-19

4.27 Resource Reservation Protocol

4-21

4.28 BGMP

4-21

4.29 IGMP

4-21

4.30 AAA Protocols

4-22

4.31 Tunneling Protocols

4-22

4.32 PPTP: Point-to-Point Tunnel-ing Protocol

4-23

4.33 GRE- Generic Routing Encapsulation

4-23

4.34 IPSEC – Security architecture for IP

4-24

4.35 IPSECIKE

4-24

4.36 Denial-of-Service Attacks

4-25

4.37 IPsec VPN

4-28

4.38 IEEE 802.16

4-28

4.39 Important /fundamentals/ Theorems/Packet Formats

4-30

4.40 Important statements

4-70

4.41 Important contents beyond syllabus

4-75

4.42 Any other important information (Important questions)

4-80

4.41 Important contents beyond syllabus 4-75 4.42 Any other important information (Important questions) 4-80
Syllabus UNIT-I OSI: ISO Layer Protocols:-Application Layer Protocols-TCP/IP, HTTP, SHTTP, LDAP, MIME, POP &

Syllabus

UNIT-I OSI: ISO Layer Protocols:-Application Layer Protocols-TCP/IP, HTTP, SHTTP, LDAP, MIME, POP &

POP3-RMON-SNTP-SNMP.

Presentation Layer Protocols: Light Weight Presentation Protocol Session layer protocols –RPC protocols-transport layer protocols- TOT, RDP, RUDP, TALI, TCP/UDP, compressed TCP. Network layer Protocols: routing protocols-border gateway protocol-exterior gateway protocol- internet protocol IPv4- IPv6- Internet Message Control Protocol- IRDP- Transport Layer Security- TSL-SSL-DTLS.

UNIT-II Data Link layer Protocol: ARP – IPCP – IPv6CP – RARP – SLIP .Wide Area Network Protocols- ATM protocols – Broadband Protocols – Point to Point Protocols – Other WAN Protocols- security issues. Local Area Network and LAN Protocols: ETHERNET Protocols – VLAN protocols – Wireless LAN Protocols – Metropolitan Area Network Protocol – Storage Area Network and SAN Protocols - FDMA, WIFI and WIMAX Protocols- security issues. Mobile IP – Mobile Support Protocol for IPv4 and IPv6 – Resource Reservation Protocol. Multi-casting Protocol: VGMP – IGMP – MSDP.

UNIT-III Network Security and Technologies and Protocols: AAA Protocols – Tunneling Protocols – Secured Routing Protocols – GRE- Generic Routing Encapsulation – IPSEC – Security architecture for IP – IPSECAH – Authentication Header – ESP – IKE – ISAKMP and Key management Protocol. IEEE 802.11 - Structure of 802.11 MAC – WEP- Problems with WEP – Attacks and Risk- Station security – Access point Security – Gate way Security – Authentication and Encryption.

– Attacks and Risk- Station security – Access point Security – Gate way Security – Authentication

Important Definitions

ISO Layer Protocols:

OSI protocols are a family of standards for information exchange. These were developed and designed by the International Organization of Standardization (ISO). In 1977 the ISO model was introduced, which consisted of seven different layers.

The Physical Layer (Layer 1)

Layer 1 of the OSI model is named the physical layer because it is responsible for the transmission and reception of wire level data.

The Data Link Layer (Layer 2)

Layer 2 of the OSI model is named the data link layer and is responsible for link establishment and termination, frame traffic control, sequencing, acknowledgement, error checking, and media access management.

The Network Layer (Layer 3)

Layer 3 of the OSI model is named the network layer and is where routing of network traffic begins. The network layer not only makes the traffic routing decisions but also provides traffic control, fragmentation, and logical addressing (Internet Protocol (IP) addresses).

The Transport Layer (Layer 4)

Layer 4 of the OSI model is named the transport layer and is responsible for message segmentation, acknowledgement, traffic control, and session multiplexing. The transport layer also has the ability to perform error detection and correction (resends), message reordering to ensure message sequence, and reliable message channel depending on the specific transport layer protocol used.

The Session Layer (Layer 5)

Layer 5 of the OSI model is named the session layer and is responsible for session establishment, maintenance and termination (the ability to have multiple devices use a single application from multiple locations).

4-1

The Presentation Layer (Layer 6)

Layer 6 of the OSI model is named the presentation layer and is responsible for character code translation (i.e. ASCII vs. EBCDIC vs. Unicode), data conversion, compression, and encryption.

The Application Layer (Layer 7)

Layer 7 of the OSI model is named the application layer and is responsible for a number of different things depending on the application; some of these things include resource sharing, remote file access, remote printer access, network management, and electronic messaging (email).

TCP/IP:

It is commonly known as TCP/IP because the original protocols in the suite are the Transmission Control Protocol (TCP) and the Internet Protocol (IP).

HTTP:

The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, and hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web. Hypertext is structured text that uses logical links (hyperlinks) between nodes containing text.

SHTTP:

SHTTP. (Secure HTTP) An earlier security protocol that provided secure transactions over the Web. Working at the application layer rather than the transport layer of the protocol stack, SHTTP was also used to authenticate the client. In contrast, SSL is used to authenticate the Web server.

LDAP:

LDAP (Lightweight Directory Access Protocol) is a software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate intranet.

4-2

MIME:

MIME (Multi:Purpose Internet Mail Extensions) is an extension of the original Internet e:

mail protocol that lets people use the protocol to exchange different kinds of data files on the Internet: audio, video, images, application programs, and other kinds, as well as the ASCII text handled in the original protocol, the Simple Mail Transport Protocol (SMTP). In 1991, Nathan Borenstein of Bellcore proposed to the IETF that SMTP be extended so that Internet (but mainly Web) clients and servers could recognize and handle other kinds of data than ASCII text. As a result, new file types were added to "mail" as a supported Internet Protocol file type.

POP:

In

standard protocol used by local e:mail clients to retrieve e:mail from a remote server over a

TCP/IP connection.

computing, the Post Office Protocol (POP) is an application:layer Internet

POP3:

POP3 is designed to delete mail on the server as soon as the user has downloaded it. However, some implementations allow users or an administrator to specify that mail be saved for some period of time. POP can be thought of as a "store:and:forward" service.

IMAP:

IMAP provides the user more capabilities for retaining e:mail on the server and for organizing it in folders on the server. IMAP can be thought of as a remote file server.

RMON:

Remote Monitoring (RMON) is a standard specification that facilitates the monitoring of network operational activities through the use of remote devices known as monitors or probes. RMON assists network administrators (NA) with efficient network infrastructure control and management.

4-3

SNTP:

Simple Network Time Protocol (SNTP) is a simplified version of Network Time Protocol (NTP) that is used to synchronize computer clocks on a network. This simplified version of NTP is generally used when full implementation of NTP is not needed.

SNMP:

Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Devices that typically support SNMP include cable modems, routers, switches, servers, workstations, printers, and more.

RPC protocols:

Remote Procedure Call (RPC) is a protocol that one program can use to request a service from a program located in another computer on a network without having to understand the network's details. A procedure call is also sometimes known as a function call or a subroutine call.

ITOT:

ISO Transport Service on top of TCP (ITOT) is a mechanism that enables ISO applications to be ported to a TCP/IP network. There are two basic approaches which can be taken when “port:ing” ISO applications to TCP/IP (and IPv6) environments. One approach is to port each individual application separately, devel:oping local protocols on top of TCP. A second approach is based on the notion of layering the ISO Transport Service over TCP/IP. This approach solves the problem for all applications which use the ISO Transport Service.

RDP:

RDP is a connection:oriented transport protocol designed to ef:ficiently support the bulk transfer of data for such host moni:toring and control applications as loading/dumping and remote debugging. It attempts to provide only those services necessary, in order to be efficient in operation and small in size.

4-4

RUDP:

Reliable UDP (RUDP) is a simple packet based transport protocol, based on RFCs 908 (version 1) and 1151 (version 2), which was intended as a reliable transport protocol to transport telephony signalling across IP networks. RUDP is designed to allow characteristics of each connection to be individually configured so that a number of protocols with different transport requirement can be implemented simultaneously not on the same plat:form.

TALI:

TALI is the interface of a Signalling Gateway, which provides in:terworking between the Switched Circuit Network (SCN) and an IP network. Since the Gateway is the central point of signalling information, not only does it provide transportation of signalling from one network to another, but can also provide additional functions such as protocol translation, security screening, rout:ing information, and seamless access to Intelligent Network (IN) services on both networks.

TCP:

Transmission Control Protocol (TCP) is the transport layer pro:tocol in the TCP/IP suite, which provides a reliable stream de:livery and virtual connection service to applications through the use of sequenced acknowledgment with retransmission of pack:ets when necessary. Along with the Internet Protocol (IP), TCP represents the heart of the Internet protocols.

UDP:

UDP is a connectionless transport layer (layer 4) protocol in the OSI model which provides a simple and unreliable message service for transaction:oriented services. UDP is basically an interface between IP and upper:layer processes. UDP protocol ports distinguish multiple applications running on a single device from one another.

Compressed TCP:

Van Jacobson is a compressed TCP protocol which improves the TCP/IP performance over low speed (300 to 19,200 bps) serial links and to solves problems in link:level framing, address

4-5

assignment, routing, authentication and performance. The compression proposed in the Van Jacobson protocol is similar in spirit to the Thinwire:II protocol.

Routing protocols:

A routing protocol specifies howrouters communicate with each other, distributing information

that enables them to select routes between any two nodes on a computer

gateway protocols type 2, distance:vectorrouting protocols, such as Routing InformationProtocol, RIPv2, IGRP.

Interior

Border gateway protocol:

The Border Gateway Protocol (BGP), runs over TCP and is an inter:Autonomous System routing protocol. BGP is the only pro:tocol that is designed to deal with a network of the Internet’s size, and the only protocol that can deal well with having mul:tiple connections to unrelated routing domains.

Exterior gateway protocol:

Exterior Gateway Protocol (EGP) is for exchanging routing in:formation between two neighbor gateway hosts in a network of autonomous systems. EGP is commonly used between hosts on the Internet to exchange routing table information. The proto:col is based on periodic polling using Hello/I:Heard:You (I:H:U) message exchanges to monitor neighbor reachability and Poll commands to solicit Update responses.

Internet protocol:

The Internet Protocol (IP) is the principal communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet.

IPv4:

Internet Protocol Version 4 (IPv4) is the fourth revision of the Internet Protocol and a widely used protocol in data communication over different kinds of networks. IPv4 is a connectionless protocol used in packet:switched layer networks, such as Ethernet. It provides the logical connection between network devices by providing identification for each device.

4-6

IPv6:

Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long:anticipated problem of IPv4 address exhaustion. IPv6 is intended to replace IPv4.

Internet Message Control Protocol:

The Internet Control Message Protocol (ICMP) is a supporting protocol in the Internet protocol suite. It is used by network devices, including routers, to send error messages and operational information indicating, for example, that a requested service is not available or that a host or router could not be reached. [1] ICMP differs from transport protocols such as TCP and UDP in that it is not typically used to exchange data between systems, nor is it regularly employed by end:user network applications (with the exception of some diagnostic tools like ping and traceroute).

IRDP:

ICMP Router Discovery Protocol (IRDP) enables a host to deter:mine the address of a router that it can use as a default gateway. Similar to ES:IS but used with IP.

TSL:

Transport Layer Security (TLS) Protocol is to provide privacy and data integrity between two communicating applications. The protocol is composed of two layers: the TLS Record Protocol and the TLS Handshake Protocol. At the lowest level, layered on top of some reliable transport protocol (TCP) is the TLS Record Protocol. The TLS Record Protocol is used for encapsulation of various higher level protocols. One such encapsulated protocol, the TLS Handshake Protocol, allows the server and client to authenti:cate each other and to negotiate an encryption algorithm and cryptographic keys before the application protocol transmits or receives its first byte of data.

4-7

SSL:

The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) is the most widely deployed security protocol used today. It is essentially a protocol that provides a secure channel between two machines operating over the Internet or an internal network.

DTLS:

Datagram Transport Layer Security (DTLS) is a communications protocol that provides security for datagram:based applications by allowing them to communicate in a way that is designed [1][2] to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the stream:oriented Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees.

ARP:

Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address that is recognized in the local network. For example, in IP Version 4, the most common level of IP in use today, an address is 32 bits long.

IPCP:

In computer networking, Internet Protocol Control Protocol (IPCP) is a Network Control Protocol (NCP) for establishing and configuring Internet Protocol over a Point:to:Point Protocol link. IPCP is responsible for configuring the IP addresses as well as for enabling and disabling the IP protocol modules on both ends of the point:to:point link.

IPv6CP:

IPv6CP is responsible for configuring, enabling, and disabling the IPv6 protocol modules on both ends of the point:to:point link. IPv6CP uses the same packet exchange mechanism as the Link Control Protocol (LCP). IPv6CP packets may not be exchanged until PPP has reached the Network:Layer Protocol phase.

4-8

RARP:

The Reverse Address Resolution Protocol (RARP) is an obsolete computer networking protocol used by a client computer to request its Internet Protocol (IPv4) address from a computer network, when all it has available is its link layer or hardware address, such as a MAC address.

SLIP:

Serial Line IP (SLIP) is used for point:to:point serial connec:tions running TCP/IP. SLIP is commonly used on dedicated serial links and sometimes for dialup purposes, and is usually used with line speeds between 1200bps and 19.2Kbps. SLIP is useful for allowing mixes of hosts and routers to communicate with one another (host:host, host:router and router:router are all common SLIP network configurations).

Wide Area Network Protocols:

A Wide Area Network (WAN) is a computer network covering multiple dis:tance areas, which may spread across the entire world. WANs often connect multiple smaller networks, such as local area networks (LANs) or metro area networks (MANs). The world’s most popular WAN is the Internet. Some seg:ments of the Internet are also WANs in themselves. A wide area network may be privately owned or rented from a service provider, but the term usu:ally connotes the inclusion of public (shared user) networks.

ATM protocols:

The Asynchronous Transfer Mode (ATM) comprises a protocol suite under the ATM reference model which establishes a mech:anism to carry all traffic on a stream of fixed 53:byte packets (cells). A fixed:size packet can ensure that the switching and multiplexing function could be carried out quickly and easily. ATM is a connection:oriented technology, i.e. two systems on the network should inform all intermediate switches about their service requirements and traffic parameters in order to establish communication.

4-9

BISDN: Broadband Integrat:ed Services Digital Network (Broadband ISDN)

Broadband Integrated Services Digital Network (BISDN or Broadband ISDN) is designed to handle high:bandwidth appli:cations. BISDN currently uses ATM technology over SONET:

based transmission circuits to provide data rates from 155 to 622Mbps and beyond, contrast with the traditional narrowband ISDN (or N:ISDN), which is only 64 kps basically and up to 2 Mbps maximum.

ISDN:

Integrated

Services Digital Network

Integrated Services Digital Network (ISDN) is a system with digitized phone connections. For decades, telephony has used purely analogue connections. ISDN is the first protocol to define a digital communications line that allows for the transmission of voice, data, video and graphics, at high speeds, over standard communication lines. The various media are simultaneously car:ried by bearer channels (B channels) occupying a bandwidth of 64 kbits per second (some switches limit bandwidth to 56 kb/s). A defined data channel (D channel) handles signaling at 16 kb/s or 64 kb/s, depending on the service type. ISDN is not restricted to public telephone networks alone; it may be transmitted via packet switched networks, telex, CATV networks, etc.

Point to Point Protocols

The Point:to:Point Protocol (PPP) suite provides a standard method for transporting multi:

protocol datagrams over point:to:point links. PPP was originally devised as an encapsulation pro:tocol for transporting IP traffic between two peers. It is a data link layer protocol (layer 2 in the OSI model) in the TCP:IP protocol suite over synchronous modem links, as a replacement for the non:standard layer 2 protocol SLIP. However, other protocols other than IP can also be carried over PPP, including DECnet and Novell’s Internetwork Packet Exchange (IPX).

Frame Relay:

Frame Relay is a WAN protocol for LAN internetworking which operates at the physical and data link layer to provide a fast and efficient method of transmitting information from a user device to another across multiple switches and routers.

4-10

LAPF: Link Access Procedure for Frame Mode Services

Link Access Procedure/Protocol for Frame Mode Services (LAPF) as defined in ITU Q.922, is an enhanced LAPD (Q.921) with congestion control capabilities for Frame Mode Services in the Frame Relay network.

Network Security:

Network security is any activity designed to protect the usability and integrity of your network and data. It includes both hardware and software technologies. Effective network security manages access to the network. It targets a variety of threats and stops them from entering or spreading on your network.

Access control:

Not every user should have access to your network. To keep out potential attackers, you need to recognize each user and each device. Then you can enforce your security policies. You can block noncompliant endpoint devices or give them only limited access. This process is network access control (NAC).

Virus:

A computer

virus is

a

type

of

malicious

software

program

("malware")

that,

when

executed, replicates itself

by

modifying

other computer

programs and

inserting

its

own

code. [1] Infected computer programs can include, as well, data files, or the "boot" sector of the hard drive. When this replication succeeds, the affected areas are then said to be "infected" with a computer virus.

Antivirus and antimalware software:

"Malware," short for "malicious software," includes viruses, worms, Trojans, ransomware, and spyware. Sometimes malware will infect a network but lie dormant for days or even weeks. The best antimalware programs not only scan for malware upon entry, but also continuously track files afterward to find anomalies, remove malware, and fix damage.

4-11

Application security:

Any software you use to run your business needs to be protected, whether your IT staff builds it or whether you buy it. Unfortunately, any application may contain holes, or vulnerabilities, that attackers can use to infiltrate your network. Application security encompasses the hardware, software, and processes you use to close those holes.

Behavioral analytics:

To detect abnormal network behavior, you must know what normal behavior looks like. Behavioral analytics tools automatically discern activities that deviate from the norm. Your security team can then better identify indicators of compromise that pose a potential problem and quickly remediate threats.

Data loss prevention:

Organizations must make sure that their staff does not send sensitive information outside the network. Data loss prevention, or DLP, technologies can stop people from uploading, forwarding, or even printing critical information in an unsafe manner.

Firewalls:

Firewalls put up a barrier between your trusted internal network and untrusted outside networks, such as the Internet. They use a set of defined rules to allow or block traffic. A firewall can be hardware, software, or both. Cisco offers unified threat management (UTM) devices and threat:

focused next:generation firewalls.

Intrusion prevention systems:

An intrusion prevention system (IPS) scans network traffic to actively block attacks. Cisco Next:

Generation IPS (NGIPS) appliances do this by correlating huge amounts of global threat intelligence to not only block malicious activity but also track the progression of suspect files and malware across the network to prevent the spread of outbreaks and reinfection.

Network segmentation:

Software:defined segmentation puts network traffic into different classifications and makes enforcing security policies easier. Ideally, the classifications are based on endpoint identity, not

4-12

mere IP addresses. You can assign access rights based on role, location, and more so that the right level of access is given to the right people and suspicious devices are contained and remediated.

VPN:

A virtual private network encrypts the connection from an endpoint to a network, often over the Internet. Typically, a remote:access VPN uses IPsec or Secure Sockets Layer to authenticate the communication between device and network.

Web security:

A web security solution will control your staff’s web use, block web:based threats, and deny access to malicious websites. It will protect your web gateway on site or in the cloud. "Web security" also refers to the steps you take to protect your own website.

Wireless security:

Wireless networks are not as secure as wired ones. Without stringent security measures, installing a wireless LAN can be like putting Ethernet ports everywhere, including the parking lot. To prevent an exploit from taking hold, you need products specifically designed to protect a wireless network.

Cryptography:

secret";

and γράφειν graphein, "writing", or :λογία logia, "study", respectively [1] ) is the practice and

Cryptography or cryptology (from Greek κρυπτός kryptós,

"hidden,

study of techniques called adversaries. [2] More analyzing protocols that

for secure

communication in

the

presence

of

third

parties

 

generally,

cryptography

is

about

constructing and

prevent third parties or the public from reading private

messages; [3] various

integrity, authentication, and non:repudiation [4] are central to modern cryptography.

data confidentiality, data

aspects

in information

aspects in information security such as

security such

aspects in information security such as

as

4-13

Symmetric:key cryptography:

Symmetric:key cryptography refers to encryption methods in which both the sender and receiver share the same key (or, less commonly, in which their keys are different, but related in an easily computable way). This was the only kind of encryption publicly known until June 1976. [23]

Public:key cryptography:

In public:key cryptosystems, the public key may be freely distributed, while its paired private key must remain secret. In a public:key encryption system, the public key is used for encryption, while the private or secret key is used for decryption.

Data privacy:

Data privacy, also called information privacy, is the aspect of information technology (IT) that deals with the ability an organization or individual has to determine what data in a computer system can be shared with third parties.

Authentication:

The process of identifying an individual, usually based on a username and password. In security systems, authentication is distinct from authorization , which is the process of giving individuals access to system objects based on their identity.

Authorization:

Authorization is the function of specifying access rights/privileges to resources related to information security and computer security in general and to access control in particular. More formally, "to authorize" is to define an access policy.

ETHERNET Protocols:

Ethernet protocols refer to the family of local:area networks (LAN) covered by a group of IEEE 802.3 standards. In the Eth:ernet standard, there are two modes of operation: half:duplex and full:duplex. In the half:duplex mode, data are transmitted using the popular Carrier:Sense Multiple Access/Collision De:tection (CSMA/CD) protocol on a shared medium. The main disadvantages of the half:duplex are the efficiency and distance limitation, in which the link

4-14

distance is limited by the minimum MAC frame size. This restriction reduces the efficiency drasti:cally for high:rate transmission. Therefore, the carrier extension technique is used to ensure the minimum frame size of 512 bytes in Gigabit Ethernet to achieve a reasonable link distance.

Fast Ethernet

Fast Ethernet (100BASE:T) offers a speed increase ten times that of the 10BaseT Ethernet specification, while preserving such qualities as frame format, MAC mechanisms, and MTU. Such similarities allow the use of existing 10BaseT applications and network management tools on Fast Ethernet networks. Of:ficially, the 100BASE:T standard is IEEE 802.3u.

Gigabit (1000 Mbps) Ether:net

Ethernet protocols refer to the family of local:area network (LAN) covered by the IEEE 802.3 standard. The Gigabit Ethernet pro:tocol is based on the Ethernet protocol but has tenfold speed increase over Fast Ethernet, using shorter frames with carrier Extension. It is published as the IEEE 802.3z and 802.3ab sup:plements to the IEEE 802.3 base standards.

10 Gigabit Ethernet

10:Gigabit Ethernet, standardized in IEEE 802.3ae, offers data speeds up to 10 billion bits per second. Built on the Ethernet technology used in most of today’s local area networks (LANs), it offers similar benefits to those of the preceding Ethernet stan:dard. 10:Gigabit Ethernet is used to interconnect local area net:works (LANs), wide area networks (WANs), and metropolitan area networks (MANs). 10:Gigabit Ethernet uses the familiar IEEE 802.3 Ethernet media access control (MAC) protocol and its frame format and size. However, it supports full duplex but not half:duplex mode and only functions over optical fiber. There:fore, it does not need the carrier:

sensing multiple:access with Collision Detection (CSMA/CD) protocol used in other Ethernet standards.

VLAN protocols:

Virtual LAN (VLAN) is a group of devices on one or more LANs that are configured so that they can communicate as if they were attached to the same wire, when in fact they are located on

4-15

a number of different LAN segments. Because VLANs are based on logical instead of physical connections, they are very flexible for user/host management, bandwidth allocation and resource optimization.

Wireless LAN Protocols:

The Wireless Local Area Network (WLAN) technology is defined by the IEEE 802.11 family of specifications. There are currently four specifications in the family: 802.11, 802.11a, 802.11b, and 802.11g. All four use the Ethernet protocol and CSMA/CA (car:rier sense multiple access with collision avoidance instead of CSMA/CD) for path sharing.

Metropolitan Area Network Protocol:

A Metropolitan Area Network (MAN) is a computer network usually spanning a campus or a

city, which typically connect a few local area networks us:ing high speed backbone technologies.

A MAN often provides efficient con:nections to a wide area network (WAN).

DQDB

Distributed Queue Dual Bus (DQDB) is a Data:link layer com:munication protocol for Metropolitan Area Networks (MANs), specified in the IEEE 802.6 standard and designed for use

in MANs. DQDB is designed for data as well as voice and video transmission and is based on

cell switching technology (similar to ATM). DQDB, which permits multiple systems to interconnect using two unidirectional logical buses, is an open standard that is designed for

compatibility with carrier transmission standards such as SMDS.

SMDS:

Switched Multimegabit Data Service (SMDS) is a broadband networking technology developed

by Bellcore based on the IEEE 802.6 DQDB (Distributed Queue Dual Bus) MAN technol:ogy.

Storage Area Network and SAN Protocols:

Storage Area Network (SAN) is a high:speed network or subnetwork whose primary purpose is

to transfer data between computer and storage systems. A storage device is a machine that

4-16

contains nothing but a disk or disks for storing data. A SAN consists of a communication infrastructure, which pro:vides physical connections; and a management layer, which organizes the connections, storage elements, and computer systems so that data transfer is secure and robust.

FC & FCP:

The Fibre Channel Standards (FCS) define a high:speed data transfer mechanism that can be used to connect workstations, mainframes, supercomputers, storage devices and displays. FCS addresses the need for very fast transfers of large vol:umes of information and could relieve system manufacturers of the burden of supporting the variety of channels and networks currently in place, as it provides one standard for networking, storage and data transfer. Fibre Channel Protocol (FCP) is the interface protocol of SCSI on the Fibre Channel.

FDMA:

Frequency division multiple access or FDMA is a channel access method used in multiple:access protocols as a channelization protocol. FDMA gives users an individual allocation of one or several frequency bands, or channels. It is particularly commonplace in satellite communication. FDMA, like other multiple access systems, coordinates access between multiple users. Alternatives include TDMA, CDMA, or SDMA. These protocols are utilized differently, at different levels of the theoretical OSI model.

Wi:Fi Security Protocols:

To form a foundation for the later discussion of WiMAX security, let’s review the Wi:Fi protocols. Wired Equivalency Privacy (WEP) was the first encryption method used for Wi:Fi. It uses the RC4 cipher for encryption and 128: or 256:bit keys are standard today. WEP was designed to provide roughly the equivalent of security provided by a wired connection. However, it was soon discovered that the encryption keys were not strong enough for today’s computing power. This protocol is still supported by many devices today and has, often in the past, been the default choice during device setup. This protocol is still being used in many home networks.

4-17

WiMAX Security Protocols :

WiMAX was designed as a solution for the “last mile” of a Wireless Metropolitan Area Network (WMAN) that would bring internet access to an entire metropolitan area. There are two basic types of WiMAX, Fixed WiMAX and Mobile WiMAX. Fixed WiMAX is based on the 802.16:

2004 standard and does not handle a base station transfer to another base station. For this reason, mobility is not supported. Implementations called Mobile WiMAX is based on the 802.16e:2005 amendment to the standard do support base:tobase transfer. From the start, WiMAX was designed with security in mind. At the loweredge of the Media Access Control sub:layer of TCP/IP, a privacy sub:layer was defined in the official 802.16e:2005 specification to handle encryption of packets and key management. To handle authentication, the specification relies on the already existing Extensible Authentication Protocol (EAP).

The Privacy Layer :

There are two schemes for data encryption, which are supported in the 802.16 standard, the Advanced Encryption Standard (AES) and Triple Data Encryption Standard (3DES). Both of these schemes are block ciphers, which are security algorithms which operate on one chunk (or block) of data at a time vs. stream ciphers which can act on a single byte. AES handles a 128:bit block of data at a time, and has been shown to be very fast in both software and hardware implementations.

Authentication:

User and device authentication for WiMAX consists of certificate support using Internet Engineering Task Force (IETF) Extensible Authentication Protocol. EAP is a structure designed to perform authentication through the use of functions that can negotiate with many different possible procedures.

Wireless Control Messages :

Another authentication method used with WiMAX is support for control messages. This type of handshake is used to assure both the message authenticity and the integrity of the data that the message contains.

4-18

Fast Handovers :

The process of transferring a connected device from one base station to another is call a handover or hand:off. There are three handover options specified by IEEE 802.16e:2005 but support is only required for one, the hard handover (HHO). This is a negotiation scheme that establishes identification and communication with a new base before releasing the connection with the old base. This method of handover can help to stop man:in:the:middle:attacks.

Security Attacks:

Wi:Fi and WiMAX use different physical and data layers. As a result, security attacks can differ depending on which scheme is in place.

Wi:Fi Security Attacks :

Being the older, more prevalent wireless standard, Wi:Fi has long been battered by security attacks from all sides. Some of the other types of security threats that have been used on Wi:Fi networks are identity theft in the form of MAC spoofing, man:in:the:middle attacks, Denial:of:

Service (DoS) attacks and network injection attacks where intruders inject commands into the network to re:configure it.

WiMAX Security Attacks:

Jamming and packet scrambling are the general kinds of attacks that can most affect WiMAX’s physical layer. Signals in the lower frequencies that cross or are in close proximity to the WiMAX antenna can produce second and third harmonic waves that interfere and can overload the WiMAX signal.

Mobile IP:

Mobile IP is the key protocol to enable mobile computing and networking, which brings together two of the world’s most powerful technologies, the Internet and mobile communication. In Mobile IP, two IP addresses are provided for each computer: home IP address which is fixed and care:of IP address which is changing as the computer moves. When the mobile moves to a new

4-19

location, it must send its new address to an agent at home so that the agent can tunnel all communications to its new address timely.

Mobile node:

A mobile unit that can change links, and therefore addresses, and maintain reachability using its home address.

Home link:

The link from which the mobile node origi:nates.

Home address:

An address assigned to the mobile node when it is attached to the home link and through which the mobile node is always reachable, regardless of its location on an IPv6 network.

Home agent:

A router on the home link that maintains registrations of mobile nodes that are away from home and their current addresses.

Foreign link:

A link that is not the mobile node’s home link.

Care:of address:

An address used by a mobile node while it is attached to a foreign link. The association of a home address with a care:of address for a mobile node is known as a binding.

Correspondent node:

A node that communicates with a mobile node. A correspondent node does not have to be Mobile IPv6:capable.

4-20

Resource Reservation Protocol:

Resource ReSerVation Protocol (RSVP) is a resource reservation setup protocol designed for quality integrated services over the Internet. RSVP is used by a host to request specific qualities of service from the network for particular application data streams or flows. RSVP is also used by routers to deliver quality:of:service (QoS) requests to all nodes along the path(s) of the flows and to establish and maintain state to provide the requested service. RSVP requests will generally result in re:sources being reserved in each node along the data path.

BGMP :

Border Gateway Multicast Protocol (BGMP) is a protocol for in:ter:domain multicast routing. BGMP natively supports “source:specific multicast” (SSM). To also support “any:source multicast” (ASM), BGMP builds shared trees for active multicast groups, and allows domains to build source:specific, inter:domain, distribution branches where needed. Building upon concepts from PIM:SM and CBT, BGMP requires that each global multicast group be associated with a single root. However, in BGMP, the root is an entire exchange or domain, rather than a single rout:er.

IGMP :

Internet Group Management Protocol (IGMP), a multicasting protocol in the internet protocols family, is used by IP hosts to report their host group memberships to any immediately neigh:

boring multicast routers. IGMP messages are encapsulated in IP datagrams, with an IP protocol number of 2. IGMP has ver: sions IGMP v1, v2 and v3.

IGMPv1:

Hosts can join multicast groups. There are no leave messages. Routers use a time:out based mecha nism to discover the groups that are of no interest to the members.

IGMPv2:

Leave messages were added to the protocol, allowing group membership termination to be quickly reported to the routing protocol, which is important for high:bandwidth multicast groups and/or subnet with highly volatile group membership.

4-21

IGMPv3:

A major revision of the protocol allows hosts to specify the list of hosts from which they want to receive traffic. Traffic from other hosts is blocked inside the net:work. It also allows hosts to block inside the network packets that come from sources that send unwanted traffic.

MSDP:

The Multicast Source Discovery Protocol (MSDP) describes a mechanism to connect multiple PIM Sparse:Mode (PIM:SM) do:mains together. Each PIM:SM domain uses its own independent RP(s) and does not have to depend on RPs in other domains.

AAA Protocols:

AAA: Authorization, Authentication and Accounting is a technology for intel:ligently controlling access to network resources, enforcing policies, auditing usage, and providing the information necessary to bill for services. Authenti:cation provides a way of identifying a user, typically by having the user enter a valid user name and valid password before access is granted.

Kerberos:

Kerberos is a network authentication protocol. Kerberos is de:signed to provide strong authentication for client/server appli:cations by using secret:key cryptography.

RADIUS:

RADIUS is a protocol for carrying authentication, authorization, and configuration information between a Network Access Serv:er which desires to authenticate its links and a shared Authen:

tication Server. RADIUS uses UDP as the transport protocol. RADIUS also carries accounting information between a Network Access Server and a shared Accounting Server.

Tunneling Protocols:

L2F: Layer 2 Forwarding Protocol, The Layer 2 Forwarding protocol (L2F) is used to establish a se:cure tunnel across a public infrastructure (such as the Internet) that connects an ISP POP to an enterprise home gateway. This tunnel creates a virtual point:to:point connection between the user and the enterprise customer’s network.

4-22

L2TP: Layer 2 Tunneling Protocol, The L2TP Protocol is used for integrating multi:protocol dial:up services into existing Internet Service Providers Point of Pres:ence. PPP defines an encapsulation mechanism for transport:ing multiprotocol packets across layer 2 (L2) point:to:

point links. Typically, a user obtains a L2 connection to a Network Access Server (NAS) using one of a number of techniques (e.g., dialup POTS, ISDN, ADSL, etc.) and then runs PPP over that connec:tion. In such a configuration, the L2 termination point and PPP session endpoint reside on the same physical device (i.e., the NAS).

PPTP: Point:to:Point Tunnel:ing Protocol:

Point:to:Point:Tunneling Protocol (PPTP) is a networking tech:nology that supports multiprotocol virtual private networks (VPN), enabling remote users to access corporate networks securely across the Microsoft Windows NT® Workstation, Windows® 95, and Windows 98 operating systems and other point:to:point pro:tocol (PPP):enabled systems to dial into a local Internet service provider to connect securely to their corporate network through the Internet.

DiffServ: Differentiated Ser:vice Architecture:

Diifrentiated Service (DiffServ) defines an architecture for imple menting scalable service differentiation in the Internet. A “Service” defines some significant characteristics of packet transmission in one direction across a set of one or more paths within a network.

GRE: Generic Routing Encapsulation :

Generic Routing Encapsulation (GRE) is a protocol for encapsulation of an arbitrary network layer protocol over another arbitrary network layer protocol.

In the most general case, a system has a packet, which is called payload, which needs to be encapsulated and delivered to some destination. The payload is first encapsulated in a GRE packet. The resulting GRE packet can then be encapsulated in some other protocol and then forwarded. This outer protocol is called the delivery protocol.

4-23

IPSEC – Security architecture for IP:

Internet Security architecture (IPsec) defines the security ser:vices at the IP layer by enabling a system to select required security protocols, determine the algorithm(s) to use for the service(s), and put in place any cryptographic keys required to provide the requested services. IPsec can be used to protect one or more “paths” between a pair of hosts, between a pair of security gateways, or between a security gateway and a host.

IPSECAH – Authentication Header:

IP Authentication Header (AH), a key protocol in the IPsec (In:ternet Security) architecture, is used to provide connectionless integrity and data origin authentication for IP datagrams, and to provide protection against replays. This latter (optional) service may be selected, by the receiver, when a Security Association is established. AH provides authentication for as much of the IP header as possible, as well as for upper level protocol data.

IPSECESP

Encapsulating Security Payload (ESP), a key protocol in the IPsec (Internet Security) architecture, is designed to provide a mix of security services in IPv4 and IPv6. The IP Encapsulat:ing Security Payload (ESP) seeks to provide confidentiality and integrity by encrypting data to be protected and placing the en:crypted data in the data portion of the IP ESP.

IPSECIKE

Internet Key Exchange (IKE) Protocol, a key protocol in the IP:sec architecture, is a hybrid protocol using part of Oakley and part of SKEME in conjunction with ISAKMP to obtain authenti:cated keying material for use with ISAKMP, and for other secu:rity associations such as AH and ESP for the IPsec DOI.

ISAKMP and Key management Protocol

ISAKMP, a key protocol in the IPsec (Internet Security) archi:tecture, combines the security concepts of authentication, key management, and security associations to establish the re:quired security for government, commercial, and private com:munications on the Internet.

4-24

IEEE 802.11

802.11 is a member of the IEEE 802 family, which is a series of specifications for local area network (LAN) technologies. 802.11 is just another link layer that can use the 802.2/LLC

encapsulation. The base 802.11 specification includes the 802.11 MAC and two physical layers:

a frequency:hopping spread:spectrum (FHSS) physical layer and a direct:sequence spread:

spectrum (DSSS) link layer.

BSS and IBSS

The core unit of an 802.11 network is called a Basic Service Set (BSS). A BSS consists of a central access point (AP) and client stations. The AP coordinates all of the activities within the BSS. Due to this centralized control, BSS networks are sometimes called infrastructure networks. A BSS is identified by a service:set identifier (SSID). This can generally be thought of as the name of the wireless network. A station that wants to join a BSS network will look for available APs.

WEP

In wireless networks, the word "broadcast" takes on an entirely new meaning. Security concerns

have haunted 802.11 deployments since the standardization effort began. IEEE's attempt to address snooping concerns culminated in the optional Wired Equivalent Privacy (WEP) standard, which is found in clause 8.2 of 802.11. WEP can be used by stations to protect data as it

traverses the wireless medium, but it provides no protection past the access point.

Denial:of:Service Attacks

Denial:of:Service (DoS) attacks, which aim to prevent access to network resources, can be devastating and difficult to protect against. Typical DoS attacks involve flooding the network with traffic choking the transmission lines and preventing other legitimate users from accessing services on the network. DoS attacks can target many different layers of the network. In order to understand the risk of a DoS attack to a wireless network, you must first understand the difference between various types of DoS attacks.

4-25

Station security

Connecting to a wireless network puts your computer at risk. Eavesdroppers may intercept traffic sent between client stations and the access point. Malicious access points may attempt to force associations in order to perform man:in:the:middle attacks. Hackers using the same access point may try to exploit your computer. Due to the shared, physically unsecured nature of an 802.11 network, client stations are more likely to be the target of an attack.

Client Security Goals

There are two main security considerations for safe usage of a client computer on a wireless network. The first is preventing a compromise of the client itself. A compromise of the client could lead to stolen or corrupted data, and provide an entry point for the attacker into the wider network. The second main consideration is using secure methods to communicate with other network services from the client.

Audit Logging

Even on client computers, it is very important to pay attention to the logs generated by the system. These logs can provide notification of attempted or successful compromises of system security. The location and format of these logs can vary from OS to OS. Monitoring of system logs can be tedious, and it is easy to become complacent. Because of this, we cover the installation of swatch, a basic tool to automate log monitoring.

Security Updates

After the system is set up, it is important to monitor the vendor web site for security patches. Most operating system vendors regularly discover or are notified of new security issues. Make it a habit to regularly check and download the latest patches, or use an automated updating system

to gather them for you. When doing a fresh OS installation, it is a good idea to download any

security patches on another machine and install them from a burned CD before connecting the fresh computer to the network.

Access point Security

A wireless access point can come in many shapes and sizes. There are commodity access points

that can be purchased at your local computer store for around a hundred dollars. There are also

4-26

industrial:quality access points sold by companies like Cisco Systems for thousands of dollars. Alternatively, through the hard work of open source developers, you can turn a Linux, FreeBSD,

or OpenBSD host into an access point. Regardless of the type of access points you use, securing

them is critical to the security of your entire network infrastructure. By using encryption,

authentication, and proper monitoring, your access points will facilitate secure wireless communication.

General Access Point Security

Several security features are common across most access point vendors. The manner in which these features are configured vary from vendor to vendor. Please consult the documentation that came with your access point to determine the correct method. None of the features mentioned offer are bulletproof security, but they raise the bar substantially for an attacker

Gate way Security

Until very recently, a firewall has been the frontline security device in most networks. Attacks have historically been launched against layer 3 or above. Firewalls have advanced over the years, evolving from glorified IP access lists to stateful, application aware security devices. With the wide:scale deployment of wireless networks, suddenly layer 1 and layer 2 security has become a hot topic. A wireless access point and wireless client must be able to defend themselves and their resources in an attempt to retain the integrity of the network.

Authentication and Encryption

WEP provides a basic layer of encryption for traffic in 802.11 networks. But, even beyond the previously discussed problems of WEP, it does not provide authentication or integrity checks of the data on the network. There are several other tools that can be used to bolster the security of the network by providing these services. Using them individually, or in conjunction, can add important safeguards.

Portals

A captive portal is a router or gateway host that will not allow traffic to pass until authentication

conditions are met. They see wide use commercially in pay:for:use public access networks, such

as those found in hotels and airports.

4-27

IPsec VPN

IPsec is a very powerful protocol. Properly used, it can provide a high degree of integrity and confidentiality of data transiting a network. Since these are two traits wireless networks generally do not have, IPsec is a natural supplement for wireless networks.

IEEE 802.16

The IEEE 802.16 Working Group is the IEEE group for wireless metropolitan area network. The IEEE 802.16 standard defines the Wireless MAN (metropolitan area network) air interface specification (officially known as the IEEE WirelessMAN* standard).

IEEE 802.16A

The IEEE 802.16a standard allows users to get broadband connectivity without needing direct line of sight with the base station. The IEEE 802.16a specifies three air interface specifications and these options provide vendors with the opportunity to customize their product for different types of deployments.

WCDMA

The 3 rd generation wideband code division multiple access (WCDMA) system is a mobile radio communication system that provides for high:speed data and voice communication services. WCDMA is one of two technologies that are being used to fulfill the radio access requirements of universal mobile telecommunications system (UMTS).

Radio Resource Control (RRC)

The radio resource control (RRC) is a layer 3 (network) protocol that controls the setup, management, and termination of physical and logical channels between the base station and the mobile device. It oversees the signaling on the common control and dedicated control channels. RRC signaling messages are also used to provide for channel quality measurements that are used for channel handovers.

4-28

Packet Data Convergence Protocol (PDCP)

The packet data convergence protocol (PDCP) coordinates the efficient transfer and control of packet data transmission. The main functions of PDCP include compression of the headers during packet transmission over the radio channel (remove redundant packet header information) and to ensure reliable packet transfer (sequentially numbering and verifying packet delivery).

4-29

Important /fundamentals/ Theorems/Packet Formats BOOTP: Bootstrap Protocol:

Protocol Structure

Formats BOOTP: Bootstrap Protocol: Protocol Structure Op The message operation code. Messages can be either

Op The message operation code. Messages can be either BOOTREQUEST orOOTREPLY. Htype The hardware address type. Hlen The hardware addresslength. Xid The transaction ID. Secs Thesecondselapsedsincetheclientbeganthe address acquisition or renewalprocess. Flags The flags.

Ciaddr

The client IPaddress.

Yiaddr

The “Your” (client) IPaddress.

Siaddr

TheIPaddressofthenextservertouseinboot: strap.

Giaddr The relay agent IP address used in booting via a relayagent. Chaddr The client hardware address.

Sname Optional server host name, null terminated string File Boot file name, null terminated string; generic name or null in DHCPDISCOVER, fully qualified directory:path name in DHCPOFFER. Options Optional parameters field.

4-30

DCAP: Data Link Switching Client Access Protocol Protocol Structure

Link Switching Client Access Protocol Protocol Structure Protocol ID The Protocol ID is set to 1000.

Protocol ID

The Protocol ID is set to 1000.

Versionnumber

The Version number is set to 0001.

Messagetype

The message type is theDCAP message type.

Packetlength

The total

thepacketincludingtheDCAPheader, DCAP data and user data. The mini: mum size of the packet is 4, which is the length of theheader.

lengthof

packet

length

is

the

DHCP: Dynamic Host Configuration Protocol:

Protocol Structure

Dynamic Host Configuration Protocol: Protocol Structure Op The message operation code. Messages can be either

Op

The message operation code. Messages can be either BOOTREQUEST orBOOTREPLY.

Htype

The hardware address type. Hlen

The hardware addresslength.

Xid

The transaction ID.

Secs

Thesecondselapsedsincetheclientbeganthe address acquisition or

Flags

renewalprocess. The flags.

4-31

Ciaddr

The client IPaddress.

Yiaddr

The “Your” (client) IPaddress.

Siaddr

TheIPaddressofthenextservertouseinboot: strap.

Giaddr

The relay agent IP address used in booting via a relayagent.

Chaddr

The client hardware address.

Sname

Optional server host name, null terminated string

File

Boot file name, null terminated string; generic

Options

nameornullinDHCPDISCOVER,fullyqualified directory:path name inDHCPOFFER. Optional parameters field. See the options doc: uments for a list of defined options.

DNS: Domain Name System (Service) protocol:

Protocol Structure

Domain Name System (Service) protocol: Protocol Structure ID 16:bit field used to correlate queries and re:

ID

16:bit field used to correlate queries and re: sponses.

Q

1:bitfieldthatidentifiesthemessageasaquery orresponse.

Query

4:bit field that describes the type of message: 0 Standard query (name to address); 1 Inverse query; 2 Server statusrequest.

A

Authoritative Answer. 1:bit field. When set to 1, identifies the response as one made by an au: thoritative nameserver.

T

Truncation. 1:bit field. When set to 1, indicates the message has beentruncated.

R

1:bit field. Set to 1 by the resolve to request re: cursive service by the nameserver.

V

1:bit field. Signals the availability of recursive service by the nameserver.

4-32

B

3:bit field. Reserved for future use. Must be set to0.

Rcode

Response Code. 4:bit field that is set by the name server to identify the status of thequery.

Question

count:

16:bit

field

that

defines

the

number

of

entries

in

the

questionsection.

Answer count:

16:bit field that defines the number of resource records in the

answersection.

 

Authority

count:

16:bit

field

that

defines

the

number

Additional count:

ofnameserverresourcerecordsintheauthority section. 16:bit field that defines the number of resource records in the

additional records section.

HTTP: Hypertext Transfer Protocol:

The request message has the following format:

Protocol: The request message has the following format: The response message has the following format: S

The response message has the following format:

format: The response message has the following format: S HTTP: Secure Hypertext Transfer Protocol: The request

S HTTP: Secure Hypertext Transfer Protocol:

The request message has the following format:

has the following format: S HTTP: Secure Hypertext Transfer Protocol: The request message has the following

4-33

The response message has the following format:

The response message has the following format: MIME (S MIME): Multipurpose Internet Mail Extensions and Secure

MIME (S MIME): Multipurpose Internet Mail Extensions and Secure MIME:

Protocol Structure

Definition of MIME header fields is as follows:

entity:headers := [ content CRLF ]

[

encoding CRLF ] [ id CRLF ]

[

description CRLF ]

*( MIME:extension:field CRLF ) MIME:message:headers := entity:headers

fields

version CRLF;

The ordering of the header;

fields implied by this BNF;

definition should be ignored. MIME:part:headers := entity:headers

[ fields ];

Any field not beginning with;

“content:” can have no defined;

meaning and may be ignored.;

The ordering of the header;

fields implied by this BNF;

definition should be ignored

4-34

POP and POP3: Post Office Protocol (version 3):

POP and POP3: Post Office Protocol (version 3):

4-35

RMON: Remote Monitoring MIBs (RMON1 and RMON2):

RMON: Remote Monitoring MIBs (RMON1 and RMON2):

4-36

RMON 2

MIB Group

Functions

RMON 2 MIB Group Functions
RMON 2 MIB Group Functions

Protocol Directory

The Protocol Directory is a simple and interoperable way for an RMON2 applica: tion to establish which protocols a particular RMON2 agent implements. This is especially important when the application and the agent are from different vendors

Protocol Distribution

Mapping the data collected by a probe to the correct protocol name that can then be displayed to the network manager.

Address mapping

Address translation between MAC:layer ad:

dresses and network:layer addresses which are much easier to read and remember. Ad: dress translation not only helps the network manager, it supports the SNMP management platform and will lead to improved topology maps.

Network Layer host

Network host (IP layer) statistics

Network layer matrix

Stores and retrieves network layer (IP layer) statistics for conversations between sets of two addresses.

Application layer host

Application host statistic

Application layer

matrix

Stores and retrieves application layer statis: tics for conversations between sets of two addresses.

User history

This feature enables the network manager to configure history studies of any counter in the system, such as a specific history on a particular file server or a router:to:router connection

Probe configuration

This RMON2 feature enables one vendor’s RMON application to remotely configure another vendor’s RMON probe.

SMTP: Simple Mail Transfer Protocol:

Command Description DATA Begins message composition. EXPN <string> Returns names on the specified mail
Command Description DATA Begins message composition. EXPN <string> Returns names on the specified mail

Command

Description

DATA

Begins message composition.

EXPN <string>

Returns names on the specified mail list.

HELO <domain>

Returns identity of mail server.

HELP <command>

Returns information on the specified com:

mand.

MAIL FROM <host>

Initiates a mail session from host.

NOOP

Causes no action, except acknowledge:

ment from server.

QUIT

Terminates the mail session.

RCPT TO <user>

Designates who receives mail.

RSET

Resets mail connection.

SAML FROM <host>

Sends mail to user terminal and mailbox.

SEND FROM <host>

Sends mail to user terminal.

SOML FROM <host>

Sends mail to user terminal or mailbox.

TURN

Switches role of receiver and sender.

VRFY <user>

Verifies the identity of a user.

4-37

SNMP: Simple Network Management Protocol:

Protocol Structure

SNMPisanapplicationprotocol,whichisencapsulatedinUDP. The general SNMP message format for all versions is shown below:

Version

Community

PDU

Version

::

SNMP

version

number.

Both

the manager

andagentmustusethesameversionofSNMP.Mes: sages containing different version numbers are dis: carded without furtherprocessing.

Community :: Community name used for authenticating the manager before allowing access to the agent.

PDU (Protocol Data Unit) :: The PDU types and for: mats for SNMPv1, v2 and v3 will be explained in the corresponding sections.

SNTP: Simple Network Time Protocol:

2

5

8

16

24

32bit

LI

VN

Mode

Stratum

Poll

Precision

Root Delay

Root Dispersion

Reference Identifier

Reference timestamp (64)

Originate Timestamp (64)

LI

VN

Leap Indicator warning of impending leap:sec: ond to be inserted at the end of the last day of the currentmonth. Version number indicating the versionnumber.

leap:sec: ond to be inserted at the end of the last day of the currentmonth. Version

4-38

Mode & The mode: This field can contain the following values:

Reserved.

Symmetricactive.

Client.

Server.

Broadcast. NTP controlmessage. Stratum

An integer identifying the stratum level of the local clock.

Poll

Signed integer indicating the maximum interval between successive messages, in seconds to the nearest power of2. Precision

Signed integer indicating the precision of the local clock, in seconds to the nearest power of 2. Root Delay

Signed fixed:point number indicating the total roundtrip delay to the primary reference source, in seconds with fraction point between bits 15 and 16. Root Dispersion

Unsigned fixed:point number indicating the nominal error relative to the primary reference source, in seconds with fraction point between bits 15 and 16. Reference Identifier

Identifying the particular reference source.

Originate Timestamp

Thisisthetimeatwhichtherequestdepartedtheclientfor

timestampformat.

the

server,

in

64:bit

4-39

Receive Timestamp

Thisisthetimeatwhichtherequestarrivedattheserver, in 64:bit timestampformat. Transmit Timestamp

This is the time at which the reply departed the server for the client, in 64:bit timestamp format. Authenticator (optional)

When the NTP authentication scheme is implemented, the Key Identifier and Message Digest fields contain the message authentication code (MAC) information defined.

RPC: Remote Procedure Call protocol:

information defined. RPC: Remote Procedure Call protocol: ITOT: ISO Transport Service on top of TCP: Protocol

ITOT: ISO Transport Service on top of TCP:

Protocol Structure

TPDU

Message Length

Protocol Version: Value: 3 Reserved : Value: 0 Packet Length : Value: Length of the entire TPKT in oc: tets, including Packet Header

Version

Reserved

Packet Length

8 16

32bit

Variable

4-40

TPDU : ISO Transport TPDU as defined in ISO 8073.

RDP: Reliable Data Protocol:

Protocol Structure

1

2

3

4

5

6

8

16bit

SYN

ACK

EAK

RST

NUL

0

Ver No

Header Length

Source Port

Destination Port

Data Length

Sequence Number

Acknowledgement Number

Checksum

Variable header area …

Control flags The 8 control bits are divided as follows:.

SYN

The SYN bit indicates a synchronization seg: ment ispresent.

ACK

The ACK bit indicates the acknowledgment number in the

EACK

header isvalid. The EACK bit indicates an extended acknowl: edge segment is

RST

present. TheRSTbitindicatesthepacketisaresetseg: ment.

NUL

The NUL bit indicates the packet is a null seg: ment.

0:

The value of this field must be zero.

Ver no:

version number; current version is 2.

Header length

The length of the RDP header. Source Ports

Source address to identify the processes that origi: nated the communication. The combination of the port identifiers with the source and destination addresses in the network access protocol header serves to fully qualify the connection and constitutes the

4-41

connection

identifier.ThispermitsRDPtodistinguishmultiplecon:

nections

between

twohosts.

Destination Ports

Destination address to identify the processes targeted in the communication.

Data Length

The length in octets of the data in this segment. The data length does not include the RDP header.

Sequence number

The sequence number of this segment.

Acknowledgement number

the sequence

numberofthesegmentthatthesenderofthissegment last received correctly and in

sequence. Once a con: nection is established this should always besent. Checksum

the

If the ACK bit

is

set

in

header,

this

is

The checksum to ensure integrity Variable Header Area

This area is used to transmit parameters for the SYN and EACK segments.

4-42

RUDP: Reliable User Datagram Protocol (Reliable UDP):

Protocol Structure

The basic TFTP header structure:

1 2 3 4 5 6 7 8 16bit
1 2 3 4 5 6 7 8 16bit
1 2 3 4 5 6 7 8 16bit
1 2 3 4 5 6 7 8 16bit
1 2 3 4 5 6 7 8 16bit
1 2 3 4 5 6 7 8 16bit
1 2 3 4 5 6 7 8
1
2 3
4
5
6
7
8

16bit

 

Header

SYN

ACK

EAK

RST

NUL

CHK

TCS

0

 

Length

Sequence number

Checksum

Ack number

Control bits

Indicate what is present in the packet. Details as follows:

SYN The SYN bit indicates a synchronization seg: ment is present. ACK The ACK bit indicates the acknowledgment number in the header is valid. EACK The EACK bit indicates an extended acknowl: edge segment is present. RST The RST bit indicates the packet is a reset seg: ment. NUL The NUL bit indicates the packet is a null seg: ment.

The CHK bit indicates whether the Checksum field contains the

CHK

checksum of just the header or the header and the body (data). TCS The TCS bit indicates the packet is a transfer connection state segment.

0 The value of this field must bezero.

Header length

Indicates where user data begins in the packet. Sequence number

When a connection is first opened, each peer randomly picks an initial sequence number. This sequence num: ber is used in the SYN segments to open the connection. Eachtransmitterincrementsthesequencenumberbefore sending a data,

4-43

null, or resetsegment. Acknowledgement number

This field indicates to a transmitter the last in: sequence packet the receiver has received. Checksum

The checksum is always calculated on the RUDP header to ensure integrity. The checksum here is the same algo: rithm used in UDP and TCP headers.

TALI: Tekelec’s Transport Adapter Layer Interface:

Protocol Structure

The basic TFTP header structure:

16

32bit

SYNC

OpCode

Length

Service message data

SYNC

Four bytes must be (54 41 4C 49) TALI in ASCII. OpCode

Operation code are specified as follows: Type of frame Test Service on this Socket test

Allow Service messages on this socket allow Prohibit Service messages on this socket proh Prohibit Service messages Ack proa Monitor Socket message on this socket moni Monitor Socket message Ack mona SCCP Service message sccp ISUP Service message isot MTP3 Service message mtp3 MTP Primitives mtpp SCCP Primitives scpp Routing Key Registration rkrg Routing Key De:Registration rkdr Special Service Message spcl

Length

The length of the frame. Non:zero if message contains a Service or Monitor Socket message.

4-44

Service message data The service message data.

TCP: Transmission Control Protocol Protocol Structure

16

32bit

Source port

Destination port

Sequence number

Acknowledgement number

Re: served U A P R S F Window

Re:

served

U

A P

R S

F Window

Offset

Checksum

Urgent pointer

Option + Padding

Data

Source port :: Identifies points at which upper:layer source process receives TCPservices. Destination port :: Identifies points at which upper:layer Destination process receives TCPservices. Sequence number :: Usually specifies the number as: signed to the first byte of data in the current message. In the connection:establishment phase, this field also canbeusedtoidentifyaninitialsequencenumbertobe used in an upcomingtransmission. Acknowledgment number – Contains the sequence numberofthenextbyteofdatathesenderofthepacket expects to receive. Once a connection is established, this value is alwayssent. Data offset :: 4 bits. The number of 32:bit words in the TCP header indicates where the databegins. Reserved :: 6 bits. Reserved for future use. Must be zero.

Control bits (Flags) :: 6 bits. Carry a variety of control information. The control bits maybe:

U(URG)

Urgent pointer fieldsignificant.

A(ACK)

Acknowledgment field significant. P(PSH)Push function.

R(RST)

Reset theconnection.

4-45

S(SYN)

Synchronize sequence numbers. F(FIN)

No more data

fromsender. Window :: 16 bits. Specifies the size of the sender’s re: ceive window, that is, the buffer space available in oc: tets for incomingdata. Checksum :: 16 bits. Indicates whether the header was damaged intransit. Urgent Pointer :: 16 bits. Points to the first urgent data byte in thepacket. Option + Paddling – Specifies various TCP options. There are two possible formats for an option: a single octet of option type; an octet of option type, an

octet of option length and the actual option dataoctets. Data – contains upper:layerinformation.

UDP: User Datagram Protocol:

Protocol Structure

16

32bit

16 32bit
16 32bit
16 32bit
16 32bit

Source port

Length

Destination port

Checksum

Data

Sourceport–16bits.Sourceportisanoptionalfield. When used, it indicates the port of the sending pro: cess and may be assumed to be the port to which areplyshouldbeaddressedintheabsenceofany other information. If not used, a value of zero is in: serted. Destinationport–16bits.Destinationporthasa meaning within the context of a particular Internet destination address.

Length–16bits.Thelengthinoctetsofthisuserda:

tagram,includingthisheaderandthedata.Themini: mum value of the length iseight. Checksum :: 16:bits The sum of a pseudo header of information from the IP header, the UDP header and the data, padded with zero octets at the end, if necessary, to make a multiple of two octets. Data – Contains upper:level datainformation.

4-46

Van Jacobson: Compressed TCP protocol:

Protocol Structure

The format of the compressed TCP is as follows:

C I P S A W U

C

I

P

S

A

W

U

Connection number (C)

TCP checksum

Urgent pointer (U)

D

Window (W)

 

D

Ack (A)

D

Sequence (S)

D

IP ID (I)

 

Data

C, I, P, S, A, W, U : Change mask. Identifies which of the fields expected to change per:packet actually changed. Connectionnumber:Usedtolocatethesavedcopyofthe last packet for this TCPconnection. TCP checksum : Included so that the end:to:end data in: tegrity check will still be valid. Urgent pointer : This is sent if URG is set. D values for each field : Represent the amount the asso: ciated field changed from the original TCP (for each field specified in the change mask).

BGP (BGP&4): Border Gateway Protocol:

Protocol Structure

Marker (16 bytes)

Length

(2 bytes)

Type

(1 byte)

Marker Message containing a value predictable by the receiver of the message. Length The length of the message including the head: er. Type The message type. Possible messages are: Open, Update, Notification,KeepAlive. After a transport protocol connection is established, the first message sent by each side is an OPEN message. If the OPEN message is acceptable, a KEEPALIVE message confirming the OPEN is sent back. Once the OPEN is confirmed, UP:

DATE, KEEPALIVE, and NOTIFICATION messages may be exchanged. The format of each type of messages could be found in the refer: ence documents.

4-47

EGP: Exterior Gateway Protocol:

Protocol Structure

Here are the EGP message types:

Name

Function

Request

request acquisition of neighbor and/or initial: ize pollingvariables

Confirm

confirm acquisition of neighbor and/or initial: ize pollingvariables

Refuse

refuse acquisition of neighbor Cease request

de:

I:H:U

acquisition of neighbor Cease:ack confirm de:acquisition of neighbor Hello request neighborreachability confirm neighbor reachability Poll request netreachability

Error

update Update netreachabilityupdate error.

The common portion of the message format:

8 Version Type Checksum 16 Code 24 Status 32bit Autonomous System number Sequence number (Different
8 Version Type Checksum 16 Code 24 Status 32bit Autonomous System number Sequence number (Different
8 Version Type Checksum 16 Code 24 Status 32bit Autonomous System number Sequence number (Different
8 Version Type Checksum 16 Code 24 Status 32bit Autonomous System number Sequence number (Different

8

Version

Type

Checksum

16

Code

24

Status

32bit

Autonomous System number

Sequence number

(Different for different mes:

sages)

Version :: The version number. This version is ver: sion2. Type :: Identifies the messagetype.

Code :: Identifies the messagecode.

Status :: Contains message:dependent status infor: mation.

Checksum :: The EGP checksum is the 16:bitone’s complement of the one’s complement sum of the EGP message starting with the EGP versionnumber field. When computing the checksum thechecksum field itself should be zero. Autonomous System Number :: Assigned number identifying the particular autonomoussystem. Sequence Number :: Send state variable (com: mands) or receive state variable (responses and in: dications).

4-48

IP: Internet Protocol (IPv4):

Protocol Structure

32bit

32bit
32bit 4 8 16
32bit 4 8 16
4 8 16

4 8

4 8 16

16

32bit 4 8 16
32bit 4 8 16

Version

IHL

Type of service

Total length

Identification

Flags

Fragment

offset

 

Header

Time to live

Protocol

 

checksu

m

Source address

Destination address

Option + Padding

Data

Version— 4:bit field indicates the version of IP cur: rentlyused. IP Header Length (IHL)— is the datagram header length in 32:bit words. Points to the beginning of the data. The minimum value for a correct header

is5.

Type:of:Service— indicates the quality of service desired by specifying how an upper:layer protocol wouldlikeacurrentdatagramtobehandled,andas:

signsdatagramsvariouslevelsofimportance.These 8 bits fields are used for the assignment of Prece: dence, Delay, Throughput andReliability. Total Length—specifies the length, in bytes, of the entire IP packet, including the data and header. The maximum length which can be specified by this field is 65,535 bytes. Typically, hosts are prepared to ac: cept datagrams up to

576bytes.

Identification—contains an integer that identifies the current datagram. This field is assigned by senderto help receiver to assemble the datagramfragments. Flags—consists of a 3:bit field of which the two low: order (least:significant) bits control fragmentation. The low:order bit specifies whether the packet can be fragmented. The middle bit specifies whether the packet is the last fragment in a series of fragmented packets. The third or high:order bit is notused. FragmentOffset—This13:bitsfieldindicatesthepo: sition of the fragment’s data

4-49

relative to the beginning ofthedataintheoriginaldatagram,whichallowsthe destination IP process to properly reconstruct the originaldatagram. Time:to:Live— is a counter that gradually decre: ments down to zero, at which point the datagram is discarded.Thiskeepspacketsfromloopingendless:

ly. Protocol—indicates which upper:layer protocol re: ceives incoming packets after IP processing is com: plete. Header Checksum—helps ensure IP header integ: rity. Since some header fields change, e.g., Time to Live,thisisrecomputedandverifiedateachpointthe Internet header isprocessed. Source Address—specifies the sendingnode.

Destination Address—specifies the receivingnode.

Options—allows IP to support various options, such assecurity.

Data—contains upper:layerinformation.

IPv6: Internet Protocol version 6:

Protocol Structure

4

12

16

24 32bit

4 12 16 24 32bit
4 12 16 24 32bit

Version

Priority

Payload length

Flow label

Next header

Hop limit

Source address (128 bits)

Destination address (128 bits)

Version – 4:bit Internet Protocol Version number (IPv6 is6). Priority::8:bittrafficclassfieldenablesasourceto identify the desired delivery priority of the packets. Priority values are divided into ranges: traffic where the source provides congestion control andnon:congestion control traffic. Flow label :: 20:bit flow label is used by a source to label those products for which it requests special handlingbytheIPv6router.Theflowisuniquelyiden:

tified by the combination of a source address and a non:zero flowlabel. Payloadlength::16:bitintegerinoctetsisthelength of payload includingheader. Next header – 8:bit selector identifies the type of header immediately following the IPv6header.

4-50

Hop limit :: 8:bit integer that is decremented by one byeachnodethatforwardsthepacket.Thepacketis discarded if the Hop Limit is decremented tozero. Sourceaddress::128:bitaddressoftheoriginatorof the packet. Destination address :: 128:bit address of the intend: ed recipient of the packet (possibly not the ultimate recipient, if a Routing header ispresent).

ICMP & ICMPv6: Internet Message Control Protocol and ICMP version 6:

Protocol Structure

8 16 32bit
8 16 32bit
8 16 32bit
8 16 32bit

8

16

32bit

Type

Code

Identifier

Checksum

Sequence number

Address mask

Type:: Messages can be error or informationalmes sages. Error messages can be Destination unreach: able, Packet too big, Time exceed, Parameter prob:

lem. The possible informational messages are, Echo Request, Echo Reply, Group Membership Query, Group Membership Report, Group Membership Re duction. Code :: For each type of message several different codes are defined. An example of this is the Desti: nation Unreachable message, where possible mes: sages are: no route to destination, communication with destination administratively prohibited, not a neighbor, address unreachable, port unreachable. For further details, refer to thestandard. Checksum :: The 16:bit one’s complement of the one’s complement sum of the ICMP message start: ing with the ICMP Type. For computing the check:

sum, the checksum field should bezero. Identifier :: An identifier to aid in matching requests/ replies; may bezero. Sequence number :: Sequence number to aid in matching requests/replies; may bezero. Address mask :: A 32:bitmask.

4-51

IRDP: ICMP Router Discovery Protocol:

Protocol Structure

ICMP Router Advertisement Message

8 16 32bit
8 16 32bit

8

16

32bit

8 16 32bit

Type

Code

Checksum

Num addrs

Addr Entry Size

Life Time

Router address 1

Preference Level 1

IP Fields:

Source Address : An IP address belonging to the in: terface from which this message issent. Destination Address : The configured Advertisement Address or the IP address of a neighboringhost. Time:to:Live : 1 if the Destination Address is an IP multicast address; at least 1otherwise.

Checksum field is set to 0. NumAddrs : The number of router addresses adver: ti sed in thismessage. AddrEntrySize:Thenumberof32:bitwordsofin formation per each router address (2, in the version of the protocol described here).

Lifetime : The maximum number of seconds that the router addresses may be consideredvalid. Router Address[i] : The sending router’s IP address (es) on the i = 1 Num Addrsinterface from which this message issent.

Preference Level[i] : The preferability of eachRouter Address[i] i = 1 router ad: dress,relativetootherrouteraddressesonthesame subnet.

Num

Addrs as a default

ICMP Router Solicitation Message:

8 Type Code 16 Checksum 32bit
8 Type Code 16 Checksum 32bit

8

Type

Code

16

Checksum

32bit

8 Type Code 16 Checksum 32bit

Reserved

P Fields:

Source Address : An IP address belonging to the inter: face from which this

4-52

message is sent, or0. Destination Address : The configured SolicitationAd: dress.

Time:to:Live : 1 if the Destination Address is an IP mul: ticast address; at least

1otherwise.

ICMP Fields:

Type :10

Code :0

Checksum

:

The

16:bit

one’s

complement of the one’s

complementsumoftheICMPmessage,startingwiththe ICMP Type. For computing the checksum, the Check: sum field is set to0. Reserved : Sent as 0; ignored onreception.

Mobile IP: IP Mobility Support Protocol for IPv4 & IPv6:

Key Features M o b i l e M o b i l e IPv4
Key Features M o b i l e M o b i l e IPv4
Key Features M o b i l e M o b i l e IPv4
Key Features M o b i l e M o b i l e IPv4

Key Features

M o b i l e

M o b i l e

IPv4

IPv6

Special router as foreign agent

Yes

No

Support for route optimization Part of the protocol In Exten: sions Ensuresymmetricreachabilitybe: No
Support for route optimization Part of the protocol In Exten: sions Ensuresymmetricreachabilitybe: No

Support for route optimization

Part of the protocol

In

Exten:

sions

Ensuresymmetricreachabilitybe:

No

Yes

tweenmobilenodesanditsrouter

at

currentlocation

Routing bandwidth overhead

More

Less

Decouple from Link Layer

No

Yes

Need to manage “Tunnel soft state”

Yes

No

Dynamic home agent address discovery

No

Yes

Protocol Structure Mobility IPv6 Protocol header structure:

8 16 24 32bit
8 16 24 32bit

8

16

24 32bit

8 16 24 32bit
8 16 24 32bit Checksum Data :::

Checksum

Data :::

Next Header : Identifies the protocol following this header. Length : 8 bits unsigned. Size of the header in units of 8 bytes excluding the first 8

Next Header

Length

Type

reserved

4-53

bytes. Type : Mobility message types.

Type 0 Description BRR, Binding Refresh Request.

Type

0

Description

BRR, Binding Refresh Request.

1

2

3

4

5

6

7

HoTI, Home Test Init.

CoTI, Care:of Test Init.

HoT, Home Test.

CoT, Care:of Test.

BU, Binding Update.

Binding Acknowledgement.

BE, Binding Error.

Reserved : MUST be cleared to zero by the sender and MUST be ignored by the receiver. Checksum : The 16 bit one’s complement checksum of the Mobility Header. Data : Variable length.

OSPF: Open Shortest Path First protocol (version 2):

Protocol Structure

8 16 32bit
8 16 32bit

8

16

32bit

Version No.

Packet Type

Router ID

Packet length

Area ID

Checksum

AuType

Authentication (64 bits)

Version number : Protocol version number (currently 2).

 

Packet type : Valid types are as follows:

Hello

DatabaseDescription

 

Link StateRequest

Link StateUpdate

 

Link StateAcknowledgment.

 

Packet

length

:

The

length

of

the

protocol

packet

i n

bytes.ThislengthincludesthestandardOSPFhead: er.

4-54

Router ID : The router ID of the packet’s source. In OSPF, the source and destination of a routing pro: tocol packet are the two ends of a (potential) adja: cency. AreaID:identifyingtheareathatthispacketbelongs to. All OSPF packets are associated with a single area. Most travel a single hoponly. Checksum : The standard IP checksum of the entire contentsofthepacket,startingwiththeOSPFpacket header but excluding the 64:

bit authenticationfield. AuType : Identifies the authentication scheme to be used for thepacket. Authentication : A 64:bit field for use by theauthent i: cation scheme.

RIP: Routing Information Protocol (RIP2):

Protocol Structure

8

16

32bit

8 16 32bit
8 16 32bit
8 16 32bit
8 16 32bit

Command

Version

Address family identifier

Unused

Route tag (only for RIP2; 0 for RIP)

IP address

Subnet mask (only for RIP2; 0 for RIP)

Next hop (only for RIP2; 0 for RIP)

Metric

Command :: The command field is used to specify the purpose of the datagram. There are five com: mands: Request, Response, Traceon (obsolete), Traceoff (Obsolete) andReserved. Version :: The RIP version number. The current ver: sion is2. Address family identifier :: Indicates what type ofad: dress is specified in this particular entry. This isused because RIP2 may carry routing information for sev:

eral different protocols. The address family identifier for IP is 2. Routetag::Attributeassignedtoaroutewhichmust be preserved and readvertised with a route. The route tag provides a method of separating internal RIProutes(routesfornetworkswithintheRIProuting domain) from external RIP routes, which may have been imported from an EGP or anotherIGP. IP address :: The destination IPaddress.

4-55

Subnet

hostportionoftheaddress.Ifzero,then no subnet mask has been included for thisentry.

mask

Value

applied

to

the

IP

address

to

yieldthenon:

::

Next hop :: Immediate next hop IP address to which packets to the destination specified by this route en: try should beforwarded. Metric :: Represents the total cost of getting a data: gram from the host to that destination. This metric is the sum of the costs associated with the networks that would be traversed in getting to thedestination.

RIPng: Routing Information Protocol next generation for IPv6:

Protocol Structure

Command (1 byte)

Version (1 byte)

0 (2 bytes)

Route table entry 1 (20 bytes)

.

.

Route table entry N (20 bytes)

Command :: Two commandsare:

 

Request A request for the responding system to send all or part of its routingtable

Response

A

message

containing

all

or

part

of

the

sender’s

routingtable. Version :: The version of the protocol. The current version is version1.

 

Routetableentry::Eachroutetableentrycontainsa destinationprefix,thenumberofsignificantbitsinthe reaching thatdestination.

prefix

and

the

cost

of

RSVP: Resource ReSerVation Protocol:

Protocol Structure

4 8 16 32 bit
4 8 16 32 bit

4

8

16

32 bit

4 8 16 32 bit
4 8 16 32 bit Version Flags Message type RSVP checksum Send TTL (Reserved) RSVP length

Version

Flags

Message type

RSVP checksum

Send TTL

(Reserved)

RSVP length

Version:: The protocol version number, thecurrent version is1.

Flags :: No flag bits are definedyet.

4-56

Messagetype::Possiblevaluesare:1Path,2Resv, 3 PathErr, 4 ResvErr,, 5 PathTear, 6 ResvTear, 7 ResvConf.

RSVP checksum :: The checksum for message er: rors.

Send TTL :: The IP TTL value with which the mes: sa ge wassent.

RSVP length :: The total length of the RSVP mes: sa ge in bytes, including the common header and the variable length objects thatfollow.

BGMP: Border Gateway Multicast Protocol:

Protocol Structure

16

 

24

32bit

Length

Type

Reserved

Length : The total length of the message including the header in octets. It

allows

one

to

locate

in

the

transport:level

stream the start of the

nextmessage.

 

Type

:

The

type

code

of

the

message.

The

following

type

codes

areavailable:

1

OPEN;

2

UPDATE;

3

NOTIFICATION;

4

KEEPALIVE

After a transport protocol connection is established, the first message sent by each side is an OPEN message. If the OPEN message is acceptable, a KEEPALIVE message confirming the OPEN is sent back. Once the OPEN is confirmed, UPDATE, KEEPALIVE, and NOTI:

FICATION messages may be exchanged. The format of each message type is different.

4-57

IGMP: Internet Group Management Protocol:

Protocol Structure

There

mentedforIGMPv3tofunctionproperlyandbecompatiblewith previousversions:

are

basically

5

types

of

messages

that

must

0x11: membership query 0x22: version 3 membership report 0x12: version 1 membership report 0x16: version 2 membership report

be

imple:

0x17 version 2 leave group Asanexample,themessageformatfor0x11(membershipque: ry) isdisplayed:

Source Address (1)

Source Address (N)

8

16

32 bit

Max response

Group address

RSV

S QRV

QQIC

Number of Source

Type :: The message type: 0x11 (Membership que: ry). Max Response Time :: Used only in Membership query messages. Specifies the maximum time al: lowed, in units of 1/10 second, before sending a responding report. In all other messages, it is set to 0 by the sender and ignored by thereceiver. Checksum :: The checksum for messageerrors

GroupAddress::TheGroupaddressissetto0when sendingageneralquery.Itissettothegroupaddress being queried, when sending a group specific query orgroup:and:source:specificquery.Inamembership report of a leave group message, it holds the IPmulticast group address of the group being reported or left. RSV – Reserved; Set to zero on transmission, and ignored onreception. QQIC – Querier’s Query IntervalCode

Number of Source (N) :: The number of source ad: dresses in thismessage.

Type

time

Checksum

4-58

Source Address – The vector of the IP unicast ad: d ress

IPCP and IPv6CP: IP Control Protocol and IPv6 Control Protocol:

Protocol Structure

IPCP and IPv6CP configuration option packet header:

8 16 32bit Type Length Configuration Option
8 16 32bit Type Length Configuration Option

8

16

32bit

Type

Length

Configuration Option

Type – 1 for IP:Address, 2 for IP:CompressionProtocol, and 3 forIP:Address Length >=4 Configuration Option : The field is two octets and indi: cates one of the followingoptions:

For IPCP:

Type 1: IP:Addresses Type 2: IP:Compression Protocol Type 3: IP:Address. For IPv6CP:

Type 1: Interface – Identifier Type 2: IPv6:Compression Protocol IPCP and IPv6CP header structure:

8 16 32bit
8 16 32bit

8 16

32bit

8 16 32bit

Data (variable)

Code : Specifies the function to beperformed.

Identifier : Used to match requests andreplies.

Length : Size of the packet including theheader.

Data :Zero or more bytes of data as indicated by the Length. This field may contain one or moreOptions.

Code

Identifier

Length

4-59

RARP: Reverse Address Resolution Protocol:

Protocol Structure

The protocol header for RARP is the same as for ARP:

16

32bit

16 32bit Hlen Plen Operation
16 32bit Hlen Plen Operation

Hlen

Plen

Operation

Hardware Type

Protocol Type

Sender Hardware Address

Sender Protocol Address

Target Hardware Address

Target Protocol Address

Hardware type : Specifies a hardware interface type for which the sender

requires aresponse. Protocol type : Specifies the type of high:level protocol address the sender

hassupplied. Hlen : Hardware addresslength.

Plen : Protocol addresslength.

Operation : The values are asfollows:

ARPrequest.

ARPresponse.

RARPrequest.

RARPresponse.

Dynamic RARPrequest.

Dynamic RARPreply.

Dynamic RARPerror.

InARPrequest.

InARPreply.

Sender hardware address :HLen bytes inlength.

Sender protocol address : PLen bytes inlength.

Target hardware address : HLen bytes inlength.

Targetprotocol address : PLen bytes inlength.

4-60

Network Security Technologies and Protocols:

Protocols

The key protocols for AAA and VPN:

Authentication

Authorization

Accounting

Tunneling

Secured Routing

Others

Kerberos: Network Authentication Protocol

RADIUS: Remote Authentication Dial In User Service

SSH: Secure Shell Protocol

L2F: