TCP 3

6*&3
1he command line is composed o:

Name o the requested erb.
1ransaction identiier, correlates commands and responses. 1ransaction
identiiers may hae alues between 1 and 999999999 and transaction
identiiers are not reused sooner than 3 minutes ater completion o the
preious command in which the identiier was used.
Name o the endpoint that should execute the command ,in
notiications, the name o the endpoint that is issuing the notiication,.
Protocol ersion.
1hese our items are encoded as strings o printable ASCII characters,
separated by white spaces, i.e. the ASCII space ,0x20, or tabulation ,0x09,
characters. It is recommended to use exactly one ASCII space separator.
572 TCP/IP Suite
'16
RlC 1035 198-11 http:,,www.cis.ohio-state.edu,htbin,rc,rc1035.html
RlC 106 1994-01 http:,,www.cis.ohio-state.edu,htbin,rc,rc106.html
1he Domain Name Serice ,DNS, protocol searches or resources using a
database distributed among dierent name serers.
1he DNS message header structure is shown in the ollowing illustration:
16 21 28 32 bits
ID Q Query A T R V B Rcode
Question count Answer count
Authority count Additional count
'16PHVVDJHKHDGHUVWUXFWXUH
,'
16-bit ield used to correlate queries and responses.
4
1-bit ield that identiies the message as a query or response.
4XHU\
4-bit ield that describes the type o message:
0 Standard query ,name to address,.
1 Inerse query ,address to name,.
2 Serer status request.
$
Authoritatie Answer. 1-bit ield. \hen set to 1, identiies the response as
one made by an authoritatie name serer.
7
1runcation. 1-bit ield. \hen set to 1, indicates the message has been
truncated.
5
1-bit ield. Set to 1 by the resole to request recursie serice by the name
serer.
'16
9
1-bit ield. Signals the aailability o recursie serice by the name serer.
%
3-bit ield. Resered or uture use. Must be set to 0.
5&RGH
Response Code. 4-bit ield that is set by the name serer to identiy the
status o the query:
0 No error condition.
1 Unable to interpret query due to ormat error.
2 Unable to process due to serer ailure.
3 Name in query does not exist.
4 1ype o query not supported.
5 Query reused.
4XHVWLRQFRXQW
16-bit ield that deines the number o entries in the question section.
$QVZHUFRXQW
16-bit ield that deines the number o resource records in the answer
section.
$XWKRULW\FRXQW
16-bit ield that deines the number o name serer resource records in the
authority section.
$GGLWLRQDOFRXQW
16-bit ield that deines the number o resource records in the additional
records section.
574 TCP/IP Suite
1HW%,26,3
IL1l RlC 1002 http:,,www.cis.ohio-state.edu,htbin,rc,rc1002.html
NetBIOS,IP is a standard protocol to support NetBIOS serices in a
1CP,IP enironment. Both local network and Internet operations are
supported. Various node types are deined to accommodate local and
Internet topologies and to allow operation with or without the use o IP
broadcast.
NetBIOS types may be Name Serice, Session or Datagram.
1he ormat o the header is shown in the ollowing illustration:
16 21 28 32 bits
Name_trn_id Opcode Nm_flags Rcode
Qdcount (16 bits) Ancount (16 bits)
Nscount (16 bits) Arcount (16 bits)
1HW%,26,3KHDGHUVWUXFWXUH
1DPHBWUQBLG
1ransaction ID or the Name Serice 1ransaction.
2SFRGH
Packet type code: Possible alues are:
0 Query.
5 Registration.
6 Release.
\ACK.
8 Reresh.
1PBIODJV
llags or operation.
5FRGH
Result codes o request.
4GFRXQW
Unsigned 16 bit integer speciying the number o entries in the question
section o a name.
Net8ICS/IP 575
$QFRXQW
Unsigned 16 bit integer speciying the number o resource records in the
answer section o a name serice packet.
1VFRXQW
authority section o a name serice packet.
$UFRXQW
additional records section o a name serice packet.
57 TCP/IP Suite
)73
IL1l RlC 959 1985-10 http:,,www.cis.ohio-state.edu,htbin,rc,rc959.html
1he lile 1ranser Protocol ,l1P, proides the basic elements o ile sharing
between hosts. l1P uses 1CP to create a irtual connection or control
inormation and then creates a separate 1CP connection or data transers.
1he control connection uses an image o the 1LLNL1 protocol to
exchange commands and messages between hosts.
&RPPDQGV
l1P control rames are 1LLNL1 exchanges and can contain 1LLNL1
commands and option negotiation. Howeer, most l1P control rames are
simple ASCII text and can be classiied as l1P commands or l1P
messages. 1he standard l1P commands are as ollows:
&RPPDQG 'HVFULSWLRQ
ABOR Abort data connection process.
ACC1 account Account or system priileges.
ALLO bytes Allocate bytes or ile storage on serer.
APPL ilename Append ile to ile o same name on serer.
CDUP dir path Change to parent directory on serer.
C\D dir path Change working directory on serer.
DLLL ilename Delete speciied ile on serer.
HLLP command Return inormation on speciied command.
LIS1 name List inormation i name is a ile or list iles i
name is a directory.
MODL mode 1ranser mode ,S~stream, B~block,
C~compressed,.
MKD directory Create speciied directory on serer.
NLS1 directory List contents o speciied directory.
NOOP Cause no action other than acknowledgement
rom serer.
PASS password Password or system log-in.
PASV Request serer wait or data connection.
POR1 address IP address and two-byte system port ID.
P\D Display current working directory.
QUI1 Log o rom the l1P serer.
RLIN Reinitialize connection to log-in status.
)73
&RPPDQG 'HVFULSWLRQ
RLS1 oset Restart ile transer rom gien oset.
RL1R ilename Retriee ,copy, ile rom serer.
RMD directory Remoe speciied directory on serer.
RNlR old path Rename rom old path.
RN1O new path Rename to new path.
SI1L params Site speciic parameters proided by serer.
SMN1 pathname Mount the speciied ile structure.
S1A1 directory Return inormation on current process or
directory.
S1OR ilename Store ,copy, ile to serer.
S1OU ilename Store ile to serer name.
S1RU type Data structure ,l~ile, R~record, P~page,.
S\S1 Return operating system used by serer.
1\PL data type Data type ,A~ASCII, L~LBCDIC, I~binary,.
USLR username User name or system log-in.
0HVVDJHV
l1P messages are responses to l1P commands and consist o a response
code ollowed by explanatory text. Standard l1P messages are as ollows:
5HVSRQVH&RGH ([SODQDWRU\7H[W
110 Restart marker at MARK yyyy~mmmm ,new ile
pointers,.
120 Serice ready in nnn minutes.
125 Data connection open, transer starting.
150 Open connection.
200 OK.
202 Command not implemented.
211 ,System status reply,.
212 ,Directory status reply,.
213 ,lile status reply,.
214 ,Help message reply,.
215 ,System type reply,.
220 Serice ready.
221 Log o network.
225 Data connection open.
226 Close data connection.
22 Lnter passie mode ,IP address, port ID,.
230 Log on network.
578 TCP/IP Suite
250 lile action completed.
25 Path name created.
331 Password required.
332 Account name required.
350 lile action pending.
421 Serice shutting down.
425 Cannot open data connection.
426 Connection closed.
450 lile unaailable.
451 Local error encountered.
452 Insuicient disk space.
500 Inalid command.
501 Bad parameter.
503 Bad command sequence.
504 Parameter inalid or command.
530 Not logged onto network.
532 Need account or storing iles.
550 lile unaailable.
551 Page type unknown.
552 Storage allocation exceeded.
553 lile name not allowed.
TFTP 579
7)73
IL1l RlC 83 http:,,www.cis.ohio-state.edu,htbin,rc,rc83.html
1he 1riial lile 1ranser Protocol ,1l1P, uses UDP. 1l1P supports ile
writing and reading, it does not support directory serice o user
authorization.
&RPPDQGV
1he ollowing are 1l1P commands:
&RPPDQG 'HVFULSWLRQ
Read Request Request to read a ile.
\rite Request Request to write to a ile.
lile Data 1ranser o ile data.
Data Acknowledge Acknowledgement o ile data.
Lrror Lrror indication.
3DUDPHWHUV
1l1P Read and \rite Request commands use the ollowing parameters:
3DUDPHWHU 'HVFULSWLRQ
lilename 1he name o the ile, expressed in quotes, where
the protocol is to perorm the read or write
operation.
Mode Datamode. 1he ormat o the ile data that the
protocol is to transer. 1he ollowing ormats are
possible:
NetASCII Standard ASCII character ormat.
Octet Light-bit binary data.
Mail Standard ASCII character ormat
with username in place o ilename.
1l1P data and data acknowledge commands use the ollowing parameters:
&RPPDQG 'HVFULSWLRQ
Block Block number or sequence number o the current
rame o ile data.
Data lirst part o the ile data displayed or 1l1P data
rames.
580 TCP/IP Suite
&RPPDQG 'HVFULSWLRQ
1l1P Lrrors 1l1P error rames contain an error code in
parentheses ollowed by the error message, as
ollows:
,0000, Unknown Lrror.
,0001, lile not ound.
,0002, Access iolation.
,0003, Out o disk space.
,0004, Illegal 1l1P operation.
,0005, Unknown 1ranser ID.
,0006, lilename already exists.
,000, Unknown user.
Finer 581
)LQJHU
RlC 1288 http:,,www.cis.ohio-state.edu,htbin,rc,rc1288.html
1he linger user inormation protocol is a simple protocol which proides
an interace to a remote user inormation program. It is a protocol or the
exchange o user inormation, based on the 1ransmission Control Protocol,
using 1CP port 9 decimal ,11 octal,. 1he local host opens a 1CP
connection to a remote host on the linger port. An RUIP becomes
aailable on the remote end o the connection to process the request. 1he
local host sends the RUIP a one line query based upon the linger query
speciication, and waits or the RUIP to respond. 1he RUIP receies and
processes the query, returns an answer, then initiates the close o the
connection. 1he local host receies the answer and the close signal, then
proceeds closing its end o the connection.
1he linger protocol displays data. Any data transerred must be in ASCII
ormat, with no parity, and with lines ending in CRLl ,ASCII 13 ollowed
by ASCII 10,. 1his excludes other character ormats such as LBCDIC, etc.
1his also means that any characters between ASCII 128 and ASCII 255
should truly be international data, not -bit ASCII with the parity bit set.
Note: i ASCII 13 ollowed by ASCII 10 transerred, the character won`t
display ,because the only meaning is to end the line,.
582 TCP/IP Suite
*RSKHU
1he Internet Gopher protocol and sotware ollow a client-serer model.
1his protocol assumes a reliable data stream, 1CP is assumed. Gopher
serers listen on port 0 ,port 0 is assigned to Internet Gopher by IANA,.
Documents reside on many autonomous serers on the Internet. Users run
client sotware on their desktop systems, connecting to a serer and sending
the serer a selector ,a line o text, which may be empty, ia a 1CP
connection at a well-known port. 1he serer responds with a block o text
terminated by a period on a line by itsel and closes the connection. No state
is retained by the serer.
1he irst character on each line tells whether the line describes a document,
directory, or search serice ,characters 0`, 1`, `, there are a handul more
o these characters described later,. 1he succeeding characters up to the tab
orm a user display string to be shown to the user or use in selecting this
document ,or directory, or retrieal. 1he irst character o the line is really
deining the type o item described on this line. In nearly eery case, the
Gopher client sotware will gie the users some sort o idea about what type
o item this is ,by displaying an icon, a short text tag, or the like,.
1he characters ollowing the tab, up to the next tab orm a selector string
that the client sotware must send to the serer to retriee the document ,or
directory listing,. 1he selector string should mean nothing to the client
sotware, it should neer be modiied by the client. In practice, the selector
string is oten a pathname or other ile selector used by the serer to locate
the item desired. 1he next two tab delimited ields denote the domain-name
o the host that has this document ,or directory,, and the port at which to
connect. I there are yet other tab delimited ields, the basic Gopher client
should ignore them. A CR Ll denotes the end o the item.
,WHPW\SHFKDUDFWHUV
1he client sotware decides what items are aailable by looking at the irst
character o each line in a directory listing. Augmenting this list can extend
the protocol. A list o deined item-type characters ollows:
0 Item is a ile.
1 Item is a directory.
2 Item is a CSO phone-book serer.
3 Lrror.
Gopher 583
4 Item is a BinHexed Macintosh ile.
5 Item is DOS binary archie o some sort. 1he client must read until
the 1CP connection closes.
6 Item is a UNIX uuencoded ile.
Item is an Index-Search serer.
8 Item points to a text-based telnet session.
9 Item is a binary ile. 1he client must read until the 1CP connection
closes.
- Item is a redundant serer
1 Item points to a text-based tn320 session.
g Item is a GIl ormat graphics ile.
I Item is some kind o image ile. 1he client decides how to display.
Characters 0` through Z` are resered. Local experiments should use other
characters. Machine-speciic extensions are not encouraged. Note that or
type 5 or type 9 the client must be prepared to read until the connection
closes. 1here will be no period at the end o the ile, the contents o these
iles are binary and the client must decide what to do with them based
perhaps on the .xxx extension.
584 TCP/IP Suite
+773
1he Hypertext 1ranser Protocol ,H11P, is an application-leel protocol
with the lightness and speed necessary or distributed, collaboratie,
hypermedia inormation systems. Messages are passed in a ormat similar to
that used by Internet Mail and the Multipurpose Internet Mail Lxtensions
,MIML,.
5HTXHVW3DFNHW
1he ormat o the Request packet header is shown in the ollowing
illustration:
Method Request URI HTTP version
+773UHTXHVWSDFNHWVWUXFWXUH
0HWKRG
1he method to be perormed on the resource.
5HTXHVW85,
1he Uniorm Resource Identiier, the resource upon which to apply the
request, i.e. the network resource.
+773YHUVLRQ
1he H11P ersion being used.
5HVSRQVH3DFNHW
1he ormat o the Response packet header is shown in the ollowing
illustration:
HTTP version Status code Reason phrase
+773UHVSRQVHSDFNHWVWUXFWXUH
+773YHUVLRQ
1he H11P ersion being used.
HTTP 585
6WDWXVFRGH
A 3 digit integer result code o the attempt to understand and satisy the
request.
5HDVRQSKUDVH
A textual description o the status code.
58 TCP/IP Suite
6+773
drat-iet-wts-shttp-06
Secure H11P ,S-H11P, proides secure communication mechanisms
between an H11P client-serer pair in order to enable spontaneous
commercial transactions or a wide range o applications. S-H11P proides
a lexible protocol that supports multiple orthogonal operation modes, key
management mechanisms, trust models, cryptographic algorithms and
encapsulation ormats through option negotiation between parties or each
transaction. Syntactically, S-H11P messages are the same as H11P,
consisting o a request or status line ollowed by headers and a body.
Howeer, the range o headers is dierent and the bodies are typically
cryptographically enhanced.
IMAP4 587
,0$3
1he Internet Message Access Protocol, Version 4 reision 1 ,IMAP4, allows
a client to access and manipulate electronic mail messages on a serer.
IMAP4 permits manipulation o remote message olders, called mailboxes,
in a way that is unctionally equialent to local mailboxes. IMAP4 also
proides the capability or an oline client to resynchronize with the serer.
IMAP4 includes operations or creating, deleting, and renaming mailboxes,
checking or new messages, permanently remoing messages, setting and
clearing lags, parsing, searching, and selectie etching o message
attributes, texts, and portions thereo. Messages in IMAP4 are accessed by
the use o numbers. 1hese numbers are either message sequence numbers
or unique identiiers.
IMAP4 consists o a sequence o textual messages which contain
commands, status messages, etc. Lach message ends with crl,carriage
return and line eed,. lor example:
Server Message: "a002 OK [READ-WRITE] SELECT
completed<crlf>"
Client Message: "a001 login mrc secret<crlf>"
1here are no other predeined ields.
588 TCP/IP Suite
,3'&
Internet Drats: - drat-taylor-ipdc-00.txt and drat-calhoun-diameter-0.txt.
http:,,www.iet.org,internet-drats,drat-taylor-ipdc-00.txt
http:,,www.iet.org,internet-drats,drat-calhoun-diameter-0.txt
1he IP Deice Control ,IPDC, is a amily o protocols which is proposed as
a protocol suite, components o which can be used indiidually or together
to perorm connection control, media control, and signalling transports. It
ulils a need or one or more protocols to control gateway deices which sit
at the boundary between the circuit- switched telephone network and the
internet and terminate circuit- switched trunks. Lxamples o such deices
include network access serers and oice-oer-IP gateways. 1he need or a
control protocol separate rom call signalling, arises when the serice control
logic needed to process calls lies partly or wholly outside the gateway
deices.
IPDC was built on the base structure proided by the DIAML1LR
protocol which was speciically written or authentication, authorization and
accounting applications.
1here are two dierent types o IPDC,DIAML1LR messages: header-only
messages and messages containing Attribute-Value Pairs ,AVPs, in addition
to headers. Header-only messages are used or explicitly acknowledging
packets to the peer. An AVP is a data object encapsulated in a header. 1he
general ormat o the header is shown in the ollowing illustration:
8 13 16 32 bits
Radius PCC Pkt flags Ver Packet length
Identifier
Next sent Next received
Attributes
,3'&KHDGHUVWUXFWXUH
5DGLXV3&&
Radius packet compatibility code, used or Radius backward compatibility.
In order to easily distinguish DIAML1LR,IPDC messages rom Radius, a
special alue has been resered and allows an implementation to support
IPDC 589
both protocols concurrently using the irst octet in the header. 1he Radius
PCC ield must be set to 254 or DIAML1LR,IPDC messages.
3NWIODJV
Packet lags. Used to identiy any options. 1his ield must be initialized to
zero. 1he \indow-Present lag may be set ,0x1,, thus indicating that the
Next Send and Next Receied ields are present. 1his lag must be set unless
the underlying layer proides reliability ,i.e., 1CP,.
9HUVLRQ
Indicates the ersion number associated with the packet receied. 1his ield
is set to 1 to indicate IPDC ersion 1.
3DFNHWOHQJWK
Indicates the length o the message including the header ields. 1hus the
message AVP content cannot exceed 65,528 octets. lor messages receied
ia UDP, octets outside the range o the length ield should be treated as
padding and are ignored upon receipt.
,GHQWLILHU
Aids in matching requests and replies.
1H[WVHQW1V
Present when the \indow-Present bit is set in the header lags. 1he Next
Send ,Ns, is copied rom the send sequence number state ariable, Ss, at the
time the message is transmitted.
1H[WUHFHLYHG
1his ield is present when the \indow-Present bit is set in the header lags.
Nr is copied rom the receie sequence number state ariable, Sr, and
indicates the sequence number, Ns, -1 o the highest ,modulo 2`16, in-
sequence message receied.
$WWULEXWHV
IPDC Attributes carry the speciic commands and parameters which must
be exchanged between IPDC protocol endpoints to perorm the tasks
associated with Media Gateway control.
590 TCP/IP Suite
,6$.03
RlC2408 http:,,www.cis.ohio-state.edu,htbin,rc,rc2408.html
1he Internet Security Association and Key Management Protocol, ersion
4re1 ,ISAKMP,, deines procedures and packet ormats to establish,
negotiate, modiy and delete Security Associations ,SA,. SAs contain all the
inormation required or execution o arious network security serices,
such as the IP layer serices ,such as header authentication and payload
encapsulation,, transport or application layer serices, or sel-protection o
negotiation traic. ISAKMP deines payloads or exchanging key generation
and authentication data. 1hese ormats proide a consistent ramework or
transerring key and authentication data which is independent o the key
generation technique, encryption algorithm and authentication mechanism.
8 12 16 24 32 bits
Initiator cookie (8 bytes)
Responder cookie (8 bytes)
Next payload MjVer MnVer Exchange type Flags
Message ID
Length
,6$.03KHDGHUVWUXFWXUH
,QLWLDWRUFRRNLH
Cookie o entity that initiated SA establishment, SA notiication, or SA
deletion.
5HVSRQGHUFRRNLH
Cookie o entity that is responding to an SA establishment, SA notiication,
or SA deletion.
1H[WSD\ORDG
Indicates the type o the irst payload in the message. Possible types are:
0 None.
1 Security Association ,SA,.
2 Proposal ,P,.
ISAKMP 591
3 1ransorm ,1,.
4 Key Lxchange ,KL,.
5 Identiication ,ID,.
6 Certiicate ,CLR1,.
Certiicate Request ,CR,.
8 Hash ,HASH,.
9 Signature ,SIG,.
10 Nonce ,NONCL,.
11 Notiication ,N,.
12 Delete ,D,.
13 Vendor ID ,VID,.
14 - 12 Resered.
128 - 255 Priate use.
0M9HU
Major Version, indicates the major ersion o the ISAKMP protocol in use.
Implementations based on RlC2408 must set the Major Version to 1.
Implementations based on preious ersions o ISAKMP Internet- Drats
must set the Major Version to 0. Implementations should neer accept
packets with a major ersion number larger than its own.
0Q9HU
Minor Version - indicates the minor ersion o the ISAKMP protocol in
use. Implementations based on RlC2408 must set the minor ersion to 0.
Implementations based on preious ersions o ISAKMP Internet- Drats
must set the minor ersion to 1. Implementations should neer accept
packets with a minor ersion number larger than its own.
([FKDQJH7\SH
1he type o exchange being used. 1his dictates the message and payload
orderings in the ISAKMP exchanges. Possible alues are:
0 None
1 Base
2 Identity Protection
3 Authentication Only
4 Aggressie
5 Inormational
6 - 31 ISAKMP luture Use
32 - 239 DOI Speciic Use
240 - 255 Priate Use
592 TCP/IP Suite
)ODJV
Speciic options that are set or the ISAKMP exchange.
L,ncryption bit, ,bit 0, - Speciies that all payloads ollowing the header are
encrypted using the encryption algorithm identiied in the ISAKMP SA.
C,ommit bit, ,bit 1, - Signals key exchange synchronization. It is used to
ensure that encrypted material is not receied prior to completion o the SA
establishment.
A,uthentication Only Bit, ,bit 2, - Intended or use with the Inormational
Lxchange with a Notiy payload and will allow the transmission o
inormation with integrity checking, but no encryption.
All remaining bits are set to 0 beore transmission.
0HVVDJH,'
Unique Message Identiier used to identiy protocol state during Phase 2
negotiations. 1his alue is randomly generated by the initiator o the Phase 2
negotiation. In the eent o simultaneous SA establishments ,i.e., collisions,,
the alue o this ield will likely be dierent because they are independently
generated and, thus, two security associations will progress toward
establishment. Howeer, it is unlikely there will be absolute simultaneous
establishments. During Phase 1 negotiations, the alue must be set to 0.
/HQJWK
Length o total message ,header - payloads, in octets. Lncryption can
expand the size o an ISAKMP message.
NTP 593
173
1he Network 1ime Protocol ,N1P, is a time synchronization system or
computer clocks through the Internet network. It proides the mechanisms
to synchronize time and coordinate time distribution in a large, dierse
internet operating at rates rom mundane to light wae. It uses a returnable
time design in which a distributed sub network o time serers, operating in
a sel-organizing, hierarchical master-slae coniguration, synchronize logical
clocks within the sub network and to national time standards ia wire or
radio.
LI VN Mode Stratum Poll Precision
2 3 3 7 6 7 bits
173KHDGHUVWUXFWXUH
/,/HDS,QGLFDWRU
A 2-bit code warning o impending leap-second to be inserted at the end o
the last day o the current month. Bits are coded as ollows:
00 No warning.
01 -1 second ,ollowing minute has 61 seconds,.
10 -1 second ,ollowing minute has 59 seconds,.
11 Alarm condition ,clock not synchronized,.
91
Version number 3 bit code indicating the ersion number.
0RGH
1he mode: 1his ield can contain the ollowing alues:
0 Resered.
1 Symmetric actie.
2 Symmetric passie.
3 Client.
4 Serer.
5 Broadcast.
6 N1P control message.
594 TCP/IP Suite
6WUDWXP
An integer identiying the stratum leel o the local clock. Values are deined
as ollows:
0 Unspeciied.
1 Primary reerence ,e.g. radio clock,.
2...n Secondary reerence ,ia N1P,.
3ROO
Signed integer indicating the maximum interal between successie
messages, in seconds to the nearest power o 2.
3UHFLVLRQ
Signed integer indicating the precision o the local clock, in seconds to the
nearest power o 2.
PCP3 595
323
1he Post Oice Protocol ersion 3 ,POP3, is intended to permit a
workstation to dynamically access a maildrop on a serer host. It is usually
used to allow a workstation to retriee mail that the serer is holding or it.
POP3 transmissions appear as data messages between stations. 1he
messages are either command or reply messages.
59 TCP/IP Suite
5DGLXV
Radius is a protocol which manages dispersed serial line and modem pools
or large numbers o users. Since modem pools are by deinition a link to
the outside world, they require careul attention to security, authorization
and accounting. 1his is achieed by managing a single database o users,
which allows or authentication ,eriying user name and password, as well
as coniguration inormation detailing the type o serice to delier to the
user ,or example, SLIP, PPP, telnet, rlogin,.
Key eatures o RADIUS include:
Client,serer model.
Network security.
llexible authentication mechanisms.
Lxtensible protocol.
8 16 32 bits
Code Identifier Length
Authenticator
(16 bytes)
5DGLXVKHDGHUVWUXFWXUH
&RGH
1he message type.
,GHQWLILHU
1he identiier matches requests and replies.
/HQJWK
1he message length including the header.
$XWKHQWLFDWRU
A ield used to authenticate the reply rom the radius serer and in the
password hiding algorithm.
RLCGIN 597
5/2*,1
Remote LOGIN ,RLOGIN, allows UNIX users o one machine to connect
to other UNIX systems across an Internet and interact as i their terminals
are directly connected to the machines. 1his protocol oers essentially the
same serices as 1LLNL1.
598 TCP/IP Suite
5763
R1SP ,Real 1ime Streaming Protocol, is an application leel protocol or
control oer the deliery o data with real-time properties. R1SP proides
an extensible ramework to enable controlled, on-demand deliery o real-
time data, such as audio and ideo. Sources o data can include both lie
data eeds and stored clips. 1his protocol is intended to control multiple
data deliery sessions, proide a means or choosing deliery channels such
as UDP, multicast UDP and 1CP, and proide a means or choosing
deliery mechanisms based upon R1P.
1he streams controlled by R1SP may use R1P, but the operation o R1SP
does not depend on the transport mechanism used to carry continuous
media. 1he protocol is intentionally similar in syntax and operation to
H11P,1.1 so that extension mechanisms to H11P can in most cases also
be added to R1SP. Howeer, R1SP diers in a number o important
aspects rom H11P:
R1SP introduces a number o new methods and has a dierent protocol
identiier.
An R1SP serer needs to maintain state by deault in almost all cases, as
opposed to the stateless nature o H11P.
Both an R1SP serer and client can issue requests.
Data is carried out-o-band by a dierent protocol.
R1SP is deined to use ISO 10646 ,U1l-8, rather than ISO 8859-1,
consistent with current H1ML internationalization eorts.
1he Request-URI always contains the absolute URI. Because o
backward compatibility with an historical blunder, H11P,1.1 carries
only the absolute path in the request and puts the host name in a
separate header ield.
1his makes irtual hosting easier, where a single host with one IP address
hosts seeral document trees.
6073
6073
1he Simple Mail 1ranser Protocol ,SM1P, is a mail serice modeled on the
l1P ile transer serice. SM1P transers mail messages between systems
and proides notiication regarding incoming mail.
&RPPDQGV
SM1P commands are ASCII messages sent between SM1P hosts. Possible
commands are as ollows:
&RPPDQG 'HVFULSWLRQ
DA1A Begins message composition.
LXPN string Returns names on the speciied mail list.
HLLO domain Returns identity o mail serer.
HLLP command Returns inormation on the speciied command.
MAIL lROM host Initiates a mail session rom host.
NOOP Causes no action, except acknowledgement rom
serer.
QUI1 1erminates the mail session.
RCP1 1O user Designates who receies mail.
RSL1 Resets mail connection.
SAML lROM host Sends mail to user terminal and mailbox.
SLND lROM host Sends mail to user terminal.
SOML lROM host Sends mail to user terminal or mailbox.
1URN Switches role o receier and sender.
VRl\ user Veriies the identity o a user.
00 TCP/IP Suite
0HVVDJHV
SM1P response messages consist o a response code ollowed by
explanatory text, as ollows:
211 ,Response to system status or help request,.
214 ,Response to help request,.
220 Mail serice ready.
221 Mail serice closing connection.
250 Mail transer completed.
251 User not local, orward to path.
354 Start mail message, end with CRLlCRLl.
421 Mail serice unaailable.
450 Mailbox unaailable.
451 Local error in processing command.
452 Insuicient system storage.
500 Unknown command.
501 Bad parameter.
503 Bad command sequence.
504 Parameter not implemented.
550 Mailbox not ound.
551 User not local, try path.
552 Storage allocation exceeded.
553 Mailbox name not allowed.
554 Mail transaction ailed.
6103
6103
RlC 115: http:,,www.cis.ohio-state.edu,htbin,rc,rc115.html
1he Internet community deeloped the Simple Network Management
Protocol ,SNMP, to allow dierse network objects to participate in a global
network management architecture. Network managing systems can poll
network entities implementing SNMP or inormation releant to a
particular network management implementation. Network management
systems learn o problems by receiing traps or change notices rom
network deices implementing SNMP.
61030HVVDJH)RUPDW
SNMP is a session protocol which is encapsulated in UDP. 1he SNMP
message ormat is shown below:
Version Community PDU
6103PHVVDJHIRUPDW
9HUVLRQ
SNMP ersion number. Both the manager and agent must use the same
ersion o SNMP. Messages containing dierent ersion numbers are
discarded without urther processing.
&RPPXQLW\
Community name used or authenticating the manager beore allowing
access to the agent.
3'8
1here are ie dierent PDU types: GetRequest, GetNextRequest,
GetResponse, SetRequest, and 1rap. A general description o each o these
is gien in the next section.
02 TCP/IP Suite
3'8)RUPDW
1he ormat or GetRequest, GetNext Request, GetResponse and
SetRequest PDUs is shown here.
PDU type Request
ID
Error
status
Error
index
Object 1,
value 1
Object 2,
value 2
61033'8IRUPDW
3'8W\SH
Speciies the type o PDU:
0 GetRequest.
1 GetNextRequest.
2 GetResponse.
3 SetRequest.
5HTXHVW,'
Integer ield which correlates the manager`s request to the agent`s response.
(UURUVWDWXV
Lnumerated integer type that indicates normal operation or one o ie error
conditions. 1he possible alues are:
0 noLrror: Proper manager,agent operation.
1 tooBig: Size o the required GetResponse PDU exceeds a local
limitation.
2 noSuchName: 1he requested object name does not match the names
aailable in the releant MIB View.
3 badValue: A SetRequest contains an inconsistent type, length and
alue or the ariable.
4 readOnly: Not deined in RlC115.
5 genLrr: Other errors, which are not explicitly deined, hae occurred.
(UURULQGH[
Identiies the entry within the ariable bindings list that caused the error.
2EMHFWYDOXH
Variable binding pair o a ariable name with its alue.
7UDS3'8)RUPDW
1he ormat o the 1rap PDU is shown below:
6103
PDU
type
Enterp Agent
addr
Gen
trap
Spec
trap
Time
stamp
Obj 1,
Val 1
Obj 1,
Val 1
6103WUDS3'8
3'8W\SH
Speciies the type o PDU ,4~1rap,.
(QWHUSULVH
Identiies the management enterprise under whose registration authority the
trap was deined.
$JHQWDGGUHVV
IP address o the agent, used or urther identiication.
*HQHULFWUDSW\SH
lield describing the eent being reported. 1he ollowing seen alues are
deined:
0 coldStart: Sending protocol entity has reinitialized, indicating that the
agent`s coniguration or entity implementation may be altered.
1 warmStart: Sending protocol has reinitialized, but neither the agent`s
coniguration nor the protocol entity implementation has been altered.
2 linkDown: A communication link has ailed.
3 linkUp: A communication link has come up.
4 authenticationlailure: 1he agent has receied an improperly
authenticated SNMP message rom the manager, i.e., community name
was incorrect.
5 egpNeighborLoss: An LGP peer neighbor is down.
6 enterpriseSpeciic: A non-generic trap has occurred which is urther
identiied by the Speciic 1rap 1ype and Lnterprise ields.
6SHFLILFWUDSW\SH
Used to identiy a non-generic trap when the Generic 1rap 1ype is
enterpriseSpeciic.
7LPHVWDPS
Value o the sysUp1ime object, representing the amount o time elapsed
between the last ,re-,initialization and the generation o that 1rap.
2EMHFWYDOXH
Variable binding pair o a ariable name with its alue.
04 TCP/IP Suite
6103GHFRGH
TACACS 05
7$&$&6
drat-grant-tacacs-02.txt
http:,,www.iet.org,internet-drats,drat-grant-tacacs-02.txt
1ACACS- ,1erminal Access Controller Access Control System, is a
protocol proiding access control or routers, network access serers and
other networked computing deices ia one or more centralized serers.
1ACACS- proides separate authentication, authorization and accounting
serices.
4 8 16 24 32 bits
Major Minor Packet type Sequence no. Flags
Session ID (4 bytes)
Length (4 bytes)
7$&$&6KHDGHUVWUXFWXUH
0DMRUYHUVLRQ
1he major 1ACACS- ersion number.
0LQRUYHUVLRQ
1he minor 1ACACS- ersion number. 1his is intended to allow reisions
to the 1ACACS- protocol while maintaining backwards compatibility.
3DFNHWW\SH
Possible alues are:
1AC_PLUS_AU1HLN:~ 0x01 ,Authentication,.
1AC_PLUS_AU1HOR:~ 0x02 ,Authorization,.
1AC_PLUS_ACC1:~ 0x03 ,Accounting,.
6HTXHQFHQXPEHU
1he sequence number o the current packet or the current session. 1he irst
1ACACS- packet in a session must hae the sequence number 1 and each
subsequent packet will increment the sequence number by one. 1hus clients
only send packets containing odd sequence numbers, and 1ACACS-
daemons only send packets containing een sequence numbers.
0 TCP/IP Suite
)ODJV
1his ield contains arious lags in the orm o bitmaps. 1he lag alues
signiy whether the packet is encrypted.
6HVVLRQ,'
1he ID or this 1ACACS- session.
/HQJWK
1he total length o the 1ACACS- packet body ,not including the header,.
TELNET 07
7(/1(7
1LLNL1 is the terminal emulation protocol o 1CP,IP. Modern 1LLNL1
is a ersatile terminal emulation due to the many options that hae eoled
oer the past twenty years. Options gie 1LLNL1 the ability to transer
binary data, support byte macros, emulate graphics terminals, and coney
inormation to support centralized terminal management.
1LLNL1 uses the 1CP transport protocol to achiee a irtual connection
between serer and client. Ater connecting, 1LLNL1 serer and client
enter a phase o option negotiation that determines the options that each
side can support or the connection. Lach connected system can negotiate
new options or renegotiate old options at any time. In general, each end o
the 1LLNL1 connection attempts to implement all options that maximize
perormance or the systems inoled.
In a typical implementation, the 1LLNL1 client sends single keystrokes,
while the 1LLNL1 serer can send one or more lines o characters in
response. \here the Lcho option is in use, the 1LLNL1 serer echoes all
keystrokes back to the 1LLNL1 client.
'\QDPLF0RGH1HJRWLDWLRQ
During the connection, enhanced characteristics other than those oered by
the NV1 may be negotiated either by the user or the application. 1his task is
accomplished by embedded commands in the data stream. 1LLNL1
command codes are one or more octets in length and are preceded by an
interpret as command ,IAC, character, which is an octet with each bit set
equal to one ,ll hex,. 1he ollowing are the 1LLNL1 command codes:
&RPPDQGV &RGH1R
'HF+H[
'HVFULSWLRQ
data All terminal input,output data.
Lnd subNeg 240 lO Lnd o option subnegotiation command.
No Operation 241 l1 No operation command.
Data Mark 242 l2 Lnd o urgent data stream.
08 TCP/IP Suite
&RPPDQGV &RGH1R
'HF+H[
'HVFULSWLRQ
Break 243 l3 Operator pressed the Break key or the
Attention key.
Int process 244 l4 Interrupt current process.
Abort output 245 l5 Cancel output rom current process.
\ou there 246 l6 Request acknowledgment.
Lrase char 24 l Request that operator erase the preious
character.
Lrase line 248 l8 Request that operator erase the preious
line.
Go ahead! 249 l9 Lnd o input or hal-duplex
connections.
SubNegotiate 250 lA Begin option subnegotiation.
\ill Use 251 lB Agreement to use the speciied option.
\on`t Use 252 lC Reject the proposed option.
Start use 253 lD Request to start using speciied option.
Stop Use 254 lL Demand to stop using speciied option.
IAC 255 ll Interpret as command.
Lach negotiable option has an ID, which immediately ollows the command
or option negotiation, that is, IAC, command, option code. 1he ollowing
is a list o 1LLNL1 option codes:
2SWLRQ,'
'HF+H[
2SWLRQ&RGHV 'HVFULSWLRQ
0 0 Binary Xmit Allows transmission o binary data.
1 1 Lcho Data Causes serer to echo back all
keystrokes.
2 2 Reconnect Reconnects to another 1LLNL1 host.
3 3 Suppress GA Disables Go Ahead! command.
4 4 Message Sz Coneys approximate message size.
5 5 Opt Status Lists status o options.
6 6 1iming Mark Marks a data stream position or
reerence.
R,C XmtLcho Allows remote control o terminal
printers.
8 8 Line \idth Sets output line width.
9 9 Page Length Sets page length in lines.
10 A CR Use Determines handling o carriage returns.
11 B Horiz 1abs Sets horizontal tabs.
12 C Hor 1ab Use Determines handling o horizontal tabs.
7(/1(7
2SWLRQ,'
'HF+H[
2SWLRQ&RGHV 'HVFULSWLRQ
13 D ll Use Determines handling o orm eeds.
14 L Vert 1abs Sets ertical tabs.
15 l Ver 1ab Use Determines handling o ertical tabs.
16 10 L Use Determines handling o line eeds.
1 11 Lxt ASCII Deines extended ASCII characters.
18 12 Logout Allows or orced log-o.
19 13 Byte Macro Deines byte macros.
20 14 Data 1erm Allows subcommands or Data Lntry to
be sent.
21 15 SUPDUP Allows use o SUPDUP display
protocol.
22 16 SUPDUP Outp Allows sending o SUPDUP output.
23 1 Send Locate Allows terminal location to be sent.
24 18 1erm 1ype Allows exchange o terminal type
inormation.
25 19 Lnd Record Allows use o the Lnd o record code
,0xLl,.
26 1A 1ACACS ID User ID exchange used to aoid more
than 1 log-in.
2 1B Output Mark Allows banner markings to be sent on
output.
28 1C 1erm Loc4 A numeric ID used to identiy terminals.
29 1D 320 Regime Allows emulation o 320 amily
terminals.
30 1L X.3 PAD Allows use o X.3 protocol emulation.
31 1l \indow Size Coneys window size or emulation
screen.
32 20 1erm Speed Coneys baud rate inormation.
33 21 Remote llow Proides low control ,XON, XOll,.
34 22 Linemode Proides linemode bulk character
transactions.
255 ll Lxtended
options list
Lxtended options list.
10 TCP/IP Suite
;:LQGRZ
1he X-\indow protocol proides a remote windowing interace to
distributed network applications. It is an application layer protocol which
uses 1CP,IP or DLCnet protocols or transport.
1he X-\indow networking protocol is client-serer based, where the serer
is the control program running on the user workstation and the client is an
application running elsewhere on the network. An X-serer control program
running on a workstation can simultaneously handle display windows or
multiple applications, with each application asynchronously updating its
window with inormation carried by the X-\indow networking protocol.
1o proide user interaction with remote applications, the X-serer program
running on the workstation generates eents in response to user input such
as mouse moement or a keystroke. \hen multiple applications display, the
system sends mouse moements or click eents to the application currently
highlighted by the mouse pointer. 1he current input ocus selects which
application receies keystroke eents. In certain cases, applications can also
generate eents directed at the X-serer control program.
5HTXHVWDQG5HSO\)UDPHV
Request and reply rames can use the ollowing commands:
&RPPDQG 'HVFULSWLRQ
BackRGB Background colors listed in red, green and blue
components.
BackPM Pixel map used or the window background.
BellPitch Bell pitch.
BellVol Bell olume in percent.
BM Bit mask assigned to a drawable item.
BordPM Border pixel map. Pixel map used or the window
border.
b Border width o the drawable item.
Click Key click olume in percent.
Ord Click order. Drawable clip order, as Unsorted,
\-sorted, \X-sorted or \X-banded.
CMap Color map. Code representing the colors in use
or a drawable.
XWindow 11
&RPPDQG 'HVFULSWLRQ
CID Context ID. Identiier or a particular graphics
context.
Cur Cursor. Reerence code identiying a speciic
cursor.
d Depth. Current window depth.
DD Destination drawable. 1arget item in a bitmap
copy.
D Drawable. Reerence code used to identiy a
speciic window or pixel map.
Lxp Lxposures. Drawable currently exposed.
lam Protocol amily in use, as Internet, DLCnet, or
CHAOSnet.
lont Reerence code used to speciy a ont.
lont,a,d, lont ascent,descent. 1he ertical bounds o a
ont.
loreRGB loreground colors listed in red, green, and blue
components.
lmt lormat o the current window.
GC Graphics context. Reerence code used to identiy
a particular graphical deinition.
h Height o the drawable item.
Key Key code. Speciic key code alue.
KeySym Code used to identiy the amily o key codes in
use.
MinOp X-\indows minor operation code.
MajOp X-\indows major operation code.
N Number o drawable items in the list.
P Parent window. \indow that produced the
current window.
PixMap Pixel map. Reerence code used to identiy a
bitmap region.
p Plane. Bit plane in use.
PM Plane max. Bit plane mask assigned to a drawable
item.
Prop Property. Speciied window property.
S\ Sibling window. \indow produced rom this
window.
SD Source drawable. Source item in a bitmap copy.
1,O Screen saer time out.
1yp 1ype o current window.
12 TCP/IP Suite
&RPPDQG 'HVFULSWLRQ
w \idth o drawable item.
\ \indow. Reerence code used to identiy a
particular window.
X X-coordinate or a drawable item.
\ \-coordinate or a drawable item.
(YHQW)UDPHV
Lent rames can hae the ollowing commands:
&RPPDQG 'HVFULSWLRQ
Btn Button number pressed.
C Child window associated with the eent.
l Lent lags. Set lags display in upper-case and
inactie lags display in lower-case:
,l Input ocus applies to the eent.
s,S Lent is on the same screen.
L,x,y, Lent location. 1he X and \ coordinates o the
eent.
L Lent window. \indow where the eent
occurred.
Key Key number. Number associated with the pressed
key.
O Owner o the window associated with the eent.
R Root window associated with the eent.
R,x,y, Root location. X and \ coordinates o the root
position.
SN Sequence number used to serialize eents.

TCP 3

Încărcat de

Informații document

Descriere originală:

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

TCP 3

Încărcat de

Drepturi de autor:

Formate disponibile

6*&3

1he command line is composed o:

S-ar putea să vă placă și