search the web

Monday, October 31, 2016

Router and Routing Algorithm

Router

-A router acts as a junction between two or more
networks

-Routers use IP addresses to identify packet
recipients (commonly a layer 3 item)

-Routers communicate with other routers to
build/identify complex data paths

(=> routing)

router CCNA tutorials
Router

layers in Router
layers in Router
layers in Router

Routing

-A router acts as a junction between two or more networks
-Routers use IP addresses to identify packet
recipients (commonly a layer 3 item)
-Routers communicate with other routers to
build/identify complex data paths

routing Overview

Types of routing
- static routing
- dynamic routing

Dynamic mechanisms
- distance vector
- link-state algorithm

Routing basics


-Routing takes place on IP level
network layer (3)

-Routing is needed

- when the packages‘ destination is beyond the own network
- to manage traffic between different networks

-Routes are determined by routers
- Therefore routers uses so called routing-tables

Basic Routing algorithms using by Router
Basic Routing algorithms using by Router

Static routing


— Predefined static route between two hosts in
different networks

— Static routes are defined in so called static
routing tables

— Advantages:
- Routes are transparent and comprehensible

- Routes are trusted .
(at least the direct neighbors & default gateway)

- Simple tracing of errors (who to blame)

— Disadvantages:
- High administration effort and very large routing tables

static routing tables

static routing tables
static routing tables

Static Routing in LAN

— In local area networks (LANs)
static routes_are used to
connectthe Internal hosts
to superior networks

 

— Therefore each hosts has an
entry_ In Its routing table, to
specn‘y the router, that has
to be used as default gateway

(at the border of the LAN)

Dynamic routing

— Router is able to select packages' routes dynamically

— This selection is determined by different routing
protocols / Implementations

— Advantages:
- Less care necessarily
- Short reaction time on failures or resources bottlenecks

— Disadvantages:
- Exchange of control information necessarily
- Error tracing is more difficult
- Installation required



— Used where static routing is nearly impossible
- the number of networks / subnets is to large
- high dynamic network structures / metrics

— Used to interconnect a huge number of larger networks

Dynamic Routing
Dynamic Routing
(so called autonomous systems)
- distributed enterprise networks
- distributed educational networks

-> the ”parts”, which build the internet


— Autonomous System (AS)

is an IP network that is administrated
as one single entity

e.g. universities, lSPs, international
companies

— The connection between all public
ASs is called the internet

— AS's external routers use
Exterior Gateway Protocols (EGP)
to exchange the routing information

Autonomous Systems
Autonomous Systems

— The worldwide standard EGP is the Border Gateway Protocol


— Autonomous Systems (AS)
are IP networks that are
administrated as one
single entity

— Within an AS the router uses
Interior Gateway Protocols

— IGPs route between the subnets
of an AS

— At the ed e of the AS the routers
speak EG and IGP

— Both, EGP and IGP are dynamic routing
protocols


The two kinds of dynamic protocols


Main principles of the two kind of dynamic protocols:

- Distance vector protocols:

tell your neighbours, how the world looks for you

e.g. RIP (routing information protocol)
- Link-state protocols:

tell the world, who your neighbours are

e.g. OSPF (open shortest path first)
based on Dijkstra‘s algorithm

- Overview: RIP


— Routing Information Protocol

— Defined in RFC 1058

— Uses UDP protocol to exchange routing information
- via port 520

— Distributed computing of the routes

— Maximum of 15 hops

— No authentication of routers (less secure)

— Distributed computing of the routes

After initialization each router possesses a matrix
that stores the distances to all possible destination
networks (called routing table)

The used metric here is the hop count and gets increased
for each router, the package has to passes hrough

Hop count 16 means destination network is unreachable
Update time is every 30 sec

— if router is not responding for 180 sec, it gets tagged as
unreachable
Overview: RIP
Overview: RIP

Overview: OSPF


— Open Shortest Path First
— Defined in the RFC 2328
— Uses IP protocol 89

— Decentralized computing of the shortest way
between two routers

(Dijkstra algorithm - shortest path first)

— no hop-count-Iimit

(—> suitable for large networks)

— Authentication via MD-5 checksum

7 After initia/izat/on each router possesses a map of
the whole network topology

* Used metric is mostly the accumulated bandwidth

7 Using “hello protocol” to ensure, that the neighbours
are still available (hello package every 10 - 30 sec)

7 Actualization of the network information via the flooding
protocol (broadcasting to whole network)

r If there is no respond for a certain number of hello
packages all routers get informed / updated by using
flooding packages
OSPF - Algorithms
OSPF - Algorithms

Sequence in principles of OSPF - Algorithms

Sequence in principles of OSPF - Algorithms
Sequence in principles of OSPF - Algorithms


Monday, October 17, 2016

IP Subnetting

Subnetting

With the rapid growth of the Internet & the ever-increasing
demand for new addresses, the standard address class structure
has been expanded by borrowing bits from the Host portion to
allow for more Networks.

Subnetting reduces the size of the routing tables stored
in routers.
Subnetting extends the existing IP address base &
restructures the IP address.
As a result, routers must have a way to extract from a IP
address both the Network address & the Host address.

Subnetting Networks ID

A 3-step example of how the default Class A subnet
mask is applied to a Class A address:
subnetting networks ID
subnetting networks ID

Subnetting, Subnet & Subnet Mask



-Subnetting, a subnet & a subnet mask are all
different.
-In fact, the 1 st creates the 2 nd & is identified by the 3 rd .
-Subnetting is the process of dividing a network & its
IP addresses into segments, each of which is called a
subnetwork or subnet.

Subnetting

-A network has its own unique address, such as a
Class B network with the address 172.20.0.0 which
has all zeroes in the host portion of the address.

-From the basic definitions of a Class B network &
the default Class B subnet mask, you know that this
network can be created as a single network that
contains 65,534 individual hosts.

Benefits of Subnetting

-Fewer IP addresses are needed to provide
addressing to a network & subnetting.

-Subnetting usually results in smaller routing tables
in routers

Example of Subnetting

-when the network administrator divides the
172.20.0.0 network into 5 smaller networks: –
172.20.1.0, 172.20.2.0, 172.20.3.0, 172.20.4.0 &
172.20.5.0 –

-the outside world still knows the network as
172.20.0.0, but the internal routers now break the
network addressing into the 5 smaller subnetworks.

Subnetting Example
Subnetting Example 

Subnetmask Function

-The function of a subnet mask is to determine whether an IP address
exists on the local network or whether it must be routed outside the
local network.

-It is applied to a message’s destination address to extract the network
address.

-If the extracted network address matches the local network ID, the
destination is located on the local network.

-However, if they don’t match, the message must be routed outside the
local network.


Subnetting Concept

-The key concept in subnetting is borrowing bits from
the host portion of the network to create a subnetwork.

-Rules govern this borrowing, ensuring that some bits
are left for a Host ID.

-The rules require that two bits remain available to use
for the Host ID & that all of the subnet bits cannot be
all 1s or 0s at the same time ( -2 ).

Fixed Subnet (Classful)

Fixed Subnet (Classful)
Fixed Subnet (Classful)

CIDR: Classless InterDomain Routing

- Subnet portion of address of arbitrary length
- Address format: a.b.c.d/x, where x is # bits in subnet portion
of address subnet part host part:

Example:
11001000 00010111 00010000 00000000
200.23.16.0/23

Knowing How to Calculate Subnets

To determine the number of subnets & hosts per
subnet available for any of the available subnet
masks, 2 simple formulas to calculate these numbers:
Knowing How to Calculate Subnets
Knowing How to Calculate Subnets

Class A Subnetting Options
Class A Subnetting Options
Class A Subnetting Options

Class B Subnetting Options

Class B Subnetting Options
Class B Subnetting Options


Class C Subnetting Options

SubnetMask                      SubnetMask                   # Hosts
255.255.255.0/24                                                    256 (254)
255.255.255.128 /25                                              128 (126)
255.255.255.192 /26                                                  64 (62)
255.255.255.224 /27                                                  32 (30)
255.255.255.240 /28                                                  16 (14)
255.255.255.248 /29                                                      8 (6)
255.255.255.252 /30                                                      4 (2)

Subnetting

Example:
In network 192.168.10.0
255.255.255.0
We have here ONE Class C network, with 253 usable IPs
for Client-PCs.

The usable IP range of this network is
192.168.10.1 - 192.168.10.254

The very last IP of each Subnet is called:
Broadcast-Address

In this example 192.168.10.255 and it is NOT! usable for host
PCs
If we want to divide this network in two parts,we must use
subnetting

With subnetmask 255.255.255.128 we divide the network in two
Parts :

    192.168.10.1 – 192.168.10.127
    192.168.10.128 – 192.168.10.255

So in this example BEFORE, we had one big network but
With the change of the subnetmask we divided it in two smaller
networks

First with Subnetmask 255.255.255.0 we had this network:
192.168.10.0
The range:
192.168.10.1, 192.168.10.2
...
192.168.10.253, 192.168.10.254, 192.168.10.255

Now with Subnetmask 255.255.255.128 we have these two networks:
1st Subnet:
{ 192.168.10.0 (!NOT usable for Host PCs)
192.168.10.1, 192.168.10.2,192.168.10.3,
...
192.168.10.125, 192.168.10.126, 192.168.10.127 }

2nd Subnet:
192.168.10.128
192.168.10.129, 192.168.10.130,192.168.10.131,
...
192.168.10.253, 192.168.10.254,192.168.10.255 (is NOT! usable for Host PCs)

Used Bits for Network

Examples:

/16 = 255.255.0.0 =
11111111.11111111.00000000.00000000

/20 = 255.255.240.0 =
11111111.11111111.11110000.00000000


Calculation of a subnetmask for a specified number of hosts

Example:

You get the following order:
"Create a subnet with minimum 10 host Ips".
1st : 
Calculate a power of two, that is minimum 10:
2^3 = 8 Is it enough?
2^4 = 16
It is higher than 10 AND WORKS!

2nd :

Now put the LAST 4 Bits of your subnetmask to 0:

11111111.11111111.11111111.11110000
That is in decimal 255.255.255.240
With this subnetmask, you have at least 10 Host IPs in the
subnet, without wasting to much IP Addresses !

Assignment

A: You get this order as system administrator:

A. The company has a network with 150 computers. Create a Subnet from
“ 172.31.0.0 ” so that it is smallest possible subnet to provide
enough IPs.
B. Convert the second IP of your solution to Hexadecimal.

Calculating the the Broadcast IP of a Subnet

Example:

There is a subnet 172.16.64.0/20
Question:
What is the BROADCAST of that subnet?

1st , /20 means 255.255.240.0

2nd , Analyze the subnet octet to find out the "network-jump"
240 means in binary 11110000
The last of the 1's is equal to decimal 16
That is our "network-jump"
(128/64/32/16/8/4/2/1)

The last network started at 172.16.64.0
16 is the "network-jump". That means our next
network starts from 172.16.80.0 – 172.16.95.255
and the next one?

+16    172.16.96.0 - 172.16.111.255
+16    172.16.112.0 – 172.16.127.255
...
Because the next subnet in the example starts from
172.16.80.0, the broadcast must be 172.16.79.255
Because that IP before the next subnet starts is the
Broadcast Address !

Sunday, October 2, 2016

OSI and TCP/IP Models

OSI and TCP/IP Models

The OSI Reference Model

- Planned to be a protocol stack for use
- Reference & communication model
- Used for troubleshooting
- It divides a complex process into small and
realizable units
The OSI Reference Model
The OSI Reference Model

Data Encapsulation:

The basic action of OSI
– Each layer responds services from superior layer
and issue services to the subordinate
– data moves into this seven layers to get the control
information

- Control informations are added in header & footer
- Headers and footer are fields that contain control
information
- Like post message
Each layer has its own PDU (Protocol Data Unit) which
contains different information

The PDU contains of a header and data field

Horizontal Connection

Horizontal Connection
Horizontal Connection

Encapsulation Words

Packet
– Naming data unit in each step
- The data traveling through the media

Frame
- In data link layer

Datagram
– In network layer

Segment
– In transport layer
– Sequence
- Collection of segments

Message
– In Application layer

Encapsulation

Encapsulation
Encapsulation

The difference between OSI and TCP/IP Models

OSI and TCP/IP Models
OSI and TCP/IP Models

TCP Packet Structure

TCP Source Port - Port of sending host
Destination Port – Port of End Point Destination
Sequence # – Sequence of Bytes transmitted
in a segment, required to verify that all bytes are
received
Acknowledgment Number – The sequence number
of the byte the local host expects to receive next
Data Length – Length of the TCP Segment
Flags – Specified what content is in the segment
Window – How much space is currently available in
the TCP window
Checksum – Verify that the Header is not corrupted

TCP Port

A TCP port provides a specific location for delivery of
TCP Segments. Port Numbers below 1024 are well-
known, and are assigned by:
Internet Assigned Numbers Authority (IANA)
TCP Port
TCP Port
In Ubuntu to see list of ports: less /etc/services

Well-Known ports
– For network applications
– Range
1-1023

Registered ports
– Range
1024 – 49151
– Can be either source or destination
– Used by organizations to register specific applications
such as IM application

Private ports
– Range
49152 through 65535
– Used as source ports, these ports can be used by any applications

Monday, September 26, 2016

Domain Name System (DNS)

Domain Name System (DNS)

Stands for Domain Name System (or Service or Server), an Internet
service that translates domain name into IP addresses. Because
domain names are alphabetic, they're easier to remember.
The Internet however, is really based on IP addresses. Every time
You use a domain name, therefore, a DNS service must translate the
name into the corresponding IP address.

More about DNS

For example, the domain name www.itch.hu.edu.af might be
translated to 182.50.190.26.

Two Zomes in DNS Server!

Forward Lookup:Name to IP
Reverse Lookup:IP to Name


Requests and responses are normally sent in UDP packets, port 53
Occasionally uses TCP, port 53

DNS is Hierarchical

DNS is Hierarchical
DNS is Hierarchical

Domain name space hierarchy

domain name hierarchy
domain name hierarchy

DNS Hierarchy

There are several high level domain each group allow to
choose between geographical or organization .
Com = Commercial organizations
Mil = Military groups
Net = Major network support centres
Int = International organizations
Arpa = Temporary ARPANET domain
DNS Hierarchy
DNS Hierarchy
Every person or every organization can register a second level
domain on that high level domain by referring to the responsible
of that high level domain and with less price.
For Example:
The edu and gov are educational and governmental Every one can
register a second level domain in these high level domains.
When registering a domain the responsible can register any number
of sub domains or hosts on that domain without any limitation.

Name server

A name server translates domain name into IP addresses.
This makes it possible for a user to access a website by
typing in the domain name instead of the websites actual IP.
name server is big and active database system.
DNS server
DNS server

The Domain Name System


DNS is a distributed database for holding name to IP address (and
other) information
Distributed:
– Shares the Administration
– Shares the Load
Robustness and improved performance achieved through
– replication
– and caching
Uses a client-server architecture
And is the critical piece of the Internet's infrastructure

Types of Queries

recursive query
recursive query
Host at cis.poly.edu wants IP
address for gaia.cs.umass.edu

recursive query:

Ask for name resolution from
nearby name server.
heavy load! Why?

















Iterated query:

Iterated querry
Iterated querry
contacted server replies with


name of server to contact








“I don’t know this name, but
ask this server”



















There are three roles involved in DNS

Three roles involved in DNS
Three roles involved in DNS

RESOLVER

– Takes request from application, formats it into UDP packet, sends to cache

CACHING NAMESERVER

– Returns the answer if already known
– Otherwise searches for an authoritative server which has the information
– Caches the result for future queries
– Also known as RECURSIVE nameserver

AUTHORITATIVE NAMESERVER

– Contains the actual information put into the DNS by the domain owner

ROLE 1: THE RESOLVER

A piece of software which formats a DNS request into a UDP
packet, sends it to a cache, and decodes the answer
Usually a shared library (e.g. libresolv.so under Unix) because so
many applications need it
EVERY host needs a resolver
- e.g. every Windows workstation has one

How does the resolver find a caching nameserver?

It has to be explicitly configured (statically, or via DHCP, etc)
Must be configured with the IP ADDRESS of a cache
why not name?
(As#3: Part A)
Good idea to configure more than one cache
(As#3: Part B)

How do you choose which cache(s) to configure?

Must have PERMISSION to use it
– e.g. cache at your ISP, or your own
Prefer a nearby cache
– Minimises round-trip time and packet loss
– Can reduce traffic on your external link, since often the
cache can answer without contacting other servers
Prefer a reliable cache
– Perhaps our own!?

Example: Unix/Linux resolver configuration

/etc/resolv.conf
domain itch.hu.edu.af
nameserver 172.16.1.236
nameserver 172.16.0.252
That's all you need to configure a resolver

The old solution: HOSTS.TXT

A centrally-maintained file, distributed to all hosts on the Internet
SPARKY                       128.4.13.9
UCB-MAILGATE        4.98.133.7
FTPHOST                     200.10.194.33
... etc
This feature still exists:
 /etc/hosts (UNIX)
 c:\windows\hosts

hosts.txt does not scale

- Huge file (traffic and load)
- Name collisions (name uniqueness)
- Consistency
- Always out of date
- Single point of Administration
- Did not scale well

Testing DNS with "dig"

"dig" is a program which just makes DNS queries and displays the results

dig itch.hu.edu.af.
-- defaults to query type "A"
dig itch.hu.edu.af. mx
-- specified query type
dig @8.8.8.8 itch.hu.edu.af. mx
-- send to particular cache (overrides
/etc/resolv.conf)


Commonly seen Resource Records (RRs)

A (address): map hostname to IPv4 address
AAAA (quad A): map a hostname to IPv6 address
PTR (pointer): map IP address to hostname
MX (mail exchanger): where to deliver mail for user@domain
CNAME (canonical name): map alternative hostname to real
hostname
TXT (text): any descriptive text
NS (name server)
SOA (start of authority): used for delegation and management of the
DNS itself

A Simple Query Example

● Query:              www.itch.hu.edu.af.
● Query type:     A
● Result:

www.itch.hu.edu.af.   22725    IN   A       182.50.190.26

In this case a single RR is found, but in general, multiple RRs
may be returned.

(IN is the "class" for INTERNET use of the DNS)

A Simple Query Example
A Simple Query Example

Understanding output from dig

Answer section (RRs requested)
– Each record has a Time To Live (TTL)
– Says how long the cache will keep it
Authority section
– Which nameservers are authoritative for this domain
Additional section
– More RRs (typically IP addresses for the authoritative nameservers)
Total query time
Check which server gave the response!
– If you make a typing error, the query may go to a default server

DNS records

DNS: distributed db storing resource records (RR)
DNS records
DNS records

DNS protocol, messages

DNS protocol : query and reply messages, both with same message
format

msg header
DNS protocol, messages
DNS protocol, messages
identification: 16 bit # for
query, reply to query uses
same # of bit



flags:
 query or reply
 recursion desired
 recursion available
 reply is authoritative









DNS protocol, messages
DNS protocol, messages

Hostname, Host, and Nslookup

Hostname utility
– Provides client’s host name
• Administrator may change the name if needed
Nslookup
– Query DNS database from any network computer
• Find the device host name by specifying its IP address
– Verify host configured correctly
(troubleshoot DNS resolution problems)

Whois

Query DNS registration database
– Obtain domain information
Troubleshoot network problems
Syntax on Linux or Unix
– whois xxx.yy
• xxx.yy is second-level domain name
Windows system
– Requires additional utilities
Web sites provide simple, Web-based interfaces

Monday, September 12, 2016

Dynamic Host Configuration Protocol (DHCP)

DHCP

Stands for “Dynamic Host Configuration Protocol”
Allows host/client to dynamically obtain its IP address from network server
when it joins network
– Client can renew its lease on address in use
– Allows reuse of addresses (only hold address while connected and “on”)
– Support for mobile users who want to join network
– Automated and centralized configuration of network
– Ports:
UDP 67 (request)
UDP 68 (response)
When we want to join/connect to a network we might:
- Request the network administrator to set/give us a static IP address
- Simply connect to the network and wait for DHCP server to do it!

Dynamic Host Configuration Protocol (DHCP)
DHCP

DHCP overview:

A host/client in order to get an IP from a dhcp server,
Should pass the following dialogue:
– Host/client broadcasts “DHCP discover” message
– DHCP server responds with “DHCP offer” message
– host requests IP address: “DHCP request” message
– DHCP server sends address: “DHCP ack” message

IP address leasing

IP address leasing
IP address leasing 
– DHCPDISCOVER
● Client broadcasts to discover dhcp
server in the network
– DHCPOFFER
● Server sends uni-cast to DHCP client
(suggest. IP, subnet, gateway, etc.)
– DHCPREQUEST
● Client sends broadcast to all DHCP
servers ! Why? and includes
server identifier to choose from offers
– DHCPACK
● Server sends uni-cast to client
(IP, subnet, gateway, etc.)










DHCP DORA

DHCP DORA
DHCP DORA 

DHCP Services

DHCP server assigns (at least) the following information:
- Client IP address and subnet mask
- Default gateway (default route)
- Name server (for name resolution)
- NTP server (for synchrony internal time setting)

Allocation Modes

DHCP server can assign IP addresses to the requested clients in
different ways:

Manual mode:

- Static mapping table for MAC and IP address
- Only hosts with listed MAC address receives IP address
- Allocation on undefined time
- Mostly used for servers ( static mapping, port forwarding)

Automatic static mode:

- Defined range of IP address for allocation
- Automated mapping of MAC and IP addresses
- Allocation on undefined time

Automatic dynamic mode:

- Defined range of IP address for allocation
- Automated mapping of MAC addresses and IP addresses
- Provides re-use of IP address

DHCP server leases IP address for a defined time period
Client renews lease time or release its IP address

DHCP commands

DHCPDISCOVER: Client broadcasts for DHCP server discovery

DHCPOFFER: DHCP servers answer on DHCPDISCOVER including their
specific values and parameters

DHCPREQUEST: Client broadcasts DHCP request including server
identifier to choose one of the DHCP server that has respond on
DHCPDISCOVER

DHCPACK: related DHCP server gives acknowledgment to the client's
related DHCPREQUEST

DHCPNAK: related DHCP server gives negative acknowledgment to the
client's related DHCPREQUEST (because of concurrent requests, etc.)

DHCPDECLINE: Client declines offer because of the IP is already used
in the network (checked with ARP)

DHCPRELEASE: Client releases it's actual configuration (for example if
network interface is set down) – that configuration than can be used
by other clients

 DHCPINFORM: only request for information / parameter excluding the
IP address
(for example if IP is configured in a static way for this client)

DHCP commands Analysis

DHCP Discover

DHCP Discover
DHCP Discover 

DHCP Offer

DHCP offer
DHCP offer

DHCP Request

DHCP Request
DHCP Request

DHCP Ack

DHCP Ack
DHCP Ack

DHCP Decline

DHCP Decline
DHCP Decline

Sample DHCP Configuration

#this is test DHCP server
ddns-update-style none;
option domain-name-servers 192.168.2.1;
default-lease-time 86400;
max-lease-time 604800;
authoritative;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.100 192.168.1.155;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
option routers 192.168.1.1;

DHCP Security

What happens if an unauthorized DHCP server connects
to a network?
DHCP Security
DHCP Security

Scenario: Client requests for a bank website

CCNA tutorials
CCNA tutorials 

But before that, client has obtained IP address with offer of
a fake DHCP server !

DHCP CCNA tutorials
DHCP CCNA tutorials

As DHCP provides DNS server to the client who requested the IP,
Client will be cheated with fake and wrong DNS server as well !

fake client on DHCP
fake client on DHCP 













Monday, September 5, 2016

Download Windows 8 ISO file with serial number

Download Windows 8 ISO file with serial number

To download Windows 8 ISO simply click on the link below and download the file

And to learn how to install it on your PC watch the video:


 



Have fun

Sunday, September 4, 2016

Principles of Application Layer Protocols (FTP)

FTP

FTP (File Transfer Protocol) is a protocol for transferring a file
from one host to another host.
ftp
ftp
- Allows a user to copy files to/from remote hosts
- Client program connects to FTP server
- Provides a login id and password
- Allows the user to explore the directories and download and
upload files with the server

HTTP and FTP are both file transfer protocols and have many common characteristics.
Example:
Both run on top of TCP, the Internet's connection-oriented, transport-layer,
reliable data transfer protocol.
But FTP uses two parallel TCP connections to transfer a file, a control connection
and a data connection.
The control connection is used for sending control information between the two hosts.
information such as user identification, password, commands to change remote
directory, and commands to "put" and "get" files.
The data connection is used to actually send a file.
As FTP uses a separate control connection, FTP is said to send its control
information out-of-band which avoids requiring the user to log in again ! Why?

TCP control connection
TCP control connection 
When a user starts an FTP session with a remote host, FTP first sets up
a control TCP connection on server port number 21.
The client side of FTP sends the user identification and password over
this control connection.
The client side of FTP also sends, over the control connection,
commands to change the remote directory.

When the user requests a file transfer (either to, or from, the remote
host), FTP opens a TCP data connection on server port number 20.
FTP sends exactly one file over the data connection and then closes
the data connection.

If, during the same session, the user wants to transfer another file, FTP opens
another data TCP connection.
Thus, with FTP, the control connection remains open throughout the duration
of the user session, but a new data connection is created for each file
transferred within a session.
- FTP maintains state and therefor is stateful.

FTP Commands

The commands, from client to server, and replies, from server to client,
are sent across the control TCP connection in 7-bit ASCII format.
Common cmds:
Authentication
– USER: specify the user name to log in as
– PASS: specify the user’s password
Exploring the files
– LIST: list the files for the given file specification
– CWD: change to the given directory
Downloading and uploading files
– TYPE: set type to ASCII (A) or binary image (I)
– RETR: retrieve the given file
– STOR: upload the given file
Closing the connection
– QUIT: close the FTP connection

FTP Respond

There is typically a one-to-one correspondence between the command that the user
issues and the FTP command sent across the control connection.
Each command is followed by a reply, sent from server to client. The replies are threedigit
numbers, with an optional message following the number.
Eg:
331 Username OK, password required
125 Data connection already open; transfer starting
425 Can't open data connection

Server Response Codes

1xx: positive preliminary reply
– The action is being started, but expect another reply before sending the next
command.
2xx: positive completion reply
– The action succeeded and a new command can be sent.
3xx: positive intermediate reply
– The command was accepted but another command is now required.
4xx: transient negative completion reply
– The command failed and should be retried later.
5xx: permanent negative completion reply
– The command failed and should not be retried.


Sunday, August 28, 2016

HTTPS

HTTPS

HTTPS stands for Hypertext Transfer Protocol over Secure Socket
Layer, or HTTP over SSL.
- SSL acts like a sub layer under regular HTTP application
- HTTPS encrypts an HTTP message prior to transmission and
decrypts a message upon arrival.

What are certificates?

For secure communication over untrusted networks we need to encrypt the
traffic. That is often done with SSL/TLS.
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer
(SSL), are cryptographic protocols that provide secure communications on
the Internet for such things as web browsing, e-mail, Internet faxing, instant
messaging and other data transfers.

What is a Certification Authority?

For organizations and servers a hierarchical key system is invented,
where a "Certification Authority" (CA) can "sign" key-pairs for multiple
servers or users.
It means the CA confirms the authenticity of the keys and its holders.
If a computer / user trust this CA, they automatically trust all keys that were
signed by it.
In such a scenario we call the public keys "certificates".

HTTPS Transaction

HTTPS Transaction
HTTPS Transaction

SSL as HTTP Security Concerns


Secure Sockets Layer technology protects Web site and makes it easy for Web site
visitors to trust in three essential ways:
Privacy
An SSL Certificate enables encryption of sensitive information during online
transactions.
Integrity
A Certificate Authority verifies the identity of the certificate owner when it is issued.
Authentication
Each SSL Certificate contains unique, authenticated information about the
certificate owner.

Web Server (www)

Is to serve www. (web sites)
Try them !
- Apache Web Server
very large and powerful, a lot of extensions
- Lighttpd
small but also provides some dynamic content
- Apache Tomcat
web server that provides servlet container (java servlets, jsp)

Monday, August 22, 2016

Principles of Application Layer Protocols (HTTP_2)

Principles of Application Layer Protocols (HTTP_2)

HTTP Performance

What effects?

Different kinds of requests:
– Lots of small requests (loading a web page)
– Big request (fetching a download)
Requires different solutions!

Small requests

Latency matters:

Governed by RTT between hosts.
Two major causes of delay:
– Opening a TCP connection
– Data response-request
Solutions:
– Persistent connections (Why?)
– Pre-fetching !
– Others?

Big requests

Eg: When doing a big request (big file to download).
Problem is throughput on bottleneck links (usually edge links)
A solution:
Use an HTTP proxy cache or mirror
– Can also improve latency!
big requests in HTTP
big requests in HTTP

Old Cached Data

Cache needs a way to conditionally ask for a document as Items in the cache
can get staled ( eg: We don’t want to read stored of weeks ago)
- Cache can issue a conditional GET (with an “If-modified-since”
header)
- Server can reply with a “304 Not Modified”

Web caching

Cache acts as both client and server.
- Typically cache is installed by ISP (university, company,
residential ISP)
- Reduce response time for client request
- Reduce traffic on an institution’s access link

HTTP Transaction

HTTP Transaction
HTTP Transaction



Thursday, August 18, 2016

Principles of Application Layer Protocols (HTTP)

Principles of Application Layer Protocols (HTTP)

The World Wide Web: HTTP

The Hypertext Transfer Protocol (HTTP), the Web's application-layer protocol,
is at the heart of the Web.
HTTP is implemented in two programs: a client program and server program.
The client program and server programs, executing on different end systems,
talk to each other by exchanging HTTP messages.
HTTP server maintains no information about the clients, HTTP is said to be a
stateless protocol. It does not have to keep track of any user state.

Three components:

- File transfer protocol:HTTP (hyper text transfer protocol); uses TCP
- Format for documents with links (“hyperdocuments”): HTML (hyper text
markup language)
- URLs (universal resource locators)
HTTP
HTTP

- Web page consists of objects
- Object can be HTML file, JPEG image, Java applet, audio file,…
- Web page consists of base HTML-file which includes several
referenced objects
- Each object is addressable by a URL (Uniform Resource Locator)

URL

- Identify documents to be transferred and application layer protocol
to use

for example:
http://www.ccnatutorials.com/2016/02/ethernet.html
HTTP and URL
HTTP and URL

http overview
http overview

HTTP overview

HTTP: hypertext transfer protocol            
Web’s application layer protocol
client/server model
– client: browser that requests,
receives, “displays” Web objects
– server: Web server sends objects
in response to requests
HTTP 1.0: RFC 1945
HTTP 1.1: RFC 2068











HTTP uses TCP

Open TCP connection
Open TCP connection

Uses TCP:
- Client initiates TCP connection
(creates socket) to server, port 80
- Server accepts TCP connection
from client
- When HTTP messages (applicationlayer
protocol messages) exchanged
between browser (HTTP client) and
Web server (HTTP server)
TCP connection will be closed
HTTP is “stateless”
server maintains no information
about past client requests !?
Protocols that maintain “state”
are complex!
- past history (state) must
be maintained
- if server/client crashes,
their views of “state” may
be inconsistent, must be
reconciled

HTTP connections

Nonpersistent HTTP

At most one object is sent over
a TCP connection.
HTTP/1.0 uses nonpersistent
HTTP

Persistent HTTP

Multiple objects can be sent
over single TCP connection
between client and server.
HTTP/1.1 uses persistent
connections in default mode

Nonpersistent HTTP

Suppose user enters URL:

http://www.ccnatutorials.com/2016/02/ethernet.html
and it contains text,
references to 10
jpeg images)

1a. HTTP client initiates TCP
connection to HTTP server
(process) at
www.ccnatutorial.com on port 80

1b. HTTP server at host
www.ccnatutorial.com waiting for TCP
connection at port 80.
“accepts” connection, notifying
client

2. HTTP client sends HTTP request
message (containing URL) into TCP
connection socket. Message
indicates that client wants object
2016/02/ethernet.html

3. HTTP server receives request
message, forms response
message containing requested
object, and sends message
into its socket

4. HTTP server closes TCP
connection.

5. HTTP client receives response
message containing html file,
displays html. Parsing html
file, finds 10 referenced jpeg
objects

6. Steps 1-5 repeated for each of
10 jpeg objects

Problems with Nonpersistent HTTP

- A brand new connection must be established and maintained for
each requested object.
- For each of these connections, TCP buffers must be allocated and TCP
variables must be kept in both the client and server.
(Load on server for simultaneous connections!)
- Each object suffers two RTTs – one RTT to establish the TCP connection
and one RTT to request and receive an object.

Response time modeling
Response time modeling

Response time modeling

Definition of RTT:
time to send a small packet to
travel from client to server and
Back.
Response time:
- One RTT to initiate TCP connection
- One RTT for HTTP request and
first few bytes of HTTP response to
return
- File transmission time
total = 2RTT+transmit time








Nonpersistent HTTP issues:

- requires 2 RTTs per object
- OS must work and allocate host
resources for each TCP
connection but browsers often
open parallel TCP connections
to fetch referenced objects

Persistent HTTP

- server leaves connection open
after sending response
- subsequent HTTP messages
between same client/server are
sent over connection

Persistent without pipelining:

- client issues new request only
when previous response has
been received
- one RTT for each referenced
object

Persistent with pipelining:

- default in HTTP/1.1
- client sends requests as soon
as it encounters a referenced
object
- as little as one RTT for all the
referenced objects

HTTP Request Format

HTTP Request Format
HTTP Request Format

HTTP Request Format: GET, HEAD, PUT, POST, DELETE

A small browser request: http://localhost

user@host:~$ telnet localhost 80
Trying ::1...
Connected to localhost.localdomain.
Escape character is '^]'.
GET / HTTP/1.0
HTTP/1.1 200 OK
Date: Thu, 18 Aug 2016 14:46:28 GMT
Server: Apache/2.2.16 (Ubuntu)
Last-Modified: Mon, 08 Aug 2016 10:14:21 GMT
...
Connection: close
Content-Type: text/html
<html><body><h1>It works!</h1>
<p>This is the default web page for this server.</p>
<p>The web server software is running but no content has been added, yet.</p>
</body></html>
Connection closed by foreign host.

Conditional GET: client-side caching

Conditional GET: client-side caching
Conditional GET: client-side caching

HTTP Respond Format

HTTP Respond Format
HTTP Respond Format
1xx codes: Informational 
2xx codes: Successes 
3xx codes: Redirection
4xx codes: Client error 
5xx codes: Server error

HTTP response status codes

A few sample codes:

200 OK
– request succeeded, requested object later in this message
301 Moved Permanently
– requested object moved, new location specified later in this
message (Location:)
400 Bad Request
– request message not understood by server
404 Not Found
– requested document not found on this server
505 HTTP Version Not Supported

Cookies: keeping “state”

Cookies are an alternative mechanism for sites to keep track of users.
A: The server's response will include a Set-cookie: header.
Often this header line contains an identification number generated by the
Web server.
For example, the header line might be:
Set-cookie: 1678453

B: When the the HTTP client receives the response message, it sees the
Set-cookie: header and identification number.

C: Client appends a line to a special cookie file that is stored in the client
machine and includes the host name of the server and user's associated
identification number.

D: In subsequent requests to the same server, say one week later, the
client includes a Cookie: request header, and this header line specifies the
identification number for that server.

In the current example, the request message includes the header line:
Cookie: 1678453.

E: In this manner, the server does not know the username of the user, but
the server does know that this user is the same user
that made a specific request one week ago!

Many major Web sites use cookies                             Example:

Four components:                                                       – Ahmad.m access Internet
                                                                                        always from same PC
1) cookie header line in the HTTP                                            
response message                                                           – He visits a specific ecommerce
2) cookie header line in HTTP                                          site for first time
request message                                                                                                                         
3) cookie file kept on user’s host and                                – When initial HTTP requests arrives at site,
managed by user’s browser                                                   site creates a unique ID
4) back-end database at Web site                                           and creates an entry in backend database for ID


Cookies: keeping “state”
Cookies: keeping “state”

Cookies and privacy:

- Cookies permit sites to learn a lot about you
- You may supply name and e-mail to sites (Maybe Credentials!)
- Search engines use redirection & cookies to learn yet more
- Advertising companies obtain info across sites