Upload
ondineselkie
View
250
Download
0
Embed Size (px)
Citation preview
7/26/2019 Advanced Networking v2
1/64
Advanced Networking v2.0
1
Advanced Networking v2.1
On completion of this module you will have developed an understanding of
advanced network topics to a protocol level, aiding in the diagnosis and resolution
of protocol and network issues in complex networks.
The specific areas covered are:
Advanced network theory
Network Applications & Environments
Directory Services
7/26/2019 Advanced Networking v2
2/64
Advanced Networking v2.0
2
Module training overview
Target audience will be:
Any Service Professional that has advanced networking responsibilities. It is suggested that Outward
Professional Certification also be completed.
This training is aims to cover advanced network topics to a protocol level, aiding in the diagnosis and
resolution of protocol and network issues in complex networks.
Attainment Targets:
Understand how a network works on a fundamental level and troubleshoot network
connectivity issues in complex environments
To understand remote access/terminal environments and complex network applications
To understand how to resolve issues relating to directory services by understanding the
protocols involved
Knowledge check questions are provided at the end of each chapter to revise the main points
discussed. The knowledge check questions require a written response and the suggested course of
action is as follows:
Read through the chapter thoroughly.
Fill in the knowledge check questions.
If you have answered all the questions with the correct response, proceed to the next chapter.
If you have missed a question or answered incorrectly, revise the topic and repeat the
question.
On successful completion of all questions, proceed to the next chapter.
2006 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC
7/26/2019 Advanced Networking v2
3/64
Advanced Networking v2.0
3
Contents
1 Advanced Network Theory
1.1 Introduction 5
1.2 Protocols (Lower layers) 5
1.2.1 The OSI Model 5
1.2.2 TCP/IP (IPv4) 6
1.2.3 TCP/IP (IPv6) 11
1.3 About TCP/IP 15
1.3.1 Well known port 15
1.3.2 Network Utilities 16
1.4 Diagnostic Tools 23
1.4.1 Packet Capturing / Protocol Analyzers 23
1.4.2 Network testing 25
1.5 Protocols (Middle/Higher layers) 28
1.5.1 SNMP 28
1.5.2 SLP 30
1.5.3 NTP / SNTP 31
1.5.4 NTLM 33
1.5.5 Kerberos 34
1.5.6 Zero Configuration Networking (Zeroconf/Bonjour/Rendezvous/APIPA for Windows) 35
1.5.7 Further Research 36
1.6 Knowledge check 37
2 Network Applications and Environments
2.1 Introduction 40
2.2 Terminal Solution 40
2.2.1 Windows Terminal Server 42
2.2.2 Citrix Server 43
2.2.3 X Window Server 43
2.3 Other Applications 45
2.3.1 IP phone system 46
2.4 Knowledge check 48
7/26/2019 Advanced Networking v2
4/64
Advanced Networking v2.0
4
3 Directory Services
3.1 Introduction 51
3.2 LDAP 51
3.2.1 X500/DAP 51
3.2.2 URL Style 52
3.2.3 Reading 52
3.2.4 Operations 53
3.2.5 Schema 55
3.2.6 LDAP with TLS 57
3.3 Active Directory 58
3.3.1 Overview 58
3.3.2 Active Directory vs. the systems it's based on 59
3.4 eDirectory (NDS) 60
3.4.1 Overview 60
3.4.2 Replication 60
3.4.3 Hierarchy System 60
3.5 Other Directory Services 61
3.5.1 Overview 61
3.6 DNS/Dynamic DNS 61
3.6.1 Overview 61
3.7 Knowledge check 62
7/26/2019 Advanced Networking v2
5/64
Advanced Networking v2.0
5
1Advanced Network Theory
1.1
Introduction
In this module you will find details about networking protocols and applications that are
commonly used for business networks. This is an advanced module. It assumes that you are
familiar with basic networking concepts.
1.2
Protocols (Lower layers)
1.2.1The OSI Model
The International Standards Organization (ISO), an organization that develops industry
standards, developed the Open Systems Interconnection (OSI) standard. The OSI provides a
performance standard to allow the flexibility to add and replace network devices independent
of vendor.
OSI is a model only, and reflects a "way of looking at things" rather than hard and fast rules.
Simpler models also exist (such as the TCP/IP model) with fewer layers, but OSI is accepted as
a standard way of understanding networks.
The OSI specifies 7 layers of protocols that communicating systems should adopt. Each layers
protocol is written so that it works together with the protocol above and directly below it.
When two different operating systems are communicating with each other, each layer
communicates with the corresponding layer in the other system.
7/26/2019 Advanced Networking v2
6/64
Advanced Networking v2.0
6
1.2.2
TCP/IP (IPv4)
TCP/IP is a reliable and versatile combination of protocols that are very widely used today on
the Internet and many other corporate networks that connect to the Internet.
The name TCP/IP is derived from its two core protocols: TCP (Transmission Control Protocol)
and IP (Internet Protocol), although many other protocols make up the entire TCP/IP suite.
The original intention behind the creation of TCP/IP was to eliminate single points of failure or
control in the underlying network and to allow for multiple redundant communication paths
between any two points in the network. These characteristics combined with its open andwell publicized design have led TCP/IP to be the dominant protocols of communication
between many different types of computers.
7/26/2019 Advanced Networking v2
7/64
Advanced Networking v2.0
7
It is the default transport protocol for several operating systems, including Windows 2003
Server and Windows XP, NetWare 5, UNIX and GNU/Linux.
The IP protocol most commonly in use today is version 4 with version 6 being the next andupcoming revision of the protocol. IPv6 provides multiple enhancements over version 4 and
introduces a much larger address space as well.
The TCP and IP protocols work closely with each other however they can also interoperate
with other protocols as well. IP for instance can work with other protocols such as UDP.
Respectively, TCP can work over IPX for rather than IP.
This is made possible because of the concept of encapsulation. By encapsulation we mean the
ability for data from one of the higher layers of the protocol stack to be embedded (or
encapsulated) inside the payload of lower protocols for transmission over the network. The
diagram below shows what this encapsulation looks like at a high level.
As you can see, an upper layer message is packaged into a TCP or UDP message. This then
becomes the payload of an IP datagram.
7/26/2019 Advanced Networking v2
8/64
Advanced Networking v2.0
8
The IP datagram is then passed down to layer 2 where it is in turn encapsulated into a suitable
frame depending on what the underlying physical network is such as a wired LAN, WAN or
wireless network. Finally the information is then converted to bits and transmitted at the
physical layer.
If the message to be transmitted is too large for the size of the underlying network, it may first
be fragmented. This is analogous to splitting up a large delivery into multiple smaller
envelopes or boxes.
In this case, each IP datagram carries only part of the higher-layer message. The receiving
device must reassemble the message from the IP datagrams. So, a datagram doesn't always
carry a full higher-layer message; it may hold only part of one.
An IP datagram is shown below. Note that the area marked as DATAis used to encapsulate
the TCP information or the information of whatever other protocol is used on top of IP in theparticular environment.
Network MTU and fragmentation
IP hosts send datagrams up to the MTU size of the physical network. MTU stands for
Maximum Transmission Unit and it defines the maximum number of bytes that can be
transported in one packet
Routers mayhave to fragment datagrams if outbound the MTU size is smaller than the
inbound frame size
Each fragment has the format of an IP datagram
Fragments reassembled at receiving host (may be inefficient)
Higher probability of retransmission --> losing one fragment loses entire datagram
7/26/2019 Advanced Networking v2
9/64
Advanced Networking v2.0
9
IP Options
Loose and strict source routing - used to route a datagram along a specific path
Record route - used to trace a route
Internet timestamp - used to record timestamps along the route
A TCP segment has the following format as shown below:
Connection defined by the pair of numbers (source IP, source port) and (dest IP, destport)
Different connections can use the same destination port on server host as long as the
source ports or source IPs are different
Sequence numbers used to place received segment data in the correct order
Initial sequence number (ISN) marks the beginning of data stream
ISN is random and negotiated when connection is established
Acknowledgement numbers tell sender that receiver expects nextsegment
TCP is a connection-oriented protocol aiming at providing guaranteed delivery of data
(through the use of retransmission). As a result it has inherent overheads compared to UDP
because of the connection establishment and tearing-down phases.
UDP is more lightweight and can start transmitting data immediately since it is connection-
less. On the other hand it has no way of providing guaranteed delivery and if packets are lost
during the transmission over the network it has no way of knowing and taking any corrective
action.
7/26/2019 Advanced Networking v2
10/64
Advanced Networking v2.0
10
A UDP datagram requires far less overhead than a TCP segment and it is structured as shown
below:
Internet Control Message Protocol (ICMP) datagrams are used in IP networks as the format for
reporting IP datagram delivery problems. They are usually initiated at gateways but can also
be initiated by hosts. They are sent back to the source IP host and not gateways and there are
different types of ICMP datagrams depending on what error condition they are used to signify.
They are also encapsulated over IP datagrams as shown in the diagram below:
Because of the inherent unreliability of IP networks, a lot of ICMP datagrams are generated
and transmitted in typical network environment, therefore they were designed to be small
and really lightweight.
The structure of ICMP datagrams is as shown below:
The most commonly known ICMP datagram is called ICMP Echo Request/Reply. It is used to
test whether a network destination is reachable and responding. These packets are generatedand tracked by the packet internet groper utility, better known as ping.
7/26/2019 Advanced Networking v2
11/64
Advanced Networking v2.0
11
1.2.3TCP/IP (IPv6)
IP version 6 (IPv6) is a network layer IP standard used to exchange data between devices using
a packet-switched internetwork. IPv6 is the next version of the IP protocol in use today (IPv4)and it offers a number of major improvements over its predecessor. One of these
improvements is the increase in the number of IP addresses available for devices on various
networks, including the Internet.
IPv4 supports 32 bit addresses providing about 4.3 (2 to the power of 32) billion addresses
which is proving inadequate as more and more devices exist that need to be interconnected
via IP. IPv6 supports 128 bit addresses that should last for a while longer at least.
IPv6 addresses are separated into two logical parts of 64 bits each. The first one is called
network or sub-network prefix and the second is called host part. The host part of an
address is either automatically generated based on the interfaces MAC address or it is
assigned sequentially.
IPv6 addresses are normally written as eight groups of four hexadecimal digits and they can
therefore be quite verbose to write out. In order to simplify the notation a number of simple
rules have been set as follows:
If a four digit group is 0000, the zeros may be omitted.
Any group of consecutive 0000 groups may be reduced to two colons, as long as there
is only one double colon used in an address.
Leading zeros in a group of digits can also be omitted.
7/26/2019 Advanced Networking v2
12/64
Advanced Networking v2.0
12
Application of the above rules can reduce the following IPv6 address from this:
2001:0db8:0000:0000:0000:0000:1428:57a
to this:
2001:db8::1428:57a
without any loss of meaning.
The structure of IPv6 datagrams header is as follows:
Version
Internet Protocol Version number (IPv6 is 6).
Priority
Enables a source to identify the desired delivery priority of the packets. Priority values
are divided into ranges: traffic where the source provides congestion control and non-
congestion control traffic.
Flow label
Used by a source to label those products for which it requests special handling by the
IPv6 router. The flow is uniquely identified by the combination of a source address and
a non-zero flow label.
Payload length
Length of payload (in octets).
Next header
Identifies the type of header immediately following the IPv6 header.
7/26/2019 Advanced Networking v2
13/64
Advanced Networking v2.0
13
Hop limit
8-bit integer that is decremented by one by each node that forwards the packet. The
packet is discarded if the Hop Limit is decremented to zero.
Source address
128-bit address of the originator of the packet.
Destination address
128-bit address of the intended recipient of the packet.
Other features of IPv6 over IPv4 include:
Stateless auto configuration of hosts based on details provided by their local router
device.
Support for multicast as part of the base protocol resulting in more bandwidth and
efficient use of the network infrastructure for some applications.
Jumbograms allowing for large packets that can improve performance over high-
throughput network links.
Faster routing via a more systematic packet header structure, although this may not be
as significant anymore since recent advances to routing technology yield similar
results for even IPv4 now.
Network-layer security through the integration of IPSec in the base IPv6 protocol.
In IPv6 the ICMP protocol has also been updated accordingly bringing it to also version 6.
In addition, the multicast control functions of the IPv4 Group Membership Protocol (IGMP) are
now incorporated with the ICMPv6.
The structure of the ICMPv6 header is as shown below:
Type
The type of the message. Messages can be error or informational messages. Error
messages can be Destination unreachable, Packet too big, Time exceed, Parameter
problem. The possible informational messages are, Echo Request, Echo Reply, Group
Membership Query, Group Membership Report, and Group Membership Reduction.
7/26/2019 Advanced Networking v2
14/64
Advanced Networking v2.0
14
Code
For each type of message several different codes are defined. An example of this is the
Destination Unreachable message, where possible messages are: no route to
destination, communication with destination administratively prohibited, not a
neighbor, address unreachable, port unreachable. For further details, refer to the
standard.
Checksum
Used to check data corruption in the ICMPv6 message and parts of the IPv6 header.
One other key difference between IPv4 and IPv6 is the replacement of ARP in IPv4 with the
neighbor discovery protocol (NDP) in IPv6. For simple purposes, NDP and ARP are very similar:one node sends out a request packet (called a neighbor solicitation in NDP), and the node it
was looking for sends back a reply (neighbor advertisement) giving its link-layer address. NDP
is part of ICMPv6. With IPv4 this function is fulfilled by a completely different and stand-alone
protocol called ARP. ARP does not even run over IP and it uses broadcast packets. On the
contrary, NDP makes use of multicast packets instead.
For each unicast address it responds to, each host listens on a solicited-node multicast
address. The solicited-node multicast address for a given unicast address is constructed by
taking the last three octets of the unicast address and prepending
FF02::1:FF00:0000/104
Thus, the solicited-node multicast address of 2001:630:200:8100:02C0:4FFF:FE68:12CBis
FF02::1:FF68:12CB.
It's the solicited-node multicast address that a node uses as the destination of a neighbor
solicitation packet. This use of multicast means that most hosts don't get disturbed by
neighbor solicitations that aren't either for them or for a host with a very similar IPv6 address.
With broadcast on the other hand, every host on the network segment receives every packet
that is broadcasted.
IPv4 and IPv6 are not directly interoperable and therefore an intermediate proxy is necessary
for a client to communicate with a server when one uses IPv4 and the other IPv6. This is one of
the major reasons for the slower than expected adoption of IPv6 on the Internet.
To assist with the conversion process from IPv4 to IPv6 many operating systems, including
Microsoft WindowsTMand GNU/Linux, are now supporting dual stacks effectively allowing for
both IPv4 and IPv6 communication at the same time.
However, not all higher-level protocols are able to use IPv6 directly and therefore some
software adjustment is still necessary. The file transfer protocol (FTP) for example is bound to
the IP version that the server was built for and it cannot transparently support IPv6 clients.
7/26/2019 Advanced Networking v2
15/64
Advanced Networking v2.0
15
Further to dual stack operating systems, tunneling of IPv6 packets on the Internet
encapsulated inside IPv4 packets is also another commonly used technique to ease the
transition from IPv4 to IPv6.
1.3About TCP/IP
1.3.1Well known port
TCP communication across applications on different hosts is point to point using the concept
of ports to identify each stream of data. A port is represented by a 16-bit number attached to
the transmitted message.
Servers are identified by their well-known port numbers. For example, it is highlyrecommended that TCP/IP systems providing FTP (File Transfer Protocol) services do so using
port 21. A list of well-known port numbers is provided below:
Port number Use Description
20 ftp data File Transfer Protocol (Default Data)
21 ftp File Transfer Protocol (Control)
23 telnet Telnet
25 smtp Simple Mail Transfer Protocol
53 domain Domain Name Server
67 bootps Bootstrap Protocol Server (DHCP)
68 bootpc Bootstrap Protocol Client (DHCP)
80 www World Wide Web (HTTP)
110 Pop3 Post Office Protocol 3
119 nntp Network News Transfer Protocol
Socket address
When the IP address is combined with the port number then we have what is called a socket
address. For example combining the IP address of 192.168.0.1 with the SMTP port 25 is often
written as follows: 192.168.0.1:25 with a colon separating the IP address from the port
number.
7/26/2019 Advanced Networking v2
16/64
Advanced Networking v2.0
16
The combination of IP addresses and ports allows a single machine on a network to provide
different services at the same time (by using different ports for each service).
The socket pair (the client IP address and port number, plus the server IP address and portnumber) uniquely identifies each TCP connection in a network.
1.3.2Network Utilities
NETCAT (NC)
Netcat (aka. nc) is a command line utility for UNIX and UNIX-like operating systems that
provides the ability for its users to interactively send and receive data to and from any TCP
port on their local computer or on a remote system across the network.
This tool is extremely useful in troubleshooting networking-related issues that it is often
referred to as the Swiss army knife of TCP/IP. Because of this although the roots of the tool
are in the UNIX world several ports of it exist for the Microsoft WindowsTMenvironment.
The tool is command line driven and rich in configurable options as shown below:
7/26/2019 Advanced Networking v2
17/64
Advanced Networking v2.0
17
To demonstrate the power of this tool, you can set an instance of it in listening mode on any
TCP port on a remote host and then from a different computer you can invoke:
nc.exe -e cmd.exe
This will spawn a command line shell on that remote host allowing you to run commands
against it as shown below:
Other popular uses of the tool include the ability to do source routing up to four hops away,
portscanning remote hosts, checking for firewalls blocking certain ports across subnetworks
and more.
Netcat is not intended as a replacement for dedicated port scanning software such as Nmap
however it is useful as a quick and easy diagnostic tool for most networking problems.
TELNET
Telnet is typically the first tool one comes across when diagnosing network connectivity
issues, particularly for TCP since Telnet only uses TCP. Netcat on the other hand can also deal
with UDP issues. Typical uses of Telnet are to connect to a mail servers port 25 for instance
and issue commands to create a new mail message so that you can validate if the mail server
allows relaying or not. To do so you would first run telnet by issuing a command such as:
telnet 25
7/26/2019 Advanced Networking v2
18/64
Advanced Networking v2.0
18
Once the connection was established you could then issue the following commands as
follows:
helo
response should be as follows
250 OK
mail from:
response should be as follows
250 OK - mail from
rcpt to:
response should be as follows
250 OK - Recipient
data
response should be as follows
354 Send data. End with CRLF.CRLF
To:
7/26/2019 Advanced Networking v2
19/64
Advanced Networking v2.0
19
PING
Ping stands for Packet INternet Groper. A ping command sends a diagnostic packet to a
nominated network node to check network connectivity. If the node receives the packet, it
responds, confirming that the link is operational. If the node does not respond, the user is
alerted to a link failure.
Ping uses the Internet Control Message Protocol (ICMP) to send the request and return the
response or the fact that the message was indeed undeliverable.
A network administrator will ping a node in order to try and isolate a problem on the
network, or to measure performance.
The examples on the next page show the ping command and the network response.
Ping indicating failed connectivity.
7/26/2019 Advanced Networking v2
20/64
Advanced Networking v2.0
20
Ping indicating successful connectivity.
ARP (RARP)
The command arp is used to display and modify the IP-to-Physical address translation tables
used by Address Resolution Protocol (ARP). This command allows to set a static link between a
given IP address and a Physical address and to display the contents of the computers ARP
tables.
RARP stands for Reverse Address Resolution Protocol and given a physical address, the
computer is able to find out the IP address of another computer on the same LAN segment.
Below is the output produced from running arp a used to query the arp tables for the
current machine:
C:\Documents and Settings\user>arp a
Interface: 10.10.11.156 --- 0x10003
Internet Address Physical Address Type
10.10.11.1 00-40-63-df-f0-9e dynamic
As you can see, the IP address 10.10.11.1 is mapped to the physical address dynamically which
implies that the physical address was discovered via the use of ARP as opposed to being
statically set.
ARP is a non-routable, broadcast protocol. Therefore it cannot cross routers by default. Special
configuration on some routers may allow it to do so but this is generally a bad network
management practice and hardly ever done in actual networks. The purpose of having the
ARP table distributed across each client machine so that each one maintain their own is done
to minimize the amount of broadcasting necessary in order for machines to be identified on
the network each time communication is required to take place.
7/26/2019 Advanced Networking v2
21/64
Advanced Networking v2.0
21
TRACERT
The tracert command is sort for trace route. It picks up from where ping stops, in that it is
able to show the individual network nodes a packet goes through to reach its destination. If at
any point connectivity is lost using tracert it is possible to see up to what node(s) the
communication was successful.
This is what a typical few lines of output from tracert look like:
6 27 ms 24 ms 21 ms 61.88.221.135
7 28 ms 30 ms 25 ms ConnectCom.un2.optus.net.au [61.88.171.206]
8 19 ms 36 ms 30 ms so-3-1-0.cre1.syd.connect.com.au [202.10.4.91]
9
7/26/2019 Advanced Networking v2
22/64
Advanced Networking v2.0
22
We only touched upon another whole class of diagnostic utilities for the network when we
were discussing netcat. We then made reference to its capabilities as a rudimentary port
scanner. Port scanners form an entire class of diagnostic utilities on their own and within that
class you can find many excellent commercial and open source pieces of software.
A port scanner takes one or more IP addresses and looks for open TCP or UDP ports that areavailable on each IP address. They employ very sophisticated technology to also be able to
perform operating system detection given the characteristics and behaviors of the target
operating system to the TCP port probing.
Finally, a lot of these port scanners are able to perform what are known as stealth scans that
can mostly go undetected by the target host so its administrators are not alarmed and take
additional security measures. Port scanning is equally valuable for administrators in taking an
automated audit of what services run on their network and on their end-user desktop and
laptop systems.
One of the most commonly known and feature rich port scanner is Nmap which is also freely
available software that can be used by anyone free of charge. Also note that using a port
scanner on a network other than one you own is considered not only bad etiquette, it can also
be a punishable act even lead to prosecution depending on the type and owner of the
network and their policies. In short, never user a port scanner without having obtained the
explicit consent of the owner of the network and host(s) you are going to be targeting.
7/26/2019 Advanced Networking v2
23/64
Advanced Networking v2.0
23
1.4Diagnostic Tools
1.4.1Packet Capturing / Protocol Analyzers
Packet capturing and protocol analysis are widely used techniques for identifying network
and application related issues. One of the most common tools for performing these activities
is Wireshark.
Wireshark is an open source project aimed at developing a feature-full, easy to use and free
network packet capture and analysis tool. Wireshark used to be called Ethereal and recently
the project changed names for legal reasons.
Network packet capture and analysis tools can prove extremely useful as diagnostic tools
because they allow their users to gain visibility into the working of their network. The tool
uses one of the network interfaces on the machine it is running on to collect network data and
subsequently analyze it and present it to the user in an easy to read format.
In an Ethernet LAN for instance all data is transmitted in frames, Wireshark is able to capture
those and assemble them to packets and from there identify the protocols that make up this
traffic, separate it by protocol and color code it. Wireshark has extensive support for a very
large number of protocols that it can understand and analyze.
The user is able to drill down and inspect the various pieces of data that were captured.
Because Wireshark captures all network data that goes to the host it is running (and in some
configuration all data transmitted on the switch or the entire network) you can use it to
troubleshoot IP, TCP, UDP or even HTTP related issues regardless of what layer each of theseprotocols operate in.
7/26/2019 Advanced Networking v2
24/64
Advanced Networking v2.0
24
Operating Wireshark requires three main steps, namely: Start a capture (of data flowing on the
network), filter the results of the capture (to reduce the amount of information presented and
increase relevance) and finally analyze the information to troubleshoot the issue at hand.
Many other network packet capture and analysis tools exist in both open source and
commercial running on a variety of operating systems from Microsoft WindowsTMto Linux,
MacOS X, Sun Solaris and others. Some are console-based without a GUI whereas others
contain a GUI.
One such alternative tool is EtherPeek which performs traffic monitoring and packet capture.It can decode over 1,000 protocols and subprotocols, but as the name implies, EtherPeek's
support is limited to Ethernet networks.
Unlike Wireshark, EtherPeek is a commercial product. It offers a very user-friendly interface
with support for triggers, alarms, and filters. Triggers, which are used to start and stop packet
capturing, can be set off by a time event or by network traffic.
Alarms warn you of abnormalities in LAN activity, such as bottlenecks, when traffic deviates
from a specified limit. Filters work similarly to those in Wireshark and allow the user to capture
only the traffic that is of interest to them and reject other noise traffic on the network.
7/26/2019 Advanced Networking v2
25/64
Advanced Networking v2.0
25
Two types of fi lters are supported in EtherPeek, simple and advanced. Simple filters consist of
just the traffic source and destination specified by MAC or the network-layer address,
protocols that rest on the network layer (and up), or port numbers.
Advanced options allow you to build more complex filters through logic statements and
filtering options. Information like downloaded HTTP or FTP files can be displayed, as well as
detailed information like TCP window sizes.
1.4.2Network testing
A wide range of network testing tools exists each with their own relative strengths andweaknesses. Fairly simple tools such as EtherPeek with its packet injection system allow users
to craft network packets and inject them in the network. On the other hand large and feature
full packages exist such as SolarWinds providing a complete environment for network testing,
benchmarking, discovery and monitoring.
Also in this category you can find very simple tools that have stood the test of time and can be
indispensable even though they were not originally designed for network testing per se. One
good example of such a tool is telnet that was originally designed to allow remote access to
systems over the network. Because it is easy to use and present in so many systems by default
it is also widely used as a diagnostic tool to see if a daemon or service is listening on a remotesystem across the network.
7/26/2019 Advanced Networking v2
26/64
Advanced Networking v2.0
26
For example, if we wanted to check that a SMTP (mail) server is indeed up and running on a
remote machine we could issue the following command on a windows or UNIX prompt:
telnet mail.example.com 25
The above command establishes a TCP connection with the server mail.example.com (as
resolved by the DNS) on port 25. Port 25 is arbitrary however we use it here because we wish
to test the SMTP services provided by that server and by convention port 25 is the one used
for SMTP.
If the machine is up and the SMTP server is running we should get a connection established.
Otherwise after a little while we will receive a time-out message.
Once we get connection to the port we can then issue commands manually to check that
responses are received and they are correct. Building on our previous example, we couldrequest that the mail server allows us to send an email message by feeding it manually with
the commands a browser would have passed as well. This could be done as follows (server
responses are shown in italicfor readability):
helo
response should be as follows
250 OK
mail from:
response should be as follows
250 OK - mail from
rcpt to:
response should be as follows
250 OK - Recipient
data
response should be as follows
354 Send data. End with CRLF.CRLF
7/26/2019 Advanced Networking v2
27/64
Advanced Networking v2.0
27
To:
7/26/2019 Advanced Networking v2
28/64
Advanced Networking v2.0
28
1.5Protocols (Middle/Higher layers)
IPSec is short for Internet Protocol Security. It is a standard in network communicationsecurity and provides encryption at a lower layer (Network Layer - Layer 3 of the OSI Model)
than normal encrypted communication methods. This effectively means that all network
communication (even insecure protocols such as FTP) gain advanced encryption.
IPSec is optional on normal IPv4 networks. However, on IPv6 networks it is required. IPSec has
two different modes of security. These are "Transport" and "Tunnel" modes.
In Transport Mode, only the data within the packet is encrypted. All other parts of the packet,
such as destination header information and so on are left unaltered. This means that most
network routing methods will work as expected, however in cases where NAT is used,
Transport mode cannot be used due to the hash value (essentially a checksum) no longer
matching the destination.
In Tunnel Mode, the entire packet is encrypted. This would normally mean that the packet
can never be routed and this mode couldn't be used on any normal networks at all. However
in Tunnel Model, IPSec will encapsulate (wrap) the encrypted packet inside another
unencrypted packet. Because of this, it can be routed exactly like any other network traffic.
In general, Tunnel Mode is not used between hosts in the same network. This is because, as
explained, Tunnel Mode adds another unencrypted IP header to the encrypted packet and as
a result, there is a significant increase in network traffic.
1.5.1SNMP
SNMP stands for Simple Network ManagementProtocol and it is used to keep track of vital
information of various networking devices and servers such as routers, switches and server
systems. It consists of a set of standards for network management, including an Application
Layer protocol, a database schema, and a set of data objects.
It works in a client-server mode allowing the management client to query servers for statistics
of their different components. Also, servers can push information to the management console
as needed by raising what is known as a trap.
SNMP is currently in its third version however there are still devices in use that only support
version 1 of the protocol and therefore one may see a mixed version of the protocol in active
use in most large scale networks with older legacy equipment.
SNMP version 1 (SNMPv1) is the initial implementation of the SNMP protocol. SNMPv1
operates over protocols such as User Datagram Protocol (UDP), Internet Protocol (IP),
AppleTalk Datagram-Delivery Protocol (DDP), and Novell Internet Packet Exchange (IPX).
SNMPv1 is widely used and is the de facto network-management protocol in the Internet
community. Version 1 suffers from poor security. Authentication of clients is performed onlyby a "community string", in effect a type of password, which is transmitted in clear text.
7/26/2019 Advanced Networking v2
29/64
Advanced Networking v2.0
29
There are several editions of SNMP v2 due to disagreements in security. SNMP version 2
offered improvements in the areas of performance, security, confidentiality, and manager-to-
manager communications over SNMP v1.
Unfortunately, it was not widely adopted because of serious disagreements over the security
framework in the standard. Eventually version 2c was released that was essentially v2 without
the controversial security framework. Instead it used a similar community-string based
mechanism for authentication.
Security issues aside, SNMP version 2 was rather complex compared to v1 and therefore, as a
compromise and to assist in its adoption SNMP v2u was released. It offers greater security
than SNMP v1 but without incurring the high degree of complexity that other version 2
editions of the protocol have had in the past. This edition is what is commercially known as
SNMP v2.
As of 2004, SNMP v3 is recognized as the current standard and all previous versions are
marked as obsolete or historical. In practice however one can find a mixture of versions
used including mostly v1, v3 and to some extend v2c, although v2 is incompatible with v1
which tends to further complicates interoperability in large scale networks.
SNMP tracks usage parameters of the various components in networking and server devices
by assigning them to unique identifiers called Object Identifiers (IODs). OIDs are used within
the management information base (MIB) that SNMP uses to track the different performance
counters within components of the various equipment.
A management information base (MIB) stems from the OSI/ISO Network management model
and is a type of database used to manage the devices in a communications network. It
comprises a collection of objects in a (virtual) database used to manage entities (such as
routers, switches and servers) in a network. It is hierarchical (tree structured) and entries are
addressed through OIDs. MIBs are periodically updated to add new functionality, remove
ambiguities and to fix defects.
A trap in the context of SNMP according to Cisco Systems is A notification event issued by a
managed device to the network management station when a significant event (not
necessarily an outage, a fault, or a security violation) occurs. Traps are raised by the device
that is being monitored and get caught by the monitoring station where the management
console is attached to.
This is how traps then become known to the operators of the network who can then decide to
take some action based on the traps received or otherwise.
Common uses of SNMP include
Monitoring device uptime
Collect hard disk drive usage statistics from servers
Inventory of OS versions
7/26/2019 Advanced Networking v2
30/64
Advanced Networking v2.0
30
Collect interface information
Measuring network interface throughput
Querying a remote ARP cache
Konica Minolta devices have a fairly comprehensive MIB for SNMP. The basic Printer MIB (both
printmib and hostmib) are supported as well as Konica Minolta's own proprietary MIB.
Because of this, SNMP enterprise management systems are able to access all of the expected
functions of a printer, and where Konica Minolta supply a plugin to the EMS, information
specific to Konica Minolta devices.
The most common uses of SNMP with Konica Minolta (and other) print devices is the status
information reported to an operating system's print system. This allows, for example,Microsoft Windows to display "Out of Paper" along with the printer object when the device is
out of paper.
Konica Minolta's PageScope Net Care application also makes extensive use of SNMP both for
reading current status and settings as well as writing new settings to a device.
1.5.2SLP
The Service Location Protocol (SLP) was originally an Internet Engineering Task Force (IETF)
standards track protocol that provides a framework to allow networking applications to
discover the existence, location, and configuration of networked services in enterprise
networks.
Traditionally, in order to locate services on the network, users of network applications have
been required to supply the host name or network address of the machine that provides a
desired service. Ensuring that users and applications are supplied with the correct information
has, in many cases, become an administrative nightmare.
Protocols that support service location are often taken for granted; mostly because they are
already included in many network operating systems. For example, without Microsoft's SMBservice location facilities, "Network Neighborhood" could not discover services available for
use on the network and Novell NetWare would be unable to locate eDirectory trees.
Nevertheless, an IETF sponsored protocol for service location was not standardized until the
advent of SLP. Because it is not tied to a proprietary technology, SLP provides a service
location solution that could become extremely important (especially on UNIX) platforms. SLP
can eliminate the need for users to know the names of network hosts.
With SLP, the user only needs to know the description of the service he is interested in. Based
on this description, SLP is then able to return the URL of the desired service.
7/26/2019 Advanced Networking v2
31/64
Advanced Networking v2.0
31
SLP makes use of software components called agents that are used to process protocol
messages accordingly. There are three types of agents, namely, user agents, service and
directory agents.
The SLP User Agent is a software component that is looking for the location of one or more
services. Usually implemented (at least partially), as a library to which client applications link,
it provides client applications with a simple interface for accessing SLP registered service
information.
The SLP Service Agent is a software component that advertises the location of one or more
services. SLP advertisement is designed to be both scalable and effective, minimizing the use
of network bandwidth through the use of targeted multi-cast messages, and uni-cast
responses to queries.
The SLP Directory Agent is a software component that acts as a centralized repository forservice location information. Both Service Agents and User Agents make it a priority to
discover available Directory Agents, as using a Directory Agent minimizes the amount of
multi-cast messages sent by the protocol on the network.
1.5.3NTP / SNTP
NTP stands for Network Time Protocol and it is used to provide consistent date and time
information across an entire network of machines. It employs a client/server architecture with
one or more (typically many more than two) time servers that are responsible for answering
client queries for time synchronization. On the other hand, clients are responsible for
periodically requesting time information from the time servers and then use this information
to adjust the clock of the host machine they are running on.
The protocol scales very well by working off a tree-like structure for servers and clients
providing and consuming time-related information. A number called a Stratum number
identifies the level of the server in the NTP tree hierarchy.
Stratum 1 is the top level of the tree where servers have access to time sources of high
accuracy directly. They provide synchronization to secondary servers operating at Stratum 2and so on to higher strata. In this hierarchy, clients are simply servers that have no
dependents.
7/26/2019 Advanced Networking v2
32/64
Advanced Networking v2.0
32
TP Servers/Pools
Stratum 1 time servers are also computers and their internal clocks are just as inaccurate as
the ones of the clients they are trying to serve, therefore for keeping correct track of time an
external clock is used. This is typically an atomic clock that is of very high accuracy.
To ease configuration of NTP systems, the concept of NTP Server pools has been developed
(www.pool.ntp.org). This is comprised of a large number of NTP servers available via round-
robin DNS behind generic DNS names such as pool.ntp.org.
There are also a number of regional DNS entries that are better suited to ensure that the
server you end up using is geographically closer to the client or NTP sever that is requesting
information from it.
http://www.pool.ntp.org/http://www.pool.ntp.org/http://www.pool.ntp.org/7/26/2019 Advanced Networking v2
33/64
Advanced Networking v2.0
33
NTP support is built into most modern operating systems including Microsoft WindowsTM2000
and Windows XP, MacOS X, Gnu/Linux distributions and Sun Solaris 10 to name a few.
Microsoft and Apple do not use the freely available NTP server pools directly (via the DNS load
balanced entries) they instead define their own set of DNS entries with (presumably a numberof) NTP servers behind it.
NTP/SNTP is primarily considered a convenience function, however can also be used to avoid
issues that arise from an incorrectly set clock. Konica Minolta devices that have it enabled will
not require manually setting the time and the user can be sure that it is accurate. This is
considered important in environments where the print log is monitored and must be
accurate.
Additionally, some functions such as Active Directory Authentication require that the clock on
the client (the Konica Minolta device in this case) is set to the same time (within a certain
tolerance) of the Active Directory server or the authentication attempt will fail. By using NTP,
the Konica Minolta device can synchronize itself with the Active Directory server, ensuring
that the authentication will always succeed.
NTP sets the date and time by exchanging timestamps from higher-level Stratum servers to
lower level ones. The 64-bit timestamps used by NTP consist of a 32-bit seconds part and a 32-
bit fractional second part with an epoch of January 1, 1900, giving NTP a time scale of 232
seconds (136 years) and a theoretical resolution of 2-32 seconds (0.233 nanoseconds).
Although the NTP timescale wraps around every 232 seconds, implementations should
disambiguate NTP time using prior knowledge of the approximate time from other sources.Since this only requires time accurate to a few decades, this is unlikely to ever be a problem in
general use. Even so, future versions of NTP will extend the time representation to 128 bits: 64
bits for the second and 64 bits for the fractional-second.
SNTP stands for Simple Network Time Protocol and it is a simpler form of NTP that does not
require storing information about previous communications. It is mainly used in some
embedded devices and in applications where high accuracy timing is not required.
1.5.4
NTLM
NTLM is a Microsoft authentication protocol used with the SMB protocol. It is the successor of
LANMAN, an older Microsoft authentication protocol, and attempted to be backwards
compatible with LANMAN. The NTLM initials stand for NT LanMan (i.e. LanMan for Windows
NT). NTLM was followed by version two NTLMv2, at which time the original was renamed
NTLMv1.
There seems to be no official documentation of the protocol, however it has been reverse
engineered by the SAMBA team and their documentation is quite current and thorough. We
will only discuss the latest NTLMv2 protocol here and use the term NTLM to refer to it.
7/26/2019 Advanced Networking v2
34/64
Advanced Networking v2.0
34
NTLM is a challenge response authentication protocol that is cryptographically stronger than
NTLMv1. The challenge-response mechanism of the protocols involves the exchange of three
messages between the client (wishing to authenticate) and the server (requesting
authentication) as follows:
1.
The client first sends a Type 1 message containing a set of flags of features supported
or requested (such as encryption key sizes, request for mutual authentication, etc.) to
the server.
2.
The server responds with a Type 2 message containing a similar set of flags supported
or required by the server (thus enabling an agreement on the authentication
parameters between the server and the client) and, more importantly, a random
challenge (8 bytes long).
3.
Finally, the client uses the challenge obtained from the Type 2 message and the user'scredentials to calculate the response. The calculation differs based on the NTLM
authentication parameters negotiated previously, but in general they apply MD4/MD5
hashing algorithms and DES encryption to compute the response. The client then
sends the response to the server in a Type 3 message.
1.5.5Kerberos
Kerberos is a computer network authentication protocol, which allows individuals
communicating over an insecure network to prove their identity to one another in a secure
manner.
The name also refers to a suite of free software published by Massachusetts Institute of
Technology (MIT) that implements this protocol. Kerberos prevents eavesdropping or replay
attacks, and ensures the integrity of the data. Be design it adopts a client-server model, and
provides mutual authentication where both the user and the server verify each other's
identity. Kerberos builds on symmetric key cryptography and requires a trusted third party.
Kerberos makes use of a trusted third party, termed a Key Distribution Center (KDC), which
consists of two logically separate parts: an Authentication Server (AS) and a Ticket GrantingServer (TGS). Kerberos works on the basis of "tickets" which serve to prove the identity of
users.
Kerberos maintains a database of secret keys; each entity on the network - whether a client or
a server - shares a secret key known only to itself and to Kerberos. Knowledge of this key
serves to prove an entity's identity. For communication between two entities, Kerberos
generates a session key that they can use to secure their interactions.
A client, once granted with a relevant ticket, presents it to the host that offers a service the
client would like to use and there the ticket is validated. If valid, the client is allowed to access
the service.
7/26/2019 Advanced Networking v2
35/64
Advanced Networking v2.0
35
Kerberos is routinely transported using UDP protocol, but when the user datagram exceeds
approximately 2,000 KB, the OS will switch to TCP to ensure data integrity.
1.5.6Zero Configuration Networking
(Zeroconf/Bonjour/Rendezvous/APIPA for Windows)
Zeroconf or Zero Configuration Networking is a set of techniques that automatically create a
usable IP network without configuration or special servers. This allows unknowledgeable
users to connect computers, networked printers, and other items together and expect them
to work automatically.
Without Zeroconf or something similar, a knowledgeable user must either set up special
servers, like DHCP and DNS, or set up each computer's network settings by hand, which is atedious task, and can be challenging for non-technical people.
The basis for Zero Configuration is clever use of the DNS space. Computers with services
enabled typically register a name with their local DNS server so other computers can query
the DNS and find those available services. Implementation of this key idea varies quite a bit
between different vendors and the open source implementations available.
Apple for instance offers the DNS Service Discovery (DNS-SD) solution built on top of the
tested and robust Domain Name System. It uses DNS SRV, TXT, and PTR records to advertise
Service Instance Names. The hosts offering the different services publish details of available
services like instance, service type, domain name and optional configuration parameters.
Service types are given informally on a first-come basis.
A service type registry is maintained and published by DNS-SD.org. DNS-SD is used in Apple
products, many network printers and a considerable number of third party products and
applications on various operating systems. It is considered simpler and easier to implement
than Microsoft's competing technology, SSDP, because it uses DNS rather than HTTP.
Microsoft on the other hand offers a similar concept but incompatible in implementation
method for automatic service discovery based on Simple Service Discovery Protocol (SSDP).
This is a UPnP protocol, used in Windows XP and several brands of network equipment.Despite its name, it is considered complex and requires more effort to implement than DNS-
SD. SSDP uses HTTP notification announcements that give a service-type URI and a Unique
Service Name (USN).
Service types are regulated by the Universal Plug and Play Steering Committee. SSDP is
supported in many firewall appliances used in small offices and home offices (SOHO), where
host computers behind it may pierce holes for applications. It is also used in media center
systems, where media exchange between host computers and the media center are facilitated
using SSDP.
Even though there is support in many third party devices and operating systems for either of
the two protocols for automatic service discovery, none is a ratified standard. The Service
7/26/2019 Advanced Networking v2
36/64
Advanced Networking v2.0
36
Location Protocol (SLP) on the other hand, is the only protocol for service discovery to have
reached the IETF RFC status. Novell, Sun Microsystems, Apple and other vendors mostly in the
networking hardware space support SLR.
1.5.7Further Research
This section has provided an overview of various middle and high level networking protocols
commonly encountered in modern LANs. There is a wealth of information available for all of
these protocols that cannot be covered in this module, however most of this information is
easily accessible online. The two major sources of information are RFCs and online discussion
forums.
RFCs stand for Request For Comments and are documents maintained by the InternetEngineering Task Force (IETF). These documents are on their one proposals encompassing
findings of new research, innovations, and methodologies applicable to Internet technologies.
Although they are not standards per-se, IETF regularly adopts some of the proposals
published in RFCs as Internet standards.
Upon receipt of the content from its authors, the RFC Editor issues each RFC document with a
unique serial number. Once issued a numerical identifier and published, an RFC is never
rescinded or modified; if the document requires amendments, the authors publish a revised
document; therefore, some RFCs make others obsolete. Together, the serialized RFCs compose
a continuous historical record of the evolution of Internet standards.
RFCs offer a very good source of highly technical, in-depth information and are not plagued
by ambiguity or mis-features that are common in formal standards such as those published by
the International Standards Organization (ISO) for instance as a result of multiple committee
meetings.
The official source for RFCs on the World Wide Web is the RFC Editor (www.rfc-
editor.org/rfc.html). However, in reality you can freely download RFCs from a number of
mirror sites around the world.
The other valuable source of information related to network protocols are online discussionforums and newsgroups such as those found at www.go6.net/
for IPv6.
http://www.rfc-editor.org/rfc.htmlhttp://www.rfc-editor.org/rfc.htmlhttp://www.rfc-editor.org/rfc.htmlhttp://www.go6.net/http://www.go6.net/http://www.rfc-editor.org/rfc.htmlhttp://www.rfc-editor.org/rfc.html7/26/2019 Advanced Networking v2
37/64
Advanced Networking v2.0
37
1.6Knowledge check
1. How many layers does the OSI model define? What are the top and bottom layers?
2. Explain the origin of the name of TCP/IP.
7/26/2019 Advanced Networking v2
38/64
Advanced Networking v2.0
38
3. What is netcat?
4. What is arp?
7/26/2019 Advanced Networking v2
39/64
Advanced Networking v2.0
39
5. What is Wireshark and what was its previous name?
6. What is SNMP?
7/26/2019 Advanced Networking v2
40/64
Advanced Networking v2.0
40
2Network Applications and Environments
2.1
Introduction
This section covers details of the most dominant and widely used Terminal Solutions as well as
details about the various directory systems available. These include Microsofts Active
Directory and Novells eDirectory. The section also provides details about the underlying
protocol these directory systems use called LDAP.
2.2
Terminal Solution
Terminal based solutions allow end-users to access powerful backend applications, file
storage, printing and other services through a very simple, low powered client device. This
centralization of computing resources can offer simpler management of the infrastructure,
economies of scale when upgrading and faster resolution of problems.
The terminal based computing model was very dominant in the early days of computing
adoption where powerful mainframe systems would be centrally hosted and managed
allowing a number of users to interact with them via simple terminal devices.
The evolution of the personal computer brought a shift in that paradigm for most business
uses of computers. Data and processing, as well as interfaces to devices, were all moved to the
client PC.
In recent times, however, we are seeing a shift towards centralization again that is now
available not only for UNIX or mainframe based applications but also for Microsoft WindowsTM
based users and line of business applications.
7/26/2019 Advanced Networking v2
41/64
Advanced Networking v2.0
41
Unlike the days of the mainframe era, with newer terminal solutions resources need not only
be available on the remote/terminal server. Instead, a variety of clients can be used to access
the terminal solution. These can include thin client computer terminals that are only there to
provide a user interface to the terminal server and applications served therein.
They can also include full blown desktop computers that may still have their own processing
and storage capabilities in addition to providing access to applications, processing or storage
at the terminal server.
7/26/2019 Advanced Networking v2
42/64
Advanced Networking v2.0
42
2.2.1Windows Terminal Server
Microsoft offers a solution for terminal server access for a number of years now. The Microsoft
Terminal Services solution has changed names over time but remains similar in essence. It
used to be called Terminal Server when it was offered as an add-on to Windows NT, later
renamed to Terminal Services when it was bundled with Windows 2000 Server and it even
exists on Windows XP and Microsoft WindowsTM2003 Server as Remote Desktop Services. Via
Microsoft Terminal Services end-users can access a remote server and run any number of
applications from it over the network with the impression that they are directly accessing that
server.
The degree of use organizations get out of Terminal Services varies from using it just to allow
access to one or two applications that are otherwise difficult to install and manage on each
client workstation, all the way to having users run their entire desktop, all applications,
printing and data via terminal services access.
The latest re-incarnation of the Microsoft Terminal Services solution is called Microsoft
Remote Desktop Services and like its predecessors is based on the Remote Desktop Protocol
(RDP). RDP is a multi-channel protocol that allows a user to connect to a computer running
Microsoft Terminal Services. Clients exist for most versions of Windows, and other operating
systems such as Linux, FreeBSD, and Mac OS X.
The server listens by default on TCP port 3389. RDP is derived from the T.128 protocol and in
Windows XP Professional version 5.1 has been implemented. Windows 2003 Serverimplements version 5.2 and version 6.0 has been introduced with Windows Vista. Version 6.0
includes a lot of new features including support to remotely access a single application
instead of the entire desktop, and support for 32bit color.
Microsofts Terminal Services offering grew out of its relationship with Citrix, a company
specializing in the provision of thin client middleware technology. The Microsoft Remote
Desktop Protocol was built using technology licensed by Citrix in 1997. Since then the two
products, by Microsoft and Citrix respectively have been growing independently and they are
now both stable and robust offering a host of advanced features.
Historically however the Citrix product has always been technologically ahead whereas theMicrosoft one is offered from Windows NT onwards, first as an add-on and later bundled for
free into the core operating system, starting with the Windows 2000 family of products.
Microsoft has a longstanding agreement with Citrix to facilitate sharing of technologies and
patent licensing between Microsoft Terminal Services and Citrix Presentation Server. In this
arrangement, Citrix has access to key source code for the Windows platform enabling their
developers to improve the security and performance of the Terminal Services platform. In late
December, 2004 the two companies announced a five-year renewal of this arrangement to
cover the upcoming release of Windows Vista.
7/26/2019 Advanced Networking v2
43/64
Advanced Networking v2.0
43
2.2.2Citrix Server
Citrix offers its own terminal service middleware called Citrix Presentation Server (formerly
Citrix MetaFrame and before that called WinFrame). It is a remote access/applicationpublishing product built on the Independent Computing Architecture (ICA), Citrix Systems'
thin client protocol.
The Presentation Server product resides on a Microsoft WindowsTM machine, which can be
either standalone or part of a larger cluster of Citrix servers. Presentation Server also supports
three UNIX variants: HP-UX, Solaris, and AIX.
There is a web-based Citrix client, freely available under the name Web Interface for
Presentation Server. The Web Interface may be used as a secure ICA proxy over HTTPS when
combined with Citrix Secure Gateway, both of which are included in the base Presentation
Server product.
Citrix MetaFrame runs over Port 1494 or since Citrix MetaFrame Presentation Server 3.0 port
2598. There is a Citrix client that must be used to connect to the Citrix Presentation Server and
this is different from the Microsoft RDP client (rdesktop) that is built into Windows NT, 2000
and XP operating systems.
Citrix has traditionally also offered better support for printing, multimedia and peripheral
devices when accessing applications over the network on other servers.
2.2.3X Window Server
The X Window System (commonly X11 or X) is a networking and display protocol which
provides windowing on bitmap displays. It provides the standard toolkit and protocol to build
graphical user interfaces (GUIs) on UNIX, UNIX-like operating systems, and OpenVMS, and is
supported by almost all other modern operating systems.
X provides the basic framework, or primitives, for building GUI environments: drawing and
moving windows on the screen and interacting with a mouse and/or keyboard. X does not
mandate the user interface individual client programs handle this. As such, the visual styling
of X-based environments varies greatly; different programs may present radically different
interfaces.
X features network transparency: the machine where application programs (the client
applications) run can differ from the user's local machine (the display server). X's usage of the
terms "client" and "server" reverses what people often expect, in that "server" refers to the
user's local display ("display server") rather than to a remote machine.
X originated at MIT in 1984. The current protocol version, X11, appeared in September 1987.
The X.Org Foundation leads the X project, with the current reference implementation, version
11 release 7.1
7/26/2019 Advanced Networking v2
44/64
Advanced Networking v2.0
44
X uses a client-server model: an X server communicates with various client programs. In X the
user's terminal is the "server" and the remote applications as the "clients". This term reversal
from common convention is because X takes the perspective of the program, rather than that
of the end-user or of the hardware. Therefore the local X display provides display services toprograms, so it acts as a server and any remote program uses these services, thus it acts as a
client.
The X server takes input from a keyboard and mouse and displays to a screen. A web browser
and a terminal emulator run on the user's workstation, and a system updater runs on a remote
server but is controlled from the user's machine. Note that the remote application runs just as
it would locally.
The communication protocol between server and client operates network-transparently. The
client and server may run on the same machine or on different ones, possibly with different
architectures and operating systems, but they run the same in either case. A client and server
can even communicate securely over the Internet by tunneling the connection over an
encrypted network session.
The design philosophy behind X is worth mentioning as it is based on simplicity and keeping
the number of features to a minimum. This is in line with the wider UNIX philosophy of havinga number of simple, discreet components working with one another to offer powerful
7/26/2019 Advanced Networking v2
45/64
Advanced Networking v2.0
45
capabilities. In X11 the first design principle is "Do not add new functionality unless you know
of some real application that will require it".
Applications running on UNIX hosts can also be used through MacOS X and Windows clientcomputers using X. Windows does not offer native support for X however a number of
commercial and free implementations of X servers are available. Free implementations
include: Cygwin/X, Xming, WeirdMind and WeirdX. On the other hand, commercial
implementations include: Reflection X, Xmanager, X-Deep/32, WiredX, Exceed and X-Win32.
Apples MacOS X comes with a free X server that can be used to run applications off remote X
client machines.
2.3
Other Applications
Web Services for Devices, known commonly as WSD, is a new function in Microsoft Windows
Vista that allows automatic discovery and configuration of devices. It is a competing system
to Bonjour from Apple, which evolved from and contributes back to the open "ZeroConf"
networking standard.
WSD allows Windows Vista to automatically discover a device on the network (including its
current configuration), install it and make it available to users. WSD is, as the name suggests, a
web based system, making extensive use of SOAP/XML as with other web based network
services.
Konica Minolta only supports WSD on the newest range of Emperon2 based MFPs such as the
bizhub C550.
WebDAV stands for "Web Distributed Authoring and Versioning" and is an extension of the
HTTP Web protocol that allows for collaborative file management on web systems. It is most
commonly seen by end users as the "Web Folders" feature of Microsoft Windows operating
systems since Windows 98 and has been further integrated in Windows Vista. In essence,
most client implementations simply allow you to treat a web-based location as if it was a local
folder, allowing the user to treat the remote location as if it were a part of their local file
system.
The WebDAV protocol may be introduced in the future in some of the devices that support
the next version of the Konica Minolta network architecture.
7/26/2019 Advanced Networking v2
46/64
Advanced Networking v2.0
46
2.3.1IP phone system
IP Telephony is also called voice over Internet Protocol (VoIP), Internet telephony, Broadband
telephony, Broadband Phone and Voice over Broadband and it refers to the routing of voice
conversations over the Internet or through any other IP-based network.
This allows voice applications to be quickly and easily deployed in small and large scale for
domestic and commercial uses. Particularly for medium to large organizations, IP telephony
provides the ability to interconnect several branch offices together and also bridge them with
the external, public telephone network. The diagram below shows how such interconnection
can take place.
There are several other IP telephony applications by Microsoft and other vendors that instead
of requiring PSTN gateways or hardware phone devices they instead allow computer users
talk with each other by using special client software programs. Such programs are freely
available and include Microsofts NetMeeting and currently the revised MSN Messenger,
Skype, Gizmo and others.
These applications are mostly popular with hobbyists and non-corporate users since they are
quick an easy to setup. On the other hand corporations require increased security, control andmanagement of their VoIP infrastructure and therefore deploy PBX systems that in turn use
Session Initiation Protocol (SIP), AIX and other relevant protocols for communication.
7/26/2019 Advanced Networking v2
47/64
Advanced Networking v2.0
47
The Session Initiation Protocol (SIP) is an application-layer control (signaling) protocol for
creating, modifying, and terminating sessions with one or more participants. These sessions
include Internet telephone calls, multimedia distribution, and multimedia conferences. SIP is a
lightweight, transport-independent, text-based protocol.
SIP has the following features:
Lightweight, in that SIP has only six methods, reducing complexity
Transport-independent, because SIP can be used with UDP, TCP, ATM & so on.
Text-based, allowing for low overhead
SIP works in concert with several other protocols and is only involved in the signaling portion
of a communication session. SIP acts as a carrier for the Session Description Protocol (SDP),which describes the media content of the session, e.g. what IP ports to use, the codec being
used etc.
In typical use, SIP "sessions" are simply packet streams of the Real-time Transport Protocol
(RTP). RTP is the carrier for the actual voice or video content itself.
SIP is used with Konica Minolta devices for SIP Fax. SIP Fax is a VoIP system that carries a fax
instead of normal voice. In traditional systems, the tolerance of faxes to noisy lines, variances
in volume and so on can be a serious problem, and this has always been a hurdle when
translating faxes to a digital signal. SIP fax gets around these issues by sending the fax in a
purely digital format instead of attempting to encode an analogue fax stream in to a digitalsignal.
If the fax is to pass through a PBX/Router to the PSTN, the PBX/Router will simply act as the
sending analogue fax based on the digital data, again avoiding the direct conversion issues
with digital to analogue conversion of fax signal.
7/26/2019 Advanced Networking v2
48/64
Advanced Networking v2.0
48
2.4Knowledge check
1. What benefits do Terminal Solutions offer?
2. When talking about the X Windows System, what do we mean by it offering network
transparency?
7/26/2019 Advanced Networking v2
49/64
Advanced Networking v2.0
49
4. What is the SIP protocol used for?
3. Explain what we mean by IP Telephony or VoIP.
7/26/2019 Advanced Networking v2
50/64
Advanced Networking v2.0
50
5. What is the RTP protocol used for?
7/26/2019 Advanced Networking v2
51/64
Advanced Networking v2.0
51
3Directory Services
3.1
Introduction
In the context of computers and networks, a directory system is typically a set of software
applications running across a network and whose main purpose is to hold information about
various entities such as people, computers, printers etc and present relevant parts of the
stored information to clients that query the system.
A directory system employs a directory protocol in order to offer better formalization and
interoperability between client querying the directory server and servers querying each other
or keeping each other in sync.
3.2
LDAP
3.2.1X500/DAP
In the 1980s the International Standards Organization (ISO) and the International
Telecommunication Union (ITU) came up with the X.500 series of standards. This is a series of
computer networking standards covering electronic directory services.
The directory services were developed in order to support the requirements of X.400
electronic mail exchange and name lookup. ISO was a partner in developing the standards,
incorporating them into the Open Systems Interconnection suite of protocols. ISO/IEC 9594 is
the corresponding ISO identification.
The protocols defined by X.500 include:
DAP (Directory Access Protocol)
DSP (Directory System Protocol)
DISP (Directory Information Shadowing Protocol)
DOP (Directory Operational Bindings Management Protocol)
X.509 was originally developed to fulfill the needs of the X500 directory protocols but has
since survived on its own as well. It is the standard for public key infrastructure (PKI) and
specifies, amongst other things, standard formats for public key certificates and a certification
path validation algorithm. It assumes a strict hierarchical system of certificate authorities (CAs)
for issuing the certificates.
Because the X500 series of protocols used the OSI networking stack, a number of alternatives
to DAP were developed to allow Internet clients access to the X.500 Directory using the TCP/IP
networking stack. The most well-known alternative to DAP is Lightweight Directory Access
7/26/2019 Advanced Networking v2
52/64
Advanced Networking v2.0
52
Protocol (LDAP). While DAP and X.500 protocols can now use the TCP/IP networking stack,
LDAP remains a popular directory access protocol.
The latest version of LDAP is version 3.
3.2.2URL Style
An LDAP URL format exists which clients support in varying degree, and which servers return
in referrals and continuation references. This is defined in RFC 4516 as follows:
where most components after "ldap://" can be omitted.
Attributes is a comma-separated list of attributes to retrieve.
Scope can be "base" (the default), "one" or "sub".
Filter e.g, (objectClass=*) see RFC 4515.
Extensions are extensions to the LDAP URL format.
As in other URLs, special characters must be escaped with %hex format.
There is a similar non-standard "ldaps:" URL scheme for LDAP over SSL.
For example, "ldap://ldap.example.com/cn=John%20Doe,dc=example,dc=com" refers to all
user attributes in John Doe's entry in ldap.example.com.
"ldap:///dc=example,dc=com??sub?(givenName=John)" searches for him in the default server.
"ldap://host:port/DN?attributes?scope?filter?extensions"
3.2.3Reading
LDAP directories typically use a binary data store to persist information given to them. Open
LDAP for instance uses Berkley DB as the underlying database of choice allowing others to beused instead via a set of pluggable backends.
To interface with the information in the directory two ways are provided, programmatically
while the directory is running or via batch operations over a representation of the directory
data offline. There is a standard format for exporting LDAP data for offline operations called
the LDAP Data Interchange Format (LDIF).
The LDAP Data Interchange Format (LDIF) is a standard data interchange format for
representing (LDAP) directory content as well as directory update (Add, Modify, Delete,
Rename) requests.
7/26/2019 Advanced Networking v2
53/64
Advanced Networking v2.0
53
LDAP is an acronym for "Lightweight Directory Access Protocol". It conveys directory content
as a set of records, one record for each object (or entry). It represents update requests as a set
of records, one record for each update request. In both cases, the data is presented in a plaintext form. Below is a simple example of a single entry from an LDAP directory shown in LDIF
format:
The OSI directory model used distinguished name as the primary key for entries in the
directory. The naming model is outlined briefly in RFCs 1777 and 2251. The LDAP naming
model was further enumerated in RFC 1779 A String Representation of Distinguished Names
and RFC 2253 Lightweight Directory Access Protocol (v3): UTF-8 String Representation of
Distinguished Names. Distinguished Name Entries are arranged in the directory information
tree based on their Distinguished Name. The Distinguished Name consists of a series of
Relative Distinguished Names and serves as a primary key for an object in the directory
information tree. Each naming component represents a branch in the directory information
tree. A Distinguished Name is analogous to the absolute path name to a file in the Windows
file system. Following are examples of Distinguished Names. In these examples, cn means
CommonName and dc means DomainComponent. cn=Dan,dc=Microsoft,dc=com
cn=tim,cn=mydomain,dc=com.
Each component of the Distinguished Name is a Relative Distinguished Name. The Relative
Distinguished Name is unique within its container, and is analogous to a file name or directory
in a file system. The RDN consists of an attribute type and a value, and is formatted as:
:== = . Examples of RDNs are listed below, where OU stands for
organizational unit: cn=Dan ou= Sales dc= Microsoft.
dn: cn=The Postmaster,dc=example,dc=com
objectClass: organizationalRole
cn: The Postmaster
3.2.4Operations
LDAP supports a number of well-defined operations over the data that it stores. These
operations are as follows:
Search Given a set of criteria the directory is able to perform searches and return the number
of matching records to the user / client.
Compare- This operation allows a client to ask the server whether the named entry has an
attribute/value pair. This allows the server to keep certain attribute/value pairs secret (i.e., not
exposed for general "search" access) while still allowing the client limited use of them. Some
7/26/2019 Advanced Networking v2
54/64
Advanced Networking v2.0
54
servers might use this feature for passwords, for example, although it is insecure for the client
to pass clear-text passwords in the "compare" operation itself.
Add Allows new records to be added into the directory via a client interface and the additionoperation does not affect the rest of the directory and its ability to serve other clients.
Additions are slow in comparison to querying the directory and therefore most LDAP
implementations also allow for batch imports of data into the directory for enhanced
performance, however some implementation require that the directory is put offline while the
batch addition takes place.
Delete Allows subtrees, records or parts of records to be removed from the current running
directory. In most cases this is an operation that requires prior authentication and certain
privileges to perform because its actions cannot be undone. Deletions out of the directory are
permanent.
Modify This operation allows a client to ask the server to modify a particular record. It is far
more efficient than dropping a record and re-adding it and allows attribute-level granularity,
so modifications need only touch the attributes to be changed and not the entire record. The
schema of the directory and its associated access control lists (ACLs) will specify the attributes
that can be changed and those that cannot be.
Abandon This operation allows the client to request that another outstanding extended
operation is cancelled (or abandoned). The Abandon operation in LDAP does not have a
response and requires no response from the abandoned operation.
These semantics provide the client with no clear indication of the outcome of the Abandon
operation. It is highly suggested therefore that the LDAP Cancel operation is used should the
client wish to abandon an outstanding operation. The LDAP Cancel operation has a response
and also requires the abandoned operation to return a response indicating it was canceled.
Unbind This operation is the opposite of the Bind operation. Clients use these to identify
themselves with the directory and gain access to operations and data elements that would
otherwise be forbidden. LDAP defines anonymous level of access that everyone is granted
unless they specifically bind (or authenticate) with the directory. Unbind allows a client to
remove their credentials recognition and therefore fall back to using the anonymous level of
access.
Extended Operations These operations are defined as part of LDAPv3 and each one is
identified by an OID. Extended operations allow for custom-build operations to be introduced
to the directory and LDAPv3 then provides a standard set of interfaces for invoking and
querying the results of those operations. Note however that for extended operations to be
called and performed both the client and server must understand them.
Extensive details about each of these operations can be found in the relevant RFC documents.
7/26/2019 Advanced Networking v2
55/64
Advanced Networking v2.0
55
3.2.5Schema
LDAP uses a tree-like hierarchical structure to store information. The contents of the entries in
each subtree are governed by a schema. The schema defines the attribute types that directoryentries can contain.
An attribute definition includes syntax, and most non-binary values in LDAPv3 use UTF-8
string syntax. For example, a "mail" attribute might contain the value "[email protected]". A
"jpegPhoto" attribute would contain photograph(s) in binary JPEG/JFIF format.
A "member" attribute contains DNs of other directory entries. Attribute definitions also specify
whether the attribute is single-valued or multi-valued, how to search/compare the attribute
(e.g. case-sensitive vs. case-insensitive and whether substring matching is supported), etc.
The schema defines object classes. Each entry must have an objectClass attribute, containingnamed classes defined in the schema. The schema definition of the classes of an entry defines
what kind of object the entry may represent - e.g. a person, organization or domain.
The object class definitions also list which attributes the entry MAY and MUST contain. For
example, an entry representing a person might belong to the classes "top" and "person".
Membership in the "person" class would require the entry to contain the "sn" and "cn"
attributes, and allow the entry also to contain "userPassword", "telephoneNumber", and other
attributes. Since entries may belong to multiple classes, each entry has a complex of optional
and mandatory attribute sets formed from the union of the object classes it represents.
The schema also includes various other information controlling directory entries. Most schema
elements have a name and a globally unique Object identifier (OID).
Directory servers may publish the directory schema controlling an entry at a base DN given by
the entry's subschemaSubentry operational attribute. (An operational attribute describes
operation of the directory rather than user information and is only returned from a search
when it is explicitly requested.)
Server administrators can define their own schemas in addition to the standard ones. A
schema for representing individual people within organizations is termed a white pages
schema.
7/26/2019 Advanced Networking v2
56/64
Advanced Networking v2.0