lOMoARcPSD|15686828

Block 1 TCP/IP Protocols

Unit 1 – Introduction to TCP/IP
Difference between TCP-IP and OSI Model – Block 1 Unit 1 Page 11-13 Page
TCP/IP OSI
1) Made up of 4 layers 1) Made up of 7 layers
2) The layers contain relatively independent 2) Each layer takes the service of the lower layer
protocols
3) Layers: Interface, Network, Transport, 3) Layers: Physical, Datalink, Network, Transport,
Application Session, Presentation, Application

Layer Diagrams of TCP-IP and OSI – Block 1 Unit 1 Page 12

IP Datagrams - Page 16-17

- IP Datagram is the packet format as specified by the
IP.
- Format Diagram on Page 16
- Header Fields:
o Version (4 bits)
o HLEN (4 bits)
o Service Type (8 bits)
o Total Length (16 bits)
 lOMoARcPSD|15686828

o Identification (16 bits)

o Flags (3 bits)
o Fragmentation Offset (13
bits)
o Time to Live (8 bits)
o Protocol (8 bits)
o Source Address (32 bits)
o Destination Address (32 bits)
o Options

Working of ARP – Page 18

- The physical address corresponding to an IP address is resolved using address resolution
protocol (ARP)
- Any time a host needs to know the physical address of another host on the network, it sends an
ARP message containing the IP address of that host asking – “Are you the one whose IP address
is X? If yes, send back your physical address”
- This packet is then broadcasted over the local network i.e. sent to every host on the network
- The computer with the matching IP address, if found, sends a ARP reply packet with its physical
address.
- All other hosts ignore the broadcast.
- Next time the host needs to know the physical address of X, it will not send an ARP packet.
- Instead, it will simply look up its ARP cache.

Difference between ARP and RARP – Page 18-19

ARP RARP
1) Address Resolution Protocol 1) Reverse Address Resolution Protocol
2) Maps IP address to physical address 2) Maps physical address to IP address
3) Used when a host needs to know the physical 3) Used when the host wants to know its own IP
address of another host on the network address
 lOMoARcPSD|15686828

ICMP – Page 19-20

ICMP functions – Page 20

- Error Reporting: Most important. “port unreachable”, “host unreachable”, “network
unreachable”, “destination network unknown”, and “destination host unknown”
- Timestamp request and reply allows one host to ask another for current time
- Address mask and reply is used by diskless workstation to get its subnet mask at boot time
- Echo request and echo reply is used by the ping program to see if another host is
reachable
- Source Quench Message: This message instructs a source to stop sending datagrams if it is
detected that they are arriving too quickly for processing.
- Redirect routes: A gateway sends redirect message to tell a host to use another gateway.
Working of a DNS Server- Page 32-34
- DNS works in a manner similar to telephone directory enquiry service.
- You specify a domain name and ask for its corresponding address.
- A DNS server does two things:
o Accept requests from programs to map domain names into IP addresses
o Accept requests from other DNS servers to map domain names into IP addresses
- When such a request comes, a DNS server has two options:
o It can supply IP address if it knows it from its zone file
o It can contact another DNS server and try to locate the IP address.
 Every DNS server has an alternate dns server which is the dns server that it
should get in touch with for unresolved domains.
 If this server is in authority, it responds, otherwise it sends the query to another
server
 When the query is finally resolved, it travels back until it finally reaches the
resolver
 This type of resolution is called recursive resolution
 Figure on page 33
 lOMoARcPSD|15686828

Simple Network Management Protocol (SNMP) – Page 34-36

- Simple Network Management Protocol (SNMP) is the de facto standard for internetwork
management.
- It allows vendors to add network management functions to their existing products.
- It separates the management architecture from the architecture of the hardware devices, which
broadens the base of multivendor support.
- SNMP is based on the manger/agent model consisting of a manger, an agent, a database of
management information, managed objects, and the network protocol.
- The manager provides the interface between the human network manager and the
management system.
- The agent provides the interface between the manager and the physical devices being managed.
- SNMP uses five basic messages: GET, GET-NEXT, GET-RESPONSE, SET, TRAP
- Out of these, all except TRAP are issued only by the manager.
- The small number of commands and its reliance on a connectionless communication link are the
factors because of which SNMP is “simple.”

Methods used by HTTP for data transfer – Page 39

- GET: Requests a document from the server
- HEAD: Requests information about the document but not the document itself
- POST: Sends some information from client to server. It appends data to the existing
document.
- PUT: Sends a document to server. It replaces the existing document.
- TRACE: Echoes the incoming request
- CONNECT: Reserved
- OPTIONS: Enquires about allowed methods
 lOMoARcPSD|15686828

Unit 2 - Internet Protocol

IP Address Classes – Page 50-51
- By examining the first few bits of an address, IP software can quickly determine the class,
therefore the structure of an address.
- Class A:
o If the first bit of the IP address is 0, it is the address of a class A network
o The first bit identifies the class, the next 7 identify the network, and the last 24 identify
the host
o There are fewer than the 128 class A networks but each network can be composed of
millions of hosts
- Class B
o The first 2 bits are 10
o First 2 bits identify the class, the next 14 identify the network, and the last 16 identify
the host
o Thousands of class B networks each of thousands of hosts
- Class C
o First 3 bits are 110
o First 3 bits identify the class, the next 21 identify the network, and the last 8 identify the
host
o Millions of class C networks each of 254 hosts
- Class D
o First 4 bits are 1110, it is a multicast address
o They don’t really refer to specific networks
o Multicast addresses are used to address groups of computers all at once
- Class E
o If the first 4 bits are 1111, it is a special reserved address
o No addresses are currently assigned in this range

Difference between supernet and subnet – Page 52-55

Distance Vector Routing Algorithm with Example – Page

- Each router begins with a set of routes for those networks to which it is directly attached and
58
possibly some additional routes to other networks
- This list is kept in a routing table, where each entry identifies a destination network and gives
the “distance” to that network
- The distance is called a metric and it is measured in hops.
- Periodically, each router sends its routing table to any router it can reach directly.
- When a report arrives at router B from router A, B will examine the routing table and updates its
own table if:
o A knows a shorter way to reach a destination
 lOMoARcPSD|15686828

o A lists a destination that B does not have in its table

o A’s distance to a destination, already routed through A from B, has
changed
Unit 3 – Transport Layer Protocols
Flow Control in TCP – Pages 64, 69
- The flow control indicates the amount of data that can be sent by the source between
terminals before receiving acknowledgement from the destination.
- TCP offers efficient flow control, which means that, when sending acknowledgements back to
the source, the receiving TCP process indicates the highest sequence number it can receive
without overflowing its internal buffers.

TCP Header – Page 64-66

- Source Port Number (16 bits)
- Destination Port Number (16 bits)
- Sequence Number (32 bits)
- Acknowledgement Number (32 bits)
- HLEN (4 bits)
- Reserved (6 bits)
- Control Flags (6 bits)
o Urgent (URG)
o Acknowledgement (ACK)
o Push (PSH)
o Reset (RST)
o Synchronize (SYN)
o Finish (FIN)
- Window Size (16 bits)
- Checksum (16 bits)
- Urgent Pointer (16 bits)
- Options (40 bytes)

Sliding Window Protocol – Page 69

- In sliding window protocol, a window is maintained for each connection.
- The window defines the size of the buffer i.e. the total number of bytes that can be sent by a
terminal at a given time.
- Sliding windows also keep track of sent but unacknowledged bytes.
- Initially a window size is negotiated between two terminals.
- Since TCP provides a byte-stream sequence, the segments sent and acknowledgements received
will carry byte-sequence numbers and the window size is expressed as a number of bytes.
- Two main windows that are maintained: one by sender and one by receiver.
- With the help of these windows, a maximum limit on the number of bytes that can be sent by
the sender to the receiver is decided.
- Thus, the mechanism of sliding window helps in controlling the flow of packets.
 lOMoARcPSD|15686828

ICMP message types – Page 73

- Destination Unreachable:
o This message indicates that a packet cannot be delivered because host is
unreachable.
o Reasons may be host or network is unreachable or unknown, protocol or port is
unknown or unstable
- Echo and Echo Reply
o These messages are used to check whether hosts are reachable on the network
o One host sends Echo and receiving host responds with an Echo reply
o The messages are the basis for the Ping command
- Source Quench
o Sent by a router to indicate that it is experiencing congestion and is discarding
datagrams
- TTL Exceeded
o Indicates that a datagram has been discarded because the TTL field reached 0 or
because the entire packet was not received because the fragmentation timer expired
- Timestamp and Timestamp Reply
o Similar to echo messages, but a timestamp is placed in the message to estimate how
long remote systems spend buffering and processing datagrams and to provide a
mechanism so that hosts can synchronize their clocks
Difference between UDP and TCP – Page 66, 73
TCP UDP
1) Transmission Control Protocol 1) User Datagram Protocol
2) Employs a connection-oriented service for 2) UDP is a connectionless service
communication
3) Is a reliable source of communication i.e. 3) There is no provision for acknowledgement of
guarantees delivery of messages datagrams
4) It adds efficient flow control i.e. It splits 4) It adds no reliable flow control to IP
messages into segments and keeps track of the
order of segments
 lOMoARcPSD|15686828

Unit 4 – Application Layer Protocols

SMTP – Page 83-84
- Simple Mail Transfer Protocol (SMTP) is the standard mechanism for electronic mail in the
internet.
- It provides mails and messages exchange between TCP/IP hosts.
- SMTP is based on end-to-end delivery i.e., an SMTP client contacts the destination host’s SMTP
server directly for delivering the mail. The destination host’s SMTP server keeps the mail until
the mail has been successfully copied into the recipient’s SMTP client.
- SMTP is a connection service based on client-server environment and runs on port number 25 at
the server side.
- The various components of SMTP are:
- Mail Transfer Agent (MTA)
o Transfer of messages is delivered through an agent known as MTA.
o MTA consists of 2 shades: MTA client for sending mail and MTA server for listening/
receiving mail.
o MTA defines how defines how commands and responses should be sent back and forth.
- User Agent (UA)
o UA provides interface wherein the user can write the message
o Various services offered by the UA are:
 Reading the received messages
 Replying to the read messages
 Composing the messages
 Forwarding the messages
 Handling the various mailbox settings
o Interface presented by UA can be of two types:
 Command based: pine, mail, etc.
 Graphic Interface: Netscape, Outlook Express, etc.
 lOMoARcPSD|15686828

Block 2 – Fundamentals of TCP/IP Programming

Unit 1 – TCP/IP Programming Concepts
Characteristics of server program in client/server architecture – Page
- It is invoked automatically when a system boots, and continues to execute through
8
many sessions. (inetd)
- Runs on a shared computer.
- Waits passively for contact request from arbitrary clients.
- Accepts contact from arbitrary clients, but offers a single service.

Difference between connection oriented and connectionless services – Page 9

Connection Oriented Services Connectionless Services
1) TCP provides connection oriented service 1) UDP provides connectionless service
2) Connection Oriented services provide reliability 2) Connectionless services do not provide
in communication between client and server, assurance about reliable delivery of data (no
which means that whenever data is sent, the acknowledgement) or ensure whether the data
sender knows if the data has been delivered will reach the entitled process or not.
properly or not.

Socket – Page 11-12

- The basic building block for computer communication is the socket.
- A socket is an end-point of communication.
- Sockets allow communication between two different processes on the same or different
machines.
- When two applications want to talk to each other, one application tells the OS to open a
socket and through that socket it uses communication protocol. At receiver side, one socket
will be ready to connect with the open socket.
- Once the connection is established, the applications can send and receive data.

Byte-Ordering and its purpose and functions – Page 13

Socket structure with a diagram – Page 15-16

- Local Address: Pointer to a buffer of type struct sockaddr_in which contains the local address
to which the socket is bound
o Sin_len
o Sin_family
o Sin_port
o Sin_addr
o Sin_zero[8]
- Family: The protocol group needed for the communication.
- Type: Indicates desired communication style of the socket.
 lOMoARcPSD|15686828

- Protocol: Specifies a particular protocol to be used with the socket.

- Remote Address: Pointer to a buffer of type struct sockaddr_in which contains the
remote address to which the socket is bound
o Sin_len
o Sin_family
o Sin_port
o Sin_addr
o Sin_zero[8]
- Diagram on page 16

Types of Socket Options – Page 17

- Stream Socket
o Stream socket is used with connection oriented protocol.
o A stream socket provides for bi-directional, reliable, sequenced, and unduplicated flow
of data without record boundaries.
- Datagram Socket
o Datagram sockets are used with connection-less protocols
o It supports bi-directional flow of data and data is not promised to be in sequence,
reliable or unduplicated.
- Raw Socket
o Raw socket provides access to internal network protocols and interfaces.
o Raw sockets are developed for advanced programmers who want to build new
protocols or who are interested in using low level features that are not directly
accessible through a normal interface.
- Sequenced Packet Socket
o It provides sequenced, reliable, and unduplicated flow of information.
 lOMoARcPSD|15686828

o It is similar to a stream socket, with the exception that record boundaries are
preserved.
- Reliably Delivered Message Socket
o It has properties similar to datagram socket but with reliable
delivery
o There is currently no support for this type of socket
Socket Descriptor - Page 17
- A socket is referenced by an integer. That integer is called a socket descriptor.
 lOMoARcPSD|15686828

- Accept and reply to messages from the

Unit 2 - Socket
client. Interface
- Terminate if you want.
Difference
Diagram on between
page 40.read() and write() – Pages 34-35
Read() Write()
1) read() is used to receive data from the remote 1) write() is used when we want to send some data
machine. to a process running on the remote machine.
2) Returns number of bytes read, 0 on EOF, or -1 2) Returns number of bytes written or -1 on
on error. error.

UDP Architecture with diagram – Page 39-40

UDP Client Algorithm

- First, you create a socket.
- Then bind it to a local port (If bind is not used, the kernel will select a free local
port).
- Establish the address of the server.
- Write and read from it, and then terminate.
- If client doesn’t want to reply, then there is no need for bind.
UDP Server Algorithm
- Accept and reply to messages from the
- First, you create a client.
socket.
- Terminate if you want.
- Bind it to a local port. Diagram on page 40.
 lOMoARcPSD|15686828

Unit 3 – Socket Programming

Difference between broadcast and multicast – Pages 60-61
Broadcast Multicast
1) It means a transmission that can be received by 1) Multicasting is the term used to describe
everyone having the correct equipment. communication where a piece of information is
sent from one point to a set of other points.
2) In this case there is just one sender, but the 2) In this case there is one sender, and the
information is sent to all connected receivers. information is distributed to a set of
3) Example: The ARP uses broadcast to send an receivers.
3) Examples of this can be seen in email and
address resolution query to all computers on a chatting groups on the Internet.
LAN.
 lOMoARcPSD|15686828

Block 3 – Network Administration with Linux

Unit 1 – Introduction to Network Administration
Roles and Responsibilities of a network administrator – Page
- Roles of network administrator include tasks to be performed such as configuring,
6
commissioning, and maintenance of various network devices – routers, switches, VPN gateways,
security devices – Firewall and IDS/IPS, creation of Demilitarized Zones (DMZ), IP address
allocation & management.
- The roles also include configuring and commissioning of various network services/protocols –
DHCP, DNS, FTP, HTTP, NFS, etc.
- The network administrator is also responsible for:
o Ensuring data network connectivity
o Network monitoring and management
o Testing the network for breaches, if any
o Keeping an eye out for needed updates
o Updating Access Control Lists (ACLs) from time to time to regulate network traffic
o Security controls enforcement
o Preparing and implementation of security policy and standards

Remote administration and why required – Page 14-15, 18

- Remote administration is an approach being followed to control a computer system or a
network or an application or all three from a remote location
- Generally, remote administration is adopted when it is difficult or impractical for a person to be
physically present and do administration on a system’s terminal.
- Remote administration is needed for:
o User Management
o File System Management
o Software installation/configuration
o Network Management – Network Security/Firewalls, VPN, Infrastructure Design,
Network File Servers, Auto-mounting, etc.
o Kernel optimization and recompilation
o ICT Infrastructure management
o Problem Diagnosis and Troubleshooting

Remote Network Administration Tools – Pages 15-17

- SSH (Secure Shell)
o Used to log into a remote machine and execute commands
o Also supports tunneling, forwarding TCP ports, X11 connections, and file
transfers
- OpenSSH
o It is a tool providing encrypted communication sessions using the SSH protocol.
 lOMoARcPSD|15686828

- Telnet
o Used to connect to a remote computer
o Provides bi-directional interactive text-oriented communication facility using a virtual
terminal connection
o Has security issues
- rlogin
o rlogin is an utility for unix-like operating systems that allows an user to log into
another host through network, communicating through TCP port 513.
o Has security issues
- Rsh
o The remote shell (rsh) can connect to a remote host across a computer network
- PuTTY
o It is a free and open source terminal emulator application which can act as a client for
SSH, telnet, rlogin, and raw TCP computing protocols and act as a serial console client
- VNC
o VNC is a remote display system which allows the user to view the desktop of a remote
machine anywhere on the internet
- FreeNX
o Allows access to desktop from another computer over the internet
 lOMoARcPSD|15686828

Unit 2 – Network Administration Activities

Linux Kernel Management – Pages 37-38
- The kernel is the main component of most computer operating systems.
- It is a bridge between applications and the actual data processing done at hardware level.
- The kernel’s responsibilities include managing the system’s resources (the communication
between hardware and software components).
- The linux kernel allows drivers and features to be compiled as modules rather than as part of
the kernel itself.
- This means that users can often change features in the kernel or add drivers without
recompiling, and that linux kernel doesn’t have to carry a lot of unnecessary baggage.
- Viewing loaded modules:
o Lsmod
o Modinfo
- Removing Modules
o Rmod modulename
- Installing modules
o Modprobe modulename
- Blacklisting modules
o Blacklist modulename

Commands in Linux for problem diagnosis – Pages 38-42

- 1. Use tail –f to read log in real time
o Tail –f /var/log/maillog
- 2. Use telnet to see if you get a response or not
- 8. Ram Info:
o telnet ip port
o cat /proc/meminfo
- 3. Make sure you can see pid of your service
- 9. Cpu Info:
o pidof service-name
o cat /proc/cpuinfo
o cat /var/run/service.pid
- 10. Check how much hard drive space is left
- 4. Make sure that your DNS server or third party DNS
o df –h
server is accessible
o dig your-domain.com - 11. Check disk partitions usage
o df –k
o nslookup gw.isp.com
- 12. List processes: ps –aef
- 5. Hostname verification
- 13. List files which are currently open: ls –
o hostname
of
- 6. Ethernet configuration Disk Usage in Linux – Pages 40-41
o ifconfig - “df –k” is the command to know the disk usage
o service network reload|restart|stop|start
o ping ip-address
- 7. To see if service is blocked because of access control
o iptables –n –L
o service iptables stop|start
 lOMoARcPSD|15686828

Unit 3 – Network Configuration and Setting

DHCP – Page 47
- The Dynamic Host Configuration Protocol (DHCP) is a network protocol used to configure
devices that are connected to a network.
- These devices communicate using the Internet Protocol (IP).
- DHCP automatically assigns IP addresses and other network configuration information (subnet
mask, broadcast address, etc. ) to computers on a network.
- The DHCP server maintains a list of available IP addresses and configuration.

DHCP Working – Page 47

- The following are the activities between DHCP server and DHCP client
- Lease Request:
o Client broadcasts request to server with a source address of 0.0.0.0 and destination
address of 255.255.255.255
o The request includes the MAC address which is used to direct the reply
- IP Lease Offer:
o DHCP server replies with an IP address, subnet mask, network gateway, name of the
domain, name servers, duration of the lease, and the IP address of the DHCP server
- Lease Selection:
o Client receives offer and broadcasts to all DHCP servers that it will accept given offer so
that other DHCP servers need not make an offer.
- The DHCP server then sends an acknowledgement to the client. The client is configured to use
TCP/IP.
- Lease Renewal:
o When half of the lease time has expired, the client will issue a new request to the DHCP
server

DNS Server – Page 50

- A DNS server, or name server, is used to resolve an IP address to a hostname or vice versa.
- It is a hierarchical distributed naming system for computers, services, or any resource
connected to the internet or a private network.
- It associates a lot of information with domain names assigned to each of the participating
entities.
- Most prominently, it translates easily memorized domain names to the numerical IP addresses
needed for the purpose of locating computer services and devices worldwide.
- By setting up a DNS server, you become part of the hierarchy of DNS servers that make up the
internet.
- At the top of this hierarchy is the root server, represented by a dot (“.”), below the root server
are top level domains (such as .com, .org, and so on).
 lOMoARcPSD|15686828

Types of DNS Servers – Page 51

- Primary (master) name server
o It contains authoritative information about the domains that it serves.
o The primary is the ultimate source for data about the domain.
o The secondary name server only carries the same authority in that it has received and
loaded a complete set of domain information from the primary.
- Secondary (slave) name server
o It gets all information for the domain from the primary.
o As is the case for primary, DNS considers the secondary information about the domain
that it serves authoritative.
- Caching name server
o It simply caches the information it receives about the location of hosts and domains.
o It holds the information that it obtains from other authoritative servers and reuses that
information until the information expires.
- Forwarding name server
o It is essentially a caching name server but is useful in cases where computers lie behind
a firewall.
o In those cases, only one computer can make DNS queries outside that firewall on behalf
of all the internal computers.

Network File System – Page 56-57

- Network File System (NFS) is a client-server protocol for sharing files between computers on a
common network.
- It allows a computer to access directories on remote computers by mounting them on a local file
system as if they were a local disk.
- The administrator on the NFS server has to define the directories that need to be activated or
exported, for access by the NFS clients, and administrators on the clients need to define both the
NFS server and subset of its exported directories to use.
- NFS is available on a variety of UNIX based operating systems, not just Linux.
- The server and client do not have to use the same operating system. The client system just
needs to be running a NFS client compatible with the NFS server.
- The following are some key NFS background concepts:
o Virtual File System (VFS)
o Stateless Operation
o Caching
o NFS and Symbolic Links
o NFS Background mounting
o Hard and Soft mounts
o NFS Daemons
 lOMoARcPSD|15686828

Unit 4 – Network Management and Security

Disk Management Functions – Page 74
- 1. Create partitions, logical drives, and volumes
- 2. Delete partitions, logical drives, and volumes
- 3. Format partitions and volumes
- 4. Mark partitions as active
- 5. Assign or modify drive letters for hard disk volumes, removable disk drives, and CD-
ROM drives
- 6. Obtain a quick visual overview of the properties of all disks and volumes in the system
- 7. Create mounted drives on system using the NTFS file system
- 8. Convert basic disks to dynamic disks
- 9. Convert dynamic to basic disks, although this is a destructive operation
- 10. On dynamic disks, create a number of specialty volumes including spanned, striped,
mirrored, and RAID-5 volumes

Disk Security Management – Pages 74-75

- Disk management is an activity to manage the drives installed in a computer like hard disk drives
(internal and external), optical disk drives, and flash drives.
- The following are to be followed for a secure disk management:
o 1. Create adequate number of disk partitions
o 2. Allocate adequate storage space in each disk partition as per requirement
o 3. Ensure minimum free space at all times
o 4. Set password for each disk partition or disk drive
o 5. Scan each disk partition or disk drive at regular intervals for viruses, worms, etc.
o 6. Enforce standard anti-virus software to check and clean viruses in a file storing into a
particular disk partition
o 7. Update anti-virus software, periodically
o 8. Disk partitions or disk drives should not be in sharing mode
o 9. Introduce RAID concept
o 10. Disable disk remote access
o 11. Apply data encryption at disk storage level and during data transmission
o 12. Implement disk quotas by enforcing upper limits and warning alerts in case data
reaches to upper limit
o 13. Disk defragmentation should be done periodically
o 14. Allow disk indexing service

Network Monitoring Tools – Pages 85-87

- Ping
o Used to provide a basic connectivity test between the requesting host and the
destination host
- Tracert / traceroute
o This can be used to determine more specific information about the path to the
destination host including the route packet takes and the response times of the
intermediate hosts
- Ipconfig / ifconfig
o Used to find out specific IP configuration of affected hosts
- Nslookup
o Used to look up specific IP address(es) associated with a domain name
- Netstat
o Used to display the currently active ports
- PuTTY
o Used to connect to different systems remotely
- Nmap
o Can be used for:
o Port scanning
o Service detection
o OS Detection
o Ping Sweeps
- Wireshark / tcpdump
o These are packet scanners which can capture and analyze individual packets that are
sent across a network
- inSSIDER
o Scans for different wireless networks within 2.4 and 5 GHz ranges and also lists the
signal strengths of these networks
- syslog server
o A simple syslog server can be installed in the field to receive network events from key
network elements
- PTRG Network Monitor
o Offers ability to track the status of different sensors over a period of time