Internet Protocols and Software

TCP/IP Protocol Suite

Chapter 16

Host Configuration:
BOOTP and DHCP
Objectives
Know the types of information required by a system on boot-up
Know how BOOTP operates
Know how DHCP operates
Understand the differences between BOOTP and DHCP
Understand the DHCP transition state diagram
TCP/IP Protocol Suite

What does a computer need to communication with

other computers?

The
The
The
The

IP address of the computer

subnet mask of the computer
IP address of the router
IP address of the name server

This information usually stored in a configuration file by

a disk and accessed by the computer during the
bootstrap.

TCP/IP Protocol Suite

But what about a diskless computer or a computer with

a disk that is booted for the first time?
Bootstrap protocol (BOOTP)
BOOTP is a client/server protocol designed to provide
the four pieces of information for a diskless
computer or a computer that is booted for the first
time.

TCP/IP Protocol Suite

BOOTP and RARP Client and server

RARP can solve the IP address. Why do we need BOOTP?
The RARP client and server must be in the same network.
The BOOTP client and server can be in the different networks.
Client and Server in the same network

Port number
Destination IP address

Source IP address
TCP/IP Protocol Suite

Client and server in the same network

Operations of BOOTP for client and server in the same network:

1. The BOOTP server issues a passive open command on UDP port number
67 and waits for a client.
2. A booted client issues an active open command on port number 68. The
message is encapsulated in a UDP user datagram, using the destination
and source port number 67 and 68. The UDP user datagram is encapsul
in an IP datagram. The client uses all 0s as the source IP address and all
as the destination IP address.
3. The server responds with either a broadcast or a unicast message
using a UDP source and destination port numbers 67 and 68.

TCP/IP Protocol Suite

Client and server on two different networks

An IP address with all 1s is broadcast within a network. A host or a route

to be configured as a relay agent to relay the message to other networks
The relay agent knows the unicast address of the BOOTP server. When t
relay agent receives a broadcast request message, it sends the message
the BOOTP server and send the reply back when it gets the replay messa
from the server.

TCP/IP Protocol Suite

BOOTP packet format

Operation code define

the BOOTP packet type
(1) request
(2) reply

TCP/IP Protocol Suite

16.2 DHCP
The Dynamic Host Configuration Protocol (DHCP) provides static and
dynamic address allocation that can be manual or automatic.

Dynamic address means the pair of IP address and physical address can b
dynamically changed.
Physical address is fixed for a device.
Why do we need DHCP?
Not enough IP address in a network.
Users mobility.

TCP/IP Protocol Suite

Address allocation

There are two methods to allocate IP address for DHCP: static and dynamic.
Static address allocation in DHCP just likes BOOTP. A DHCP server has a
database that statically binds physical addresses to IP addresses.

In dynamic address allocation, DHCP has two databases. The static database
stores the pair of IP address and physical address.
The other stores a pool of available IP addresses.
When a client sends a request to a DHCP server, the server first checks its st
database, if there is an entry for the client in the database, the permanent IP
address is sent back. Otherwise, the server selects an available IP address an
assign to the client.

TCP/IP Protocol Suite

10

DHCP packet

TCP/IP Protocol Suite

11

Example of Exchanging messages

TCP/IP Protocol Suite

12

Chapter 17

Domain Name
System: DNS
Objectives
Understand how the DNS is organized
Know the domains in the DNS
Know how a name or address is resolved

TCP/IP Protocol Suite

13

When you access a website e.g. www.google.com, how

does your computer work?
Your computer needs to communicate with a google
server
Your computer needs the IP address of google server.
The IP address is solved by domain name system
(DNS)

TCP/IP Protocol Suite

14

17.1 NAME SPACE

The names assigned to machines must be unique because the addresses
are unique. A name space that maps each address to a unique name can
be organized in two ways: flat or hierarchical.
In a flat name space, a name is assigned to an address. A name in this
space is a sequence of characters without structure.
In a hierarchical name space, each name is made of several parts. The
first part can define the nature of the organization, the second part can
define the name of an organization, the third part can define department
in the organization and so on.
For example, www.comp.polyu.edu.hk

TCP/IP Protocol Suite

15

17.2 DOMAIN NAME SPACE

The domain name space is hierarchical in design. The names are
defined in an inverted-tree structure with the root at the top. The tree can
have 128 levels: level 0 (root) to level 127.
Domain name space

TCP/IP Protocol Suite

16

Domain names and labels

Each node in the tree has a label, which is a string with a maximum of
63 characters. The root label is a null string (empty string). DNS requires
that children of a node have different labels, which guarantees the unique
of the domain names.
A full domain name is sequence of labels separated by dot (.). The
domain name are always read from node up to root.

TCP/IP Protocol Suite

17

FQDN and PQDN

The root node is a null label.

If a label is terminated by a null string, it is called a fully qualified doma
name (FQDN). A FQDN contains the full name of a host and ends with a

If a label is not terminated by a null string, it is called a partially qualifie

domain name (PQDN). A PQDN starts from a node, but it does not reach
the root.
FQDN

PQDN

www.comp.polyu.edu.hk.

www.comp.polyu.hk

www.yahoo.com.

www

www.mit.edu.

www.polyu.edu.hk

TCP/IP Protocol Suite

18

Domains
A domain is a subtree of the domain name space. The name of the
domain is the domain name of the node at the top of the subtree.

TCP/IP Protocol Suite

19

17.3 DISTRIBUTION OF
Distributed NAME SPACE
The information contained in the domain name space is distributed
among many computers called DNS servers.

Hierarchy of name servers

TCP/IP Protocol Suite

20

Zones and domains

What a server is responsible for or has authority over is called a Zone.
A zone can be defined as a contiguous part of the entire tree.
If a domain has only one zone, they are the same.

A root server is a server whose zone consists of the whole tree, the root server
usually does not store any information about domains but delegates its authority
to other servers.
A primary server is a server that stores a file about the zone for which it is an authorit
A secondary server is a server that transfers the complete information about a zone f
another server and store the file on its local disk.
A primary server loads all information
from the disk file; the secondary server
loads all information from the primary
server. When the secondary downloads
information from the primary server, it
is called zone transfer.

TCP/IP Protocol Suite

21

17.4 DNS IN THE INTERNET

The domain name space (tree) is divided into three different sections:
generic domains, country domains, and the inverse domain.

DNS used in the Internet

TCP/IP Protocol Suite

22

Generic domains

Generic domains define registered hosts according to their generic

behavior. Each node in the tree defines a domain, which is an index t
the domain name space database.

TCP/IP Protocol Suite

23

Table Generic domain labels -14 labels

TCP/IP Protocol Suite

24

Country domains
Country domain section users use two-character country abbreviations
(e.g., hk for Hong Kong).
Second-labels can be organizational, or they can be more specific, national
designations.

TCP/IP Protocol Suite

25

Inverse domain

The inverse domain is used to map

an address to a name.
The inverse domain is added to the
domain name space with the first
level node called arpa. The second
level is also one single node named
in-addr (for inverse address). The
rest of the domain defines IP
Addresses.

TCP/IP Protocol Suite

26

17.5 RESOLUTION
Mapping a name to an address or an address to a name is called nameaddress resolution.
DNS is designed as a client-server application. A host that needs to map an
address to a name or a name to an address calls a DNS client called a
resolver.
Three methods: recursive resolution, iterative resolution and cache.
Cache: when a server asks a mapping from another server and receives the
responds, it stores this information in its cache memory before sending to
the client. If the same or another client asks for the same mapping, it can
check its cache memory and resolve the problem.

TCP/IP Protocol Suite

27

Recursive resolution

The client (resolver) can ask for a recursive answer from a name serve
This means that the resolver expects the server to supply the final an
If the server is the authority for the domain name, it checks its databa
and responds. If the server is not the authority, it sends the request to
another server and waits for the response.

mcgraw.com

TCP/IP Protocol Suite

28

Iterative resolution

If the client does not ask for a recursive answer, the mapping can be
done iteratively. If the server is an authority for the name, it sends th
answer. If it is not, it returns the IP address of the server it thinks can
resolve the query

mcgraw.com

TCP/IP Protocol Suite

29

17.6 DNS MESSAGES

The DNS query message consists of a header and question records; the
DNS response message consists of a header, question records, answer
records, authoritative records, and additional records.
DNS messages include query and response messages.

DNS messages

TCP/IP Protocol Suite

30

Query and response messages and header format

TCP/IP Protocol Suite

31

17.10 ENCAPSULATION
DNS uses UDP as the transport protocol when the size of the response
message is less than 512 bytes. If the size of the response message is
more than 512 bytes, a TCP connection (port 53) is used.

TCP/IP Protocol Suite

32

Chapter 20

Electronic Mail:
SMTP, POP, and IMAP
Objectives
Understand four configurations of email architecture
Understand the functions and formats of a user agent
Understand MIME and its capabilities and data types
Understand the functions and commands of an MTA
Understand the function of POP3 and IMAP4
TCP/IP Protocol Suite

33

Email Architecture - Scenario I

The sender and the receiver of the email are users (or application programs
are in the same system. The administrator creates one mail box for each us
where the received message are stored. A mail box is a part of hard drive, a
special file with permission restrictions. Only the own can access to it. The p
running for receiving or sending email is called user agent (UA).

When the sender and the receiver of an email are on the same syst
we need only two UAs.

TCP/IP Protocol Suite

34

Scenario-II

The sender and the receiver of an email are users (or application pro
on the two different systems. We need two UAs and one message tr
agent (MTA). MTA is responsible for email delivery from one system
the other.

TCP/IP Protocol Suite

35

Scenario-III

The sender and receiver of an email are users on different systems, an

sender is connected to the mail server via LAN or a WAN. In this case,
need two UAs and two pairs of MTAs (client and server).

TCP/IP Protocol Suite

36

Scenario-IV

The sender and receiver of an email are users who are connected to t
servers by a LAN or WAN. In this case, we need a message access ag
To store received emails. Hence, we need two pairs of MTAs and a pai
of MAAs. This is the most common situation today.

push

pull

TCP/IP Protocol Suite

37

20.3 MESSAGE TRANSFER AGENT:

SMTP
The actual mail transfer requires message transfer agents (MTAs). The
protocol that defines the MTA client and server in the Internet is called
Simple Mail Transfer Protocol (SMTP).

Position of SMTP
TCP/IP Protocol Suite

38

Commands and responses

SMTP uses commands and responses to transfer messages between

MTA client and an MTA server. Each command or reply is terminated
A two-character (carriage return and line feed) end-of-line token.

Command format

TCP/IP Protocol Suite

39

Connection establishment

After a client made a TCP connection to the well-known port 25, the
Servers starts the connection phase which involves three steps as b

TCP/IP Protocol Suite

40

Connection termination

After the message is transferred successfully, the client terminates t

Connection. This involves two steps as below

TCP/IP Protocol Suite

41

Example 1
Let us see how we can directly use SMTP to send an email and simulate the
commands and responses we described in this section. We use TELNET to
log into port 25 (the well-known port for SMTP). We then use the
commands directly to send an email. In this example,
[email protected] is sending an email to himself. The first few lines
show TELNET trying to connect to the adelphia mail server.

$ telnet mail.adelphia.net 25
Trying 68.168.78.100...
Connected to mail.adelphia.net (68.168.78.100).
After connection, we can type the SMTP commands and then receive the
responses as shown below. We have shown the commands in black and the
responses in color. Note that we have added for clarification some comment
lines, designated by the = sign. These lines are not part of the email
procedure.
TCP/IP Protocol Suite

42

Example 1

(Continued)

================== Connection Establishment ================

220 mta13.adelphia.net SMTP server ready Fri, 6 Aug 2004 . . .
HELO mail.adelphia.net
250 mta13.adelphia.net
===================== Envelope ===================
MAIL FROM: [email protected]
250 Sender <[email protected]> Ok
RCPT TO: [email protected]
250 Recipient <[email protected]> Ok
=================== Header and Body ==================
DATA
354 Ok Send data ending with <CRLF>.<CRLF>
From: Forouzan
TO: Forouzan
This is a test message
to show SMTP in action.
.

TCP/IP Protocol Suite

43

Example 1

(Continued)

============= Connection Termination===============

250 Message received: [email protected]
QUIT
221 mta13.adelphia.net SMTP server closing connection
Connection closed by foreign host.

TCP/IP Protocol Suite

44

20.4 MESSAGE ACCESS AGENT:

POP AND IMAP
The third stage of mail delivery uses a message access agent; the client
must pull messages from the server. Currently two message access
protocols are available: Post Office Protocol, version 3 (POP3) and
Internet Mail Access Protocol, version 4 (IMAP4).

Position of POP3 and IMAP4

TCP/IP Protocol Suite

45

Figure 20.20

POP3

TCP/IP Protocol Suite

46

Chapter 21

Network Management:
SNMP
Objectives
Understand the SNMP manager and the SNMP agent
Understand the roles of SMI and MIB in network management
Be familiar with SMI object attributes and encoding methods
Know how an MIB variable is accessed
Be familiar with the SNMP PDU and format
TCP/IP Protocol Suite

47

21.1 CONCEPT
Simple network management protocol (SNMP) is a framework for
managing devices in an Internet using TCP/IP protocol suite. It defines a
manager, usually a host, that controls and monitors a set of agents, usually
routers. SNMP is an application layer protocol in which a few manager
stations control a set of agents.
A management station, called a manager, is a host that runs the SNMP client program.
A managed station, called agent, is a router (or host) that runs the SNMP server
program. Management is achieved through simple information between a manager and
an agent.

TCP/IP Protocol Suite

48

21.2 MANAGEMENT COMPONENTS

SNMP requires the use of two other protocols: Structure of Management
Information (SMI) and Management Information Base (MIB). Network
management on the Internet is done through the cooperation of SNMP,
SMI, and MIB.

TCP/IP Protocol Suite

49

Roles of three protocols

SNMP defines the format of packets exchanged between a
manager and an agent. It reads and changes the status
(values) of objects (variables) in SNMP packets.
SMI defines the general rules for naming objects, defining object types
(including range and length), and showing how to encode objects and
values. SMI defines neither the number of objects an entity should
manage, nor names the objects to be managed nor defines the
association between the objects and their values.
MIB creates a collection of named objects, their types, and their
relationships to each other in an entity to be managed.
We can compare the task of network management to the
task of writing a program.
Both tasks need rules. In network management
this is handled by SMI.
Both tasks need variable declarations. In network
management this is handled by MIB.
Both tasks have actions performed by statements.
In network management this is handled by SNMP.
TCP/IP Protocol Suite

50

Figure 21.3

Management overview

Example: a manager wants to send a message to an agent to find the

number of UDP user datagrams received by the agent.
MIB is responsible for finding the object that holds the number of UDP user datagram
SMI is responsible for encoding the name of the object.
SNMP is responsible for creating a message, called a GetRequest message,
and encapsulating the encoded message.

Manager

Agent
TCP/IP Protocol Suite

51

21.3 SMI
SMI is a component used in network management. It names objects,
defines the type of data that can be stored in an object, and shows how
data can be encoded for transmission over the network
Its functions are: (1) To name objects;
(2) To define the type of data that can be stored in an object;
(3) To show how to encode data for transmission over the network.
SMI is a guideline for SNMP. It emphasizes three object attributes: name, data type,
and encoding method.

TCP/IP Protocol Suite

52

Name:

Object identifier

SMI requires that each managed object

(such as a router, a variable in a router)
have a unique name. SMI uses an
object identifier, which is a hierarchical
identifier based on a tree structure.
The tree structure starts with an unnamed
root. Each object can be defined using a
sequence of integers separated by dot.
All objects managed by SNMP are
given an object identifier.
The object identifier always starts
with 1.3.6.1.2.1.
It means that all objects used in
SNMP are located under the mib-2
object
Two notations:
iso.org.dod.internet.mgmt.mib-2 < --- > 1.3.6.1.2.1
TCP/IP Protocol Suite

53

Data type
SMI uses fundamental Abstract Syntax Notation 1 (ASN.1) definitions and adds
some new definitions. It has two data types: simple and structured.
Simple data types

TCP/IP Protocol Suite

54

Structure data type

SMI defines two structured data types: sequence and sequence of.
A sequence data type is a combination of simple data types.
A sequence of data type is a combination of simple data types all of the same type
or a combination of sequence data types all of the same type.

Like an array in C language

TCP/IP Protocol Suite

55

Encoding format
SMI uses Basic Encoding Rules (BER) to encode data to be transmitted over
network. BER specifies that each piece of data be encoded in triplet format:
tag, length, and value.

The tag is a 1-byte field that defines the type of data. It composed of three subfields:
class (2 bits), format (1 bit), and number (5 bits). The class subfield defines the scope of
the data. Four classes: universal (00), application-wide (01), context-specific (10), and
private (11). The format subfield indicates if the data is simple (0) or structured (1).
The number subfield divides simple or structured data into subgroups.
The length field is 1 or more bytes.
The value field codes the value of the data according to the rules defined in BER.
TCP/IP Protocol Suite

56

Codes for data types

TCP/IP Protocol Suite

57

Length format
The length field is 1 or more bytes.
If it is 1 byte, the most significant bit must be 0, The other 7 bits defines the length
of the data.
If it is more than 1 byte, the most significant bit of the first byte must be 1. The
other 7 bits of the first byte define the number of bytes needed to define the length.

TCP/IP Protocol Suite

58

Example 1

How to define INTEGER 14.

TCP/IP Protocol Suite

59

Example 2

How to define the OCTET STRING HI.

TCP/IP Protocol Suite

60

Example 3

Figure below shows how to define Object Identifier

1.3.6.1 (iso.org.dod.internet).

TCP/IP Protocol Suite

61

Example 4

Figure below shows how to define IPAddress

131.21.14.8.

TCP/IP Protocol Suite

62

21.4 MIB
MIB is a component used in network management. Each agent has its own
MIB, a collection of all the objects that the manager can manage.
The objects in MIB2 (version 2) are classified as different groups: system,
interface, address translation, ip, icmp, tcp, udp, egp, transmission, and
snmp. These groups are under in the object identifier tree.

TCP/IP Protocol Suite

63

Descriptions on groups

sys: this object (system) defines general information about the node (system),
such as the name, location, and lifetime.
if:
this object (interface) defines information about all the interfaces of the node
including interface number, physical address, and IP address.
at:
this object (address translation) defines the information about ARP table.
ip:
this object defines information related to IP, such as routing table and IP address.
icmp: this object defines information related to ICMP, such as the number of packets sent
and received and total errors created.
tcp: this object defines general information related to TCP, such as the connection table,
time-out value, number of ports, and number of packets sent and received.
udp: this object defines general information related to UDP, such as the number of ports
and number of packets sent and received.
snmp: this object defines general information related to SNMP itself.

TCP/IP Protocol Suite

64

Exampl: udp group

UDP has the object identifier 1.3.6.1.2.1.7, the entities are shown below

1.3.6.1.2.1.7.1

1.3.6.1.2.1.7.5.1.1

TCP/IP Protocol Suite

65

udp variables and tables

We need index
to access the
Table, how to
give the index?

TCP/IP Protocol Suite

66

Indexes for udpTable

In MIB, the indexes of the array are not integers, but based on the value of one
or more fields in the entities. The following table is indexed by combination of
two values.

TCP/IP Protocol Suite

67

21.5 SNMP
SNMP is an application program that allows 1) a manager to retrieve the
value of an object defined in an agent; 2) a manager to store a value in an
object defined in an agent; and 3) an agent to send an alarm message about
an abnormal situation to the manager
SNMPv3 defines 8 types of packets (or payload data units (PDU)):
GetRequest: from the manager to the agent to retrieve the value of a variable or
a set variable.
GetNextRequest: from the manager to the agent to retrieve the value of a variable.
GetBulkRequest: from a manager to an agent to get a bulk of variables.
SetRequest: from the manager to the agent to set a value in a variable.
Response: from an agent to a manger in response to GetRequest or GetNextRequest.
Trap: from an agent to a manager to report an event.
InformRequest: from one manager to another remote manager to get the value of
some variables from agents under control of remote manager.
Report: designed to report some types of errors between managers.

TCP/IP Protocol Suite

68

SNMP PDUs

TCP/IP Protocol Suite

69

SNMP PDU format

Types of errors

TCP/IP Protocol Suite

70

21.6 MESSAGES
A message in SNMP
is made of four
elements:
version,
header,
security
parameters, and data
(which includes the
encoded PDU).

TCP/IP Protocol Suite

71

Codes for SNMP messages

TCP/IP Protocol Suite

72

21.7 UDP PORTS

SNMP uses the services of UDP on two well-known ports, 161 and 162. The wellknown port 161 is used by the server (agent), and the well-known port 162 is used
by the client (manager).

TCP/IP Protocol Suite

73

Summary
1.

BOOTP

2.

DHCP.

3.

DNS
Domain Name, Zone, FQDN, PQDN
Root, primary, second primary servers
Generic, country, inverse domains
Recursive, iterative and cache solutions

TCP/IP Protocol Suite

74

Summary
4. Email
Email architecture
SMTP, POP3, IMAP4
5. SNMP, SMI, MIB
Name, type, encoding, message

TCP/IP Protocol Suite

75

Excises
1.

Why does a newly added host need to know the IP address of a router?

2. Why does a newly added host need to know the IP address of a name
server?

TCP/IP Protocol Suite

76

Excises-Cont.
3. Show the address solution process for the client ask for address of www.irwin.com
using (a) recursive (b) iterative methods.

TCP/IP Protocol Suite

77

Excises
4. A non-ASCII message of 1,000 bytes is encoded using base64. How many bytes are
in the encoded message?
5. Encoding the following message in base64
01001011 00110101 11001110
6. Why is a connection establishment for mail transfer needed if TCP has already
established a connection?
7. Show the encoding for 1456.
8. Show the encoding of Hello World.
9. Show the arbitrary OCTET STRING of length 1,000.
10. Show how the following record is encoded.
INTEGER

OCTET STRING

2345

COMPUTER

IP Address
185.32.1.5

TCP/IP Protocol Suite

78

Answers:
1.
2.

A newly added host needs to know the address of a router in

order to send a message outside of its own local network.
A newly added host needs to know the address of a name server
in order
to resolve a domain name to an IP address.

TCP/IP Protocol Suite

79

Answers-cont.II:
3. (a) recursive

38

1
10

TCP/IP Protocol Suite

80

Answers:
4. Each byte in base64 1000x8/6=1336 bytes in the encoded message.
5. Original:
01001011 00110101 11001110
Group by 6: 010010 110011 010111 001110
Base 64:
18 51
23
14
ASCII:
S
z
X
O
Converted bit pattern: 01001011 00110101 11001110
6. Connection establishment is needed for mail transfer because the messages sent
relay necessary information about the communication to the client and server
software, not just whether the computers have a connection via TCP.
7. INTEGER tag: 02
length: 04
value: 00 00 05 B0
-----------------------------------Answer: 02 04 00 00 05 B0

TCP/IP Protocol Suite

81

Answers-cont:
8.

OCTET STRING tag: 04

length: 0C
value: 48 65 6C 6C 6F 20 57 6F 72 6C 64 2E
H e l l o space W o r l d .
------------------------------------------------------------------------------------Answer: 04 0C 48 65 6C 6C 6F 20 57 6F 72 6C 64 2E

9.

OCTET STRING tag: 04

length of the length field (2 bytes) (10000010) = 82
length (1000 bytes) = 03 E8
value (1000 character)
-----------------------------------------------------------------Answer: 04 82 03 E8 (Plus 1000 bytes of characters)

10. 30 16
sequence, length
02 04 00 00 09 29 INTEGER, length, value (2345)
04 08 43 4F 4D 50 55 54 45 52 OCTET STRING, length, value (COMPUTER)
40 04 B9 20 01 05 IP address, length, value (185.32.1.5)
TCP/IP Protocol Suite

82