CCNA Discovery

1
CCNA Discovery

• Chapter 7

2
Oh, so they have Internet on computers now!
3
ISPs Provide Services

• Email
• Web Hosting
• Media Streaming
• IP Telephony
• File Transfer

4
ISPs must guarantee a level of service based on

• Reliability
• Availability

5
Characteristics of Reliability

• Redundant Hardware
• Redundant Hardware
• Redundant Hardware
• Fault Tolerance - The measure of equipment
  robustness is fault tolerance, the longer the
  MTBF, the greater the fault tolerance.
• The longer the MTBF (mean time between failure),
  the greater the reliability

6
Availability

• Five nines (99.999) Uptime (.001 Downtime)

I'm learnding!
7
TCP/IP Protocols
8
TCP/IP vs OSI Models

• Differences
• OSI model breaks the function of the TCP/IP
  Application Layer into separate distinct layers.
  The upper three layers of the OSI model specify
  the same functionality as the Application Layer
  of the TCP/IP model.
• The TCP/IP protocol suite does not specify
  protocols for the physical network
  interconnection. The two lower layers of the OSI
  model are concerned with access to the physical
  network and the delivery of bits between hosts on
  a local network.

• Similarities
• Use of layers to visualize the interaction of
  protocols and services
• Comparable Transport and Network Layers
• Used in the networking field when referring to
  protocol interaction

9
TCP/IP vs OSI Models
TCP/IP model is based on actual protocols and
standards developed, whereas the OSI model is a
theoretical guide for how protocols interact.
10
TCP vs. UDP (Transport Needs)

• TCP (Connection-Oriented Protocol)
• TCP is a reliable, guaranteed-delivery protocol.
  TCP specifies the methods hosts use to
  acknowledge the receipt of packets, and requires
  the source host to resend packets that are not
  acknowledged. TCP protocols also govern the
  exchange of messages between the source and
  destination hosts to create a communication
  session.
• High Overhead

11
TCP vs. UDP (Transport Needs)

• UDP (Connectionless Protocol)
• Low overhead
• No Flow Control
• No error recovery function
• Best Effort and may arrive out of order or
  lost.

12
Encapsulation

• 7.2.2.2 view animation

13
TCP Handshake
Great Homer, how are you doing?
How are you doing, Barney?
Im hungry.
14
TCP Handshake (3 Way handshake)

1. A --gt B SYN - My sequence number is X
2. A lt-- B ACK - Your sequence number is X expect
   X 1 next
3. A lt-- B SYN - My sequence number is Y
4. A --gt B ACK - Your sequence number is Y expect
   Y 1 next.

Because step 2 and 3 are combined into one
message, it is called a three-way handshake.  The
following diagram might better illustrate this
process.
15
Why use the three-way handshake?

• It synchronizes both ends of a connection by
  allowing both sides to agree upon initial
  sequence numbers.

16
TCP Timer

• When a host sends message segments to a
  destination host using TCP.
• The timer allows sufficient time for the message
  to reach the destination host and for an
  acknowledgement to be returned. If the source
  host does not receive an acknowledgement from the
  destination within the allotted time, the timer
  expires and the source assumes the message is
  lost and reset.

17
TCP Sequence Numbers

• TCP specifies how messages are reassembled at the
  destination host. Each TCP segment contains a
  sequence number. At the destination host, the TCP
  process stores received segments in a TCP buffer.
  By evaluating the segment sequence numbers, the
  TCP process can confirm there are no gaps in the
  received data. When data is received out of order
  it can also reorder the segments as necessary.

18
Me fail English? Thats unpossible.
19
UDP

• Very Simple Protocol it is not
  connection-oriented and does not provide the
  sophisticated retransmission, sequencing, and
  flow control mechanisms of TCP, UDP has a much
  lower overhead.
• Domain Name System (DNS)
• Simple Network Management Protocol (SNMP)
• Dynamic Host Configuration Protocol (DHCP)
• Routing Information Protocol (RIP)
• Trivial File Transfer Protocol (TFTP)
• Online games

20
Supporting Multiple Services

• The task of managing multiple simultaneous
  communication processes is done by the Transport
  Layer.
• To differentiate the segments and datagrams for
  each application, both TCP and UDP have header
  fields that can uniquely identify these
  applications for data communications purposes.

21
Port Numbers

• In the header of each segment or datagram, there
  is a source and destination port.
• When a client application sends a request to a
  server application, the destination port
  contained in the header is the port number that
  is assigned to the application running on the
  server.

IP and MAC Address do not change!
22
Port Numbers

• For example, if you want to talk to Mr Buggi on
  the phone, you first need to know Mr. Buggis
  phone number, then you should know Mr Buggis
  name. Here the name of Mr. Buggi is the port
  number. As for computer, knowing the IP address
  is just one thing. It also need to know which
  software need to transfer the data.

23
Port Numbers to know

• HTTP 80
• SMTP 25
• NETSTAT 15
• FTP 20 21
• SSH 22
• Telnet 23
• DNS 53
• BOOTP-67 68
• TFTP 69
• SNMP 161
• BGP 179
• UPS 401

• HTTPS 443
• POP3 - 110
• Kazaa 1214
• Windows Live Messaging 1863
• Civilization 2056
• Halo Combat Evolution 2302
• Nintendo Wi-Fi (Wii ?) - 29920

24

• The TCP processes on the sending and receiving
  hosts are slightly different. Clients are active
  and request connections, while servers are
  passive, and listen for and accept connections.
• Server processes are usually statically assigned
  well-known port numbers from 0 to 1023.
  Well-known port numbers enable a client
  application to assign the correct destination
  port when generating a request for services.

25
Sockets and Socket Pairs

• The combination of the Transport Layer port
  number and the host's Network Layer IP address
  uniquely identifies a particular application
  process running on an individual host device.
  This combination is called a socket. A socket
  pair, consisting of the source and destination IP
  addresses and port numbers, is also unique and
  identifies the specific conversation between the
  two hosts.

26

• What would the source and destination sockets be?

• Socket Example
• Source 192.168.1.1725
• Destination 192.168.2.398080
• Socket Pair
• 192.168.1.1725, 192.168.2.398080

27
Naming DNS and HOSTS

• Used HOSTS before DNS
• A HOSTS file is still used by virtually all
  computer systems. A local HOSTS file is created
  when TCP/IP is loaded on a host device. As part
  of the name resolution process on a computer
  system, the HOSTS file is scanned even before the
  more robust DNS service is queried. A local HOSTS
  file can be used for troubleshooting or to
  override records found in a DNS server.
• Malware/Virus can attach it

28
HOSTS Example
29
DNS (Domain name Service) 53

• Maps name-to-IP addresses for internal hosts
• Forwards name resolution requests to a
  caching-only server (maintained by ISP)

30
DNS

• Made up of
• Resource Records and Domain Namespace
• Domain Name Servers
• Resolvers

31

• The root DNS server may not know exactly where
  the host H1.cisco.com is located, but it does
  have a record for the .com top level domain.
  Likewise, the servers within the .com domain may
  not have a record for H1.cisco.com either, but
  they do have a record for the cisco.com domain.
  The DNS servers within the cisco.com domain do
  have the record for H1.cisco.com and can resolve
  the address.

The name H1.cisco.com is referred to as a fully
qualified domain name (FQDN) or DNS name, because
it defines the exact location of the computer
within the hierarchical DNS namespace.
32
DNS Dynamic Updates

• Dynamic updates enable DNS client computers to
  register and dynamically update their resource
  records with a DNS server whenever changes occur.

33
DNS Name Resolution

• Forward lookup (Primary/Secondary)
• Reverse lookup (Primary/Secondary)

34
Forward Lookup Zone

• A forward lookup zone is a standard DNS zone that
  resolves fully qualified domain names to IP
  addresses. This is the zone type that is most
  commonly found when surfing the Internet. When
  typing a web site address, such as www.cisco.com,
  a recursive query is sent to the local DNS server
  to resolve that name to an IP address so as to
  connect to the remote web server.

35
Reverse Lookup Zone

• A reverse lookup zone is a special zone type that
  allows you to resolve an IP address to a fully
  qualified domain name. Some applications use
  reverse lookups to identify computer systems who
  are actively communicating with them. There is an
  entire reverse lookup DNS hierarchy on the
  Internet that will enable any publicly registered
  IP address to be resolved. Many private networks
  choose to implement their own local reverse
  lookup zones to help identify computer systems
  within their network. Reverse lookups on IP
  addresses can be found using the ping -a ltip
  addressgt command.

36

• When registering a Domain Name you must also name
  two DNS servers for redundancy. Ideally on two
  different networks.

37
SERVICES HTTP HTTPS

• HTTP
• Many different versions. Most recent version
  allows for a single web server to host multiple
  sites. Also multiple requests and response
  messages can be used with the same connection.
• NOT SECURE sent in plain text (request and
  response)
• HTTPS
• Secure authentication and encryption with SSL
• Requires additional server time

38

• When contacting an HTTP server to download a web
  page, a uniform resource locator (URL) is used to
  locate the server and a specific resource. The
  URL identifies
• Protocol being used
• Domain name of the server needing to be accessed
• Location of the resource on the server
• http//example.com/example1/index.htm

39
Proxy Server
40
Proxy server

• Speed - caching allows resources requested by one
  user to be available to subsequent users without
  having to access the actual server where the page
  is stored.
• Security - proxy servers can be used to intercept
  computer viruses and other malicious content and
  prevent them from being forwarded onto clients.
• Filtering - proxy servers can view incoming HTTP
  messages and filter unsuitable and offensive web
  content.

41
FTP 20 and 21

• FTP is a connection-oriented protocol that uses
  TCP to communicate between a client FTP proces
• FTP implementations include the functions of a
  protocol interpreter (PI) and a data transfer
  process (DTP). PI and DTP define two separate
  processes that work together to transfer files.
  As a result, FTP requires two connections to
  exist between the client and server, one to send
  control information and commands, and a second
  one for the actual file data transfer.s and an
  FTP process on a server.

42
Protocol Interpreter (PI) 21

• The PI function is the main control connection
  between the FTP client and the FTP server. It
  establishes the TCP connection and passes control
  information to the server. Control information
  includes things such as commands to navigate
  through a file hierarchy, as well as renaming or
  moving files.

43
DTP (Data Transfer Process)

• This function is enabled only when the user wants
  to actually transfer files to or from the FTP
  server. Unlike the PI connection, which remains
  open, the DTP connection closes automatically
  when the file transfer is complete.

44
Active vs Passive FTP

• Passive- a client initiates a request to the
  server and opens a port for the expected data.
  The server then connects to the client on that
  port and the data transfer begins.
• Active- the FTP Server opens a random source port
  (greater than 1023). The server forwards its IP
  address and this random port to the FTP client
  over the control stream. The server then waits
  for a connection from the FTP client in order to
  begin the data file transfer.

45
EMAIL SMTP, POP3 and IMAP

• Store and forward method (Stored in databases on
  mail servers)

46
EMAIL SMTP, POP3 and IMAP

• Sends SMTP (25)
• dbuggi_at_esu6.org
• Receives POP3 (110)(deleted from serer and IMAP
  (not deleted from server)