This guide explains the elements of Protocols relating to the Internet. Many client/server applications rely on protocols, for example, Netscape Navigator or Microsoft Internet Explorer. These two applications use the http protocol to send and recieve data between the server and the client. The client sends a request to the http server, listening on port 80. To make it simple, the client sais ‘may I have this file?’ and the server replies, most likely dumping the page back to the client. The client will then take the data sent back from the server, parse it, and display it for the user on a normal page.
Clients
The client is the application that communicates with the server. Usually a client will create a virtual-circuit connection with the server, then start communicating. We show an example here, where the client is sending information relating to nickname/ident and the server is acknowledging that it recieved that info.
Send 16 bytes.
<00000000< NICK hax0r
Send 42 bytes.
<00000010< USER hax0r 32 . :I am an elite hax0r
(Server communicates with the client; recognizes that the requested nick is in use and sends data back in which the irc client will interpret)
Receive 60 bytes.
>00000000> :irc.hax0r.bm 433 * hax0r :Nickname is already in
>00000036> use.
Send 16 bytes.
<0000003A< NICK hax0r1
(Handshaking stage complete...)
Receive 1099 bytes.
>0000003C> :irc.hax0r.bm 001 hax0r1: Welcome to IRC.
So we have completed the handshaking stage. The server waits for the responses from the client, and once succesfully initiated, the client goes on with its buisness.
More advanced handshaking
Here we get down to the dirty work. Between the client and server there are packets sent, and in those packets contain flags. The most commonly used flags are:
SYN - Initiate a virtual circuit connection with the destination host/server. We use the three way tcp handshaking procedure to connect. Both the SYN and ACK flags are stated in a packet:
SYN=1/ACK=0: Opens a connection
SYN=1/ACK=1: Open connection acknowledgment request
SYN=0/ACK=1: Just plain acknowledgment packet or data packet
ACK - ACK is used to state that the acknowledgment number field is valid.
RST - RST resets the connection because a. the server returned an error or b. the client created an error its self.
FIN - FIN terminates the connection(vcircuit). Both client and server sides must agree on terminating the connection; otherwise an application might unexpectedly drop the connection for no reason.
URG - URG is used to send OOB (Out-of-band-data) to the server without waiting for the server to process octets in the stream. Octets are every 8th bit within a byte. NetBIOS produces a problem within URG processing: it cannot handle a sequence of data at any length. This is known as the “winnuke” attack - (http://www.rootshell.com/archive-j457nxiqi3gq59dv/199707/winnuke.c.html)
Address Classes
You've probably heard people saying "Class C Net" or "Class A Net" - These are address classes. Address Classes are used to define the number of nodes on a specific network; the table follows below:
Class A - 127 networks, 16,777,214 Nodes.
Class B - 16,383 networks, 65,534 Nodes.
Class C - 2,097,151 networks, 254 Nodes.
The most common network that you will find is the Class C network, which many schools/private buisnesses use. Class A nets are for HUGE companies like AOL, which need more IP Addresses than Bill Clinton needs ugly women. (um that was a bad joke)
Protocol Definitions
Here I will explain many popular procotols that we use, like FTP or IRC.
TCP - Transfer Control Protocol. TCP relies on IP to get the info right; it is also used to make sure none of the packets sent are dropped by mistake. TCP is what delivers your packets: it is obviously needed for most of our advanced client/server applications. Once IP handles where the data is to be sent, TCP goes to work and delivers the data in its form. Here is a basic outline of a TCP packet:
382 hp-managed-node - hp performance data managed node
383 hp-alarm-mgr - hp performance data alarm manager
384 arns - A Remote Network Server System
385 ibm-app - IBM Application
386 asa - ASA Message Router Object Def.
387 aurp - AppleTalk Update-Based Routing Pro.
388 unidata-ldm - Unidata LDM Version 4
389 ldap - Lightweight Directory Acess Protocol
390 uis
391 synotics-relay - SynOptics SNMP Relay Port
392 synotics-broker - SynOptics Port Broker Port
393 dis - Data Interpretation System
394 embl-ndt - EMBL Nucleic Data Transfer
395 NETscout Control Protocol
396 netware-ip - Novell Netware over IP
397 mptn - Multi Protocol Trans. Net.
398 kryptolan
400 work-sol - Worksation Solutions
401 ups - Uninteruptible Power Supply
402 genie - Genie Protocol
403 decap
404 nced
407 timbuktu
408 prm-sm - Prospero Resource Manager Sys. Man.
409 prm-nm - Prospero Resource Manager Node Man.
410 decladebug - DECLadebug Remote Debug Protcol
411 rmt - Remote MT Protocol
412 synoptics-trap - Trap Convetion Port
413 smsp
414 infoseek
415 bnet
416 silverplatter
417 onmux
418 hyper-g
419 ariel1
420 smpte
421 ariel2
422 ariel3
423 opc-job-start - IBM Operations Planning and Control Start
424 opc-job-track - IBM Operations Planning and Control Track
425 icad-el - ICAD
426 smartsdp
427 svrloc - Server Location
428 ocs_cmu
429 ocs_amu
430 utmpsd
431 utmpcd
432 iasd
433 nnsp
434 mobileip-agent
435 mobileip-mn
436 dna-cml
437 comscm
438 dsfgw
439 dasp
440 sgcp
441 decvms-sysmgt
442 cvc_hostd
443 https
444 snpp - Simple Network Paging Protocol
445 microsoft-ds
446 ddm-rdb
447 ddm-dfm
448 ddm-byte
449 as-servermap - AS Server Mapper
450 tserver
497 retrospect - Retrospect Backup software
515 printer - spooler
517 talk
518 ntalk
525 timed - timeserver
526 tempo - newdate
548 AppleShare IP Server
3000 First Class Server
5500 Hotline Server
5501 Hotline Server
8080 http
[Most all of the remaining ports are mentioned to be unused or unregistered (Keep in mind that the largest anonymous port in most tcp software is 65535)]
IP - Internet Protocol. IP takes care of addressing. You have probably heard of the term ‘IP Address’: this is the Internet Protocol in use. Every Internet Service Provider assigns you an IP address once you log on; for ethernet usage this is much like DHCP.
ARP - Address Resolution Protocol. ARP finds out what Joe’s Hardware address is, or what Mary’s NICA is. It also resolves IP addresses and many other things such as MAC addresses or Physical hardware addresses. ARP relies on IP to work properly.
RARP - RARP, or Reverse Address Resolution Protocol, figures out what the TCP/IP address is via the Network Interface Card.
ICMP - Internet Control Message Protocol. ICMP packets are used to determine flaws or problems within two or more hosts. An example: If I ping joe but joe doesnt respond, then it means joe’s box is down. However if he replies to the ICMP_ECHO_REPLY flag stated in the packet, it would mean his box was actually up. ICMP can also be used to ping flood someone, as you already know.
LDAP - Lightweight Directory Access Protocol. LDAP is used (much like FINGER) to look up information on an X.500 directory service. LDAP can be used to retrieve email addresses, phone numbers, and other information that might be useful to someone who has access to a X.500 directory service.
BootP - Boot Protocol. BootP lets you boot your OS from a remote machine connected to a network. It is very similar to TFTP in that it uses a different computer to boot/load OS’s or applications. BootP might be used if you were out of disk space or were having problems with your own Operating System.
TFTP - Trivial File Transfer Protocol. TFTP is somewhat like bootp: it lets you download files or install operating systems via DEC’s remote installation service. TFTP is primarily used to load/run applications from a TFTP server, and as stated before is extremely important for network booting.
SMTP - Simple Mail Transfer Protocol. SMTP is one of the most widely used protocols today: it handles internet e-mail messaging and supports the tranfer of files from one computer to another. The whole E-mail system is based on SMTP; you need an SMTP server to send/recieve messages. SMTP is peticularly unsafe because it lets you ‘spoof’ messages from one address to another. In this example, we connect to a host running sendmail on port 25, and enter our message headers.
250 driftwood.nfth.com Hello techlib.org [199.227.254.193], pleased to meet you
RSET
250 Reset state
MAIL FROM: <owned@nfth.com>
250 <owned@nfth.com>... Sender ok
RCPT TO:<recieve@desthost.com>
550 recieve@desthost.com>....ok
The rest of the part is pretty simple, just do DATA and then QUIT.
UDP - User Datagram protocol. UDP is a bare-bones connectionless protocol used peticularly for DNS servers. UDP is different from TCP because it doesnt require any control packets to be sent before a connection is esatblished. Unlike TCP, UDP does not check for errors: this means that if something goes wrong UDP will not correct it. Applications like AOL (bleh) have its own error correction built in, so that MOST of the data sent/recieved can be successfully transfered between computers. UDP is dependent on IP, which is used to reliably ‘deliver’ the packets to the upper-layer applications defined in the OSI model(figure 1). To create a datagram socket, use this:(You need alot more than this to actually get the socket working)
socket(AF_INET, SOCK_DGRAM, 0)
SOCK_DGRAM specifies that the socket type will be datagram, not stream.
f1:
-International Standards Organization OSI Model-
--------------------------------------
Application
--------------------------------------
Presentation
--------------------------------------
Session
--------------------------------------
Transport
--------------------------------------
Network
--------------------------------------
Data Link
--------------------------------------
Physical
--------------------------------------
Physical - Hardware, as in modem or NIC.
Data Link - Handles error correction from interference produced by the physcal devices such as network-related wiring. The Data Link also helps ‘construct’ the packets sent by applications and send them using IP to use the correct address.
Network - This layer interacts with the Data Link layer to send the packets to the specified address.
Transport - The Transport layer makes sure that no errors occur between the routing of packets constructed by the Data Link.
Session - This layer simply handles the connection between two addresses.
Presentation - Handles file formatting that is used with various clients. For example, without the Presentation layer you would not be able to send a file in Binary format without knowing that the other computer would be able to run it.
Application - This layer handles use of applications that are dependent on the OSI model, like telnet or FTP.
-end International Standards Organization OSI Model-