Protocol Basics Outline Objective OSI Model TCP/IP Model Encapsulation TCP Header 3-way Handshake IP Addressing SMTP FTP HTTP DNS Summary List of References Objective To provide background on the OSI Model, the TCP/IP Model and several frequently used protocols. OSI Model
List of References
To provide background on the OSI Model, the TCP/IP Model and several frequently used protocols.
The Open Systems Interconnection Basic Reference Model (OSI Reference Model or OSI Model or OSI Seven Layer Model) is a layered, abstract description for communications and computer network protocol design
It describes how information from a software application in one computer moves through a network medium to a software application in another computer.
It is a conceptual model composed of seven layers, each specifying particular network functions.
Layer 7: Application Layer interfaces directly to and performs common application services for the application processes, issues requests to the presentation layer and provides services to user-defined application processes, and not to the end user.
Layer 6: Presentation Layer transforms the data to provide a standard interface for the Application layer.
Layer 5: Session Layer controls the connections/sessions between computers. It establishes, manages and terminates the connections between the local and remote application.
Layer 4: Transport Layer provides transparent transfer of data between end users, providing reliable data transfer services to the upper layers. The transport layer controls the reliability of a given link through flow control, segmentation/desegmentation, and error control.
Layer 3: Network Layer provides the means of transferring variable length data sequences from a source to a destination via one or more networks while maintaining the quality of service requested by the Transport layer. This layer performs network routing functions, and might also perform fragmentation and reassembly, and report delivery errors. Routers operate at this layer.
Layer 2: Data Link Layer provides the functional and procedural means to transfer data between network entities and to detect and possibly correct errors that may occur in the Physical layer. The best known example of this is Ethernet. This is the layer at which the bridges and switches operate.
Layer 1: Physical Layer defines all the electrical and physical specifications for devices such as the layout of pins, voltages, and cable specifications. Hubs, repeaters, and network adapters are physical-layer devices.
TCP/IP Model is a layered abstract description for communications and computer network protocol design. It has fewer, less rigidly defined layers than the commonly referenced OSI model, and thus provides an easier fit for real-world protocols.
Layer 4 – Process Layer or Application Layer
Layer 3 – Host-to-Host (Transport) Layer
Layer 2 – Internet or Internetworking Layer
Layer 1 – Network Access Layer
0 15 16 31
16 Bit Source Port Number
16 Bit Destination Port Number
32 Bit Sequence Number
32 Bit Acknowledgement Number
4 Bit Header
16 Bit Window Size
16 Bit TCP Checksum
16 Bit Urgent Pointer
Options (if any)
Data (if any)
Most communications is handled using TCP.
TCP is reliable:
Acknowledgements indicate delivery of data.
Checksums are used to detect corrupted data.
Sequence numbers detect missing, or mis-sequenced data.
Corrupted data is retransmitted after a timeout.
Mis-sequenced data is re-sequenced.
Flow control prevents over-run of receiver.
TCP uses congestion control to share network capacity among users.
TCP is connection-oriented.
3-way handshake used for connection setup/teardown.
(Data +) Ack
Syn + Ack
SYN | ACK
1: Send SYN seq=x
2: Send SYN seq=y, ACK x+1
3: Send ACK y+1
An IP (Internet Protocol) address is a unique address that electronic devices use in order to identify and communicate with each other on a computer network. It can be thought of as the equivalent of a street address or a phone number for a computer or other network device on the Internet.
Participating network devices—including routers, computers, time-servers, printers, Internet fax machines, and some telephones—can have their own unique address.
IP Version 4 (IPv4) uses 32-bit (4 byte) addresses, which limits the address space to 4,294,967,296 (232) possible unique addresses.
IPv4 Example: 127.0.0.1
IPv4 address shortage has helped stimulate the push towards IPv6, which is currently in the early stages of deployment and will replace IPv4 with IPv6.
IPv6 addresses are 128 bits (16 bytes) wide, which, should suffice for the foreseeable future. In theory, there would be roughly 3.403 × 1038 unique host interface addresses.
Based upon this design, there will exist "roughly 5,000 addresses for every square micrometer of the Earth's surface". This enormous magnitude of available IP addresses will be sufficiently large for the indefinite future, even though mobile phones, cars and all types of personal devices are coming to rely on the Internet for everyday purposes.
IPv6 Example: 2001:0db8:85a3:08d3:1319:8a2e:0370:7334
Simple Mail Transfer Protocol (SMTP) is a simple, text-based protocol, where one or more recipients of a message are specified and then the message text is transferred.
It is a client-server protocol, where the client transmits an email message to the server. An email client knows the outgoing mail SMTP server from its configuration. The server typically determines which SMTP server to connect to by looking up the record for each recipient's domain name, the part of the email address to the right of the at sign (@).
The SMTP client initiates a TCP connection to server's port 25.
SMTP is a "push" protocol that does not allow one to "pull" messages from a remote server on demand. To do this a mail client must use POP3 or IMAP.
File Transfer Protocol (FTP) was a commonly used protocol for exchanging files over any network that supports the TCP/IP protocol (such as the Internet or an intranet).
FTP employs two computers in an FTP transfer: a server and a client.
The FTP server, running FTP server software, listens on the network for connection requests from other computers.
The client computer, running FTP client software, initiates a connection to the server.
Once connected, the client could manipulate files such as uploading/downloading files to/from the server, renaming or deleting files on the server, etc..
HTTP has begun to dominate in these kinds of applications.
Hypertext Transfer Protocol (HTTP) is a communications protocol used to transfer or convey information on the World Wide Web.
HTTP is a request/response protocol between clients and servers. The originating client, such as a web browser is referred to as the user agent. The destination server, which stores or creates resources such as HTML files and images, is called the origin server.
An HTTP client initiates a request by establishing a Transmission Control Protocol (TCP) connection to a particular port on a remote host (port 80 by default.
An HTTP server listening on that port waits for the client to send a request message.
Upon receiving the request, the server sends back a status line, such as "HTTP/1.1 200 OK", and a message of its own, the body of which is perhaps the requested file, an error message, or some other information.
HTTP can be made secure through the use of encryption
Using HTTPS indicates that HTTP is to be used, but with a different default TCP port (443) and an additional encryption/authentication layer, Secure Sockets Layer (SSL) or Transport Layer Security (TLS), between the HTTP and TCP.
Domain Name System (DNS) associates information with so-called domain names; most importantly, it serves as the "phone book" for the Internet: it translates human-readable computer hostnames, e.g. www.wikipedia.org, into the IP addresses that networking equipment needs for delivering information.
For example, if you want to know the internet address of www.wikipedia.org, DNS can be used to tell you it's 126.96.36.199.
DNS distributes the responsibility for assigning domain names and mapping them to IP networks by allowing an authoritative server for each domain to keep track of its own changes, avoiding the need for a central registrar to be continually consulted and updated.
Each domain or subdomain has one or more authoritative DNS servers that publish information about that domain and the name servers of any domains "beneath" it.
This section has tried to provide background on the OSI Model, the TCP/IP Model and several frequently used protocols.
CyberPatriot wants to thank and acknowledge the CyberWatch program
which developed the original version of these slides and who has graciously
allowed their use for training in this competition.