Network Protocol Levels

ou should be aware of the fact, that when talking about networking you will hear the word "protocol" all the
time. This is because protocols are sets of standards that define all operations within a network. They define how various operations are to be performed. They may even define how devices outside the network can interact with the network. Protocols define everything from basic networking data structures, to higher level application programs. They define various services and utility programs. Protocols operate at many layers of the network models described below. There are protocols considered to be transport protocols such as TCP and UDP. Other protocols work at the network layer of the OSI network model shown below, and some protocols work at several  of the network layers.

RFCs
Protocols are outlined in Request for Comments (RFCs). At the end of this document is a list of protocols and associated RFC numbers.Protocols. Although RFCs define protocols not all RFCs define protocols but may define other requirements for the internet such as RFC 1543 which provides information about the preparation of RFCs. The following RFCs are very central to the TCP/IP protocol.
l RFC 1122 - Defines host requirements of the TCP/IP suite of protocols covering the link, network (IP),
and transport (TCP, UDP) layers.
l RFC 1123 - The companion RFC to 1122 covering requirements for internet hosts at the application layer
l RFC 1812 - Defines requirements for internet gateways which are IPv4 routers
Network Models There are several network models which you may hear about but the one you will hear about most is the ISO network model described below. You should realize, however that there are others such as:
l The internet layered protocol
l The TCP/IP 4 layered protocol
l The Microsoft networking protocol
If you don't like any of these models, feel free to invent your own along with your own networking scheme of
course, and add it to the list above. You can call it "The MyName Protocol". Ever wonder why networking can be so complex and confusing? Welcome to the world of free enterprise!

The ISO Network Model Standard
The International Standards Organization (ISO) has defined a standard called the Open Systems Interconnection (OSI) reference model. This is a seven layer architecture listed below. Each layer is considered to be responsible for a different part of the communications. This concept was developed to accommodate changes in technology. The layers are arranged here from the lower levels starting with the physical (hardware) to the higher levels.
1. Physical Layer - The actual hardware.
2. Data Link Layer - Data transfer method (802x ethernet). Puts data in frames and ensures error free
transmission. Also controls the timing of the network transmission. Adds frame type, address, and error
control information. IEEE divided this layer into the two following sublayers.
1. Logical Link control (LLC) - Maintains the Link between two computers by establishing Service
Access Points (SAPs) which are a series of interface points. IEEE 802.2.
2. Media Access Control (MAC) - Used to coordinate the sending of data between computers. The
802.3, 4, 5, and 12 standards apply to this layer. If you hear someone talking about the MAC
address of a network card, they are referring to the hardware address of the card.
3. Network Layer - IP network protocol. Routes messages using the best path available.
4. Transport Layer - TCP, UDP. Ensures properly sequenced and error free transmission.
5. Session Layer - The user's interface to the network. Determines when the session is begun or opened, howlong it is used, and when it is closed. Controls the transmission of data during the session. Supports
security and name lookup enabling computers to locate each other.
6. Presentation Layer - ASCII or EBCDEC data syntax. Makes the type of data transparent to the layers
around it. Used to translate date to computer specific format such as byte ordering. It may include
compression. It prepares the data, either for the network or the application depending on the direction it is
going.
7. Application Layer - Provides services software applications need. Provides the ability for user applications to interact with the network.
Many protocol stacks overlap the borders of the seven layer model by operating at multiple layers of the model. File Transport Protocol (FTP) and telnet both work at the application, presentation, and the session layers.

The Internet, TCP/IP, DOD Model
This model is sometimes called the DOD model since it was designed for the department of defense It is also
called the TCP/IP four layer protocol, or the internet protocol. It has the following layers:
1. Link - Device driver and interface card which maps to the data link and physical layer of the OSI model.
2. Network - Corresponds to the network layer of the OSI model and includes the IP, ICMP, and IGMP
protocols.
3. Transport - Corresponds to the transport layer and includes the TCP and UDP protocols.
4. Application - Corresponds to the OSI Session, Presentation and Application layers and includes FTP,
Telnet, ping, Rlogin, rsh, TFTP, SMTP, SNMP, DNS, your program, etc.
Please note the four layer TCP/IP protocol. Each layer has a set of data that it generates.
1. The Link layer corresponds to the hardware, including the device driver and interface card. The link layer
has data packets associated with it depending on the type of network being used such as ARCnet, Token
ring or ethernet. In our case, we will be talking about ethernet.
2. The network layer manages the movement of packets around the network and includes IP, ICMP, and
IGMP. It is responsible for making sure that packages reach their destinations, and if they don't, reporting
errors.
3. The transport layer is the mechanism used for two computers to exchange data with regards to software.
The two types of protocols that are the transport mechanisms are TCP and UDP. There are also other types
Network Protocol Levels of protocols for systems other than TCP/IP but we will talk about TCP and UDP in this document.
4. The application layer refers to networking protocols that are used to support various services such as FTP,
Telnet, BOOTP, etc. Note here to avoid confusion, that the application layer is generally referring to
protocols such as FTP, telnet, ping, and other programs designed for specific purposes which are governed
by a specific set of protocols defined with RFC's (request for comments). However a program that you
may write can define its own data structure to send between your client and server program so long as the
program you run on both the client and server machine understand your protocol. For example when your
program opens a socket to another machine, it is using TCP protocol, but the data you send depends on
how you structure it. Data Encapsulation, a Critical concept to be understood
When starting with protocols that work at the upper layers of the network models, each set of data is wrapped inside the next lower layer protocol, similar to wrapping letters inside an envelope. The application creates the data, then the transport layer wraps that data inside its format, then the network layer wraps the data, and finally the link (ethernet) layer encapsulates the data and transmits it.

Data Encapsulation, a Critical concept to be understood
When starting with protocols that work at the upper layers of the network models, each set of data is wrapped inside the next lower layer protocol, similar to wrapping letters inside an envelope. The application creates the data, then the transport layer wraps that data inside its format, then the network layer wraps the data, and finally the link (ethernet) layer encapsulates the data and transmits it.

To continue, you should understand the definition of a client and server with regards to networking. If you are a server, you will provide services to a client, in much the same way as a private investigator would provide services to their clients. A client will contact the server, and ask for service, which the server will then provide. The service may be as simple as sending a single block of data back to the client. Since there are many clients, a server must be constantly ready to receive client requests, even though it may already be working with other clients. Usually the client program will operate on one computer, while the server program will operate on another computer, although programs can be written to be both a client and a server.

Lets say you write a client chat program and a server chat program to be used by two people to send messages between their machines. You run the server program on machine B, and the client program on machine A. Tom is on machine A and George is on machine B. George's machine is always ready to be contacted, but cannot initiate a contact. Therefore if George wants to talk to Tom, he cannot, until Tom contacts him. Tom, of course can initiate contact at any time. Now you decide to solve the problem and merge the functionality of the two programs into one, so both parties may contact the other. This program is now a client/server program which operates both as a client and a server. You write your code so when one side initiates contact, he will get a dialog box, and a dialog box will pop up on the other side. At the time contact is initiated, a socket is opened between the two machines and a virtual connection is established. The program will let the user (Tom) type text into the dialog window, and hit send. When the user hits send, roughly the following will happen.

1. Your program will pass Tom's typed text in a buffer, to the socket. This happens on machine A.

2. The underlying software (Code in a library called by a function your program used to send the data)

supporting the socket puts the data inside a TCP data packet. This means that a TCP header will be added

to the data. This header contains a source and destination port number along with some other information

and a checksum. Deamon programs (Daemon definition at the bottom of this page) may also work at this

level to sort packages based on port number (hence the TCP wrapper program in UNIX and Linux).

3. The TCP packet will be placed inside an IP data packet with a source and destination IP address along

with some other data for network management. This may be done by a combination of your library

function, the operating system and supporting programs.

4. The IP data packet is placed inside an ethernet data packet. This data packet includes the destination and

source address of the network interface cards (NIC) on the two computers. The address here is the

hardware address of the respective cards and is called the MAC address.

5. The ethernet packet is transmitted over the network line.

6. Assuming there is a direct connection between the two computers, the network interface card on machine

B, will recognize its MAC address and grab the data.

7. The IP data packet will be extracted from the ethernet data packet. A combination of deamons and the

operating system will perform this operation.

8. The TCP data packet will be extracted from the IP data packet. A combination of deamons, the operating

system, and libraries called by your program will perform this function.

9. The data will be extracted from the TCP packet. Your program will then display the retrieved data (text) in the text display window for George to read.

Be aware that for the sake of simplicity, we are excluding details such as error management, routing, and

identifying the hardware address of the NIC on the computer intended to receive the data. Also we are not

mentioning the possible rejection of service based on a packet's port number or sender's IP address.

A deamon program is a program that runs in the background on a computer operating system. It is used to

perform various tasks including server functions. It is usually started when the operating system is booted, but a user or administrator may be able to start or stop a daemon at any time.

Network Ports

Not all ports are included here, just the most common ones:
Keyword   Number Protocol(s)                  Description
tcpmux       1  TCP, UDP TCP           Port Service Multiplexer
echo          7 TCP, UDP Echo
discard 9 TCP, UDP Discard
systat 11 TCP Active Users
daytime 13 TCP, UDP Daytime (RFC 867)
qotd 17 TCP Quote of the Day
msp 18 TCP, UDP message send protocol
chargen 19 TCP, UDP Character Generator
ftp-data 20 TCP, UDP File transfer default data
ftp 21 TCP, UDP File transfer control
ssh 22 TCP, UDP Remote login protocol
telnet 23 TCP, UDP Telnet
smtp 25 TCP, UDP Simple Mail Transfer
time 37 TCP, UDP Time
rlp 39 TCP, UDP Resource location protocol
nameserver 42 TCP, UDP Host name server
whois 43 TCP, UDP Who is
re-mail-ck 50 TCP, UDP Remote mail checking protocol
domain 53 TCP, UDP Domain name server
bootps 67 TCP, UDP Bootstrap protocol server
bootpc 68 TCP, UDP Bootstrap protocol client
tftp 69 TCP, UDP Trivial file transfer protocol
gopher 70 TCP, UDP Gopher
finger 79 TCP, UDP Finger
www 80 TCP, UDP World wide web or HTTP
kerberos 88 TCP, UDP Kerberos
supdup 95 TCP, UDP SUPDUP
hostname 101 TCP, UDP NIC Host Name Server
iso-tsap 102 TCP, UDP ISO-TSAP Class 0
csnet-ns 105 TCP, UDP CCSO name server protocol
rtelnet 107 TCP, UDP Remote Telnet Service
pop-2 109 TCP, UDP Post Office Protocol - Version 2
pop-3 110 TCP, UDP Post Office Protocol - Version 3
sunrps 111 TCP, UDP SUN Remote Procedure Call
auth 113 TCP, UDP Authentication Service
sftp 115 TCP, UDP Simple File Transfer Protocol
uucp-path 117 TCP, UDP UUCP Path Service
nntp 119 TCP, UDP Network News Transfer Protocol
nyp 123 TCP, UDP Network Time Protocol
netbios-ne 137 TCP, UDP NETBIOS Name Service
netbios-dgram 138 TCP, UDP NETBIOS Datagram Service
netbios-ssn 139 TCP, UDP NETBIOS Session Service
imap 143 TCP, UDP Internet Message Access Protocol
snmp 161 TCP, UDP SNMP
snmp-trap 162 TCP, UDP SNMPTRAP
cmip-man 163 TCP, UDP CMIP/TCP Manager
cmip-agent 164 TCP, UDP CMIP/TCP Agent
xdmcp 177 TCP, UDP X Display Manager Control Protocol
nextstep 178 TCP, UDP NextStep Window Server
bgp 179 TCP, UDP Border Gateway Protocol
prospero 191 TCP, UDP Prospero Directory Service
irc 194 TCP, UDP Internet Relay Chat Protocol
smux 199 TCP, UDP SMUX
at-rtmp 201/tcp # AppleTalk routing
at-rtmp 201/udp
at-nbp 202/tcp # AppleTalk name binding
at-nbp 202/udp
at-echo 204/tcp # AppleTalk echo
at-echo 204/udp
at-zis 206/tcp # AppleTalk zone information
at-zis 206/udp
qmtp 209/tcp # The Quick Mail Transfer Protocol
qmtp 209/udp # The Quick Mail Transfer Protocol
z3950 210/tcp wais # NISO Z39.50 database
z3950 210/udp wais
ipx 213/tcp # IPX
ipx 213/udp
imap3 220/tcp # Interactive Mail Access
imap3 220/udp # Protocol v3
rpc2portmap 369/tcp
rpc2portmap 369/udp # Coda portmapper
codaauth2 370/tcp
codaauth2 370/udp # Coda authentication server
ulistserv 372/tcp # UNIX Listserv
ulistserv 372/udp
https 443/tcp # MCom
https 443/udp # MCom
snpp 444/tcp # Simple Network Paging Protocol
snpp 444/udp # Simple Network Paging Protocol
saft 487/tcp # Simple Asynchronous File Transfer
saft 487/udp # Simple Asynchronous File Transfer
npmp-local 610/tcp dqs313_qmaster # npmp-local / DQS
npmp-local 610/udp dqs313_qmaster # npmp-local / DQS
npmp-gui 611/tcp dqs313_execd # npmp-gui / DQS
npmp-gui 611/udp dqs313_execd # npmp-gui / DQS
hmmp-ind 612/tcp dqs313_intercell# HMMP Indication / DQS
hmmp-ind 612/udp dqs313_intercell# HMMP Indication / DQS
#
# UNIX specific services
#
exec 512/tcp
biff 512/udp comsat
login 513/tcp
who 513/udp whod
shell 514/tcp cmd # no passwords used
syslog 514/udp
printer 515/tcp spooler # line printer spooler
talk 517/udp
ntalk 518/udp
route 520/udp router routed # RIP
timed 525/udp timeserver
tempo 526/tcp newdate
courier 530/tcp rpc
conference 531/tcp chat
netnews 532/tcp readnews
netwall 533/udp # -for emergency broadcasts
uucp 540/tcp uucpd # uucp daemon
afpovertcp 548/tcp # AFP over TCP
afpovertcp 548/udp # AFP over TCP
remotefs 556/tcp rfs_server rfs # Brunhoff remote filesystem
klogin 543/tcp # Kerberized `rlogin' (v5)
kshell 544/tcp krcmd # Kerberized `rsh' (v5)
kerberos-adm 749/tcp # Kerberos `kadmin' (v5)
#
webster 765/tcp # Network dictionary
webster 765/udp
#
# From ``Assigned Numbers'':
#
#> The Registered Ports are not controlled by the IANA and on most systems
#> can be used by ordinary user processes or programs executed by ordinary
#> users.
#
#> Ports are used in the TCP [45,106] to name the ends of logical
#> connections which carry long term conversations. For the purpose of
#> providing services to unknown callers, a service contact port is
#> defined. This list specifies the port used by the server process as its
#> contact port. While the IANA can not control uses of these ports it
#> does register or list uses of these ports as a convienence to the
#> community.
#
ingreslock 1524/tcp
ingreslock 1524/udp
prospero-np 1525/tcp # Prospero non-privileged
prospero-np 1525/udp
datametrics 1645/tcp old-radius # datametrics / old radius entry
datametrics 1645/udp old-radius # datametrics / old radius entry
sa-msg-port 1646/tcp old-radacct # sa-msg-port / old radacct entry
sa-msg-port 1646/udp old-radacct # sa-msg-port / old radacct entry
radius 1812/tcp # Radius
radius 1812/udp # Radius
radacct 1813/tcp # Radius Accounting
radacct 1813/udp # Radius Accounting
cvspserver 2401/tcp # CVS client/server operations
cvspserver 2401/udp # CVS client/server operations
venus 2430/tcp # codacon port
venus 2430/udp # Venus callback/wbc interface
venus-se 2431/tcp # tcp side effects
venus-se 2431/udp # udp sftp side effect
codasrv 2432/tcp # not used
codasrv 2432/udp # server port
codasrv-se 2433/tcp # tcp side effects
codasrv-se 2433/udp # udp sftp side effect
mysql 3306/tcp # MySQL
mysql 3306/udp # MySQL
rfe 5002/tcp # Radio Free Ethernet
rfe 5002/udp # Actually uses UDP only
cfengine 5308/tcp # CFengine
cfengine 5308/udp # CFengine
bbs 7000/tcp # BBS service
#
#
# Kerberos (Project Athena/MIT) services
# Note that these are for Kerberos v4, and are unofficial. Sites running
# v4 should uncomment these and comment out the v5 entries above.
#
kerberos4 750/udp kerberos-iv kdc # Kerberos (server) udp
kerberos4 750/tcp kerberos-iv kdc # Kerberos (server) tcp
kerberos_master 751/udp # Kerberos authentication
kerberos_master 751/tcp # Kerberos authentication
passwd_server 752/udp # Kerberos passwd server
krb_prop 754/tcp # Kerberos slave propagation
krbupdate 760/tcp kreg # Kerberos registration
kpasswd 761/tcp kpwd # Kerberos "passwd"
kpop 1109/tcp # Pop with Kerberos
knetd 2053/tcp # Kerberos de-multiplexor
zephyr-srv 2102/udp # Zephyr server
zephyr-clt 2103/udp # Zephyr serv-hm connection
zephyr-hm 2104/udp # Zephyr hostmanager
eklogin 2105/tcp # Kerberos encrypted rlogin
#
# Unofficial but necessary (for NetBSD) services
#
supfilesrv 871/tcp # SUP server
supfiledbg 1127/tcp # SUP debugging
#
# Datagram Delivery Protocol services
#
rtmp 1/ddp # Routing Table Maintenance Protocol
nbp 2/ddp # Name Binding Protocol
echo 4/ddp # AppleTalk Echo Protocol
zip 6/ddp # Zone Information Protocol
#
# Services added for the Debian GNU/Linux distribution
poppassd 106/tcp # Eudora
poppassd 106/udp # Eudora
mailq 174/tcp # Mailer transport queue for Zmailer
mailq 174/tcp # Mailer transport queue for Zmailer
ssmtp 465/tcp # SMTP over SSL
gdomap 538/tcp # GNUstep distributed objects
gdomap 538/udp # GNUstep distributed objects
snews 563/tcp # NNTP over SSL
ssl-ldap 636/tcp # LDAP over SSL
omirr 808/tcp omirrd # online mirror
omirr 808/udp omirrd # online mirror
rsync 873/tcp # rsync
rsync 873/udp # rsync
simap 993/tcp # IMAP over SSL
spop3 995/tcp # POP-3 over SSL
socks 1080/tcp # socks proxy server
socks 1080/udp # socks proxy server
rmtcfg 1236/tcp # Gracilis Packeten remote config
server
xtel 1313/tcp # french minitel
support 1529/tcp # GNATS
cfinger 2003/tcp # GNU Finger
ninstall 2150/tcp # ninstall service
ninstall 2150/udp # ninstall service
afbackup 2988/tcp # Afbackup system
afbackup 2988/udp # Afbackup system
icp 3130/tcp # Internet Cache Protocol (Squid)
icp 3130/udp # Internet Cache Protocol (Squid)
postgres 5432/tcp # POSTGRES
postgres 5432/udp # POSTGRES
fax 4557/tcp # FAX transmission service
(old)
hylafax 4559/tcp # HylaFAX client-server protocol
(new)
noclog 5354/tcp # noclogd with TCP (nocol)
noclog 5354/udp # noclogd with UDP (nocol)
hostmon 5355/tcp # hostmon uses TCP (nocol)
hostmon 5355/udp # hostmon uses TCP (nocol)
ircd 6667/tcp # Internet Relay Chat
ircd 6667/udp # Internet Relay Chat
webcache 8080/tcp # WWW caching service
webcache 8080/udp # WWW caching service
tproxy 8081/tcp # Transparent Proxy
tproxy 8081/udp # Transparent Proxy
mandelspawn 9359/udp mandelbrot # network mandelbrot
amanda 10080/udp # amanda backup services
kamanda 10081/tcp # amanda backup services (Kerberos)
kamanda 10081/udp # amanda backup services (Kerberos)
amandaidx 10082/tcp # amanda backup services
amidxtape 10083/tcp # amanda backup services
isdnlog 20011/tcp # isdn logging system
isdnlog 20011/udp # isdn logging system
vboxd 20012/tcp # voice box system
vboxd 20012/udp # voice box system
binkp 24554/tcp # Binkley
binkp 24554/udp # Binkley
asp 27374/tcp # Address Search Protocol
asp 27374/udp # Address Search Protocol
tfido 60177/tcp # Ifmail
tfido 60177/udp # Ifmail
fido 60179/tcp # Ifmail
fido 60179/udp # Ifmail
# Local services
linuxconf 98/tcp
swat 901/tcp # Add swat service used via inetd

Simple Network Management Protocol

Simple Network Management Protocol (SNMP) is used as the transport protocol for network
management. Network management consists of network management stations communicating with
network elements such as hosts, routers, servers, or printers. The agent is the software on the network
element (host, router, printer) that runs the network management software. Therefore when the word
agent is used it is referring to the network element. The agent will store information in a management
information base (MIB). Management software will poll the various network devices and get the
information stored in them. RFC 1155, 1157, and 1213 define SNMP with RFC 1157 defining the
protocol itself. The manager uses UDP port 61 to send requests to the agent and the agent uses UDP port
62 to send replies or messages to the manager. The manager can ask for data from the agent or set
variable values in the agent. Agents can reply and report events.
There are three supporting pieces to TCP/IP network management:
1. Management Information BASE (MIB) specifies variables the network elements maintain.
2. A set of common structures and a way to reference the variables in the database.
3. The protocol used to communicate between the manager and the network element agent which is
SNMP.
SNMP collects information two ways:
1. The devices on the network are polled by management stations.
2. Devices send alerts to SNMP management stations. The public community may be added to the
alert list so all management stations will receive the alert.
SNMP must be installed on the devices to do this. SNMP terms:
l Baseline - A report outlining the state of the network.
l Trap - An alert that is sent to a management station by agents.
l Agent - A program at devices that can be set to watch for some event and send a trap message to a
management station if the event occurs.
The network manager can set the threshold of the monitored event that will trigger the sending of the trap
message. SNMP enables counters for monitoring the performance of the network used in conjunction
with Performance Monitor.
SNMP Communities
An SNMP community is the group that devices and management stations running SNMP belong to. It
Simple Network Management Protocol
helps define where information is sent. The community name is used to identify the group. A SNMP
device or agent may belong to more than one SNMP community. It will not respond to requests from
management stations that do not belong to one of its communities. SNMP default communities are:
l Write = private
l Read = public
SNMP Security
SNMP should be protected from the internet with a firewall. Beyond the SNMP community structure,
there is one trap that adds some security to SNMP.
l Send Authentication Trap - When a device receives an authentication that fails, a trap is sent to a
management station.
Other configuration parameters that affect security are:
l Accepted Community Names - Only requests from computers in the list of community names will
be accepted.
l Accept SNMP Packets from Any Host - This is checked by default. Setting specific hosts will
increase security.
l Only Accept SNMP Packets from These Hosts - Only requests from hosts on the list of IP
addresses are accepted. Use IP, or IPX address or host name to identify the host.
SNMP Message Types
There are five types of messages exchanged in SNMP. They are referred to by Protocol Data Unit (PDU)
type.
PDU Type Name Description
0 get-request Get one or more variables .(manager to element)
1 get-next-request
Get next variable after one or more specified variables. (manager to
element)
2 set-request Set one or more variables. (manager to element)
3 get-response Return value of one or More variables. (element to manager)
4 trap Notify manager of an event. (element to manager)
The SNMP message with PDU type 0-3 consists of:
Simple Network Management Protocol
1. Version of SNMP
2. Community - A clear text password character string
3. PDU type
4. Request ID - Used to associate the request with the response. For PDU 0-2, it is set by the
manager.
5. error status - An integer sent by the agent to identify an error condition
Error Name Description
0 no error OK
1 too big Reply does not fit into one message
2 no such name The variable specified does not exist
3 bad value Invalid value specified in a set request.
4 read only The variable to be changed is read only.
5 general error General error
6. error index - Specifies which variable was in error when an error occurred. It is an integer offset.
7. name - The name of the variable (being set or read).
8. value - The value of the variable (being set or read)
9. any other names and values to get/set
The SNMP message with PDU type 4 (trap) consists of:
1. PDU type
2. Enterprise - The agents OBJECT IDENTIFIER or system objects ID. Falls under a node in the
MIB tree.
3. agent addr - The IP address of the agent.
4. Trap type - Identifies the type of event being reported.
Trap Type Name Description
0 cold start Agent is booting
1 warm start Agent is rebooting
2 link down An interface has gone down
3 link up An interface has come up
4 authentification failure An invalid community (password) was received in a message.
5 egp neighbor loss An EGP peer has gone down.
6 enterprise specific Look in the enterprise code for information on the trap
5. Specific code - Must be 0.
6. Time stamp - The time in 1/100ths of seconds since the agent initialized.
7. name
8. Value
9. Any other names and values
Types of data used:
l INTEGER - Some have minimum and maximum values.
l OCTET STRING - The number of bytes in the string is before the string.
l DISPLAY STRING - Each byte must be an ASCII value
l OBJECT IDENTIFIER - Specifies a data type allocated by an organization with responsibility for
a group of identifiers. A sequence of integers separated by decimals which follow a tree structure.
l NULL - Used as the value of all variables in a get request.
l IpAddress - A 4 byte long OCTET STRING. One byte for each byte of the IP address.
l PhysAddress - A 6 byte octet string specifying an ethernet or hardware address.
l Counter - A 32 bit unsigned integer
l GaugeAn unsigned 32 bit integer with a value that can increase or decrease but wont fall below a
minimum or exceed a maximum.
l TimeTicks - Time counter. Counts in 1/100 of seconds.
l SEQUENCE - Similar to a programming structure with entries of type IPAddress called
udpLocalAddress and type INTEGER called udpLocalPort.
l SEQUENCE OF - An array with elements with one type.
The MIB data structure RFC 1213
In the above list the data type "OBJECT IDENTIFIER" is listed as a part of the management information
database. These object identifiers are referenced very similar to a DNS tree with a directory at the top
called root. Each node in the tree is given a text name and is also referenced numerically similar to IP
addresses. There are multiple levels in the tree with the bottom level being variables, and the next one up
is called group. The packets sent in SNMP use numeric identifiers rather than text. All identifiers begin
with iso(1).org(3).dod(6).internet(1).mgmt(2).mib(1). Numerically, that is 1.3.6.1.2.1. In text it is
"iso.org.dod.internet.mgmt.mib". Under mib are the following groups. The information in these groups is
not complete and you should refer to the RFC for full information.
1. system
1. sysDesc (DisplayString) - Description of entity
2. sysObjectID (ObjectID) - Vendors ID in the subtree (1.3.6.1.4.1.
3. sysUPTime (Timer) - Time the system has been up
4. sysContact (DisplayString) - Name of contact person
5. sysName (DisplayString) - Domain name of the element such as
mymachine.mycompany.com
6. sysLocation (DisplayString) - Physical location of the element.
7. sysServices 0x1-physical, 0x02-datalink, 0x04-internet, 0x08 end to end, 0x40-application.
If the bit is set the service is provided
2. interfaces
1. ifNumber (INTEGER) - Number of network interfaces
2. ifTable (table)

1. ifIndex
2. ifDescr - Description of interface
3. ifType - 6=ethernet, 7=802.3 ethernet, 9=802.5 token ring, 23 = PPP, 28=SLIP
4. ifMtu
5. ifSpeed - Bits/second
6. ifPhysAddress
7. ifAdminStatus - Desired state of interface 1=up, 2=down, 3=testing
8. ifOperStatus - Current state of interface 1=up, 2=down, 3=testing
9. ifLastchange
10. ifInOctets - Total bytes received
11. ifInUcastPkts
12. ifInNUcastPkts
13. ifInDiscards
14. ifInErrors
15. ifInUnknownProtos
16. ifOutOctets
17. ifOutUcastPkts
18. ifOutNUcastPkts
19. ifOutDiscards
20. ifOutErrors
21. ifOutQLen
22. ifSpecific
3. at - Address translation group
1. atIfIndex (INTEGER) - Interface number
2. atPhysAddress (PhyAddress)
3. atNetAddress (NetworkAddress) - IP address
4. ip
1. ipForwarding
2. ipDefaultTTL (INTEGER)
3. ipInReceives (counter)
4. ipInHdrErrors (counter)
5. ipInAddrErrors (counter)
6. ipForwDatagrams (counter)
7. ipInUnknownProtos (counter)
8. ipInDiscards (counter)
9. ipInDelivers (counter)
10. ipOutRequests (counter)
11. ipOutDiscards (counter)
12. ipOutNoRoutes (INTEGER)
13. ipReasmTimeout (counter)
14. ipReasmReqds (counter) - Number of IP fragments received that need to be reassembled.
15. ipReasmOKs (counter)
16. ipReasmFails (counter)
Simple Network Management Protocol
17. ipFragOKs (counter)
18. ipFragFails (counter)
19. ipFragCreates (counter)
20. ipRoutingDiscards (counter)
21. ipAddrTable (table)
1. ipAddrEntry (index)
1. ipAdEntAddr
2. ipAdEntIfIndex
3. ipAdEntNetMask
4. ipAdEntBcastAddr
5. ipAdEntReasmMaxSize
5. icmp
6. tcp
7. udp
1. udpInDatagrams (counter) - UDP datagrams delivered to user processes.
2. udpNoPorts (counter) - UDP datagrams which were not received at the port since there
was no application to receive it.
3. udpInErrors (counter) - Number of UDP datagrams not delivered for reasons other than no
applications available to receive them.
4. udpOutDatagrams (counter) - Number of UDP datagrams sent.
5. udpTable (table)
1. udpEntry - Specifies the table entry number
1. udpLocalAddress
2. udpLocalPort
The ordering of data in the MIB is numeric. When the getnext function is used it gets the next data based
on the numeric ordering.

Network Categories

TDP/IP includes a wide range of protocols which are used for a variety of purposes on the network. The set of protocols that are a part of TCP/IP is called the TCP/IP protocol stack or the TCP/IP suite of protocols.
Considering the many protocols, message types, levels, and services that TCP/IP networking supports, I believe it would be very helpful to categorize the various protocols that support TCP/IP networking and define their respective contribution to the operation of networking. Unfortunately I have never seen this done to any real extent, but believe it would be worthwhile to help those learning networking understand it faster and better. I cannot guarantee that experts will agree with the categorizations that will be provided here, but they should help the reader get the big picture on the various protocols, and thus clarify what the reason or need is for each protocol.
As mentioned previously, there are four TCP/IP layers. They are link, network, transport, and application. The link layer is the hardware layer that provides ability to send messages between multiple locations. In the case of this document, ethernet provides this capability. Below I define several categories some of which fit into the 4 layer protocol levels described earlier. I also define a relative fundamental importance to the ability of the network to function at all. Importance includes
essential, critical, important, advanced, useful.
1. Essential - Without this all other categories are irrelevant.
2. Critical - The network, as designed, is useless without this ability.
3. Important - The network could function, but would be difficult to use and manage.
4. Advanced - Includes enhancements that make the network easier to use and manage.
5. Useful - Functionality that you would like to be able to use as a network user. Applications or some functionality is supported here. Without this, why build a network?
The categories are:
Name(layer) Importance Names of protocols What it does
Hardware(link) Essential
ethernet, SLIP, PPP, Token Ring, ARCnet
Allows messages to be packaged and sent
between physical locations.
Package management(network) Essential IP, ICMP
Manages movement of messages and
reports errors. It uses message protocols
and software to manage this process.
(includes routing)
Inter layer communication Essential ARP
Communicates between layers to allow one
layer to get information to support another
layer. This includes broadcasting
Service control(transport) Critical TCP, UDP
Controls the management of service
between computers. Based on values in
TCP and UDP messages a server knows
what service is being requested.
Application and user support Important DNS, RPC
DNS provides address to name translation
for locations and network cards. RPC
allows remote computer to perform
functions on other computers.
Network Management Advanced
RARP, BOOTP, DHCP, IGMP,
SNMP,RIP, OSPF, BGP, CIDR
Enhances network management and
increases functionality

Utility(Application) Useful
FTP, TFTP, SMTP, Telnet, NFS,
ping, Rlogin
Provides direct services to the user.
There are exceptions to my categorizations that don't fit into the normal layering scheme, such as IGMP is normally part of the link layer, but I have tried to list these categorizations according to network functions and their relative importance to the operation of the network. Also note that ethernet, which is not really a protocol, but an IEEE standard along with PPP, SLIP, TokenRing, and ArcNet are not TCP/IP protocols but may support TCP/IP at the hardware or link layer, depending on the network topology.
The list below gives a brief description of each protocol
l ethernet - Provides for transport of information between physical locations on ethernet cable. Data is passed in ethernet packets
l SLIP - Serial line IP (SLIP), a form of data encapsulation for serial lines.
l PPP - Point to point protocol (PPP). A form of serial line data encapsulation that is an improvement over SLIP.
l IP - Internet Protocol (IP). Except for ARP and RARP all protocols' data packets will be packaged into an IP data
packet. Provides the mechanism to use software to address and manage data packets being sent to computers.
l ICMP - Internet control message protocol (ICMP) provides management and error reporting to help manage the
process of sending data between computers.
l ARP - Address resolution protocol (ARP) enables the packaging of IP data into ethernet packages. It is the system
and messaging protocol that is used to find the ethernet (hardware) address from a specific IP number. Without this
protocol, the ethernet package could not be generated from the IP package, because the ethernet address could not be
determined.
l TCP - A reliable connection oriented protocol used to control the management of application level services between
computers.
l UDP - An unreliable connection less protocol used to control the management of application level services between
computers.
l DNS - Domain Name Service, allows the network to determine IP addresses from names and vice versa.
l RARP - Reverse address resolution protocol (RARP) is used to allow a computer without a local permanent data
storage media to determine its IP address from its ethernet address.
l BOOTP - Bootstrap protocol is used to assign an IP address to diskless computers and tell it what server and file to
load which will provide it with an operating system.
l DHCP - Dynamic host configuration protocol (DHCP) is a method of assigning and controlling the IP addresses of
computers on a given network. It is a server based service that automatically assigns IP numbers when a computer
boots. This way the IP address of a computer does not need to be assigned manually. This makes changing networks
easier to manage. DHCP can perform all the functions of BOOTP.
l IGMP - Internet Group Management Protocol used to support multicasting.
l SNMP - Simple Network Management Protocol (SNMP). Used to manage all types of network elements based on
various data sent and received.
l RIP - Routing Information Protocol (RIP), used to dynamically update router tables on WANs or the internet.
l OSPF - Open Shortest Path First (OSPF) dynamic routing protocol.
l BGP - Border Gateway Protocol (BGP). A dynamic router protocol to communicate between routers on different
systems.
l CIDR - Classless Interdomain Routing (CIDR).
l FTP - File Transfer Protocol (FTP). Allows file transfer between two computers with login required.
l TFTP - Trivial File Transfer Protocol (TFTP). Allows file transfer between two computers with no login required. It
is limited, and is intended for diskless stations.
l SMTP - Simple Mail Transfer Protocol (SMTP).
l NFS - Network File System (NFS). A protocol that allows UNIX and Linux systems remotely mount each other's file systems.

l Telnet - A method of opening a user session on a remote host.
l Ping - A program that uses ICMP to send diagnostic messages to other computers to tell if they are reachable over the
network.
l Rlogin - Remote login between UNIX hosts. This is outdated and is replaced by Telnet.
Each protocol ultimately has it's data packets wrapped in an ethernet, SLIP, or PPP packet (at the link level) in order to be
sent over the ethernet cable. Some protocol data packets are wrapped sequentially multiple times before being sent. For
example FTP data is wrapped in a TCP packet which is wrapped in a IP packet which is wrapped in a link packet (normally
ethernet). The diagram below shows the relationship between the protocols' sequential wrapping of data packets.

Address Resolution Protocol

ARP and RARP Address Translation

Address Resolution Protocol (ARP) provides a completely different function to the network than Reverse
Address Resolution Protocol (RARP). ARP is used to resolve the ethernet address of a NIC from an IP
address in order to construct an ethernet packet around an IP data packet. This must happen in order to
send any data across the network. Reverse address resolution protocol (RARP) is used for diskless
computers to determine their IP address using the network.
Address Resolution Protocol (ARP)
In an earlier section, there was an example where a chat program was written to communicate between
two servers. To send data, the user (Tom) would type text into a dialog box, hit send and the following
happened:
1. The program passed Tom's typed text in a buffer, to the socket.
2. The data was put inside a TCP data packet with a TCP header added to the data. This header
contained a source and destination port number along with some other information and a
checksum.
3. The TCP packet was be placed inside an IP data packet with a source and destination IP address
along with some other data for network management.
4. The IP data packet was placed inside an ethernet data packet. This data packet includes the
destination and source address of the network interface cards (NIC) on the two computers. The
address here is the hardware address of the respective cards and is called the MAC address.
5. The ethernet packet was transmitted over the network line.
6. With a direct connection between the two computers, the network interface card on the intended
machine, recognized its address and grabbed the data.
7. The IP data packet was extracted from the ethernet data packet.
8. The TCP data packet was extracted from the IP data packet.
9. The data was extracted from the TCP packet and the program displayed the retrieved data (text) in
the text display window for the intended recipient to read.
In step 4 above, the IP data was going to be placed inside an ethernet data packet, but the computer
constructing the packet does not have the ethernet address of the recipient's computer. The computer that
is sending the data, in order to create the ethernet part of the packet, must get the ethernet hardware
(MAC) address of the computer with the intended IP address. This must be accomplished before the
ethernet packet can be constructed. The ethernet device driver software on the receiving computer is not
programmed to look at IP addresses encased in the ethernet packet. If it did, the protocols could not be
independent and changes to one would affect the other. This is where address resolution protocol (ARP)
is used. Tom's computer sends a network broadcast asking the computer that has the recipient's IP
address to send it's ethernet address. This is done by broadcasting. The ethernet destination is set with all
bits on so all ethernet cards on the network will receive the data packet. The ARP message consists of an
ethernet header and ARP packet. The ethernet header contains:
1. A 6 byte ethernet destination address.
2. A 6 byte ethernet source address.
3. A 2 byte frame type. The frame type is 0806 hexadecimal for ARP and 8035 for RARP
The encapsulated ARP data packet contains the following:
1. Type of hardware address (2 bytes). 1=ethernet.
2. Type of protocol address being mapped( 2 bytes). 0800H (hexadecimal) = IP address.
3. Byte size of the hardware address (1 byte). 6
4. Byte size of the protocol address (1 byte). 4
5. Type of operation. 1 = ARP request, 2=ARP reply, 3=RARP request, 4=RARP reply.
6. The sender's ethernet address (6 bytes)
7. The sender's IP address (4 bytes)
8. The recipient's ethernet address (6 bytes)
9. The recipient's IP address (4 bytes)
When the ARP reply is sent, the recipient's ethernet address is left blank.
In order to increase the efficiency of the network and not tie up bandwidth doing ARP broadcasting, each
computer keeps a table of IP addresses and matching ethernet addresses in memory. This is called ARP
cache. Before sending a broadcast, the sending computer will check to see if the information is in it's
ARP cache. If it is it will complete the ethernet data packet without an ARP broadcast. Each entry
normally lasts 20 minutes after it is created. RFC 1122 specifies that it should be possible to configure
the ARP cache timeout value on the host. To examine the cache on a Windows, UNIX, or Linux
computer type "arp -a".
If the receiving host is on another network, the sending computer will go through its route table and
determine the correct router (A router should be between two or more networks) to send to, and it will
substitute the ethernet address of the router in the ethernet message. The encased IP address will still
have the intended IP address. When the router gets the message, it looks at the IP data to tell where to
send the data next. If the recipient is on a network the router is connected to, it will do the ARP
resolution either using it's ARP buffer cache or broadcasting.
Reverse Address Resolution Protocol (RARP)
As mentioned earlier, reverse address resolution protocol (RARP) is used for diskless computers to
determine their IP address using the network. The RARP message format is very similar to the ARP
format. When the booting computer sends the broadcast ARP request, it places its own hardware address
in both the sending and receiving fields in the encapsulated ARP data packet. The RARP server will fill
in the correct sending and receiving IP addresses in its response to the message. This way

Network Topology

A network consists of multiple computers connected using some type of interface, each having one or more
interface devices such as a Network Interface Card (NIC) and/or a serial device for PPP networking. Each
computer is supported by network software that provides the server or client functionality. The hardware used to transmit data across the network is called the media. It may include copper cable, fiber optic, or wireless
transmission. The standard cabling used for the purposes of this document is 10Base-T category 5 ethernet cable. This is twisted copper cabling which appears at the surface to look similar to TV coaxial cable. It is terminated on each end by a connector that looks much like a phone connector. Its maximum segment length is 100 meters.
There are two main types of network categories which are:
l Server based
l Peer-to-peer
In a server based network, there are computers set up to be primary providers of services such as file service or mail service. The computers providing the service are are called servers and the computers that request and use the service are called client computers.
In a peer-to-peer network, various computers on the network can act both as clients and servers. For instance, many Microsoft Windows based computers will allow file and print sharing. These computers can act both as a client and a server and are also referred to as peers. Many networks are combination peer-to-peer and server based networks. The network operating system uses a network data protocol to communicate on the network to other computers. The network operating system supports the applications on that computer. A Network Operating System (NOS) includes Windows NT, Novell Netware, Linux, Unix and others.
Three Network Topologies
The network topology describes the method used to do the physical wiring of the network. The main ones are bus, star, and ring.

1. Bus - Both ends of the network must be terminated with a terminator. A barrel connector can be used to
extend it.
2. Star - All devices revolve around a central hub, which is what controls the network communications, and
can communicate with other hubs. Range limits are about 100 meters from the hub.
3. Ring - Devices are connected from one to another, as in a ring. A data token is used to grant permission for
each computer to communicate.
There are also hybrid networks including a star-bus hybrid, star-ring network, and mesh networks with
connections between various computers on the network. Mesh networks ideally allow each computer to have a direct connection to each of the other computers. The topology this documentation deals with most is star topology since that is what ethernet networks use.

Network Troubleshooting

Documentation
Document the network installation and configuration
l Cable installation information - Cable types with network diagrams showing jacks
l Equipment information - Where the equipment was purchased with serial numbers, vendors and
warranty information.
l Network resources - Document commonly used resources including drive mappings.
l Network addressing - Record the allocation of network addresses with diagrams.
l Network connections - Document or diagram how your network is connected to other networks.
l Software configuration - Software is installed on each network node outlining the sequence of
software and driver installation required. Also document configuration files.
l User administration - Determine methods and policies for user names, passwords, and groups.
l Policies and procedures - Be sure network policies and procedures are defined and necessary
personnel are aware of them.
l Base network performance - Determine normal traffic levels on the network.
l Hardware or software changes - document all changes to the network and record dates.
l Software licenses - Be sure you have valid software licenses for all software with license serial
numbers recorded.
l Keep a history of troubleshooting - Record network problems and their solutions.
Troubleshooting and network management tools
l SMS - Systems Management Server from Microsoft can collect information of software on each
computer and can install and configure new software on the client computers. It will also monitor
network traffic.
Performance Monitoring Benefits
l Identify network bottlenecks.
l Identifying network traffic pattern trends.
l Provide information to help develop plans for increasing network performance.
l Determine the effects of hardware or software changes.
l Provide information to help forecast future needs.
Microsoft Complex Problem Structured Approach
1. Set the problem's priority
file:///D|/Systems/independent/html%20docs/pdfguides/netguide/nettrouble.html (1 of 2) [12/1/2002 4:15:54 PM]
2. Identify the symptoms.
3. Determine possible causes.
4. Perform tests to determine the problem cause.
5. Identify a solution by studying the test results.
Troubleshooting Tools
l DVM - Digital volt meter.
l TDR - Time-domain reflectometer sends a sonar like electrical pulse down a cable and can
determine the location of a break in the cable. The pulse is reflected back to the TDR and the
TDR can tell where the break is by timing the time it takes for the pulse to return.
l Advanced Cable testers -
l Protocol analyzers - They are usually a mix of hardware and software and may also be referred to
as network analyzers. They monitor network traffic and examining packets, collecting data that
helps determine the network performance. They can locate:
m Faulty NICs or components
m Network bottlenecks
m Abnormal network traffic from a computer
m Conflicting applications
m Connection errors
Windows NT Server 4.0 includes the Network Monitor tool which is a software based protocol
analyzer.
l Advanced cable testers - Can determine a cable's impedance, resistance, attenuation, and if the
cable is broke or shorted. Advanced cable testers can acquire information about message network
collisions, frame counts, and congestion errors.
If thinnet cable is broken its resistance would go from the normal of 50 ohms to infinity.
l Network monitors - Used to monitor network traffic. They can examine network packets, where
they are from and where they are going. They can also generate reports and shows graphic
statistics about the network. The network monitors work through all layers of the OSI model
except the hardware layer. Windows NT provides the Performance Monitor tool software as a
network monitor.
l Terminators - They are placed on one end of a network cable so the cable will have proper
impedance. This is also a way to check the cable to be sure it is not broken.

Network Fault Tolerance

Redundant Array of Inexpensive disks (RAID)
RAID is a fault tolerant method of storing data, meaning that a failure can occur and the system will still
function. The various RAID categories are:
l 0 - Disk striping - Data is written across multiple drives in parallel. Different parts of the data is
written at the same time to more than one drive. If there are two drives, half the data is written to
one drive, while the rest of the data is written to the other drive. All partitions on striped drives
must be the same size. No fault tolerance is provided with RAID-0.
l 1 - Disk mirroring - All the data is written to two drives so each drive has a complete of all stored
data. If one drive fails, the other can be used to get a copy of the data. To be more fault tolerant,
more than one controller card may be used to control the mirrored hard drives. This is called disk
duplexing and will allow the system to keep functioning if one controller card fails.
l 2 - Disk striping with error correction codes (ECC).
l 3 - Disk striping with ECC parity information stored on a separate drive.
l 4 - Disk striping with blocks with parity information stored on a separate drive.
l 5 - Disk striping with blocks with parity information stored using multiple drives. Uses five disks
with one fifth of each one to store parity information.
Sector Sparing
Sector sparing will detect when data is going to be read from or written to a bad sector on the hard drive
and will move the data to a good sector. The bad sector is marked as not available so it is not used again.
Windows NT support Supports RAID-0,1, and 5 along with sector sparing.
Terms:
l DAT - Digital Audio Tape
l Sector Sparing - A method of fault tolerance that automatically identifies and marks bad sectors as
not available. It is also called hot-fixing.
l SLED - Single Large Inexpensive disk - The concept that a large disk costs less per amount of
storage than several smaller ones. Somehow this concept is used as a means of fault tolerance.

Wide Area Networks

Wide Area Networks (WAN) refers to the technologies used to connect offices at remote loactions. The
size of a network is limited due to size and distance constraints. However networks may be connected
over a high speed communications link (called a WAN link) to link them together and thus become a
WAN. WAN links are usually:
l Dial up connection
l Dedicated connection - It is a permanent full time connection. When a dedicated connection is
used, the cable is leased rather than a part of the cable bandwidth and the user has exclusive use.
l Switched network - Several users share the same line or the bandwidth of the line. There are two
types of switched networks:
1. Circuit switching - This is a temporary connection between two points such as dial-up or
ISDN.
2. Packet switching - This is a connection between multiple points. It breaks data down into
small packets to be sent across the network. A virtual circuit can improve performance by
establishing a set path for data transmission. This will shave some overhead of a packet
switching network. A variant of packet switching is called cell-switching where the data is
broken into small cells with a fixed length.
WAN Connection Technologies
l X.25 - This is a set of protocols developed by the CCITT/ITU which specifies how to connect
computer devices over a internetwork. These protocols use a great deal of error checking for use
over unreliable telephone lines. Their speed is about 64Kbps. Normally X.25 is used on packed
switching PDNs (Public Data Networks). A line must be leased from the LAN to a PDN to
connect to an X.25 network. A PAD (packet assembler/disassembler) or an X.25 interface is used
on a computer to connect to the X.25 network. CCITT is an abbreviation for International
Telegraph and Telephone Consultative Committee. The ITU is the International
Telecommunication Union.
l Frame Relay - Error checking is handled by devices at both sides of the connection. Frame relay
uses frames of varying length and it operates at the data link layer of the OSI model. A permanent
virtual circuit (PVC) is established between two points on the network. Frame relay speed is
between 56Kbps and 1.544Mbps. Frame relay networks provide a high-speed connection up to
1.544Mbps using variable-length packet-switching over digital fiber-optic media.
l Switched Multi-megabit Data Service (SMDS) - Uses fixed length cell switching and runs at
speeds of 1.533 to 45Mbps. It provides no error checking and assumes devices at both ends
provide error checking.
l Telephone connections
m Dial up
m Leased lines - These are dedicated analog lines or digital lines. Dedicated digital lines are
Wide Area Networks
called digital data service (DDS) lines. A modem is used to connect to analog lines, and a
Channel Service Unit/Data Service Unit or Digital Service Unit(CSU/DSU) is used to
connect to digital lines. The DSU connects to the LAN and the CSU connects to the line.
m T Carrier lines - Multiplexors are used to allow several channels on one line. The T1 line is
basic T Carrier service. The available channels may be used separately for data or voice
transmissions or they may be combined for more transmission bandwidth. The 64Kbps
data transmission rate is referred to as DS-0 (Digital Signal level 0) and a full T1 line is
referred to as DS-1.
Signal System Total Kbps Channels Number of equivalent T1 lines
DS-1 T1 1544 24 1
DS-2 T2 6312 96 4
DS-3 T3 44736 672 28
DS-4 T4 274760 4032 3668
T1 and T3 lines are the most common lines in use today. T1 and T2 lines can use standard
copper wire. T3 and T4 lines require fiber-optic cable or other high-speed media. These
lines may be leased partially called fractional T1 or fractional T3 which means a customer
can lease a certain number of channels on the line. A CSU/DSU and a bridge or router is
required to connect to a T1 line.
m Integrated Services Digital Network (ISDN) - Comes in two types and converts analog
signals to digital for transmission.
n Basic Rate ISDN (BRI) - Two 64Kbps B-channels with one 16Kbps D channel.
The D-channel is used tor call control and setup.
n Primary Rate ISDN (PRI) - 23 B-channels and one D channel.
A device resembling a modem (called an ISDN modem) is used to connect to ISDN. The
computer and telephone line are plugged into it.
m Switched-56 - A switched line similar to a leased line where customers pay for the time
they use the line.
l Asynchronous Transfer Mode (ATM) - May be used over a variety of media with both
baseband and broadband systems. It uses fixed length data packets of 53 bytes called cell
switching. 5 bytes contain header information. It uses hardware devices to perform the switching
of the data. Speeds of up to 622 Mbps can be achieved. Error checking is done at the receiving
device, not by ATM. A permanent virtual connection is established (PVC).
l Synchronous Optical Network (SONET) - a physical layer standard that defines voice, data, and
video delivery methods over fiber optic media. It defines data rates in terms of optical carrier
(OC) levels. The transmission rate of OC-1 is 51.8 Mbps. Each level runs at a multiple of the first.
The OC-5 data rate is 5 times 51.8 Mbps which is 259 Mbps. SONET also defines synchronous
transport signals (STS) for copper media which use the same speed scale of OC levels. STS-3
runs at the same speed of OC-3. Mesh or ring topology is used to support SONET. SONET uses
multiplexing. The ITU has incorporated SONET into their Synchronous Digital Hierarchy (SDH)
recommendations.

Network Applications

There are three categories of applications with regard to networks:
1. Stand alone applications - Includes editors
2. Network versions of stand alone applications - May be licensed for multiple users.
3. Applications only for a network include databases, mail, group scheduling, groupware.
Models for network applications
1. Client-server - Processing is split between the client which interacts with the user and the server
performing back end processing.
2. Shared file systems - The server is used for file storage and the processing of the file is done on
the client computer.
3. Applications that are centralized - An example is a Telnet session. The data and the program run
on the central computer and the user uses an interface such as the Telnet client or X server to send
commands to the central computer and to see the results.
E-mail Systems
l Novell GroupWise - Also called Windows Messaging
l Microsoft Mail
l Microsoft Exchange - This is for the Microsoft Exchange Server. There is a Microsoft Exchange
client for the Microsoft Exchange server and a client for an internet mail account only.
l Lotus Notes
l cc:Mail - From Lotus and IBM
There are several types of programs used in the process of sending and receiving mail. They are:
l MUA - Mail users agent. This is the program a user will use to type e-mail. It usually incorporates
an editor for support. The user types the mail and it is passed to the sending MTA. This may also
be called the user agent (UA).
l MTA - Message transfer agent is used to pass mail from the sending machine to the receiving
machine. There is a MTA program running on both the sending and receiving machine. Sendmail
is a MTA.
l MS - Message Store is a storage area for messages that can't be delivered immediately when the
recipient is off-line.
l AU - Access Unit provides access to resources like fax, telex, and teletex.
l LDA - Local delivery agent on the receiving machine receives the mail from its MTA. This
program is usually procmail.
l Mail notifier - This program notifies the recipient that they have mail. Normally this requires two
Network Applications
programs, biff and comsat. Biff allows the administrator or user to turn on comsat service.
Other components of mail service include:
l Directory services - A list of users on a system. Microsoft provides a Global Address List and a
Personal Address Book.
l Post Office - This is where the messages are stored.
Mail API
Mail application programming interfaces (APIs) allow e-mail support to be integrated into application
programs.
l MAPI - Microsoft's Messaging API incorporated throughout Microsoft's office products provides
support for mail at the application level.
l VIM - Vendor-Independent Messaging protocol from Lotus is supported by many vendors
exclusive of Microsoft.
Message Handling Service (MHS)
l MHS and Global MHS by Novell
l MHS by OSI - It is called MOTIS (message-oriented text interchange system).
X.500
This is a recommendation outlining how an organization can share objects and names on a large network.
It is hierarchical similar to DNS, defining domains consisting of organizations, divisions, departments,
and workgroups. The domains provide information about the users and available resources on that
domain, This X.500 system is like a directory. Its recommendation comes from the International
Telegraph and Telephone Consultative Committee (CCITT).
Scheduling systems
l Microsoft Schedule+
l Lotus Organizer
Groupware
Used for various electronic communication to enable a group to work together better. Functions may
include group discussion, submission of reports and time sheets electronically, an on line help desk
Network Applications
database, forms design and access, and creating a document as a group such as configuration
management.
Database Management Systems (DBMS)
They are used to share data on a network. DBMS standards for distributed databases:
l SQL - Structured Query Language is a database access language. It is used by most client/server
database applications.
l ODBC - Open Database Connectivity (ODBC) from Microsoft lets application developers
integrate database connections in applications. It is an application programming interface (API).
ODBC drivers convert an application's query int SQL and send it to the database engine program.
l DRDA - Distributed Relational Database Architecture is from IBM.
When information is processed in a distributed database, it is called a transaction. The two phases of a
transaction are:
1. Write or Update - The data is temporarily updated. An abort can cancel what this phase did by
removing the changed data from a temporary storage area.
2. Commit - The changed data is made permanent in the database.
Databases store multiple copies of the data which is called replication. They must be sure the various
copies of the database on various servers is accurate with identical data. Data is also partitioned into
smaller blocks of data.