Guide To TCPIP, Second Edition

1
Guide To TCP/IP, Second Edition

• Chapter 6
• Basic TCP/IP Services

2
Topics

• TCP/IP Application layer protocols and services
  work
• Request/reply architectures for basic TCP/IP
  services (FTP, Telnet, SMTP, and HTTP)
• Other TCP/IP services
• Echo
• Quote of the Day
• Chargen
• Whois
• TFTP
• Finger
• Remote Procedure Call (RPC)
• NetBIOS services over TCP/IP
• SNMP

3
Objectives (cont.)

• Explain how to decode packets that contain
  Application layer protocols, and how to relate
  message types or other similar information to the
  kinds of requests and replies moving between a
  client and a server (or between hosts in general)

4
How Application Layer IP Protocols Work And Behave

• Conventions and behaviors
• Specifications for the message structures that
  the protocol or service supports
• Definition of a well-known port address (or
  addresses) on which servers listen for service
  requests
• Availability of appropriate software components
  that implement the various roles that hosts can
  play in requesting or providing such services

5
How Application Layer IP Protocols Work And
Behave (cont.)

• Request/reply messages
• Client/server architecture
• Peer-to-peer services
• Server-to-server traffic
• Load balancing
• Replication
• Pull
• Push
• Push-pull

6
Understanding FTP

• FTP User Interface (UI)
• Protocol Interpreter (PI)
• FTP Commands
• Data Transfer Process (DTP)
• File System

7
Understanding FTP (cont.)

• TCP Transport
• TCP-based Command Connection
• TCP-based Data Transfer Connection

8
Understanding FTP (cont.)
9
Understanding FTP (cont.)
10
Understanding FTP (cont.)
11
Understanding FTP (cont.)
12
Sample FTP Communications
13
Sample FTP Communications (cont.)
14
Sample FTP Communications (cont.)
15
Sample FTP Communications (cont.)
16
Understanding Telnet

• Bidirectional byte-oriented communication
• Terminal Access
• Well-known Port 23 server side
• Dynamic port number client side

17
Telnet Elements

• NVT
• The DO, DONT, WILL, WONT Structure
• 253 (0xFD) DO
• 254 (0xFE) DONT
• 251 (0xFB) WILL
• 252 (0xFC) WONT
• Options within the Telnet connection

18
Telnet Elements (cont.)
19
Sample Telnet Communications
20
Packet-By-Packet Sequence
21
Packet-By-Packet Sequence (cont.)
22
Understanding SMTP

• SMTP elements
• Sender-SMTP and Receiver-SMTP
• SMTP commands and extensions
• SMTP reply codes

23
Understanding SMTP (cont.)
24
Sample SMTP Communications
25
Sample SMTP Communications (cont.)
26
Understanding HTTP

• Http elements
• URIs
• Uniform Resource Locator (URL)
• Uniform Resource Name (URN)
• HTTP methods
• Status codes

27
Understanding HTTP (cont.)
28
Understanding HTTP (cont.)
29
Sample HTTP Communications
30
Packet-By-Packet Sequence
31
Packet-By-Packet Sequence (cont.)
32
Other Common IP-based Services

• Echo (TCP and UDP)
• Quote of the Day (QOD)
• Character Generator (Chargen)
• Whois
• Trivial File Transfer Protocol (TFTP)

33
Decoding Application Layer Protocols

• Decoding TCP/IP Application layer traffic largely
  depends on two separate but simultaneous forms of
  analysis
• Understanding request/reply messages, recognize
  related headers and payload information
• Assemble multiple lower-layer packets to
  reconstitute Application layer messages

34
Decoding Application Layer Protocols (cont.)
35
Decoding Application Layer Protocols (cont.)
36
Other Common IP-based Services (cont.)

• Finger
• Remote Procedure Call (RPC)
• Simple Network Management Protocol (SNMP)
• NetBIOS over TCP/IP

37
Chapter Summary

• The foundation upon which all TCP/IP Application
  layer services rest is a request/reply message
  architecture, in which clients send requests and
  servers issue corresponding replies
• When the client and server roles are clearly
  distinct and separate, such services may be
  called client/server services when a client can
  also act as a server and vice versa, such
  services may be called peer-to-peer services

38
Chapter Summary (cont.)

• Among its hundreds of Application layer services,
  the TCP/IP protocol suite includes many instances
  of both kinds
• Certain client/server Application layer services
  also involve server-to-server traffic, in which
  multiple servers cooperate to share common data
• The sharing process is called replication and may
  occur as a push operation, in which the sending
  server initiates data transfer, or as a pull
  operation, in which the receiving server
  initiates data transfer

39
Chapter Summary (cont.)

• Some TCP/IP Application layer services even use
  push-pull replication, so that a server whose
  data was changed can immediately push its data to
  replication partners after the change is
  completed, but other servers can also request
  replication at regular intervals to make sure
  their copies of data are as current as possible
• FTP is a file transfer service that permits a
  local host to connect to a remote host, navigate
  and manage files on the remote system, and
  transfer files to and from that remote host
• Although FTP is an old TCP/IP service, it remains
  useful today

40
Chapter Summary (cont.)

• Telnet provides a method to log on and access the
  command line on a remote computer using TCP/IP, a
  technique known as terminal emulation (because it
  makes
• the local host behave as if it were a terminal
  attached to the remote host)
• Because Telnet provides a convenient way to
  operate on a remote host across a network, it too
  remains useful to this day
• Security problems with Telnet (especially moving
  account and password information as clear text)
  prompted development and widespread adoption of
  Secure Telnet implementations in many
  organizations

41
Chapter Summary (cont.)

• SMTP provides store and forward services for
  e-mail messages, and manages how e-mail is routed
  from its sender to its designated receiver(s)
• SMTP makes global e-mail possible on todays
  Internet, and continues to deliver one of the
  most useful and valuable networking services
  around

42
Chapter Summary (cont.)

• HTTP provides the underpinnings for the leading
  service and protocol used on todays
  Internetnamely the World Wide Web
• HTTPs rich collection of message types, and its
  ability to invoke other protocols (including
  e-mail, news, and FTP), make it a powerful tool
  for general remote data access
• Its hyperlinking abilities make it easy for users
  to move rapidly through huge information spaces
  and explain why the Web is so compelling and
  appealing to most Internet users

43
Chapter Summary (cont.)

• Other common TCP/IP Application layer services
  include Echo (which echoes the data delivered to
  a receiver back to the sender), Chargen (which
  generates arbitrary sequences of characters to
  test outgoing communications), QOD (which
  generates a short string, usually a joke or
  epigram that changes on a daily basis), TFTP,
  Finger, Remote Procedure Call (RPC), NetBIOS over
  TCP/IP (also known as NBT), and SNMP

44
Chapter Summary (cont.)

• Understanding how to decode Application layer
  protocols means learning how to identify and
  interpret request and reply messages related to
  such protocols, and how to reassemble related
  payloads, when necessary
• Fortunately, many modern protocol analyzers (for
  example, EtherPeek) are able to assist with this
  task