7/28/2019 Networking Chapter 10 Labs

1/6

7/28/2019 Networking Chapter 10 Labs

2/6

Continued:

TCP knows whether the networkTCP socket connection is opening, synchronizing, established by usingthe SYNchronize and ACKnowledge messages when establishing a networkTCP socket connection.

When the communication between two computers ends, another 3-way communication is performed to

tear down the TCP socket connection. This setup and teardown of a TCP socket connection is part of whatqualifies TCP a reliable protocol. TCP also acknowledges that data is successfully received and

guarantees the data is reassenbled in the correct order.

Note that UDP is connectionless. That means UDP doesn't establish connections as TCP does, so UDP

does not perform this 3-way handshake and for this reason, it is referred to as an unreliable protocol. That

doesn't mean UDP can't transfer data, it just doesn't negotiate how the conneciton will work, UDP just

transmits and hopes for the best.

Protocols Encapsulated in TCP

Note that FTP, Telnet, HTTP, HTTPS, SMTP, POP3, IMAP, SSH and any other protocol that rides over

TCP also has a three way handshake performed as connection is opened. HTTP web requests, SMTPemails, FTP file transfers all manage the messages they each send. TCP handles the transmission of those

messages.

TCP 'rides' on top ofInternet Protocol (IP) in the protocol stack, which is why the combined pair ofInternet protocols is called TCP/IP (TCP over IP). TCP segments are passed inside the payload section of

the IPpackets. IP handles IP addressing and routing and gets the packets from one place to another, butTCP manages the actual communication sockets between endpoints (computers at either end of thenetworkorinternet connection).

Source: http://www.inetdaemon.com/tutorials/internet/tcp/3-way_handshake.shtml

http://www.inetdaemon.com/tutorials/internet/tcp/index.shtmlhttp://www.inetdaemon.com/tutorials/networking/lan/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/tcp/tcp_sockets.shtmlhttp://www.inetdaemon.com/tutorials/networking/lan/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/tcp/index.shtmlhttp://www.inetdaemon.com/tutorials/computershttp://www.inetdaemon.com/tutorials/internet/tcp/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/tcp/tcp_sockets.shtmlhttp://www.inetdaemon.com/tutorials/internet/tcp/index.shtmlhttp://www.inetdaemon.com/tutorials/basic_concepts/communication/reliable_vs_unreliable.shtmlhttp://www.inetdaemon.com/tutorials/acronyms_and_terms.shtml#protocolhttp://www.inetdaemon.com/tutorials/internet/udp/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/udp/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/tcp/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/udp/index.shtmlhttp://www.inetdaemon.com/tutorials/basic_concepts/communication/reliable_vs_unreliable.shtmlhttp://www.inetdaemon.com/tutorials/internet/ftp/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/telnet/index.shtmlhttp://www.inetdaemon.com/tutorials/www/web_server/http/index.shtmlhttp://www.inetdaemon.com/tutorials/www/web_server/https/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/smtp/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/pop3/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/imap/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/ssh/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/tcp/index.shtmlhttp://www.inetdaemon.com/tutorials/www/web_server/http/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/smtp/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/ftp/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/tcp/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/tcp/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/tcp/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/tcp/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/addresses/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/ip_routing.shtmlhttp://www.inetdaemon.com/tutorials/internet/tcp/index.shtmlhttp://www.inetdaemon.com/tutorials/computers/index.shtmlhttp://www.inetdaemon.com/tutorials/networking/lan/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/tcp/3-way_handshake.shtmlhttp://www.inetdaemon.com/tutorials/internet/tcp/3-way_handshake.shtmlhttp://www.inetdaemon.com/tutorials/internet/index.shtmlhttp://www.inetdaemon.com/tutorials/networking/lan/index.shtmlhttp://www.inetdaemon.com/tutorials/computers/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/tcp/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/ip_routing.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/addresses/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/tcp/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/tcp/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/tcp/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/ip/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/tcp/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/ftp/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/smtp/index.shtmlhttp://www.inetdaemon.com/tutorials/www/web_server/http/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/tcp/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/ssh/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/imap/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/pop3/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/smtp/index.shtmlhttp://www.inetdaemon.com/tutorials/www/web_server/https/index.shtmlhttp://www.inetdaemon.com/tutorials/www/web_server/http/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/telnet/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/ftp/index.shtmlhttp://www.inetdaemon.com/tutorials/basic_concepts/communication/reliable_vs_unreliable.shtmlhttp://www.inetdaemon.com/tutorials/internet/udp/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/tcp/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/udp/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/udp/index.shtmlhttp://www.inetdaemon.com/tutorials/acronyms_and_terms.shtml#protocolhttp://www.inetdaemon.com/tutorials/basic_concepts/communication/reliable_vs_unreliable.shtmlhttp://www.inetdaemon.com/tutorials/internet/tcp/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/tcp/tcp_sockets.shtmlhttp://www.inetdaemon.com/tutorials/internet/tcp/index.shtmlhttp://www.inetdaemon.com/tutorials/computershttp://www.inetdaemon.com/tutorials/internet/tcp/index.shtmlhttp://www.inetdaemon.com/tutorials/networking/lan/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/tcp/tcp_sockets.shtmlhttp://www.inetdaemon.com/tutorials/networking/lan/index.shtmlhttp://www.inetdaemon.com/tutorials/internet/tcp/index.shtml

7/28/2019 Networking Chapter 10 Labs

3/6

Simple Network Management Protocol

(SNMP) is an "Internet-standard protocol for managing devices on IP networks". Devices that typically

support SNMP include routers, switches, servers, workstations, printers, modem racks, and more.[1]

It is

used mostly in network management systems to monitornetwork-attached devices for conditions thatwarrant administrative attention. SNMP is a component of the Internet Protocol Suite as defined by the

Internet Engineering Task Force (IETF). It consists of a set ofstandards for network management,

including an application layerprotocol, a database schema, and a set ofdata objects.[2]

SNMP exposes management data in the form of variables on the managed systems, which describe the

system configuration. These variables can then be queried (and sometimes set) by managing applications.

Principle of SNMP Communication

In typical SNMP uses, one or more administrative computers, called managers, have the task of

monitoring or managing a group of hosts or devices on a computer network. Each managed systemexecutes, at all times, a software component called an agentwhich reports information via SNMP to themanager.

Essentially, SNMP agents expose management data on the managed systems as variables. The protocol

also permits active management tasks, such as modifying and applying a new configuration through

remote modification of these variables. The variables accessible via SNMP are organized in hierarchies.These hierarchies, and other metadata (such as type and description of the variable), are described by

Management Information Bases (MIBs).

An SNMP-managed network consists of three key components:

Managed device Agent software which runs on managed devices Network management system (NMS) software which runs on the manager

A managed device is a network node that implements an SNMP interface that allows unidirectional (read-

only) or bidirectional access to node-specific information. Managed devices exchange node-specific

information with the NMSs. Sometimes called network elements, the managed devices can be any type ofdevice, including, but not limited to, routers, access servers, switches, bridges, hubs, IP telephones, IP

video cameras, computerhosts, and printers.

http://en.wikipedia.org/wiki/Internet_protocol_suitehttp://en.wikipedia.org/wiki/Internet_Protocolhttp://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#cite_note-ESNMP-1http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#cite_note-ESNMP-1http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#cite_note-ESNMP-1http://en.wikipedia.org/wiki/Network_management_systemshttp://en.wikipedia.org/wiki/Network_monitoringhttp://en.wikipedia.org/wiki/Internet_Protocol_Suitehttp://en.wikipedia.org/wiki/Internet_Engineering_Task_Forcehttp://en.wikipedia.org/wiki/Technical_standardhttp://en.wikipedia.org/wiki/Application_layerhttp://en.wikipedia.org/wiki/Protocol_(computing)http://en.wikipedia.org/wiki/Logical_schemahttp://en.wikipedia.org/wiki/Data_objecthttp://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#cite_note-RFC_3411-2http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#cite_note-RFC_3411-2http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#cite_note-RFC_3411-2http://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Management_Information_Basehttp://en.wikipedia.org/wiki/Router_(computing)http://en.wikipedia.org/wiki/Network_access_serverhttp://en.wikipedia.org/wiki/Network_switchhttp://en.wikipedia.org/wiki/Network_bridgehttp://en.wikipedia.org/wiki/Network_hubhttp://en.wikipedia.org/wiki/IP_phonehttp://en.wikipedia.org/wiki/IP_camerahttp://en.wikipedia.org/wiki/IP_camerahttp://en.wikipedia.org/wiki/Host_(network)http://en.wikipedia.org/wiki/Computer_printerhttp://en.wikipedia.org/wiki/File:Snmp.PNGhttp://en.wikipedia.org/wiki/File:Snmp.PNGhttp://en.wikipedia.org/wiki/File:Snmp.PNGhttp://en.wikipedia.org/wiki/File:Snmp.PNGhttp://en.wikipedia.org/wiki/Computer_printerhttp://en.wikipedia.org/wiki/Host_(network)http://en.wikipedia.org/wiki/IP_camerahttp://en.wikipedia.org/wiki/IP_camerahttp://en.wikipedia.org/wiki/IP_phonehttp://en.wikipedia.org/wiki/Network_hubhttp://en.wikipedia.org/wiki/Network_bridgehttp://en.wikipedia.org/wiki/Network_switchhttp://en.wikipedia.org/wiki/Network_access_serverhttp://en.wikipedia.org/wiki/Router_(computing)http://en.wikipedia.org/wiki/Management_Information_Basehttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#cite_note-RFC_3411-2http://en.wikipedia.org/wiki/Data_objecthttp://en.wikipedia.org/wiki/Logical_schemahttp://en.wikipedia.org/wiki/Protocol_(computing)http://en.wikipedia.org/wiki/Application_layerhttp://en.wikipedia.org/wiki/Technical_standardhttp://en.wikipedia.org/wiki/Internet_Engineering_Task_Forcehttp://en.wikipedia.org/wiki/Internet_Protocol_Suitehttp://en.wikipedia.org/wiki/Network_monitoringhttp://en.wikipedia.org/wiki/Network_management_systemshttp://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#cite_note-ESNMP-1http://en.wikipedia.org/wiki/Internet_Protocolhttp://en.wikipedia.org/wiki/Internet_protocol_suite

7/28/2019 Networking Chapter 10 Labs

4/6

An agentis a network-management software module that resides on a managed device. An agent has local

knowledge of management information and translates that information to or from an SNMP specific form.

Anetwork management system(NMS) executes applications that monitor and control managed devices.

NMSs provide the bulk of the processing and memory resources required for network management. Oneor more NMSs may exist on any managed network.

(MIBs). MIBs describe the structure of the management data of a device subsystem; they use a

hierarchical namespace containing object identifiers (OID). Each OID identifies a variable that can beread or set via SNMP. MIBs use the notation defined by ASN.1.

Protocol details

SNMP operates in the Application Layerof the Internet Protocol Suite (Layer 7 of the OSI model). The

SNMP agent receives requests on UDP port 161. The manager may send requests from any available

source port to port 161 in the agent. The agent response will be sent back to the source port on the

manager. The manager receives notifications (TrapsandInformRequests) on port 162. The agent maygenerate notifications from any available port. When used with Transport Layer Security orDatagram

Transport Layer Security requests are received on port 10161 and traps are sent to port 10162.[3]

SNMPv1 specifies five core protocol data units (PDUs). Two other PDUs, GetBulkRequestand

InformRequestwere added in SNMPv2 and carried over to SNMPv3.

Source:http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol

http://en.wikipedia.org/wiki/Network_management_systemhttp://en.wikipedia.org/wiki/Network_management_systemhttp://en.wikipedia.org/wiki/Network_management_systemhttp://en.wikipedia.org/wiki/Hierarchical_name_spacehttp://en.wikipedia.org/wiki/Object_identifierhttp://en.wikipedia.org/wiki/Abstract_Syntax_Notation_Onehttp://en.wikipedia.org/wiki/Application_Layerhttp://en.wikipedia.org/wiki/Internet_Protocol_Suitehttp://en.wikipedia.org/wiki/Layer_7http://en.wikipedia.org/wiki/OSI_modelhttp://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#Traphttp://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#Traphttp://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#Traphttp://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#InformRequesthttp://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#InformRequesthttp://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#InformRequesthttp://en.wikipedia.org/wiki/Transport_Layer_Securityhttp://en.wikipedia.org/wiki/Datagram_Transport_Layer_Securityhttp://en.wikipedia.org/wiki/Datagram_Transport_Layer_Securityhttp://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#cite_note-3http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#cite_note-3http://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#cite_note-3http://en.wikipedia.org/wiki/Protocol_data_unithttp://en.wikipedia.org/wiki/Simple_Network_Management_Protocolhttp://en.wikipedia.org/wiki/Simple_Network_Management_Protocolhttp://en.wikipedia.org/wiki/Simple_Network_Management_Protocolhttp://en.wikipedia.org/wiki/Simple_Network_Management_Protocolhttp://en.wikipedia.org/wiki/Protocol_data_unithttp://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#cite_note-3http://en.wikipedia.org/wiki/Datagram_Transport_Layer_Securityhttp://en.wikipedia.org/wiki/Datagram_Transport_Layer_Securityhttp://en.wikipedia.org/wiki/Transport_Layer_Securityhttp://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#InformRequesthttp://en.wikipedia.org/wiki/Simple_Network_Management_Protocol#Traphttp://en.wikipedia.org/wiki/OSI_modelhttp://en.wikipedia.org/wiki/Layer_7http://en.wikipedia.org/wiki/Internet_Protocol_Suitehttp://en.wikipedia.org/wiki/Application_Layerhttp://en.wikipedia.org/wiki/Abstract_Syntax_Notation_Onehttp://en.wikipedia.org/wiki/Object_identifierhttp://en.wikipedia.org/wiki/Hierarchical_name_spacehttp://en.wikipedia.org/wiki/Network_management_system

7/28/2019 Networking Chapter 10 Labs

5/6

Analyzing Protocols in Packet Capture

Exercise 10.4

A packet analyzer (also known as a network analyzer, protocol analyzer or packet sniffer, or for particular types of

networks, an Ethernet sniffer or wireless sniffer) is a computer program or a piece of computer hardware that can

intercept and log traffic passing over a digital network or part of a network.[1] As data streams flow across the

network, the sniffer captures each packet and, if needed, decodes the packet's raw data, showing the values of

various fields in the packet, and analyzes its content according to the appropriate RFC or other specifications.

Packet capture is the act of capturing data packets crossing a computer network. Partial packet capture can

record headers without recording the total content of datagrams. This can reduce storage requirements, and

avoid legal problems, but yet have enough data to reveal the essential information required for problem

diagnosis.

Packet capture can be used to fulfill a warrant from a law enforcement agency (LEA) to produce all networktraffic generated by an individual. Internet service providers and VoIP providers in the United States of America

must comply with CALEA (Communications Assistance for Law Enforcement Act) regulations. Using packet capture

and storage, telecommunications carriers can provide the legally required secure and separate access to targeted

network traffic and are able to use the same device for internal security purposes. Collection of data from a

carrier system without a warrant is illegal due to laws about interception.

Capabilities:

On wired broadcast LANs, depending on the network structure (hub or switch), one can capture traffic on all or

just parts of the network from a single machine within the network; however, there are some methods to avoid

traffic narrowing by switches to gain access to traffic from other systems on the network (e.g., ARP spoofing). Fornetwork monitoring purposes, it may also be desirable to monitor all data packets in a LAN by using a network

switch with a so-called monitoring port, whose purpose is to mirror all packets passing through all ports of the

switch when systems (computers) are connected to a switch port. To use a network tap is an even more reliable

solution than to use a monitoring port, since taps are less likely to drop packets during high traffic loads.

On wireless LANs, one can capture traffic on a particular channel, or on several channels when using multiple

adapters.

On wired broadcast and wireless LANs, to capture traffic other than unicast traffic sent to the machine running

the sniffer software, multicast traffic sent to a multicast group to which that machine is listening, and broadcast

traffic, the network adapter being used to capture the traffic must be put into promiscuous mode; some sniffers

support this, others do not. On wireless LANs, even if the adapter is in promiscuous mode, packets not for the

service set for which the adapter is configured will usually be ignored. To see those packets, the adapter must be

in monitor mode.[citation needed]

The captured information is decoded from raw digital form into a human-readable format that permits users of

the protocol analyzer to easily review the exchanged information. Protocol analyzers vary in their abilities to

7/28/2019 Networking Chapter 10 Labs

6/6

display data in multiple views, automatically detect errors, determine the root causes of errors, generate timing

diagrams, reconstruct TCP and UDP data streams, etc.[citation needed]

Some protocol analyzers can also generate traffic and thus act as the reference device; these can act as protocol

testers. Such testers generate protocol-correct traffic for functional testing, and may also have the ability to

deliberately introduce errors to test for the DUT's ability to deal with error conditions.[citation needed]

Protocol Analyzers can also be hardware-based, either in probe format or, as is increasingly more common,

combined with a disk array. These devices record packets (or a slice of the packet) to a disk array. This allows

historical forensic analysis of packets without the users having to recreate any fault.[citation needed]