TCP/IP Applications Chapter 8

Objectives Describe common Transport and Network layer protocols Explain the power of port numbers Define common TCP/IP applications such as HTTP, HTTPS, Telnet, SSH, e-mail (SMTP, POP3, and IMAP4), and FTP

Historical/Conceptual Transport Layer and Network Layer Protocols

Transport Layer and Network Layer Protocols TCP over IP consists of many other things HTTP DHCP POP 500 more terms over TCP UDP over IP ICMP over IP Note (p. 213): There is a strong movement toward using the term Internet Protocol instead of the term TCP/IP. This movement has not yet reached the CompTIA Network+ certification.

How People Communicate (1 of 2) Connection-oriented communication Acknowledgement between two people beginning a conversation Conduct the communication Close the communication

How People Communicate (2 of 2) Connectionless communication (UDP) No opening acknowledge Short message is shouted across a room No closing Session Any single communication between computers All sessions must begin and end

Test Specific TCP

Transmission Control Protocol (TCP) Enables connection-oriented communication Most common type of session in a TCP/IP network

Three-Way Handshake Communication Process (1 of 4) Client sends a SYN (synchronize) packet to the Web server One computer (Server) returns a single SYN, ACK (synchronize/acknowledge) packet Client sends a single ACK packet and requests that Server begin sending the Web page After the Web page is sent, Server sends a FIN (finished) packet

Three-Way Handshake Communication Process (2 of 4) Client responds with ACK and sends its own FIN packet Server responds with ACK Both parties consider the session closed

Three-Way Handshake Communication Process (3 of 4) Figure 8.1 A connection-oriented session starting

Three-Way Handshake Communication Process (4 of 4) Figure 8.2 A connection-oriented session ending

User Datagram Protocol (UDP) (1 of 2) Used by very few applications Requires much less overhead than TCP No start, no acknowledgement, no end Example of application using UDP: DHCP Each step of a DHCP session sends information without any confirmation

User Datagram Protocol (UDP) (2 of 2) Figure 8.3 DHCP steps

NTP/SNTP Network Time Protocol (NTP) Simple Network Time Protocol (SNTP) Both synchronize the clocks of devices on a network Uses port 123

Trivial File Transfer Protocol (TFTP) Uses UDP Transfers files between computers Does not have any data protection Never use it over the Internet Best use: between computers on the same LAN Uses port 69

Internet Control Message Protocol Works at layer 3 to deliver connectionless packets Handles issues such as disconnect messages Ping is an ICMP application

Ping (1 of 2) Sends a single ICMP packet called an echo request to a specified IP address All computers (unless blocked by a firewall) respond with echo reply Responses Destination host unreachable Request timed out Early version had a bug that allowed ‘ping of death’ to crash the recipient computer Note (p.215): Domain Name System (DNS) protocol traffic uses UDP. That’s the protocol that enables (among other things) people to use names rather than IP addresses to access resources on TCP/IP networks like the Internet. DNS is so important that most of Chapter 9, “Network Naming,” is devoted to how it works and what network techs need to know to support it. Exam Tip (p. 215): Expect to get a question that compares connection-oriented vs. connectionless communication in general, or the protocols commonly used in each. Note (p. 215): A firewall is a device or software that filters all the packets between two computers (or groups of computers) and acts like a club bouncer deciding who gets in and who gets blocked. Firewalls are vital for securing modern networks and will be discussed in Chapter 11, “Advanced Network Devices.”

Ping (2 of 2) Figure 8.4 ping in action Exam Tip (p. 215): CompTIA has used the term unreachable default gateway as an ICMP-related issue. If you ping the default gateway and get a destination host unreachable response, you could infer that the default gateway is unreachable. Figure 8.4 ping in action

Internet Group Management Protocol (1 of 2) Used for multicasts Routers use to determine a group membership Multicast Uses a small subnet of the Class D range Does not assign IP addresses Group assigned 224.0.0.0/4 address Those who wish to receive multicast must join the IGMP group Cross Check: Multicast (p. 216) You first saw multicast in Chapter 6, “TCP/IP Basics,” when you learned about classful IP addressing. Refer to that chapter and see if you can answer these questions. What IP numbers are reserved for multicast? Which class is that? What is the difference between unicast and multicast?

Internet Group Management Protocol (2 of 2) Figure 8.5 IGMP in action

The Power of Port Numbers

Power of Port Numbers (1 of 6) Every TCP/IP application requires a server and a client Clearly defined port numbers exist for popular and well-known applications Well-known port numbers from 0 to 1023 reserved for specific applications Exam Tip (p. 216): TCP/IP port numbers between 0 and 1023 are the well-known port numbers. You’ll find them at every party.

Power of Port Numbers (2 of 6) Figure 8.6 HTTP ACK packet

Power of Port Numbers (3 of 6) Figure 8.7 Dealing with the incoming packet

Power of Port Numbers (4 of 6) The Web client’s source port number is generated by the Web client computer Ephemeral port numbers Operating systems assign values 1024 to 5000 IANA recommends using only ports 49152 to 65535 Dynamic or private port numbers Values 49152 to 65535

Power of Port Numbers (5 of 6) Figure 8.8 A more complete IP packet

Power of Port Numbers (6 of 6) Figure 8.9 Returning the packet

Registered Ports (1 of 2) 1024 to 49151 Less-common TCP/IP applications register their ports with IANA Most operating systems avoid registered port numbers for ephemeral ports Dynamic/private ports are used instead

Registered Ports (2 of 2) 0-1023 Well-known port numbers 1024-49151 49152-65535 Dynamic or private ports A full list of ports

Using Ports in a Session Both computers keep track of the status of the communication Session information is held in RAM Socket or endpoint: one side’s session information Socket pairs or endpoints refer to data each computer stores about the connection Session or connection refers to the connection in general

Endpoint Information (1 of 4) Source and destination for one session Many simultaneous sessions Use netstat –n to see sessions Usually shows many connections TCPView for Windows: dynamic Net Activity Viewer for Linux Note (p. 218): Even though almost all operating systems use netstat, there are subtle differences in options and output among the different versions. Exam Tip (p. 220): Netstat enables you to see active TCP/IP connections at a glance.

Endpoint Information (2 of 4) Figure 8.10 Two open windows

Endpoint Information (3 of 4) Figure 8.11 TCPView in action

Endpoint Information (4 of 4) Figure 8.12 Net Activity Viewer in action

Connection Status (1 of 2) Connection states change continually Open port or listening port Socket prepared to respond to any IP packets destined for that socket’s port number Every serving application has an open port A Web server will have open port 80

Connection Status (2 of 2) netstat –an shows all listening ports on a computer Results of running netstat -an Active connections Protocol Local address Foreign address State Note (p. 221): The –a switch tells netstat to show all used ports, including “listening” ports not engaged in active communications. The –n switch instructs netstat to show raw port numbers and IP addresses.

Process ID (PID) (1 of 2) Assigned to every running program on a computer The –o switch with netstat shows the PID Used by the OS to track running programs Commands to provide program name netstat –b (Windows) and ps (Linux) Windows Task Manager shows all running processes

Figure 8.13 Process Explorer Process ID (PID) (2 of 2) Note (p. 223): To get Process Explorer, enter “Process Explorer” in your search engine to find it or try going here: https:// docs.microsoft.com/en-us/ sysinternals/. Click the Process Utilities icon to get the latest copy. Figure 8.13 Process Explorer

Rules for Determining Good vs. Bad Communications Memorize a bunch of common ports Learn how to use netstat Learn the ports and processes that normally run on your operating system Research unrecognized processes Get rid of bad processes

Common TCP/IP Applications

The World Wide Web (1 of 3) Web servers Store HTML documents Latest version: HTML5 Web browsers request HTML pages from Web servers and open them Can use IP address or text address Exam Tip (p. 224): HTML is the most well-known markup language, but many others roam the Web today, adding to HTML’s capabilities. Expect to see the Extensible Markup Language (XML) on the exam. XML provides the basic format or markup language for everything from RSS feeds to Microsoft Office documents.

Figure 8.14 My wireless access point’s Web interface The World Wide Web (2 of 3) Figure 8.14 My wireless access point’s Web interface

Figure 8.15 HTML5 source code The World Wide Web (3 of 3) Note (p.226): Some Web browsers are pretty forgiving. If you only type in 192.168.4.1, forgetting the “http://” part, they just add it for you. Figure 8.15 HTML5 source code

Hypertext Transport Protocol (1 of 2) Hypertext Transport Protocol (HTTP) Underlying protocol of the Web Runs by default on TCP port 80 Places http:// at beginning of Web server address A general weakness of HTTP Relays commands without reference to any previous commands

Hypertext Transport Protocol (2 of 2) Other technologies that enhance HTTP JavaScript/AJAX Server-side scripting Adobe Flash Cookies Exam Tip (p. 226): Before connections to the Web became fast, many people used a completely different Internet service for swapping information, ideas, and files. USENET enjoyed great popularity for some years, though it barely survives today. Clients used the Network News Transfer Protocol (NNTP) to access USENET over TCP port 119. It might show up as an incorrect answer choice on the exam. Note (p.226): Many Web site developers today use premade customizable templates and some sort of Web technology, such as WordPress. These Web technologies enable powerful and dynamic Web site experiences for your visitors. The questions you’ll see on the CompTIA Network+ exam focus on the concepts, rather than modern implementations, of Web sites.

Publishing a Web Site A Web server will “host” an HTML document Methods Self-host Install Web server software and acquire a public IP address Time-consuming and challenging Host through an Internet Service Provider (ISP) Use a Web hosting service company Free Web hosting (nothing is free)

Web Servers and Web Clients A Web server delivers Web pages to client computers Listens on port 80 for HTML requests Fetches and sends requested HTML pages To create a Web server Install Web server software Connect the computer to the Web

Web Server Software (1 of 4) Microsoft Internet Information Services (IIS) 20-connection limit on client versions of Windows IIS only runs on Server versions of Windows Apache HTTP Server Used by the majority of UNIX/Linux systems Approximately 50 percent of Internet Web servers Free Add-on GUIs (e.g., Webmin) are available Note (p. 227): An active site is a Web site that’s functioning by serving Web pages. The percent of market share mentioned here changes a lot when you add in parked sites, domain names that have been registered but don’t really do anything, like Web or e-mail servers.

Web Server Software (2 of 4) Figure 8.16 IIS in action

Web Server Software (3 of 4) Figure 8.17 Webmin Apache module

Web Server Software (4 of 4) Web server software market share Apache is the most common on the Internet nginx ranked second for active sites IIS has about 7 percent share Google Web Server (GWS) Only used by Google servers Hundreds of other Web servers primarily for small personal Web sites

Web Client Software (Browsers) Request and display Web pages Many have multiple functions Most popular: Microsoft Edge Mozilla Firefox Apple Safari Google Chrome

Secure Sockets Layer (SSL) and HTTPS (Hypertext Transfer Protocol over SSL) HTTP is not secure Requirements for secure Internet applications Authentication Encryption Nonrepudiation SSL and HTTPS offer security Exam Tip (p. 228): HTTP is a perfect example of a common network vulnerability and threat, an unsecure protocol. Other vulnerabilities include open ports, like we discussed earlier, and other unsecure protocols that we’ll hit next. For more in-depth coverage of vulnerabilities, see Chapter 19.

Secure Sockets Layer (SSL) Developed by Netscape Uses public key to encrypt information Sends encrypted data over an SSL connection The receiving end decrypts using a private key Supported by Web browsers and servers Many Web sites use SSL for confidential data Look for HTTPS or a small lock icon in browser

HTTP Over SSL (HTTPS) (1 of 2) Uses TCP port 443 Being replaced by Transport Layer Security (TLS) Functionally the same with Web pages TLS is covered more in Chapter 11 Exam Tip (p.229): Many techs refer to HTTPS as Hypertext Transfer Protocol Secure, probably because it’s easier to explain to non-techs that way. Don’t be surprised to see it listed this way on the CompTIA Network+ exam. Exam Tip (p. 229): HTTP enables you to access the Web, but HTTPS gets you there securely. HTTPS uses TLS to provide the security.

HTTP Over SSL (HTTPS) (2 of 2) Figure 8.18 Secure Web page

Telnet and SSH (1 of 3) Telnet allowed dumb terminals to connect to more than one mainframe Run commands as if sitting at the mainframe Uses port 23 Telnet server access requires logon with user name and password, but has no encryption Secure Shell (SSH) replaced Telnet providing data encryption and authentication Note (p. 230): A dumb terminal is a local system—generally a monitor, keyboard, and mouse—that enables you to access a distant system that has all the computing power. The dumb terminal can’t do any work on its own, even though it might look like a personal computer. Note (p. 230): Telnet only enables command-line remote access; it does not enable GUI access. If you want to access another computer’s desktop remotely, you need another type of program.

Figure 8.19 WANG dumb terminal Telnet and SSH (2 of 3) Figure 8.19 WANG dumb terminal

Telnet and SSH (3 of 3) Figure 8.20 Telnet client

Telnet/SSH Servers and Clients (1 of 4) telnetd: oldest Telnet server Windows comes with a basic Telnet server Disabled by default Third-party server example: freeSSHd All popular, modern Telnet servers are also SSH servers Third-party Telnet/SSH client example: PuTTY

Telnet/SSH Servers and Clients (2 of 4) Figure 8.21 freeSSHd

Telnet/SSH Servers and Clients (3 of 4) Figure 8.22 macOS Telnet

Telnet/SSH Servers and Clients (4 of 4) Figure 8.23 PuTTY

Configuring a Telnet/SSH Client When configured, you must provide: The host name A valid login name The password Open systems provide the password when the login name is given or require no login/password Exam Tip (p. 232): Telnet and SSH enable you to control a remote computer from a local computer over a network.

SSH and the Death of Telnet With SSH, both logins and data transmittals are encrypted Must have permission to access the server SSH uses port 22 Exam Tip (p. 233): SSH enables you to control a remote computer from a local computer over a network, just like Telnet. Unlike Telnet, SSH enables you to do it securely!

Electronic Mail (E-mail) (1 of 2) Major part of the Internet revolution Has streamlined the junk mail industry Provides a quick way for people to communicate Sends messages and attachments Normally offered as a free service by ISPs Most e-mail clients have simple text editors Many can be configured to use more sophisticated editors

Electronic Mail (E-mail) (2 of 2) Incoming messages are stored on the e-mail server Most e-mail clients notify you when new message arrives, or download automatically You manage messages (archive, forward, print, delete, and more) Most e-mail programs delete downloaded messages from the server

E-mail Application-level Protocols SMTP POP3 IMAP4 Note (p.233): A zillion smartphone users access e-mail through Exchange ActiveSync, a proprietary Microsoft protocol. Like IMAP4, ActiveSync enables synchronization of e-mail among devices, so you can access mail via a desktop Microsoft Outlook client and on your smartphone with an e-mail app. Although it’s not on the CompTIA Network+ exam, we’ll explore Exchange ActiveSync in more detail in Chapter 16 because it’s in widespread use today.

Simple Mail Transfer Protocol (SMTP) Used to send e-mail Travels over TCP port 25 Used by clients to send messages

Post Office Protocol Version 3 (POP3) One of two protocols used to retrieve e-mail from SMTP servers Uses TCP port 110 POP3 use is declining in favor of IMAP4

Internet Message Access Protocol Version 4 (IMAP4) Alternative to POP3 Retrieves e-mail from an e-mail server Uses TCP port 143 Supports features not supported by POP3 Search messages by keyword Select messages before download Supports folders on IMAP4 servers

Alternatives to SMTP, POP3, and IMAP4 (1 of 2) Web-based e-mail Access your e-mail from anywhere Free Handy for throw-away accounts Proprietary solutions Exam Tip (p. 234): The CompTIA Network+ exam has viewed Web-based e-mail as one of many Web services. Web services also include applications that you access on the Internet, like Google Docs and Google Sheets, online word processing and spreadsheet programs, respectively. You might run into a question that uses this phrase, though most likely you’ll see Cloud-based services. See Chapter 15 for more on the Cloud. The major contrast between Web services and local services involves access. Web services offer access from any machine, as long as that machine is connected to the Internet. Local applications (usually) require local access, but don’t need any other connectivity.

Alternatives to SMTP, POP3, and IMAP4 (2 of 2) Figure 8.24 Gmail in action

E-mail Servers (1 of 4) The e-mail server market is fragmented Two types dominate the market Exim (over 50% of the market) Postfix

Figure 8.25 cPanel used to manage Exim mail server E-mail Servers (2 of 4) Figure 8.25 cPanel used to manage Exim mail server

E-mail Servers (3 of 4) Microsoft Exchange Server (both SMTP and POP3) Only runs on Windows Mailboxes: holding areas on mail server for each user’s messages Server arranges incoming messages Server returns messages with unknown recipient Difficult to manage

Figure 8.26 Microsoft Exchange Server E-mail Servers (4 of 4) Figure 8.26 Microsoft Exchange Server

E-mail Client (1 of 2) Enables you to send, receive, and organize e-mail Communicates with: SMTP server to send IMAP or POP3 server to download messages Hundreds of e-mail client programs Microsoft Outlook Mozilla Thunderbird

Figure 8.27 Microsoft Outlook E-mail Client (2 of 2) Figure 8.27 Microsoft Outlook

Configuring an E-mail Client (1 of 2) Obtain the server’s domain name and your mailbox user name and password Enter the POP3 or IMAP4 server’s domain name and the SMTP server’s domain name Enter the user name and password of the e-mail account

Configuring an E-mail Client (2 of 2) Figure 8.28 Entering server information in Microsoft Outlook

File Transfer Protocol (FTP) The original Internet file transfer protocol Faster and more reliable than HTTP Includes security and data integrity TCP ports 20 and 21, by default Anonymous or secured sites Some are both

FTP Servers (1 of 2) Store files Accept incoming connections Verify user names and passwords Transfer files Easy to set up Most versions of Linux/UNIX have built-in FTP servers; many third-party servers offer better solution Note (p. 238): Most Web servers are also FTP servers. These bundled versions of FTP servers are robust but do not provide all the options one might want.

Figure 8.29 FileZilla Server FTP Servers (2 of 2) Figure 8.29 FileZilla Server

FTP Is Not Very Secure Data transfers are not encrypted by default Add usernames and passwords to provide some level of protection Determine the number of clients you wish to support Most anonymous FTP sites limit the number of users to 500 Try This! Doing FTP (p. 238) Never done FTP? Do a Web search for “Public FTP servers” and try accessing them from your Web browser. Then download a dedicated FTP client and try again! There are thousands of public FTP servers out there.

FTP Clients (1 of 3) You can access FTP servers many ways Web site Command line FTP client applications Some Web browsers support FTP, but lack features Dedicated FTP clients work best FileZilla client; CyberDuck Note (p. 238): Every operating system has a command-line FTP client. I avoid using them unless I have no other choice because they lack important features like the ability to save FTP connections to use again later.

Figure 8.30 FTP in a Web browser FTP Clients (2 of 3) Figure 8.30 FTP in a Web browser

Figure 8.31 CyberDuck dedicated FTP client FTP Clients (3 of 3) Figure 8.31 CyberDuck dedicated FTP client

Active versus Passive FTP Traditional FTP uses active process Clients send an FTP request on TCP port 21 Server responds on an ephemeral destination port with TCP port 20 as the source port Passive FTP server works with NAT Client sends an FTP request on TCP port 21 Server sends back a random listening port number; client sends data to that port Note (p. 240): Trivial File Transfer Protocol (TFTP) is used for transferring files and has a similar-sounding name to FTP, but beyond that it is very different. TFTP uses UDP port 69 and does not use user names and passwords, although you can usually set some restrictions based on the client’s IP address. TFTP is not at all secure, so never use it on any network that’s less than trustworthy. Check out the excellent Chapter 8 “Ports and Protocols” Challenge! over at http:// totalsem.com/007. It’ll help greatly in memorizing the port numbers that each protocol uses.

Internet Applications TCP/UDP Port Notes HTTP TCP 80 The Web HTTPS 443 The Web, securely Telnet 23 Terminal emulation SSH 22 Secure terminal emulation SMTP 25 Sending e-mail POP3 110 E-mail delivery IMAP4 143 FTP 20/21 (active) 21 (passive) File transfer TFTP UDP 69