TCP (Transmission Control Protocol)
Transmission Control Protocol uses a reliable delivery system to deliver layer 4 segments to the destination. This would be analogous to using a certified, priority, or next-day service with the Indian Speed Post;Service.
For example, with a certified letter, the receiver must sign for it, indicating the destination actually received the letter: proof of the delivery is provided. TCP operates under a similar premise: it can detect whether or not the destination received a sent segment. With the postal example, if the certified letter got lost, it would be up to you to resend it; with TCP, you don’t have to worry about what was or wasn’t received—TCP will take care of all the tracking and any necessary resending of lost data for you.
TCP’s main responsibility is to provide a reliable full-duplex, connection-oriented, logical service between two devices.
TCP goes through a three-way handshake to establish a session before data can be sent. Both the source and destination can simultaneously send data across the session. It uses windowing to implement flow control so that a source device doesn't overwhelm a destination with too many segments. It supports data recovery, where any missed or corrupted information can be re-sent by the source. Any packets that arrive out of order, because the segments traveled different paths to reach the destination, can easily be reordered, since segments use sequence numbers to keep track of the ordering.
UDP (User Datagram Protocol)
UDP uses a best-effort delivery system, similar to how first class and lower postal services of the Indian Postal Service work. With a first class letter (post card), you place the destination address and put it in your mailbox, and hope that it arrives at the destination.
With this type of service, nothing guarantees that the letter will actually arrive at the destination, but in most instances, it does. If, however, the letter doesn’t arrive at the destination, it’s up to you, the letter writer, to resend the letter: the post office isn’t going to perform this task for you.
UDP operates under the same premise: it does not guarantee the delivery of the transport layer segments. While TCP provides a reliable connection, UDP provides an unreliable connection.
UDP doesn’t go through a three-way handshake to set up a connection—it simply begins sending the data. Likewise, UDP doesn’t check to see whether sent segments were received by a destination; in other words, it doesn’t use an acknowledgment
Some commonly used ports
FTP (File Transfer Protocol)
One of the earliest uses of the Internet, long before Web browsing came along, was transferring files between computers. The File Transfer Protocol (FTP) is used to connect to remote computers, list shared files, and either upload or download files between local and remote computers.
FTP runs over TCP, which provides a connection-oriented, guaranteed data-delivery service. FTP is a character-based command interface, although many FTP applications have graphical interfaces. FTP is still used for file transfer purposes, most commonly as a central FTP server with files available for download. Web browsers can make FTP requests to download programs from links selected on a Web page.
You should become familiar with the basic commands available in an FTP session. To begin a characterbased command session on a Windows computer, follow these steps.
- Open a Command prompt window, type ftp at the prompt, and press Enter.
- This will begin an FTP session on the local machine but will not initialize a connection to another machine.
- Without a connection to another machine, you will not be able to do anything. To connect, type open example.com or open 10.10.10.1, in which exmple.com or 10.10.10.1 is the name or IP address of a host that is available as an FTP server. Most FTP servers require a logon id and password, or they will accept anonymous connections. At this point you will be prompted for a logon ID and password.
- Once you are connected, you can list the files on the remote server by typing dir.
- If you have create privileges on the remote server, you can create a new directory by typing mkdir.
- To download a file, type get filename.txt where filename.txt is the name of the file you are downloading.
To upload a file, typeput filename.txt.
SFTP (Secure File Transfer Protocol)
SSH File Transfer Protocol or SFTP is a network protocol that provides file transfer and manipulation functionality over any reliable data stream.
TFTP (Trivial File Transfer Protocol)
TFTP is used when a file transfer does not require an acknowledgment packet during file transfer. TFTP is used often in router configuration. TFTP is similar in operation to FTP. TFTP is also a command-line-based utility.
One of the two primary differences between TFTP and FTP is speed and authentication. Because TFTP is used without acknowledgment packets, it is usually faster than FTP. TFTP does not provide user authentication like FTP and therefore the user must be logged on to the client and the files on the remote computer must be writable. TFTP supports only unidirectional data transfer (unlike FTP, which supports bi-directional transfer). TFTP is operated over port 69.
SMTP (Simple Mail Transfer Protocol)
SMTP is a standard electronic-mail protocol that handles the sending of mail from one SMTP to another SMTP server. To accomplish the transport, the SMTP server has its own MX (mail exchanger) record in the DNS database that corresponds to the domain for which it is configured to receive mail.
When equipped for two-way communication, mail clients are configured with the address of a POP3 server to receive mail and the address of an SMTP server to send mail. The clients can configure server parameters in the properties sheets of the mail client, basing the choices on an FQDN or an IP address.
SMTP uses TCP for communication and operates on port 25. Simple Mail Transfer Protocol (SMTP) is the application-layer protocol used for transmitting e-mail messages. SMTP is capable of receiving e-mail messages, but it's limited in its capabilities. The most common implementations of SMTP are in conjunction with either POP3 or IMAP4. For example, users download an e-mail message from a POP3 server, and then transmit messages via an SMTP server
HTTP (Hypertext Transfer Protocol)
HTTP is often called the protocol of the Internet. HTTP received this designation because most Internet traffic is based on HTTP. When a user requests a Web resource, it is requested using HTTP. The following is a Web request:
When a client enters this address into a Web browser, DNS is called to resolve the Fully Qualified Domain Name (FQDN) to an IP address. When the address is resolved, an HTTP get request is sent to the Web server. The Web server responds with an HTTP send response. Such communication is done several times throughout a single session to a Web site. HTTP uses TCP for communication between clients and servers. HTTP operates on port 80.
HTTPS (Hypertext Transfer Protocol Secure)
HTTP is for Web sites using additional security features such as certificates. HTTPS is used when Web transactions are required to be secure. HTTPS uses a certificatebased technology such as VeriSign.
Certificate-based transactions offer a mutual authentication between the client and the server. Mutual authentication ensures the server of the client identity, and ensures the client of the server identity. HTTPS, in addition to using certificate-based authentication, encrypts all data packets sent during a session.
Because of the encryption, confidential user information cannot be compromised. To use HTTPS, a Web site must purchase a certificate from a third-party vendor such as VeriSign, CertCo, United States Postal Service, or other certificate providers. When the certificate is issued to a Web site from a third-party vendor, the Web site is using trusted communication with the client. The communication is trusted because the third party is not biased toward either the Web site or the client. To view a certificate during a HTTPS session, simply double-click the lock icon in the lower-right area of the Web browser. HTTPS operates on port 443 and uses TCP for communication.
POP3 / IMAP4 (Post Office Protocol version 3 / Internet Message Access Protocol version 4)
Post Office Protocol 3 (POP3) and Internet Message Access Protocol 4 (IMAP4) are two application-layer protocols used for electronic messaging across the Internet. POP3 is a protocol that involves both a server and a client. A POP3 server receives an e-mail message and holds it for the user. A POP3 client application periodically checks the mailbox on the server to download mail. POP3 does not allow a client to send mail, only to receive it. POP3 transfers e-mail messages over TCP port 110.
IMAP4 is an alternate e-mail protocol. IMAP4 works in the same way as POP3, in that an e-mail message is held on a server and then downloaded to an e-mail client application. Users can read their e-mail message locally in their e-mail client application, but they can't send an e-mail message using IMAP4. When users access e-mail messages via IMAP4, they have the option to view just the message header, including its title and the sender's name, before downloading the body of the message. Users can create, change, or delete folders on the server, as well as search for messages and delete them from the server.
To perform these functions, users must have continued access to the IMAP server while they are working with e-mail messages. With IMAP4, an e-mail message is copied from the server to the e-mail client. When a user deletes a message in the e-mail client, the message remains on the server until it is deleted on the server. POP3 works differently in that an e-mail message is downloaded and not maintained on the server, unless configured otherwise. Therefore, the difference between POP3 and IMAP4 is that IMAP4 acts like a remote file server, while POP3 acts in a store-and-forward manner in its default configuration. (You can configure POP3 clients to leave copies of messages on the server, if you prefer.)
Both Microsoft and Netscape Web browsers have incorporated POP3. In addition, the Eudora and Microsoft Outlook Express e-mail client applications support both POP3 and IMAP4.
Short for Telecommunication Network, a virtual terminal protocol allowing a user logged on to one TCP/IP host to access other hosts on the network. Many people use remote control applications to access computers at their workplace from outside the network. In remote control, a session appears in which the user is able to manage the files on the remote computer, although the session appears to be functioning locally. Telnet is an early version of a remote control application.
Telnet is very basic; it offers solely character-based access to another computer. If you want to see a person's graphical desktop, you would need a different type of protocol, such as Remote Desktop Protocol (RDP), Independent Computing Architecture (ICA), or X Windows. Telnet acts as a user command with an underlying Transmission Control Protocol/Internet Protocol (TCP/IP) protocol that handles the establishment, maintenance, and termination of a remote session. The difference between using Telnet and a protocol such as File Transfer Protocol (FTP), is that Telnet logs you directly on to the remote host, and you see a window into that session on your local computer. A typical Telnet command might be as follows:
Because this particular host is invalid, this command will have no result. However, if it were a valid host the remote computer would ask you to log on with a user ID and password. A correct ID and password would allow you to log on and execute Telnet commands.
You can often use Telnet to manage equipment that lacks a monitor. For example, most routers have Telnet enabled so that the administrator can log in and manage the router. Telnet also provides a quick check to make certain that network connectivity is functioning. Because Telnet sits at the application layer, if it can connect to a remote host, you can be certain that network connectivity between the two hosts is operational, as well as all lower-layer protocols.
SSH (Secure Shell)
is a program for logging in to and executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. When SSH connects and logs in to a specified computer, the user must prove his/her identity to the remote machine which is transmitted across the connection using one of three forms of data encryption. This process makes SSH impervious to Internet eavesdroppers who might otherwise steal account information.
ICMP (Internet Control Message Protocol)
ICMP provides network diagnostic functions and error reporting. One of the most used IP commands is the Packet Internet Grouper (PING) command. When a host PINGS another client, it sends an ICMP ECHO request, and the receiving host responds with an ICMP ECHO REPLY. PING checks network connectivity on clients and routers. ICMP also provides a little network help for routers. When a router is being overloaded with route requests, the router sends a source quench message to all clients on the network, instructing them to slow their data requests to the router.
ARP / RARP (Address Resolution Protocol / Reverse Address Resolution Protocol)
The Address Resolution Protocol (ARP) is an Internet layer protocol that helps TCP/IP network components find other devices in the same broadcast domain. ARP uses a local broadcast (255.255.255.255) at layer 3 and FF:FF:FF:FF:FF:FF at layer 2 to discover neighboring devices. Basically stated, you have the IP address you want to reach, but you need a physical (MAC) address to send the frame to the destination at layer 2.
ARP resolves an IP address of a destination to the MAC address of the destination on the same data link layer medium, such as Ethernet. Remember that for two devices to talk to each other in Ethernet (as with most layer 2 technologies), the data link layer uses a physical address (MAC) to differentiate the machines on the segment. When Ethernet devices talk to each other at the data link layer, they need to know each other’s MAC addresses.
RARP is sort of the reverse of an ARP. In an ARP, the device knows the layer 3 address, but not the data link layer address. With a RARP, the device doesn’t have an IP address and wants to acquire one. The only address that this device has is a MAC address. Common protocols that use RARP are BOOTP and DHCP
NTP (Network Time Protocol)
The Network Time Protocol is used to synchronize the time of a computer client or server to another server or reference time source, such as a radio or satellite receiver or modem. It provides accuracy's typically within a millisecond on LANs and up to a few tens of milliseconds on WANs.
SNMP is a two-way network management protocol. SNMP consists of two components, the SNMP Agent, and the SNMP Management Console. The SNMP Management Console is the server side for SNMP. The management console sends requests to the SNMP Agents as get commands that call for information about the client.
The SNMP Agent responds to the Management Console’s get request with a trap message. The trap message has the requested information for the Management Console to evaluate. Security can be provided in many ways with SNMP; however, the most common form of security for SNMP is the use of community names, associations that link SNMP Agents to their Management Consoles:
- Agents, by default, respond only to Management Consoles that are part of the same community name.
- If an SNMP Agent receives a request from a Management Console that is not part of the same community name, then the request for information is denied.
Because SNMP is an industry-standard protocol, heterogeneous environments are common. Many vendors provide versions of SNMP Management Consoles. Hewlett Packard, for example provides HP Open View (one of the most popular Management Consoles on the market); Microsoft provides SNMP Server with the Windows NT and 2000 Resource Kits and Systems Management Server. SNMP Management Consoles request information according to a Management Information Base (MIB) format. An MIB is a numeric value that specifies the type of request, and to which layer of the OSI model the request is being sent.
SCP (Secure Copy Protocol)
Secure Copy or SCP is a means of securely transferring computer files between a local and a remote host or between two remote hosts, using the Secure Shell (SSH) protocol. The protocol itself does not provide authentication and security; it expects the underlying protocol, SSH, to secure this.
The SCP protocol implements file transfers only. It does so by connecting to the host using SSH and there executes an SCP server (scp). The SCP server program is typically the very same program as the SCP client.
LDAP (Lightweight Directory Access Protocol)
Lightweight Directory Access Protocol, or LDAP, is a networking protocol for querying and modifying directory services running over TCP/IP.
A directory is a set of information with similar attributes organized in a logical and hierarchical manner. The most common example is the telephone directory, which consists of a series of names organized alphabetically, with an address and phone number attached.
An LDAP directory often reflects various political, geographic, and/or organizational boundaries, depending on the model chosen. LDAP deployments today tend to use Domain Name System (DNS) names for structuring the topmost levels of the hierarchy. Deeper inside the directory might appear entries representing people, organizational units, printers, documents, groups of people or anything else which represents a given tree entry.
IGMP (Internet Group Multicast Protocol)
The Internet Group Management Protocol is a communications protocol used to manage the membership of Internet Protocol multicast groups. IGMP is used by IP hosts and adjacent multicast routers to establish multicast group memberships. It is an integral part of the IP multicast specification, like ICMP for unicast connections. IGMP can be used for online video and gaming, and allows more efficient use of resources when supporting these uses.
LPR (Line Printer Remote)
The Line Printer Daemon protocol/Line Printer Remote protocol (or LPD, LPR) also known as the Berkeley printing system, is a set of programs that provide printer spooling and network print server functionality for Unix-like systems.
The most common implementations of LPD are the official BSD UNIX operating system and the LPRng project. The Common Unix Printing System (or CUPS), which is more common on modern Linux distributions, borrows heavily from LPD.
A printer that supports LPD/LPR is sometimes referred to as a "TCP/IP printer" (TCP/IP is used to establish connections between printers and workstations on a network), although that term seems equally applicable to a printer that supports CUPS.