UNIVERSITY INSTITUTE OF ENGINEERING

COMPUTER SCIENCE AND ENGINEERING

Bachelor of Engineering (Computer Science &

Engineering)

Simple Network Protocols

Code: CSC-424
Secured Network Protocols

CSC-424/ CCC-424
Associated Program Outcome

I. Po1 Graduates will evolve as effective professionals by solving real life

problems using computer science knowledge along with focus on team
work, effective communication, divergent thinking and problem solving
skills.

II.PO 2 Graduates with their agility would readily adapt to changing

environments by having learnt new and upcoming technologies.

Course Outcome

CO1 — Knowledge of different protocols and security loopholes

CO 2 — Network Security technologies and protocols
 Contents
S.No. Item Page No.
4.1 Important Definitions 4-1
4.2 ISO Layer Protocols 4-2
4.3 TCP/IP 4-2
4.4 HTTP 4-2
4.5 SHTTP 4-2
4.6 LDAP 4-2
4.7 MIME 4-3
4.8 POP 4-3
4.9 POP3 4-3
4.10 IMAP 4-3
4.11 RMON 4-3
4.12 SNTP 4-4
4.13 SNMP 4-4
4.14 RPC protocols 4-4
4.15 ITOT 4-4
4.16 RDP 4-4
4.17 RUDP 4-5
4.18 TALI 4-5
4.19 TCP 4-5
4.20 UDP 4-5
S.No. Item Page No.
4.21 Compressed TCP 4-5
4.22 Routing protocols 4-6
4.23 Border gateway protocol 4-6
4.24 Storage Area Network and SAN Protocols 4-16
4.25 FDMA 4-17
4.26 Mobile IP 4-19
4.27 Resource Reservation Protocol 4-21
4.28 BGMP 4-21
4.29 IGMP 4-21
4.30 AAA Protocols 4-22
4.31 Tunneling Protocols 4-22
4.32 PPTP: Point-to-Point Tunnel-ing Protocol 4-23
4.33 GRE- Generic Routing Encapsulation 4-23
4.34 IPSEC – Security architecture for IP 4-24
4.35 IPSECIKE 4-24
4.36 Denial-of-Service Attacks 4-25
4.37 IPsec VPN 4-28
4.38 IEEE 802.16 4-28
4.39 Important /fundamentals/ Theorems/Packet Formats 4-30
4.40 Important statements 4-70
4.41 Important contents beyond syllabus 4-75
4.42 Any other important information (Important questions) 4-80
 Syllabus
UNIT-I
OSI: ISO Layer Protocols:-Application Layer Protocols-TCP/IP, HTTP, SHTTP, LDAP, MIME, POP &
POP3-RMON-SNTP-SNMP.
Presentation Layer Protocols: Light Weight Presentation Protocol Session layer protocols –RPC
protocols-transport layer protocols- TOT, RDP, RUDP, TALI, TCP/UDP, compressed TCP.
Network layer Protocols: routing protocols-border gateway protocol-exterior gateway protocol-
internet protocol IPv4- IPv6- Internet Message Control Protocol- IRDP- Transport Layer Security-
TSL-SSL-DTLS.

UNIT-II
Data Link layer Protocol: ARP – IPCP – IPv6CP – RARP – SLIP .Wide Area Network Protocols- ATM
protocols – Broadband Protocols – Point to Point Protocols – Other WAN Protocols- security
issues.
Local Area Network and LAN Protocols: ETHERNET Protocols – VLAN protocols – Wireless LAN
Protocols – Metropolitan Area Network Protocol – Storage Area Network and SAN Protocols -
FDMA, WIFI and WIMAX Protocols- security issues. Mobile IP – Mobile Support Protocol for IPv4
and IPv6 – Resource Reservation Protocol.
Multi-casting Protocol: VGMP – IGMP – MSDP.

UNIT-III
Network Security and Technologies and Protocols: AAA Protocols – Tunneling Protocols –
Secured Routing Protocols – GRE- Generic Routing Encapsulation – IPSEC – Security architecture
for IP – IPSECAH – Authentication Header – ESP – IKE – ISAKMP and Key management Protocol.
IEEE 802.11 - Structure of 802.11 MAC – WEP- Problems with WEP – Attacks and Risk- Station
security – Access point Security – Gate way Security – Authentication and Encryption.
 Important Definitions

ISO Layer Protocols:

OSI protocols are a family of standards for information exchange. These were developed and
designed by the International Organization of Standardization (ISO). In 1977 the ISO model was
introduced, which consisted of seven different layers.

The Physical Layer (Layer 1)

Layer 1 of the OSI model is named the physical layer because it is responsible for the
transmission and reception of wire level data.

The Data Link Layer (Layer 2)

Layer 2 of the OSI model is named the data link layer and is responsible for link establishment
and termination, frame traffic control, sequencing, acknowledgement, error checking, and media
access management.

The Network Layer (Layer 3)

Layer 3 of the OSI model is named the network layer and is where routing of network traffic
begins. The network layer not only makes the traffic routing decisions but also provides traffic
control, fragmentation, and logical addressing (Internet Protocol (IP) addresses).

The Transport Layer (Layer 4)

Layer 4 of the OSI model is named the transport layer and is responsible for message
segmentation, acknowledgement, traffic control, and session multiplexing. The transport layer
also has the ability to perform error detection and correction (resends), message reordering to
ensure message sequence, and reliable message channel depending on the specific transport layer
protocol used.

The Session Layer (Layer 5)

Layer 5 of the OSI model is named the session layer and is responsible for session establishment,
maintenance and termination (the ability to have multiple devices use a single application from
multiple locations).

4-1
The Presentation Layer (Layer 6)
Layer 6 of the OSI model is named the presentation layer and is responsible for character code
translation (i.e. ASCII vs. EBCDIC vs. Unicode), data conversion, compression, and encryption.

The Application Layer (Layer 7)

Layer 7 of the OSI model is named the application layer and is responsible for a number of
different things depending on the application; some of these things include resource sharing,
remote file access, remote printer access, network management, and electronic messaging
(email).

TCP/IP:

It is commonly known as TCP/IP because the original protocols in the suite are the Transmission
Control Protocol (TCP) and the Internet Protocol (IP).

HTTP:
The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative,
and hypermedia information systems. HTTP is the foundation of data communication for the
World Wide Web. Hypertext is structured text that uses logical links (hyperlinks) between nodes
containing text.

SHTTP:
SHTTP. (Secure HTTP) An earlier security protocol that provided secure transactions over the
Web. Working at the application layer rather than the transport layer of the protocol
stack, SHTTP was also used to authenticate the client. In contrast, SSL is used to authenticate the
Web server.

LDAP:
LDAP (Lightweight Directory Access Protocol) is a software protocol for enabling anyone to
locate organizations, individuals, and other resources such as files and devices in a network,
whether on the public Internet or on a corporate intranet.

4-2
MIME:
MIME (Multi:Purpose Internet Mail Extensions) is an extension of the original Internet e:
mail protocol that lets people use the protocol to exchange different kinds of data files on the
Internet: audio, video, images, application programs, and other kinds, as well as the ASCII text
handled in the original protocol, the Simple Mail Transport Protocol (SMTP). In 1991, Nathan
Borenstein of Bellcore proposed to the IETF that SMTP be extended so that Internet (but mainly
Web) clients and servers could recognize and handle other kinds of data than ASCII text. As a
result, new file types were added to "mail" as a supported Internet Protocol file type.

POP:
In computing, the Post Office Protocol (POP) is an application:layer Internet
standard protocol used by local e:mail clients to retrieve e:mail from a remote server over a
TCP/IP connection.

POP3:
POP3 is designed to delete mail on the server as soon as the user has downloaded it. However,
some implementations allow users or an administrator to specify that mail be saved for some
period of time. POP can be thought of as a "store:and:forward" service.

IMAP:
IMAP provides the user more capabilities for retaining e:mail on the server and for organizing it
in folders on the server. IMAP can be thought of as a remote file server.

RMON:
Remote Monitoring (RMON) is a standard specification that facilitates the monitoring of
network operational activities through the use of remote devices known as monitors or
probes. RMON assists network administrators (NA) with efficient network infrastructure control
and management.

4-3
SNTP:
Simple Network Time Protocol (SNTP) is a simplified version of Network Time Protocol (NTP)
that is used to synchronize computer clocks on a network. This simplified version of NTP is
generally used when full implementation of NTP is not needed.

SNMP:
Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting
and organizing information about managed devices on IP networks and for modifying that
information to change device behavior. Devices that typically support SNMP include cable
modems, routers, switches, servers, workstations, printers, and more.

RPC protocols:
Remote Procedure Call (RPC) is a protocol that one program can use to request a service from a
program located in another computer on a network without having to understand the network's
details. A procedure call is also sometimes known as a function call or a subroutine call.

ITOT:
ISO Transport Service on top of TCP (ITOT) is a mechanism that enables ISO applications to be
ported to a TCP/IP network. There are two basic approaches which can be taken when “port:ing”
ISO applications to TCP/IP (and IPv6) environments. One approach is to port each individual
application separately, devel:oping local protocols on top of TCP. A second approach is based on
the notion of layering the ISO Transport Service over TCP/IP. This approach solves the problem
for all applications which use the ISO Transport Service.

RDP:
RDP is a connection:oriented transport protocol designed to ef:ficiently support the bulk transfer
of data for such host moni:toring and control applications as loading/dumping and remote
debugging. It attempts to provide only those services necessary, in order to be efficient in
operation and small in size.

4-4
RUDP:

Reliable UDP (RUDP) is a simple packet based transport protocol, based on RFCs 908 (version
1) and 1151 (version 2), which was intended as a reliable transport protocol to transport
telephony signalling across IP networks. RUDP is designed to allow characteristics of each
connection to be individually configured so that a number of protocols with different transport
requirement can be implemented simultaneously not on the same plat:form.

TALI:

TALI is the interface of a Signalling Gateway, which provides in:terworking between the
Switched Circuit Network (SCN) and an IP network. Since the Gateway is the central point of
signalling information, not only does it provide transportation of signalling from one network to
another, but can also provide additional functions such as protocol translation, security
screening, rout:ing information, and seamless access to Intelligent Network (IN) services on both
networks.

TCP:
Transmission Control Protocol (TCP) is the transport layer pro:tocol in the TCP/IP suite, which
provides a reliable stream de:livery and virtual connection service to applications through the use
of sequenced acknowledgment with retransmission of pack:ets when necessary. Along with the
Internet Protocol (IP), TCP represents the heart of the Internet protocols.

UDP:
UDP is a connectionless transport layer (layer 4) protocol in the OSI model which provides a
simple and unreliable message service for transaction:oriented services. UDP is basically an
interface between IP and upper:layer processes. UDP protocol ports distinguish multiple
applications running on a single device from one another.

Compressed TCP:
Van Jacobson is a compressed TCP protocol which improves the TCP/IP performance over low
speed (300 to 19,200 bps) serial links and to solves problems in link:level framing, address

4-5
assignment, routing, authentication and performance. The compression proposed in the Van
Jacobson protocol is similar in spirit to the Thinwire:II protocol.

Routing protocols:
A routing protocol specifies howrouters communicate with each other, distributing information
that enables them to select routes between any two nodes on a computer network. ... Interior
gateway protocols type 2, distance:vectorrouting protocols, such
as Routing InformationProtocol, RIPv2, IGRP.

Border gateway protocol:

The Border Gateway Protocol (BGP), runs over TCP and is an inter:Autonomous System routing
protocol. BGP is the only pro:tocol that is designed to deal with a network of the Internet’s size,
and the only protocol that can deal well with having mul:tiple connections to unrelated routing
domains.

Exterior gateway protocol:

Exterior Gateway Protocol (EGP) is for exchanging routing in:formation between two neighbor
gateway hosts in a network of autonomous systems. EGP is commonly used between hosts on
the Internet to exchange routing table information. The proto:col is based on periodic polling
using Hello/I:Heard:You (I:H:U) message exchanges to monitor neighbor reachability and Poll
commands to solicit Update responses.

Internet protocol:
The Internet Protocol (IP) is the principal communications protocol in the Internet protocol
suite for relaying datagrams across network boundaries. Its routing function
enables internetworking, and essentially establishes the Internet.

IPv4:
Internet Protocol Version 4 (IPv4) is the fourth revision of the Internet Protocol and a widely
used protocol in data communication over different kinds of networks. IPv4 is a connectionless
protocol used in packet:switched layer networks, such as Ethernet. It provides the logical
connection between network devices by providing identification for each device.

4-6
IPv6:
Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP),
the communications protocol that provides an identification and location system for computers
on networks and routes traffic across the Internet. IPv6 was developed by the Internet
Engineering Task Force (IETF) to deal with the long:anticipated problem of IPv4 address
exhaustion. IPv6 is intended to replace IPv4.

Internet Message Control Protocol:

The Internet Control Message Protocol (ICMP) is a supporting protocol in the Internet
protocol suite. It is used by network devices, including routers, to send error messages and
operational information indicating, for example, that a requested service is not available or that a
host or router could not be reached.[1] ICMP differs from transport protocols such
as TCP and UDP in that it is not typically used to exchange data between systems, nor is it
regularly employed by end:user network applications (with the exception of some diagnostic
tools like ping and traceroute).

IRDP:

ICMP Router Discovery Protocol (IRDP) enables a host to deter:mine the address of a router that
it can use as a default gateway. Similar to ES:IS but used with IP.

TSL:
Transport Layer Security (TLS) Protocol is to provide privacy and data integrity between two
communicating applications. The protocol is composed of two layers: the TLS Record Protocol
and the TLS Handshake Protocol. At the lowest level, layered on top of some reliable transport
protocol (TCP) is the TLS Record Protocol. The TLS Record Protocol is used for encapsulation
of various higher level protocols. One such encapsulated protocol, the TLS Handshake Protocol,
allows the server and client to authenti:cate each other and to negotiate an encryption algorithm
and cryptographic keys before the application protocol transmits or receives its first byte of data.

4-7
SSL:
The Secure Sockets Layer (SSL) and Transport Layer Security (TLS) is the most widely
deployed security protocol used today. It is essentially a protocol that provides a secure channel
between two machines operating over the Internet or an internal network.

DTLS:
Datagram Transport Layer Security (DTLS) is a communications protocol that
provides security for datagram:based applications by allowing them to communicate in a way
that is designed[1][2] to prevent eavesdropping, tampering, or message forgery. The DTLS
protocol is based on the stream:oriented Transport Layer Security (TLS) protocol and is intended
to provide similar security guarantees.

ARP:
Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP
address) to a physical machine address that is recognized in the local network. For example, in IP
Version 4, the most common level of IP in use today, an address is 32 bits long.

IPCP:
In computer networking, Internet Protocol Control Protocol (IPCP) is a Network Control
Protocol (NCP) for establishing and configuring Internet Protocol over a Point:to:Point
Protocol link. IPCP is responsible for configuring the IP addresses as well as for enabling and
disabling the IP protocol modules on both ends of the point:to:point link.

IPv6CP:
IPv6CP is responsible for configuring, enabling, and disabling the IPv6 protocol modules on
both ends of the point:to:point link. IPv6CP uses the same packet exchange mechanism as the
Link Control Protocol (LCP). IPv6CP packets may not be exchanged until PPP has reached the
Network:Layer Protocol phase.

4-8
RARP:

The Reverse Address Resolution Protocol (RARP) is an obsolete computer networking protocol
used by a client computer to request its Internet Protocol (IPv4) address from a computer
network, when all it has available is its link layer or hardware address, such as a MAC address.

SLIP:

Serial Line IP (SLIP) is used for point:to:point serial connec:tions running TCP/IP. SLIP is
commonly used on dedicated serial links and sometimes for dialup purposes, and is usually used
with line speeds between 1200bps and 19.2Kbps. SLIP is useful for allowing mixes of hosts and
routers to communicate with one another (host:host, host:router and router:router are all
common SLIP network configurations).

Wide Area Network Protocols:

A Wide Area Network (WAN) is a computer network covering multiple dis:tance areas, which
may spread across the entire world. WANs often connect multiple smaller networks, such as
local area networks (LANs) or metro area networks (MANs). The world’s most popular WAN is
the Internet. Some seg:ments of the Internet are also WANs in themselves. A wide area network
may be privately owned or rented from a service provider, but the term usu:ally connotes the
inclusion of public (shared user) networks.

ATM protocols:
The Asynchronous Transfer Mode (ATM) comprises a protocol suite under the ATM reference
model which establishes a mech:anism to carry all traffic on a stream of fixed 53:byte packets
(cells). A fixed:size packet can ensure that the switching and multiplexing function could be
carried out quickly and easily. ATM is a connection:oriented technology, i.e. two systems on the
network should inform all intermediate switches about their service requirements and traffic
parameters in order to establish communication.

4-9
BISDN: Broadband Integrat:ed Services Digital Network (Broadband ISDN)
Broadband Integrated Services Digital Network (BISDN or Broadband ISDN) is designed to
handle high:bandwidth appli:cations. BISDN currently uses ATM technology over SONET:
based transmission circuits to provide data rates from 155 to 622Mbps and beyond, contrast with
the traditional narrowband ISDN (or N:ISDN), which is only 64 kps basically and up to 2 Mbps
maximum.

ISDN: Integrated Services Digital Network

Integrated Services Digital Network (ISDN) is a system with digitized phone connections. For
decades, telephony has used purely analogue connections. ISDN is the first protocol to define a
digital communications line that allows for the transmission of voice, data, video and graphics, at
high speeds, over standard communication lines. The various media are simultaneously car:ried
by bearer channels (B channels) occupying a bandwidth of 64 kbits per second (some switches
limit bandwidth to 56 kb/s). A defined data channel (D channel) handles signaling at 16 kb/s or
64 kb/s, depending on the service type. ISDN is not restricted to public telephone networks
alone; it may be transmitted via packet switched networks, telex, CATV networks, etc.

Point to Point Protocols

The Point:to:Point Protocol (PPP) suite provides a standard method for transporting multi:
protocol datagrams over point:to:point links. PPP was originally devised as an encapsulation
pro:tocol for transporting IP traffic between two peers. It is a data link layer protocol (layer 2 in
the OSI model) in the TCP:IP protocol suite over synchronous modem links, as a replacement
for the non:standard layer 2 protocol SLIP. However, other protocols other than IP can also be
carried over PPP, including DECnet and Novell’s Internetwork Packet Exchange (IPX).

Frame Relay:
Frame Relay is a WAN protocol for LAN internetworking which operates at the physical and
data link layer to provide a fast and efficient method of transmitting information from a user
device to another across multiple switches and routers.

4-10
LAPF: Link Access Procedure for Frame Mode Services
Link Access Procedure/Protocol for Frame Mode Services (LAPF) as defined in ITU Q.922, is
an enhanced LAPD (Q.921) with congestion control capabilities for Frame Mode Services in the
Frame Relay network.

Network Security:

Network security is any activity designed to protect the usability and integrity of your network
and data. It includes both hardware and software technologies. Effective network security
manages access to the network. It targets a variety of threats and stops them from entering or
spreading on your network.

Access control:
Not every user should have access to your network. To keep out potential attackers, you need to
recognize each user and each device. Then you can enforce your security policies. You can block
noncompliant endpoint devices or give them only limited access. This process is network access
control (NAC).

Virus:
A computer virus is a type of malicious software program ("malware") that, when
executed, replicates itself by modifying other computer programs and inserting its own
code.[1] Infected computer programs can include, as well, data files, or the "boot" sector of
the hard drive. When this replication succeeds, the affected areas are then said to be "infected"
with a computer virus.

Antivirus and antimalware software:

"Malware," short for "malicious software," includes viruses, worms, Trojans, ransomware, and
spyware. Sometimes malware will infect a network but lie dormant for days or even weeks. The
best antimalware programs not only scan for malware upon entry, but also continuously track
files afterward to find anomalies, remove malware, and fix damage.

4-11
Application security:
Any software you use to run your business needs to be protected, whether your IT staff builds it
or whether you buy it. Unfortunately, any application may contain holes, or vulnerabilities, that
attackers can use to infiltrate your network. Application security encompasses the hardware,
software, and processes you use to close those holes.

Behavioral analytics:
To detect abnormal network behavior, you must know what normal behavior looks like.
Behavioral analytics tools automatically discern activities that deviate from the norm. Your
security team can then better identify indicators of compromise that pose a potential problem and
quickly remediate threats.

Data loss prevention:

Organizations must make sure that their staff does not send sensitive information outside the
network. Data loss prevention, or DLP, technologies can stop people from uploading,
forwarding, or even printing critical information in an unsafe manner.

Firewalls:
Firewalls put up a barrier between your trusted internal network and untrusted outside networks,
such as the Internet. They use a set of defined rules to allow or block traffic. A firewall can be
hardware, software, or both. Cisco offers unified threat management (UTM) devices and threat:
focused next:generation firewalls.

Intrusion prevention systems:

An intrusion prevention system (IPS) scans network traffic to actively block attacks. Cisco Next:
Generation IPS (NGIPS) appliances do this by correlating huge amounts of global threat
intelligence to not only block malicious activity but also track the progression of suspect files
and malware across the network to prevent the spread of outbreaks and reinfection.

Network segmentation:
Software:defined segmentation puts network traffic into different classifications and makes
enforcing security policies easier. Ideally, the classifications are based on endpoint identity, not

4-12
mere IP addresses. You can assign access rights based on role, location, and more so that the
right level of access is given to the right people and suspicious devices are contained and
remediated.

VPN:
A virtual private network encrypts the connection from an endpoint to a network, often over the
Internet. Typically, a remote:access VPN uses IPsec or Secure Sockets Layer to authenticate the
communication between device and network.

Web security:
A web security solution will control your staff’s web use, block web:based threats, and deny
access to malicious websites. It will protect your web gateway on site or in the cloud. "Web
security" also refers to the steps you take to protect your own website.

Wireless security:
Wireless networks are not as secure as wired ones. Without stringent security measures,
installing a wireless LAN can be like putting Ethernet ports everywhere, including the parking
lot. To prevent an exploit from taking hold, you need products specifically designed to protect a
wireless network.

Cryptography:

Cryptography or cryptology (from Greek κρυπτός kryptós, "hidden, secret";

and γράφειν graphein, "writing", or :λογία logia, "study", respectively[1]) is the practice and
study of techniques for secure communication in the presence of third parties
called adversaries.[2] More generally, cryptography is about constructing and
analyzing protocols that prevent third parties or the public from reading private
messages;[3] various aspects in information security such as data confidentiality, data
integrity, authentication, and non:repudiation[4] are central to modern cryptography.

4-13
Symmetric:key cryptography:
Symmetric:key cryptography refers to encryption methods in which both the sender and receiver
share the same key (or, less commonly, in which their keys are different, but related in an easily
computable way). This was the only kind of encryption publicly known until June 1976.[23]

Public:key cryptography:
In public:key cryptosystems, the public key may be freely distributed, while its paired private
key must remain secret. In a public:key encryption system, the public key is used for encryption,
while the private or secret key is used for decryption.

Data privacy:

Data privacy, also called information privacy, is the aspect of information technology (IT) that
deals with the ability an organization or individual has to determine what data in a computer
system can be shared with third parties.

Authentication:

The process of identifying an individual, usually based on a username and password.

In security systems, authentication is distinct from authorization , which is the process of giving
individuals access to system objects based on their identity.

Authorization:

Authorization is the function of specifying access rights/privileges to resources related to

information security and computer security in general and to access control in particular. More
formally, "to authorize" is to define an access policy.

ETHERNET Protocols:

Ethernet protocols refer to the family of local:area networks (LAN) covered by a group of IEEE
802.3 standards. In the Eth:ernet standard, there are two modes of operation: half:duplex and
full:duplex. In the half:duplex mode, data are transmitted using the popular Carrier:Sense
Multiple Access/Collision De:tection (CSMA/CD) protocol on a shared medium. The main
disadvantages of the half:duplex are the efficiency and distance limitation, in which the link

4-14
distance is limited by the minimum MAC frame size. This restriction reduces the efficiency
drasti:cally for high:rate transmission. Therefore, the carrier extension technique is used to
ensure the minimum frame size of 512 bytes in Gigabit Ethernet to achieve a reasonable link
distance.

Fast Ethernet

Fast Ethernet (100BASE:T) offers a speed increase ten times that of the 10BaseT Ethernet
specification, while preserving such qualities as frame format, MAC mechanisms, and MTU.
Such similarities allow the use of existing 10BaseT applications and network management tools
on Fast Ethernet networks. Of:ficially, the 100BASE:T standard is IEEE 802.3u.

Gigabit (1000 Mbps) Ether:net

Ethernet protocols refer to the family of local:area network (LAN) covered by the IEEE 802.3
standard. The Gigabit Ethernet pro:tocol is based on the Ethernet protocol but has tenfold speed
increase over Fast Ethernet, using shorter frames with carrier Extension. It is published as the
IEEE 802.3z and 802.3ab sup:plements to the IEEE 802.3 base standards.

10 Gigabit Ethernet

10:Gigabit Ethernet, standardized in IEEE 802.3ae, offers data speeds up to 10 billion bits per
second. Built on the Ethernet technology used in most of today’s local area networks (LANs), it
offers similar benefits to those of the preceding Ethernet stan:dard. 10:Gigabit Ethernet is used
to interconnect local area net:works (LANs), wide area networks (WANs), and metropolitan area
networks (MANs). 10:Gigabit Ethernet uses the familiar IEEE 802.3 Ethernet media access
control (MAC) protocol and its frame format and size. However, it supports full duplex but not
half:duplex mode and only functions over optical fiber. There:fore, it does not need the carrier:
sensing multiple:access with Collision Detection (CSMA/CD) protocol used in other Ethernet
standards.

VLAN protocols:
Virtual LAN (VLAN) is a group of devices on one or more LANs that are configured so that
they can communicate as if they were attached to the same wire, when in fact they are located on

4-15
a number of different LAN segments. Because VLANs are based on logical instead of physical
connections, they are very flexible for user/host management, bandwidth allocation and resource
optimization.

Wireless LAN Protocols:

The Wireless Local Area Network (WLAN) technology is defined by the IEEE 802.11 family of
specifications. There are currently four specifications in the family: 802.11, 802.11a, 802.11b,
and 802.11g. All four use the Ethernet protocol and CSMA/CA (car:rier sense multiple access
with collision avoidance instead of CSMA/CD) for path sharing.

Metropolitan Area Network Protocol:

A Metropolitan Area Network (MAN) is a computer network usually spanning a campus or a

city, which typically connect a few local area networks us:ing high speed backbone technologies.
A MAN often provides efficient con:nections to a wide area network (WAN).

DQDB

Distributed Queue Dual Bus (DQDB) is a Data:link layer com:munication protocol for
Metropolitan Area Networks (MANs), specified in the IEEE 802.6 standard and designed for use
in MANs. DQDB is designed for data as well as voice and video transmission and is based on
cell switching technology (similar to ATM). DQDB, which permits multiple systems to
interconnect using two unidirectional logical buses, is an open standard that is designed for
compatibility with carrier transmission standards such as SMDS.

SMDS:

Switched Multimegabit Data Service (SMDS) is a broadband networking technology developed

by Bellcore based on the IEEE 802.6 DQDB (Distributed Queue Dual Bus) MAN technol:ogy.

Storage Area Network and SAN Protocols:

Storage Area Network (SAN) is a high:speed network or subnetwork whose primary purpose is
to transfer data between computer and storage systems. A storage device is a machine that

4-16
contains nothing but a disk or disks for storing data. A SAN consists of a communication
infrastructure, which pro:vides physical connections; and a management layer, which organizes
the connections, storage elements, and computer systems so that data transfer is secure and
robust.

FC & FCP:

The Fibre Channel Standards (FCS) define a high:speed data transfer mechanism that can be
used to connect workstations, mainframes, supercomputers, storage devices and displays. FCS
addresses the need for very fast transfers of large vol:umes of information and could relieve
system manufacturers of the burden of supporting the variety of channels and networks currently
in place, as it provides one standard for networking, storage and data transfer. Fibre Channel
Protocol (FCP) is the interface protocol of SCSI on the Fibre Channel.

FDMA:

Frequency division multiple access or FDMA is a channel access method used in multiple:access
protocols as a channelization protocol. FDMA gives users an individual allocation of one or
several frequency bands, or channels. It is particularly commonplace in satellite communication.
FDMA, like other multiple access systems, coordinates access between multiple users.
Alternatives include TDMA, CDMA, or SDMA. These protocols are utilized differently, at
different levels of the theoretical OSI model.

Wi:Fi Security Protocols:

To form a foundation for the later discussion of WiMAX security, let’s review the Wi:Fi
protocols. Wired Equivalency Privacy (WEP) was the first encryption method used for Wi:Fi. It
uses the RC4 cipher for encryption and 128: or 256:bit keys are standard today. WEP was
designed to provide roughly the equivalent of security provided by a wired connection. However,
it was soon discovered that the encryption keys were not strong enough for today’s computing
power. This protocol is still supported by many devices today and has, often in the past, been the
default choice during device setup. This protocol is still being used in many home networks.

4-17
WiMAX Security Protocols :
WiMAX was designed as a solution for the “last mile” of a Wireless Metropolitan Area Network
(WMAN) that would bring internet access to an entire metropolitan area. There are two basic
types of WiMAX, Fixed WiMAX and Mobile WiMAX. Fixed WiMAX is based on the 802.16:
2004 standard and does not handle a base station transfer to another base station. For this reason,
mobility is not supported. Implementations called Mobile WiMAX is based on the 802.16e:2005
amendment to the standard do support base:tobase transfer. From the start, WiMAX was
designed with security in mind. At the loweredge of the Media Access Control sub:layer of
TCP/IP, a privacy sub:layer was defined in the official 802.16e:2005 specification to handle
encryption of packets and key management. To handle authentication, the specification relies on
the already existing Extensible Authentication Protocol (EAP).

The Privacy Layer :

There are two schemes for data encryption, which are supported in the 802.16 standard, the
Advanced Encryption Standard (AES) and Triple Data Encryption Standard (3DES). Both of
these schemes are block ciphers, which are security algorithms which operate on one chunk (or
block) of data at a time vs. stream ciphers which can act on a single byte. AES handles a 128:bit
block of data at a time, and has been shown to be very fast in both software and hardware
implementations.

Authentication:
User and device authentication for WiMAX consists of certificate support using Internet
Engineering Task Force (IETF) Extensible Authentication Protocol. EAP is a structure designed
to perform authentication through the use of functions that can negotiate with many different
possible procedures.

Wireless Control Messages :

Another authentication method used with WiMAX is support for control messages. This type of
handshake is used to assure both the message authenticity and the integrity of the data that the
message contains.

4-18
Fast Handovers :

The process of transferring a connected device from one base station to another is call a
handover or hand:off. There are three handover options specified by IEEE 802.16e:2005 but
support is only required for one, the hard handover (HHO). This is a negotiation scheme that
establishes identification and communication with a new base before releasing the connection
with the old base. This method of handover can help to stop man:in:the:middle:attacks.

Security Attacks:

Wi:Fi and WiMAX use different physical and data layers. As a result, security attacks can differ
depending on which scheme is in place.

Wi:Fi Security Attacks :

Being the older, more prevalent wireless standard, Wi:Fi has long been battered by security
attacks from all sides. Some of the other types of security threats that have been used on Wi:Fi
networks are identity theft in the form of MAC spoofing, man:in:the:middle attacks, Denial:of:
Service (DoS) attacks and network injection attacks where intruders inject commands into the
network to re:configure it.

WiMAX Security Attacks:

Jamming and packet scrambling are the general kinds of attacks that can most affect WiMAX’s
physical layer. Signals in the lower frequencies that cross or are in close proximity to the
WiMAX antenna can produce second and third harmonic waves that interfere and can overload
the WiMAX signal.

Mobile IP:

Mobile IP is the key protocol to enable mobile computing and networking, which brings together
two of the world’s most powerful technologies, the Internet and mobile communication. In
Mobile IP, two IP addresses are provided for each computer: home IP address which is fixed and
care:of IP address which is changing as the computer moves. When the mobile moves to a new

4-19
location, it must send its new address to an agent at home so that the agent can tunnel all
communications to its new address timely.

Mobile node:

A mobile unit that can change links, and therefore addresses, and maintain reachability using its
home address.

Home link:

The link from which the mobile node origi:nates.

Home address:

An address assigned to the mobile node when it is attached to the home link and through which
the mobile node is always reachable, regardless of its location on an IPv6 network.

Home agent:

A router on the home link that maintains registrations of mobile nodes that are away from home
and their current addresses.

Foreign link:

A link that is not the mobile node’s home link.

Care:of address:
An address used by a mobile node while it is attached to a foreign link. The association of a
home address with a care:of address for a mobile node is known as a binding.

Correspondent node:
A node that communicates with a mobile node. A correspondent node does not have to be
Mobile IPv6:capable.

4-20
Resource Reservation Protocol:
Resource ReSerVation Protocol (RSVP) is a resource reservation setup protocol designed for
quality integrated services over the Internet. RSVP is used by a host to request specific qualities
of service from the network for particular application data streams or flows. RSVP is also used
by routers to deliver quality:of:service (QoS) requests to all nodes along the path(s) of the flows
and to establish and maintain state to provide the requested service. RSVP requests will
generally result in re:sources being reserved in each node along the data path.

BGMP :
Border Gateway Multicast Protocol (BGMP) is a protocol for in:ter:domain multicast routing.
BGMP natively supports “source:specific multicast” (SSM). To also support “any:source
multicast” (ASM), BGMP builds shared trees for active multicast groups, and allows domains to
build source:specific, inter:domain, distribution branches where needed. Building upon concepts
from PIM:SM and CBT, BGMP requires that each global multicast group be associated with a
single root. However, in BGMP, the root is an entire exchange or domain, rather than a single
rout:er.

IGMP :
Internet Group Management Protocol (IGMP), a multicasting protocol in the internet protocols
family, is used by IP hosts to report their host group memberships to any immediately neigh:
boring multicast routers. IGMP messages are encapsulated in IP datagrams, with an IP protocol
number of 2. IGMP has ver: sions IGMP v1, v2 and v3.

IGMPv1:
Hosts can join multicast groups. There are no leave messages. Routers use a time:out based
mecha nism to discover the groups that are of no interest to the members.

IGMPv2:
Leave messages were added to the protocol, allowing group membership termination to be
quickly reported to the routing protocol, which is important for high:bandwidth multicast groups
and/or subnet with highly volatile group membership.

4-21
IGMPv3:
A major revision of the protocol allows hosts to specify the list of hosts from which they want to
receive traffic. Traffic from other hosts is blocked inside the net:work. It also allows hosts to
block inside the network packets that come from sources that send unwanted traffic.

MSDP:

The Multicast Source Discovery Protocol (MSDP) describes a mechanism to connect multiple
PIM Sparse:Mode (PIM:SM) do:mains together. Each PIM:SM domain uses its own
independent RP(s) and does not have to depend on RPs in other domains.

AAA Protocols:
AAA: Authorization, Authentication and Accounting is a technology for intel:ligently
controlling access to network resources, enforcing policies, auditing usage, and providing the
information necessary to bill for services. Authenti:cation provides a way of identifying a user,
typically by having the user enter a valid user name and valid password before access is granted.

Kerberos:
Kerberos is a network authentication protocol. Kerberos is de:signed to provide strong
authentication for client/server appli:cations by using secret:key cryptography.

RADIUS:
RADIUS is a protocol for carrying authentication, authorization, and configuration information
between a Network Access Serv:er which desires to authenticate its links and a shared Authen:
tication Server. RADIUS uses UDP as the transport protocol. RADIUS also carries accounting
information between a Network Access Server and a shared Accounting Server.

Tunneling Protocols:
L2F: Layer 2 Forwarding Protocol, The Layer 2 Forwarding protocol (L2F) is used to establish a
se:cure tunnel across a public infrastructure (such as the Internet) that connects an ISP POP to an
enterprise home gateway. This tunnel creates a virtual point:to:point connection between the
user and the enterprise customer’s network.

4-22
L2TP: Layer 2 Tunneling Protocol, The L2TP Protocol is used for integrating multi:protocol
dial:up services into existing Internet Service Providers Point of Pres:ence. PPP defines an
encapsulation mechanism for transport:ing multiprotocol packets across layer 2 (L2) point:to:
point links. Typically, a user obtains a L2 connection to a Network Access Server (NAS) using
one of a number of techniques (e.g., dialup POTS, ISDN, ADSL, etc.) and then runs PPP over
that connec:tion. In such a configuration, the L2 termination point and PPP session endpoint
reside on the same physical device (i.e., the NAS).

PPTP: Point:to:Point Tunnel:ing Protocol:

Point:to:Point:Tunneling Protocol (PPTP) is a networking tech:nology that supports
multiprotocol virtual private networks (VPN), enabling remote users to access corporate
networks securely across the Microsoft Windows NT® Workstation, Windows® 95, and
Windows 98 operating systems and other point:to:point pro:tocol (PPP):enabled systems to dial
into a local Internet service provider to connect securely to their corporate network through the
Internet.

DiffServ: Differentiated Ser:vice Architecture:

Diifrentiated Service (DiffServ) defines an architecture for imple menting scalable service
differentiation in the Internet. A “Service” defines some significant characteristics of packet
transmission in one direction across a set of one or more paths within a network.

GRE: Generic Routing Encapsulation :

Generic Routing Encapsulation (GRE) is a protocol for encapsulation of an arbitrary network
layer protocol over another arbitrary network layer protocol.

In the most general case, a system has a packet, which is called payload, which needs to be
encapsulated and delivered to some destination. The payload is first encapsulated in a GRE
packet. The resulting GRE packet can then be encapsulated in some other protocol and then
forwarded. This outer protocol is called the delivery protocol.

4-23
IPSEC – Security architecture for IP:

Internet Security architecture (IPsec) defines the security ser:vices at the IP layer by enabling a
system to select required security protocols, determine the algorithm(s) to use for the service(s),
and put in place any cryptographic keys required to provide the requested services. IPsec can be
used to protect one or more “paths” between a pair of hosts, between a pair of security gateways,
or between a security gateway and a host.

IPSECAH – Authentication Header:

IP Authentication Header (AH), a key protocol in the IPsec (In:ternet Security) architecture, is
used to provide connectionless integrity and data origin authentication for IP datagrams, and to
provide protection against replays. This latter (optional) service may be selected, by the receiver,
when a Security Association is established. AH provides authentication for as much of the IP
header as possible, as well as for upper level protocol data.

IPSECESP

Encapsulating Security Payload (ESP), a key protocol in the IPsec (Internet Security)
architecture, is designed to provide a mix of security services in IPv4 and IPv6. The IP
Encapsulat:ing Security Payload (ESP) seeks to provide confidentiality and integrity by
encrypting data to be protected and placing the en:crypted data in the data portion of the IP ESP.

IPSECIKE

Internet Key Exchange (IKE) Protocol, a key protocol in the IP:sec architecture, is a hybrid
protocol using part of Oakley and part of SKEME in conjunction with ISAKMP to obtain
authenti:cated keying material for use with ISAKMP, and for other secu:rity associations such as
AH and ESP for the IPsec DOI.

ISAKMP and Key management Protocol

ISAKMP, a key protocol in the IPsec (Internet Security) archi:tecture, combines the security
concepts of authentication, key management, and security associations to establish the re:quired
security for government, commercial, and private com:munications on the Internet.

4-24
IEEE 802.11

802.11 is a member of the IEEE 802 family, which is a series of specifications for local area
network (LAN) technologies. 802.11 is just another link layer that can use the 802.2/LLC
encapsulation. The base 802.11 specification includes the 802.11 MAC and two physical layers:
a frequency:hopping spread:spectrum (FHSS) physical layer and a direct:sequence spread:
spectrum (DSSS) link layer.

BSS and IBSS

The core unit of an 802.11 network is called a Basic Service Set (BSS). A BSS consists of a
central access point (AP) and client stations. The AP coordinates all of the activities within the
BSS. Due to this centralized control, BSS networks are sometimes called infrastructure
networks. A BSS is identified by a service:set identifier (SSID). This can generally be thought of
as the name of the wireless network. A station that wants to join a BSS network will look for
available APs.
WEP

In wireless networks, the word "broadcast" takes on an entirely new meaning. Security concerns
have haunted 802.11 deployments since the standardization effort began. IEEE's attempt to
address snooping concerns culminated in the optional Wired Equivalent Privacy (WEP) standard,
which is found in clause 8.2 of 802.11. WEP can be used by stations to protect data as it
traverses the wireless medium, but it provides no protection past the access point.

Denial:of:Service Attacks
Denial:of:Service (DoS) attacks, which aim to prevent access to network resources, can be
devastating and difficult to protect against. Typical DoS attacks involve flooding the network
with traffic choking the transmission lines and preventing other legitimate users from accessing
services on the network. DoS attacks can target many different layers of the network. In order to
understand the risk of a DoS attack to a wireless network, you must first understand the
difference between various types of DoS attacks.

4-25
Station security
Connecting to a wireless network puts your computer at risk. Eavesdroppers may intercept traffic
sent between client stations and the access point. Malicious access points may attempt to force
associations in order to perform man:in:the:middle attacks. Hackers using the same access point
may try to exploit your computer. Due to the shared, physically unsecured nature of an 802.11
network, client stations are more likely to be the target of an attack.

Client Security Goals

There are two main security considerations for safe usage of a client computer on a wireless
network. The first is preventing a compromise of the client itself. A compromise of the client
could lead to stolen or corrupted data, and provide an entry point for the attacker into the wider
network. The second main consideration is using secure methods to communicate with other
network services from the client.

Audit Logging
Even on client computers, it is very important to pay attention to the logs generated by the
system. These logs can provide notification of attempted or successful compromises of system
security. The location and format of these logs can vary from OS to OS. Monitoring of system
logs can be tedious, and it is easy to become complacent. Because of this, we cover the
installation of swatch, a basic tool to automate log monitoring.
Security Updates
After the system is set up, it is important to monitor the vendor web site for security patches.
Most operating system vendors regularly discover or are notified of new security issues. Make it
a habit to regularly check and download the latest patches, or use an automated updating system
to gather them for you. When doing a fresh OS installation, it is a good idea to download any
security patches on another machine and install them from a burned CD before connecting the
fresh computer to the network.

Access point Security

A wireless access point can come in many shapes and sizes. There are commodity access points
that can be purchased at your local computer store for around a hundred dollars. There are also

4-26
industrial:quality access points sold by companies like Cisco Systems for thousands of dollars.
Alternatively, through the hard work of open source developers, you can turn a Linux, FreeBSD,
or OpenBSD host into an access point. Regardless of the type of access points you use, securing
them is critical to the security of your entire network infrastructure. By using encryption,
authentication, and proper monitoring, your access points will facilitate secure wireless
communication.
General Access Point Security
Several security features are common across most access point vendors. The manner in which
these features are configured vary from vendor to vendor. Please consult the documentation that
came with your access point to determine the correct method. None of the features mentioned
offer are bulletproof security, but they raise the bar substantially for an attacker

Gate way Security

Until very recently, a firewall has been the frontline security device in most networks. Attacks
have historically been launched against layer 3 or above. Firewalls have advanced over the years,
evolving from glorified IP access lists to stateful, application aware security devices. With the
wide:scale deployment of wireless networks, suddenly layer 1 and layer 2 security has become a
hot topic. A wireless access point and wireless client must be able to defend themselves and their
resources in an attempt to retain the integrity of the network.

Authentication and Encryption

WEP provides a basic layer of encryption for traffic in 802.11 networks. But, even beyond the
previously discussed problems of WEP, it does not provide authentication or integrity checks of
the data on the network. There are several other tools that can be used to bolster the security of
the network by providing these services. Using them individually, or in conjunction, can add
important safeguards.
Portals
A captive portal is a router or gateway host that will not allow traffic to pass until authentication
conditions are met. They see wide use commercially in pay:for:use public access networks, such
as those found in hotels and airports.

4-27
IPsec VPN
IPsec is a very powerful protocol. Properly used, it can provide a high degree of integrity and
confidentiality of data transiting a network. Since these are two traits wireless networks generally
do not have, IPsec is a natural supplement for wireless networks.
IEEE 802.16

The IEEE 802.16 Working Group is the IEEE group for wireless metropolitan area network. The
IEEE 802.16 standard defines the Wireless MAN (metropolitan area network) air interface
specification (officially known as the IEEE WirelessMAN* standard).

IEEE 802.16A

The IEEE 802.16a standard allows users to get broadband connectivity without needing direct
line of sight with the base station. The IEEE 802.16a specifies three air interface specifications
and these options provide vendors with the opportunity to customize their product for different
types of deployments.

WCDMA

The 3 rd generation wideband code division multiple access (WCDMA) system is a mobile radio
communication system that provides for high:speed data and voice communication services.
WCDMA is one of two technologies that are being used to fulfill the radio access requirements
of universal mobile telecommunications system (UMTS).

Radio Resource Control (RRC)

The radio resource control (RRC) is a layer 3 (network) protocol that controls the setup,
management, and termination of physical and logical channels between the base station and the
mobile device. It oversees the signaling on the common control and dedicated control channels.
RRC signaling messages are also used to provide for channel quality measurements that are used
for channel handovers.

4-28
Packet Data Convergence Protocol (PDCP)
The packet data convergence protocol (PDCP) coordinates the efficient transfer and control of
packet data transmission. The main functions of PDCP include compression of the headers
during packet transmission over the radio channel (remove redundant packet header information)
and to ensure reliable packet transfer (sequentially numbering and verifying packet delivery).

4-29
 Important /fundamentals/ Theorems/Packet Formats
BOOTP: Bootstrap Protocol:
Protocol Structure

Op The message operation code. Messages can be either BOOTREQUEST

orOOTREPLY.
Htype The hardware address type. Hlen The hardware addresslength. Xid The
transaction ID.
Secs Thesecondselapsedsincetheclientbeganthe address acquisition or renewalprocess.
Flags The flags.
Ciaddr The client IPaddress.
Yiaddr The “Your” (client) IPaddress.
Siaddr TheIPaddressofthenextservertouseinboot: strap.
Giaddr The relay agent IP address used in booting via a relayagent.
Chaddr The client hardware address.
Sname Optional server host name, null terminated string
File Boot file name, null terminated string; generic name or null in DHCPDISCOVER,
fully qualified directory:path name in DHCPOFFER.
Options Optional parameters field.

4-30
DCAP: Data Link Switching Client Access Protocol
Protocol Structure

Protocol ID The Protocol ID is set to 1000.

Versionnumber The Version number is set to 0001.
Messagetype The message type is theDCAP message type.
Packetlength The total packet length is the lengthof
thepacketincludingtheDCAPheader, DCAP data and user data.
The mini: mum size of the packet is 4, which is the length of
theheader.

DHCP: Dynamic Host Configuration Protocol:

Protocol Structure

Op The message operation code. Messages can be either BOOTREQUEST

orBOOTREPLY.
Htype The hardware address type. Hlen The hardware addresslength.

Xid The transaction ID.

Secs Thesecondselapsedsincetheclientbeganthe address acquisition or
renewalprocess.
Flags The flags.

4-31
 Ciaddr The client IPaddress.
Yiaddr The “Your” (client) IPaddress.
Siaddr TheIPaddressofthenextservertouseinboot: strap.
Giaddr The relay agent IP address used in booting via a relayagent.
Chaddr The client hardware address.
Sname Optional server host name, null terminated string
File Boot file name, null terminated string; generic
nameornullinDHCPDISCOVER,fullyqualified directory:path
name inDHCPOFFER.
Options Optional parameters field. See the options doc: uments for a list of defined
options.
DNS: Domain Name System (Service) protocol:
Protocol Structure

ID 16:bit field used to correlate queries and re: sponses.

Q 1:bitfieldthatidentifiesthemessageasaquery orresponse.

Query 4:bit field that describes the type of message: 0 Standard query (name
to address); 1 Inverse query; 2 Server statusrequest.
A Authoritative Answer. 1:bit field. When set to 1, identifies the
response as one made by an au: thoritative nameserver.
T Truncation. 1:bit field. When set to 1, indicates the message has
beentruncated.
R 1:bit field. Set to 1 by the resolve to request re: cursive service by the
nameserver.
V 1:bit field. Signals the availability of recursive service by the
nameserver.

4-32
 B 3:bit field. Reserved for future use. Must be set to0.
Rcode Response Code. 4:bit field that is set by the name server to identify the
status of thequery.
Question count: 16:bit field that defines the number of entries in the
questionsection.
Answer count: 16:bit field that defines the number of resource records in the
answersection.
Authority count: 16:bit field that defines the number
ofnameserverresourcerecordsintheauthority section.
Additional count: 16:bit field that defines the number of resource records in the
additional records section.

HTTP: Hypertext Transfer Protocol:

The request message has the following format:

The response message has the following format:

S HTTP: Secure Hypertext Transfer Protocol:

The request message has the following format:

4-33
 The response message has the following format:

MIME (S MIME): Multipurpose Internet Mail Extensions and Secure MIME:

Protocol Structure

Definition of MIME header fields is as follows:

entity:headers := [ content CRLF ]

[ encoding CRLF ] [ id CRLF ]
[ description CRLF ]
*( MIME:extension:field CRLF )
MIME:message:headers := entity:headers
fields
version CRLF;
The ordering of the header;
fields implied by this BNF;
definition should be ignored.
MIME:part:headers := entity:headers
[ fields ];
Any field not beginning with;
“content:” can have no defined;
meaning and may be ignored.;
The ordering of the header;
fields implied by this BNF;
definition should be ignored

4-34
POP and POP3: Post Office Protocol (version 3):

4-35
RMON: Remote Monitoring MIBs (RMON1 and RMON2):

4-36
 RMON 2
Functions
MIB Group
The Protocol Directory is a simple and
interoperable way for an RMON2 applica: tion to
establish which protocols a particular RMON2
Protocol Directory
agent implements. This is especially important
when the application and the agent are from
different vendors
Mapping the data collected by a probe to the
Protocol Distribution correct protocol name that can then be
displayed to the network manager.
Address translation between MAC:layer ad:
dresses and network:layer addresses which are
much easier to read and remember. Ad: dress
Address mapping translation not only helps the network manager, it
supports the SNMP management platform and will
lead to improved topology maps.

Network Layer host Network host (IP layer) statistics

Stores and retrieves network layer (IP layer)
Network layer matrix statistics for conversations between sets of two
addresses.
Application layer host Application host statistic
Stores and retrieves application layer statis: tics
Application layer
for conversations between sets of two addresses.
matrix

This feature enables the network manager to

configure history studies of any counter in the
User history system, such as a specific history on a
particular file server or a router:to:router
connection
This RMON2 feature enables one vendor’s
Probe configuration RMON application to remotely configure
another vendor’s RMON probe.

SMTP: Simple Mail Transfer Protocol:

Command Description
DATA Begins message composition.
EXPN <string> Returns names on the specified mail list.
HELO <domain> Returns identity of mail server.
Returns information on the specified com:
HELP <command>
mand.
MAIL FROM <host> Initiates a mail session from host.
Causes no action, except acknowledge:
NOOP
ment from server.
QUIT Terminates the mail session.
RCPT TO <user> Designates who receives mail.
RSET Resets mail connection.
SAML FROM <host> Sends mail to user terminal and mailbox.
SEND FROM <host> Sends mail to user terminal.
SOML FROM <host> Sends mail to user terminal or mailbox.
TURN Switches role of receiver and sender.
VRFY <user> Verifies the identity of a user.

4-37
SNMP: Simple Network Management Protocol:

Protocol Structure
SNMPisanapplicationprotocol,whichisencapsulatedinUDP. The general SNMP message format
for all versions is shown below:

Version Community PDU

Version :: SNMP version number. Both the manager

andagentmustusethesameversionofSNMP.Mes: sages containing different version numbers
are dis: carded without furtherprocessing.
Community :: Community name used for authenticating the manager before allowing access
to the agent.
PDU (Protocol Data Unit) :: The PDU types and for: mats for SNMPv1, v2 and v3 will be
explained in the corresponding sections.

SNTP: Simple Network Time Protocol:

2 5 8 16 24 32bit
LI VN Mode Stratum Poll Precision
Root Delay
Root Dispersion
Reference Identifier
Reference timestamp (64)
Originate Timestamp (64)

LI Leap Indicator warning of impending leap:sec: ond to be inserted at the

end of the last day of the currentmonth.
VN Version number indicating the versionnumber.

4-38
Mode & The mode: This field can contain the following values:

Reserved.
Symmetricactive.
Client.
Server.
Broadcast.
NTP controlmessage.
Stratum

An integer identifying the stratum level of the local clock.

Poll

Signed integer indicating the maximum interval between successive messages, in

seconds to the nearest power of2.
Precision

Signed integer indicating the precision of the local clock, in seconds to the nearest
power of 2.
Root Delay

Signed fixed:point number indicating the total roundtrip delay to the primary
reference source, in seconds with fraction point between bits 15 and 16.
Root Dispersion

Unsigned fixed:point number indicating the nominal error relative to the primary
reference source, in seconds with fraction point between bits 15 and 16.
Reference Identifier

Identifying the particular reference source.

Originate Timestamp

Thisisthetimeatwhichtherequestdepartedtheclientfor the server, in 64:bit

timestampformat.

4-39
 Receive Timestamp

Thisisthetimeatwhichtherequestarrivedattheserver, in 64:bit timestampformat.

Transmit Timestamp

This is the time at which the reply departed the server for the client, in 64:bit
timestamp format.
Authenticator (optional)

When the NTP authentication scheme is implemented, the Key Identifier and Message Digest
fields contain the message authentication code (MAC) information defined.

RPC: Remote Procedure Call protocol:

ITOT: ISO Transport Service on top of TCP:

Protocol Structure

8 16 32bit Variable
Version Reserved Packet Length TPDU
Message Length

Protocol Version: Value: 3

Reserved : Value: 0
Packet Length : Value: Length of the entire TPKT in oc: tets, including Packet
Header

4-40
 TPDU : ISO Transport TPDU as defined in ISO 8073.

RDP: Reliable Data Protocol:

Protocol Structure
1 2 3 4 5 6 8 16bit
SYN ACK EAK RST NUL 0 Ver No Header Length
Source Port
Destination Port
Data Length
Sequence Number
Acknowledgement Number
Checksum
Variable header area …

Control flags
The 8 control bits are divided as follows:.

SYN The SYN bit indicates a synchronization seg: ment ispresent.

ACK The ACK bit indicates the acknowledgment number in the
header isvalid.
EACK The EACK bit indicates an extended acknowl: edge segment is
present.
RST TheRSTbitindicatesthepacketisaresetseg: ment.
NUL The NUL bit indicates the packet is a null seg: ment.
0: The value of this field must be zero.
Ver no: version number; current version is 2.
Header length

The length of the RDP header.

Source Ports

Source address to identify the processes that origi: nated the communication. The
combination of the port identifiers with the source and destination addresses in the
network access protocol header serves to fully qualify the connection and constitutes the

4-41
connection identifier.ThispermitsRDPtodistinguishmultiplecon: nections between
twohosts.

Destination Ports

Destination address to identify the processes targeted in the communication.

Data Length

The length in octets of the data in this segment. The data length does not include the RDP
header.

Sequence number

The sequence number of this segment.

Acknowledgement number

If the ACK bit is set in the header, this is the sequence

numberofthesegmentthatthesenderofthissegment last received correctly and in
sequence. Once a con: nection is established this should always besent.
Checksum

The checksum to ensure integrity

Variable Header Area

This area is used to transmit parameters for the SYN and EACK segments.

4-42
RUDP: Reliable User Datagram Protocol (Reliable UDP):
Protocol Structure
The basic TFTP header structure:
1 2 3 4 5 6 7 8 16bit
Header
SYN ACK EAK RST NUL CHK TCS 0
Length
Sequence number Ack number
Checksum

Control bits

Indicate what is present in the packet. Details as follows:

SYN The SYN bit indicates a synchronization seg: ment is present.

ACK The ACK bit indicates the acknowledgment number in the header
is valid.
EACK The EACK bit indicates an extended acknowl: edge segment is
present.
RST The RST bit indicates the packet is a reset seg: ment.
NUL The NUL bit indicates the packet is a null seg: ment.
CHK The CHK bit indicates whether the Checksum field contains the
checksum of just the header or the header and the body (data).
TCS The TCS bit indicates the packet is a transfer connection state
segment.
0 The value of this field must bezero.

Header length

Indicates where user data begins in the packet.

Sequence number

When a connection is first opened, each peer randomly picks an initial sequence
number. This sequence num: ber is used in the SYN segments to open the
connection. Eachtransmitterincrementsthesequencenumberbefore sending a data,

4-43
 null, or resetsegment.
Acknowledgement number

This field indicates to a transmitter the last in: sequence packet the receiver has
received.
Checksum

The checksum is always calculated on the RUDP header to ensure integrity. The
checksum here is the same algo: rithm used in UDP and TCP headers.

TALI: Tekelec’s Transport Adapter Layer Interface:

Protocol Structure
The basic TFTP header structure:
16 32bit
SYNC
OpCode
Length Service message data
SYNC

Four bytes must be (54 41 4C 49) TALI in ASCII.

OpCode

Operation code are specified as follows: Type of frame

Test Service on this Socket test
Allow Service messages on this socket allow Prohibit Service messages on this
socket proh Prohibit Service messages Ack proa
Monitor Socket message on this socket moni Monitor Socket message Ack mona
SCCP Service message sccp ISUP Service message isot MTP3 Service message
mtp3 MTP Primitives mtpp
SCCP Primitives scpp Routing Key Registration rkrg
Routing Key De:Registration rkdr Special Service Message spcl

Length

The length of the frame. Non:zero if message contains a Service or Monitor Socket
message.

4-44
 Service message data
The service message data.

TCP: Transmission Control Protocol

Protocol Structure
16 32bit
Source port Destination port
Sequence number
Acknowledgement number
Re:
Offset U A P R S F Window
served
Checksum Urgent pointer
Option + Padding
Data

Source port :: Identifies points at which upper:layer source process receives

TCPservices.
Destination port :: Identifies points at which upper:layer Destination process
receives TCPservices.
Sequence number :: Usually specifies the number as: signed to the first byte of
data in the current message. In the connection:establishment phase, this field
also canbeusedtoidentifyaninitialsequencenumbertobe used in an
upcomingtransmission.
Acknowledgment number – Contains the sequence
numberofthenextbyteofdatathesenderofthepacket expects to receive. Once a
connection is established, this value is alwayssent.
Data offset :: 4 bits. The number of 32:bit words in the TCP header indicates
where the databegins.
Reserved :: 6 bits. Reserved for future use. Must be zero.
Control bits (Flags) :: 6 bits. Carry a variety of control information. The control
bits maybe:
U(URG) Urgent pointer fieldsignificant.
A(ACK) Acknowledgment field significant. P(PSH) Push function.
R(RST) Reset theconnection.

4-45
 S(SYN) Synchronize sequence numbers. F(FIN) No more data
fromsender.
Window :: 16 bits. Specifies the size of the sender’s re: ceive window, that is,
the buffer space available in oc: tets for incomingdata.
Checksum :: 16 bits. Indicates whether the header was damaged intransit.
Urgent Pointer :: 16 bits. Points to the first urgent data byte in thepacket.
Option + Paddling – Specifies various TCP options. There are two possible
formats for an option: a single octet of option type; an octet of option type, an
octet of option length and the actual option dataoctets.
Data – contains upper:layerinformation.

UDP: User Datagram Protocol:

Protocol Structure
16 32bit
Source port Destination port
Length Checksum
Data

Sourceport–16bits.Sourceportisanoptionalfield. When used, it indicates the port of

the sending pro: cess and may be assumed to be the port to which
areplyshouldbeaddressedintheabsenceofany other information. If not used, a value of
zero is in: serted.
Destinationport–16bits.Destinationporthasa meaning within the context of a
particular Internet destination address.
Length–16bits.Thelengthinoctetsofthisuserda:
tagram,includingthisheaderandthedata.Themini: mum value of the length
iseight.
Checksum :: 16:bits The sum of a pseudo header of information from the IP
header, the UDP header and the data, padded with zero octets at the end, if
necessary, to make a multiple of two octets.
Data – Contains upper:level datainformation.

4-46
Van Jacobson: Compressed TCP protocol:

Protocol Structure
The format of the compressed TCP is as follows:
C I P S A W U
Connection number (C)
TCP checksum
Urgent pointer (U)
D Window (W)
D Ack (A)
D Sequence (S)
D IP ID (I)
Data

C, I, P, S, A, W, U : Change mask. Identifies which of the fields expected to change per:packet

actually changed.
Connectionnumber:Usedtolocatethesavedcopyofthe last packet for this TCPconnection.
TCP checksum : Included so that the end:to:end data in: tegrity check will still be valid.
Urgent pointer : This is sent if URG is set.
D values for each field : Represent the amount the asso: ciated field changed from the original
TCP (for each field specified in the change mask).

BGP (BGP&4): Border Gateway Protocol:

Protocol Structure
Length Type
Marker (16 bytes)
(2 bytes) (1 byte)

Marker Message containing a value predictable by the receiver of the message.

Length The length of the message including the head: er.
Type The message type. Possible messages are: Open, Update,
Notification,KeepAlive.
After a transport protocol connection is established, the first message sent by each
side is an OPEN message. If the OPEN message is acceptable, a KEEPALIVE
message confirming the OPEN is sent back. Once the OPEN is confirmed, UP:
DATE, KEEPALIVE, and NOTIFICATION messages may be exchanged. The
format of each type of messages could be found in the refer: ence documents.

4-47
EGP: Exterior Gateway Protocol:

Protocol Structure
Here are the EGP message types:
Name Function
Request request acquisition of neighbor and/or initial: ize pollingvariables
Confirm confirm acquisition of neighbor and/or initial: ize pollingvariables
Refuse refuse acquisition of neighbor Cease request de:
acquisition of neighbor Cease:ack confirm de:acquisition of
neighbor Hello request neighborreachability
I:H:U confirm neighbor reachability Poll request netreachability
update Update netreachabilityupdate
Error error.
The common portion of the message format:
8 16 24 32bit
Version Type Code Status
Checksum Autonomous System number
(Different for different mes:
Sequence number
sages)

Version :: The version number. This version is ver: sion2.

Type :: Identifies the messagetype.
Code :: Identifies the messagecode.
Status :: Contains message:dependent status infor: mation.
Checksum :: The EGP checksum is the 16:bitone’s complement of the
one’s complement sum of the EGP message starting with the EGP
versionnumber field. When computing the checksum thechecksum field
itself should be zero.
Autonomous System Number :: Assigned number identifying the
particular autonomoussystem.
Sequence Number :: Send state variable (com: mands) or receive
state variable (responses and in: dications).

4-48
IP: Internet Protocol (IPv4):
Protocol Structure
4 8 16 32bit
Version IHL Type of service Total length
Fragment
Identification Flags
offset
Header
Time to live Protocol
checksu
m
Source address
Destination address
Option + Padding
Data

Version— 4:bit field indicates the version of IP cur: rentlyused.

IP Header Length (IHL)— is the datagram header length in 32:bit words.
Points to the beginning of the data. The minimum value for a correct header
is5.
Type:of:Service— indicates the quality of service desired by specifying how
an upper:layer protocol wouldlikeacurrentdatagramtobehandled,andas:
signsdatagramsvariouslevelsofimportance.These 8 bits fields are used for the
assignment of Prece: dence, Delay, Throughput andReliability.
Total Length—specifies the length, in bytes, of the entire IP packet, including
the data and header. The maximum length which can be specified by this field
is 65,535 bytes. Typically, hosts are prepared to ac: cept datagrams up to
576bytes.
Identification—contains an integer that identifies the current datagram. This
field is assigned by senderto help receiver to assemble the
datagramfragments.
Flags—consists of a 3:bit field of which the two low: order (least:significant)
bits control fragmentation. The low:order bit specifies whether the packet can
be fragmented. The middle bit specifies whether the packet is the last
fragment in a series of fragmented packets. The third or high:order bit is
notused.
FragmentOffset—This13:bitsfieldindicatesthepo: sition of the fragment’s data

4-49
 relative to the beginning ofthedataintheoriginaldatagram,whichallowsthe
destination IP process to properly reconstruct the originaldatagram.
Time:to:Live— is a counter that gradually decre: ments down to zero, at
which point the datagram is discarded.Thiskeepspacketsfromloopingendless:
ly.
Protocol—indicates which upper:layer protocol re: ceives incoming packets
after IP processing is com: plete.
Header Checksum—helps ensure IP header integ: rity. Since some header
fields change, e.g., Time to Live,thisisrecomputedandverifiedateachpointthe
Internet header isprocessed.
Source Address—specifies the sendingnode.
Destination Address—specifies the receivingnode.
Options—allows IP to support various options, such assecurity.
Data—contains upper:layerinformation.

IPv6: Internet Protocol version 6:

Protocol Structure
4 12 16 24 32bit
Version Priority Flow label
Payload length Next header Hop limit
Source address (128 bits)
Destination address (128 bits)

Version – 4:bit Internet Protocol Version number (IPv6 is6).

Priority::8:bittrafficclassfieldenablesasourceto identify the desired delivery priority of
the packets. Priority values are divided into ranges: traffic where the source provides
congestion control andnon:congestion control traffic.
Flow label :: 20:bit flow label is used by a source to label those products for
which it requests special handlingbytheIPv6router.Theflowisuniquelyiden:
tified by the combination of a source address and a non:zero flowlabel.
Payloadlength::16:bitintegerinoctetsisthelength of payload includingheader.
Next header – 8:bit selector identifies the type of header immediately
following the IPv6header.

4-50
 Hop limit :: 8:bit integer that is decremented by one
byeachnodethatforwardsthepacket.Thepacketis discarded if the Hop Limit is
decremented tozero.
Sourceaddress::128:bitaddressoftheoriginatorof the packet.
Destination address :: 128:bit address of the intend: ed recipient of the packet
(possibly not the ultimate recipient, if a Routing header ispresent).

ICMP & ICMPv6: Internet Message Control Protocol and ICMP version 6:

Protocol Structure
8 16 32bit
Type Code Checksum
Identifier Sequence number
Address mask

Type:: Messages can be error or informationalmes sages. Error messages can

be Destination unreach: able, Packet too big, Time exceed, Parameter prob:
lem. The possible informational messages are, Echo Request, Echo Reply,
Group Membership Query, Group Membership Report, Group Membership
Re duction.
Code :: For each type of message several different codes are defined. An
example of this is the Desti: nation Unreachable message, where possible
mes: sages are: no route to destination, communication with destination
administratively prohibited, not a neighbor, address unreachable, port
unreachable. For further details, refer to thestandard.
Checksum :: The 16:bit one’s complement of the one’s complement sum of
the ICMP message start: ing with the ICMP Type. For computing the check:
sum, the checksum field should bezero.
Identifier :: An identifier to aid in matching requests/ replies; may bezero.
Sequence number :: Sequence number to aid in matching requests/replies;
may bezero.
Address mask :: A 32:bitmask.

4-51
IRDP: ICMP Router Discovery Protocol:

Protocol Structure
ICMP Router Advertisement Message
8 16 32bit
Type Code Checksum
Num addrs Addr Entry Size Life Time
Router address 1
Preference Level 1
…

IP Fields:
Source Address : An IP address belonging to the in: terface from which this
message issent.
Destination Address : The configured Advertisement Address or the IP
address of a neighboringhost.
Time:to:Live : 1 if the Destination Address is an IP multicast address; at
least 1otherwise.

Checksum field is set to 0.

NumAddrs : The number of router addresses adver: tised in thismessage.
AddrEntrySize:Thenumberof32:bitwordsofin formation per each router
address (2, in the version of the protocol described here).
Lifetime : The maximum number of seconds that the router addresses may be
consideredvalid.
Router Address[i] : The sending router’s IP address(es) on the i = 1..Num
Addrsinterface from which this message issent.
Preference Level[i] : The preferability of eachRouter Address[i] i = 1..Num Addrs as a default
router ad: dress,relativetootherrouteraddressesonthesame subnet.

ICMP Router Solicitation Message:

8 16 32bit
Type Code Checksum
Reserved

P Fields:
Source Address : An IP address belonging to the inter: face from which this

4-52
 message is sent, or0.
Destination Address : The configured SolicitationAd: dress.
Time:to:Live : 1 if the Destination Address is an IP mul: ticast address; at least
1otherwise.
ICMP Fields:
Type :10
Code :0
Checksum : The 16:bit one’s complement of the one’s
complementsumoftheICMPmessage,startingwiththe ICMP Type. For computing
the checksum, the Check: sum field is set to0.
Reserved : Sent as 0; ignored onreception.

Mobile IP: IP Mobility Support Protocol for IPv4 & IPv6:

Key Features Mobile Mobile
IPv4 IPv6
Special router as foreign agent Yes No
Support for route optimization Part of the In Exten:
protocol sions
Ensuresymmetricreachabilitybe: No Yes
tweenmobilenodesanditsrouter at
currentlocation
Routing bandwidth overhead More Less
Decouple from Link Layer No Yes
Need to manage “Tunnel soft state” Yes No

Dynamic home agent address No Yes

discovery

Protocol Structure

Mobility IPv6 Protocol header structure:

8 16 24 32bit
Next Header Length Type reserved
Checksum Data :::

Next Header : Identifies the protocol following this header.

Length : 8 bits unsigned. Size of the header in units of 8 bytes excluding the first 8

4-53
 bytes.
Type : Mobility message types.

Type Description
0 BRR, Binding Refresh Request.
1 HoTI, Home Test Init.
2 CoTI, Care:of Test Init.
3 HoT, Home Test.
4 CoT, Care:of Test.
5 BU, Binding Update.
6 Binding Acknowledgement.
7 BE, Binding Error.

Reserved : MUST be cleared to zero by the sender and MUST be ignored by the receiver.
Checksum : The 16 bit one’s complement checksum of the Mobility Header.
Data : Variable length.

OSPF: Open Shortest Path First protocol (version 2):

Protocol Structure
8 16 32bit
Version No. Packet Type Packet length
Router ID
Area ID
Checksum AuType
Authentication (64 bits)

Version number : Protocol version number (currently 2).

Packet type : Valid types are as follows:
Hello
DatabaseDescription
Link StateRequest
Link StateUpdate
Link StateAcknowledgment.
Packet length : The length of the protocol packet in
bytes.ThislengthincludesthestandardOSPFhead: er.

4-54
 Router ID : The router ID of the packet’s source. In OSPF, the source and
destination of a routing pro: tocol packet are the two ends of a (potential)
adja: cency.
AreaID:identifyingtheareathatthispacketbelongs to. All OSPF packets are
associated with a single area. Most travel a single hoponly.
Checksum : The standard IP checksum of the entire
contentsofthepacket,startingwiththeOSPFpacket header but excluding the 64:
bit authenticationfield.
AuType : Identifies the authentication scheme to be used for thepacket.
Authentication : A 64:bit field for use by theauthenti: cation scheme.

RIP: Routing Information Protocol (RIP2):

Protocol Structure
8 16 32bit
Command Version Unused
Address family identifier Route tag (only for RIP2; 0 for RIP)
IP address
Subnet mask (only for RIP2; 0 for RIP)
Next hop (only for RIP2; 0 for RIP)
Metric

Command :: The command field is used to specify the purpose of the datagram.
There are five com: mands: Request, Response, Traceon (obsolete), Traceoff
(Obsolete) andReserved.
Version :: The RIP version number. The current ver: sion is2.
Address family identifier :: Indicates what type ofad: dress is specified in this
particular entry. This isused because RIP2 may carry routing information for sev:
eral different protocols. The address family identifier for IP is 2.
Routetag::Attributeassignedtoaroutewhichmust be preserved and readvertised with a
route. The route tag provides a method of separating internal
RIProutes(routesfornetworkswithintheRIProuting domain) from external RIP routes,
which may have been imported from an EGP or anotherIGP.
IP address :: The destination IPaddress.

4-55
 Subnet mask :: Value applied to the IP address to yieldthenon:
hostportionoftheaddress.Ifzero,then no subnet mask has been included for thisentry.
Next hop :: Immediate next hop IP address to which packets to the destination
specified by this route en: try should beforwarded.
Metric :: Represents the total cost of getting a data: gram from the host to that
destination. This metric is the sum of the costs associated with the networks that
would be traversed in getting to thedestination.

RIPng: Routing Information Protocol next generation for IPv6:

Protocol Structure
Command (1 byte) Version (1 byte) 0 (2 bytes)
Route table entry 1 (20 bytes)
..
Route table entry N (20 bytes)

Command :: Two commandsare:

Request A request for the responding system to send all or part of its
routingtable
Response A message containing all or part of the sender’s
routingtable.
Version :: The version of the protocol. The current version is version1.
Routetableentry::Eachroutetableentrycontainsa
destinationprefix,thenumberofsignificantbitsinthe prefix and the cost of
reaching thatdestination.

RSVP: Resource ReSerVation Protocol:

Protocol Structure
4 8 16 32 bit
Version Flags Message type RSVP checksum
Send TTL (Reserved) RSVP length

Version:: The protocol version number, thecurrent version is1.

Flags :: No flag bits are definedyet.

4-56
 Messagetype::Possiblevaluesare:1Path,2Resv, 3 PathErr, 4 ResvErr,, 5 PathTear, 6
ResvTear, 7 ResvConf.
RSVP checksum :: The checksum for message er: rors.
Send TTL :: The IP TTL value with which the mes: sage wassent.
RSVP length :: The total length of the RSVP mes: sage in bytes, including the
common header and the variable length objects thatfollow.

BGMP: Border Gateway Multicast Protocol:

Protocol Structure
16 24 32bit
Length Type Reserved

Length : The total length of the message including the header in octets. It
allows one to locate in the transport:level stream the start of the
nextmessage.
Type : The type code of the message. The following type codes
areavailable:
1 OPEN;
2 UPDATE;
3 NOTIFICATION;

4 KEEPALIVE
After a transport protocol connection is established, the first message sent by each side is an
OPEN message. If the OPEN message is acceptable, a KEEPALIVE message confirming the
OPEN is sent back. Once the OPEN is confirmed, UPDATE, KEEPALIVE, and NOTI:
FICATION messages may be exchanged.
The format of each message type is different.

4-57
IGMP: Internet Group Management Protocol:
Protocol Structure
There are basically 5 types of messages that must be imple:
mentedforIGMPv3tofunctionproperlyandbecompatiblewith previousversions:
0x11: membership query
0x22: version 3 membership report
0x12: version 1 membership report
0x16: version 2 membership report
0x17 version 2 leave group
Asanexample,themessageformatfor0x11(membershipque: ry) isdisplayed:
Source Address (1)
…
Source Address (N)

8 16 32 bit
Max response
Type Checksum
time
Group address
RSV S QRV QQIC Number of Source

Type :: The message type: 0x11 (Membership que: ry).

Max Response Time :: Used only in Membership query messages. Specifies
the maximum time al: lowed, in units of 1/10 second, before sending a
responding report. In all other messages, it is set to 0 by the sender and
ignored by thereceiver.
Checksum :: The checksum for messageerrors
GroupAddress::TheGroupaddressissetto0when
sendingageneralquery.Itissettothegroupaddress being queried, when sending a
group specific query orgroup:and:source:specificquery.Inamembership report
of a leave group message, it holds the IPmulticast group address of the group
being reported or left.
RSV – Reserved; Set to zero on transmission, and ignored onreception.
QQIC – Querier’s Query IntervalCode
Number of Source (N) :: The number of source ad: dresses in thismessage.

4-58
 Source Address – The vector of the IP unicast ad: dress

IPCP and IPv6CP: IP Control Protocol and IPv6 Control Protocol:

Protocol Structure
IPCP and IPv6CP configuration option packet header:
8 16 32bit
Type Length Configuration Option

Type – 1 for IP:Address, 2 for IP:CompressionProtocol, and 3 forIP:Address

Length >=4
Configuration Option : The field is two octets and indi: cates one of the
followingoptions:

For IPCP:
Type 1: IP:Addresses
Type 2: IP:Compression Protocol Type 3: IP:Address.
For IPv6CP:
Type 1: Interface – Identifier
Type 2: IPv6:Compression Protocol
IPCP and IPv6CP header structure:
8 16 32bit
Code Identifier Length
Data (variable)

Code : Specifies the function to beperformed.

Identifier : Used to match requests andreplies.
Length : Size of the packet including theheader.
Data :Zero or more bytes of data as indicated by the Length. This field may contain one
or moreOptions.

4-59
RARP: Reverse Address Resolution Protocol:
Protocol Structure
The protocol header for RARP is the same as for ARP:
16 32bit
Hardware Type Protocol Type
Hlen Plen Operation
Sender Hardware Address
Sender Protocol Address
Target Hardware Address
Target Protocol Address

Hardware type : Specifies a hardware interface type for which the sender
requires aresponse.
Protocol type : Specifies the type of high:level protocol address the sender
hassupplied.
Hlen : Hardware addresslength.
Plen : Protocol addresslength.
Operation : The values are asfollows:
ARPrequest.
ARPresponse.
RARPrequest.
RARPresponse.
Dynamic RARPrequest.
Dynamic RARPreply.
Dynamic RARPerror.
InARPrequest.
InARPreply.
Sender hardware address :HLen bytes inlength.
Sender protocol address : PLen bytes inlength.
Target hardware address : HLen bytes inlength.
Targetprotocol address : PLen bytes inlength.

4-60
Network Security Technologies and Protocols:

Protocols

The key protocols for AAA and VPN:

Authentication Kerberos: Network Authentication Protocol
RADIUS: Remote Authentication Dial In User
Authorization
Service

Accounting SSH: Secure Shell Protocol

Tunneling L2F: Level 2 Forwarding protocol

L2TP: Layer 2 Tunneling Protocol
PPTP: Point to Point Tunneling Protocol
Secured Routing DiffServ: Differentiated Service
GRE: Generic Routing Encapsulation
IPsec: Security Architecture for IP network
IPsec AH: IPsec Authentication Header
IPsec ESP: IPsecEncapsulating Security
Payload
IPsec IKE: Internet Key Exchange Protocol
IPsec ISAKMP: Internet Security Association and
Key Management Protocol
TLS: Transport Layer Security Protocol
Socks: Protocol for sessions traversal across
Others
firewall securely

RADIUS: Remote Authentication Dial In User Service:

Protocol Structure

Code : The message types are described as fol: lows:

Access:Request
Access:Accept
Access:Reject
Accounting:Request

Accounting:Response
11 Access:Challenge

4-61
 12 Status:Server (experimental)
13 Status:Client (experimental)
255 Reserved
Identifier : The identifier matches requests and re: plies.
Length : The message length including theheader.
Authenticator : A field used to authenticate the reply from the radius server and in
the password hiding algorithm.

L2F: Layer 2 Forwarding Protocol:

Protocol Structure
1 1 1 1 1 1 1 1 1 1 1 1 1 16 24 32bit
F K P S 0 0 0 0 0 0 0 0 C Version Protocol Sequence
Multiplex ID Client ID
Length Offset
Key

Version : The major version of the L2F software cre: ating thepacket.
Protocol : The protocol field specifies the protocol carried within the L2Fpacket.
Sequence:ThesequencenumberispresentiftheS bit in the L2F header is set to1.
MultiplexID:ThepacketmultiplexIDidentifiesapar: ticular connection within
atunnel.
Client ID : The client ID (CLID) assists endpoints in demultiplexingtunnels.
Length : The length is the size in octets of the entire packet, including the header,
all the fields and the payload.
Offset : This field specifies the number of bytes past the L2F header at which the
payload data is expect: ed to start. This field is present if the F bit in the L2F
header is set to1.
Key : The key field is present if the K bit is set in
theL2Fheader.Thisispartoftheauthenticationpro: cess.
Checksum:Thechecksumofthepacket.Thecheck: sum field is present if the C bit in
the L2F header is set to 1.

4-62
L2TP: Layer 2 Tunneling Protocol:
Protocol Structure
L2TP Common header:
12 16 32 bit
T L X X S X O P X X X X VER Length
Tunnel ID Session ID
Ns (opt) Nr (opt)
Offset size (opt) Offset pad (opt)

T:TheTbitindicatesthetypeofmessage.Itissetto 0 for data messages and 1 for

controlmessages.
L : When set, this indicates that the Length field is present, indicating the total
length of the received packet. Must be set for controlmessages.
X : The X bits are reserved for future extensions. All
reservedbitsaresetto0onoutgoingmessagesand are ignored on
incomingmessages.
S : If the S bit is set, both the Nr and Ns fields are present. S must be set for
controlmessages.
O : When set, this field indicates that the Offset Size
fieldispresentinpayloadmessages.Thisbitissetto 0 for controlmessages.
P : If the Priority (P) bit is 1, this data message re: ceives preferential treatment
in its local queuing and transmission.
Ver:Thevalueoftheverbitisalways002.Thisindi: cates a version 1 L2TPmessage.
Length : Overall length of the message, including
header,messagetypeAVP,plusanyadditionalAVP’s associated with a given
control messagetype.
Tunnel ID : Identifies the tunnel to which a control message applies. If an
Assigned Tunnel ID has not yet been received from the peer, Tunnel ID must be
set to 0. Once an Assigned Tunnel ID is received,all
furtherpacketsmustbesentwithTunnelIDsettothe indicatedvalue.
Call ID : Identifies the user session within a tunnelto which a control message
applies. If a control mes: sage does not apply to a single user session within the
tunnel (for instance, a Stop:Control:Connection: Notification message), Call ID
must be set to0.

4-63
 Nr:Thesequencenumberexpectedinthenextcon: trol message to bereceived.
Ns : The sequence number for this data or control message.
Offset size & pad : This field specifies the number of bytes past the L2TP
header at which the payload dataisexpectedtostart.Actualdatawithintheoffset
paddingisundefined.Iftheoffsetfieldispresent,the L2TP header ends after the last
octet of the offset padding.

PPTP: Point&to&Point Tunneling Protocol:

Protocol Structure
16 32 bit
Length PPTP message type
Magic cookie
Control message type Reserved 0
Protocol Version Reserved 1
Framing capability
Bearing capability
Maximum channels Firmware revision
Host name (64 Octets)
Vendor string (64 Octets)

Length : Total length in octets of this PPTPmessage

including the entire PPTP header.

PPTP message type : The message type. Possible values are: 1 Control
message; 2 Management message.
Magic cookie : The magic cookie is always sent as
theconstant0x1A2B3C4D.Itsbasicpurposeistoal: low the receiver to ensure
that it is properly synchro: nized with the TCP datastream.
ControlMessageType:Valuesmaybe:1Start:Con: trol:Connection:Request; 2
Start:Control:Connec: tion:Reply; 3 Stop:Control:Connection:Request; 4
Stop:Control:Connection:Reply; 5 Echo:Request; 6 Echo:Reply.
Call Management – Values are: 7 Outgoing:Call: Request; 8 Outgoing:Call:
Reply; 9 Incoming: Call:Request; 10 Incoming:Call:Reply; 11 Incom: ing:
Call:Connected; 12 Call:Clear:Request; 13 Call:Disconnect:Notify; 14

4-64
 WAN:Error:Notify.; PPP Session Control : 15Set:Link:Info.
Reserved 0 & 1 : Must be set to0.
Protocol version – PPTP versionnumber
Framing Capabilities : Indicating the type of fram:
ingthatthesenderofthismessagecanprovide:1
Asynchronous Framing supported; 2 :Synchronous Framing supported
Bearer Capabilities : Indicating the bearer capabili:
tiesthatthesenderofthismessagecanprovide:1
Analog access supported; 2 : Digital access sup: ported
Maximum Channels : The total number of individual PPP sessions this PAC
can support.
Firmware Revision : Contains the firmware revision
numberoftheissuingPAC,whenissuedbythePAC,
ortheversionofthePNSPPTPdriverifissuedbythe PNS.
HostName:ContainingtheDNSnameoftheissuing PAC orPNS.
VendorName : Containing a vendor specific string describingthetypeof
PACbeingused,orthetypeof PNS software being used if this request is issued
by the PNS.

GRE: Generic Routing Encapsulation:

Protocol Structure
InDiffServ,areplacementheaderfield,calledtheDSfield,isde: fined, which is intended to supersede
the existing definitions of the IPv4 TOS octet and the IPv6 Traffic Class octet. Theformat of the
header asfollows:
1 13 16 32bit
C Reserved 0&1 Ver Protocol type
Checksum (optional) Reserved

C – ChecksumPresent.
Reserved 0 & 1 – reserved for futureuse.
Ver – version number; must bezero.
ProtocolType:containstheprotocoltypeofthepay: loadpacket.

4-65
 Checksum : contains the IP checksum sum of theall the 16 bit words in the
GRE header and the payload packet.
IPsec: Security Architecture for IP:

Voice over IP and VOIP Protocols:

Key VOIP Protocols

The key protocols for AAA and VPN:

Signaling
H.323: Packet:based multimedia communica:
ITU1T H.323
tions (VoIP) architecture
H.225: Call Signaling and RAS in H.323 VOIP
Architecture
H.235: Security for H.323 based systems and
communications
H.245: Control Protocol for Multimedia Com:
munication
T.120: Multipoint Data Conferencing Protocol Suite

Megaco / H.248: Media Gateway Control

IETF
protocol
MGCP: Media Gateway Control Protocol
RTSP: Real Time Streaming Protocol
SIP: Session Initiation Protocol
SDP: Session Description Protocol
SAP: Session Announcement Protocol
Cisco Skinny SCCP: Skinny Client Control Protocol
G.7xx: Audio (Voice) Compression Protocols
Media/CODEC (G.711, G.721, G.722, G.723, G.726, G.727. G.728,
G.729)
H.261: Video Coding and Decoding (CODEC)
H.263: Video Coding and Decoding (CODEC)
RTP: Real Time Transport Protocol
RTCP: RTP Control Protocol
Others COPS: Common Open Policy Service
SCTP: Stream Control Transmission Protocol
TRIP: Telephony Routing Over IP

4-66
 H.323: VOIP Protocols:

Protocol Structure
The protocols in the H.323 protocol suite are:
Call control and signaling
H.225.0: Call signaling protocols and media stream packetization (uses a subset of
Q.931 signaling protocol)
H.225.0/RAS: Registration, Admission and Status H.245: Control protocol for multimedia
communication
Audio processing:
G.711: Pulse code modulation of voice frequencies G.722: 7 kHz audio coding
within 64 kb/s
G.723.1: Dual rate speech coders for multimedia communication transmitting at 5.3
and 6.3 kb/s
G.728: Coding of speech at 16 kb/s using low:delay code ex: cited linear prediction
9: Coding of speech at 8kb/s using conjugate:structure al: gebraic:code:excitedlinear:prediction
Video processing:
1: Video codecs for audiovisual services atPx64kps. H.263: Video coding for low bit
ratecommunication.
Data conferencing:
T.120:Thisisaprotocolsuitefordatatransmissionbetweenend
points.ItcanbeusedforvariousapplicationsinthefieldofCol: laboration Work, such as white:
boarding, application sharing, and joint document management. T.120 utilizes layer architec: ture
similar to the OSI model. The top layers (T.126, T.127) are based on the services of lower layers
(T.121,T.125).
Media transportation:
RTP: Real time Transport Protocol RTCP: RTP Control
Protocol Security:
H.235: Security and encryption for H.series multimedia terminals.
Supplementary services:
:Genericfunctionsforthecontrolofsupplementaryser: vices inH.323

4-67
: Call transfer H.450.3: Call diversion H.450.4:
Callhold
H.450.5: Call park and pick up H.450.6: Call waiting
H.450.7: Message waiting indication H.450.8: Names
Identification services
: Call completion services for H.323networks
The following figure illustrates the structure of the key protocol in the H.323 architecture. Details
of each protocols will be discussed in separate documents.

G.711 H.261
G.729 H.263
G.723.1 RTCP H.225.0 H.225.0 H.245 T.120
RAS Call Control Data
Algnalling Algnalling

RTF

Transport Protocols & Network Interface

H.245: Control Protocol for Multimedia Communication:

Protocol Structure
Message Function
Determines which terminal is the master and
Master:Slave Deter: which is the slave. Possible replies:
mination Acknowledge, Reject, Release (in case of a time
out).
Contains information about a terminal’s
capability to transmit and receive multimedia
Terminal Capability Set
streams. Possible replies: Acknowledge, Reject,
Release.
Opens a logical channel for transport of
Open Logical Channel audiovisual and data information. Possible
replies: Acknowledge, Reject, Confirm.
Closes a logical channel between two end:
Close Logical Channel
points. Possible replies: Acknowledge
Used by a receive terminal to request particular
modes of transmission from a transmit terminal.
General mode types include VideoMode,
Request Mode
AudioMode, DataMode and Encryption Mode.
Possible replies: Acknowledge, Reject, Release.

Commands the far:end terminal to indicate its

Send Terminal Capa:
transmit and receive capabilities by send: ing
bility Set
one or more Terminal Capability Sets.

4-68
 Indicates the end of the H.245 session. After
End Session Com:
transmission, the terminal will not send any more
mand
H.245 messages.

MGCP: Media Gateway Control Protocol:

CreateConnection: Creates a connection between two
MGC 11> MG endpoints; uses SDP to define the receive capa: bilities of
the participating endpoints.
ModifyConnection: Modifies the properties of a
MGC 11> MG connection; has nearly the same parameters as the
CreateConnection command.
DeleteConnection: Terminates a connection and col: lects
MGC <11> MG
statistics on the execution of the connection.
NotificationRequest: Requests the media gateway to
MGC 11> MG send notifications on the occurrence of specified events
in an endpoint.
Notify: Informs the media gateway controller when
MGC <11 MG
observed events occur.
MGC 11> MG AuditEndpoint: Determines the status of an endpoint.
AuditConnection: Retrieves the parameters related to a
MGC 11> MG
connection.
RestartInProgress: Signals that an endpoint or group of
MGC <11 MG
endpoints is taken in or out of service.

4-69
Important statements:

TCP/IP:

It is commonly known as TCP/IP because the original protocols in the suite are the Transmission
Control Protocol (TCP) and the Internet Protocol (IP).

HTTP:

The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative,
and hypermedia information systems. HTTP is the foundation of data communication for the
World Wide Web. Hypertext is structured text that uses logical links (hyperlinks) between nodes
containing text.

LDAP:

LDAP (Lightweight Directory Access Protocol) is a software protocol for enabling anyone to
locate organizations, individuals, and other resources such as files and devices in a network,
whether on the public Internet or on a corporate intranet.

MIME:

MIME (Multi:Purpose Internet Mail Extensions) is an extension of the original Internet e:

mail protocol that lets people use the protocol to exchange different kinds of data files on the
Internet: audio, video, images, application programs, and other kinds, as well as the ASCII text
handled in the original protocol, the Simple Mail Transport Protocol (SMTP). In 1991, Nathan
Borenstein of Bellcore proposed to the IETF that SMTP be extended so that Internet (but mainly
Web) clients and servers could recognize and handle other kinds of data than ASCII text. As a
result, new file types were added to "mail" as a supported Internet Protocol file type.

POP:

In computing, the Post Office Protocol (POP) is an application:layer Internet

standard protocol used by local e:mail clients to retrieve e:mail from a remote server over a
TCP/IP connection.

4-70
POP3:

POP3 is designed to delete mail on the server as soon as the user has downloaded it. However,
some implementations allow users or an administrator to specify that mail be saved for some
period of time. POP can be thought of as a "store:and:forward" service.

IMAP:

IMAP provides the user more capabilities for retaining e:mail on the server and for organizing it
in folders on the server. IMAP can be thought of as a remote file server.

RMON:

Remote Monitoring (RMON) is a standard specification that facilitates the monitoring of

network operational activities through the use of remote devices known as monitors or
probes. RMON assists network administrators (NA) with efficient network infrastructure control
and management.

SNTP:

Simple Network Time Protocol (SNTP) is a simplified version of Network Time Protocol (NTP)
that is used to synchronize computer clocks on a network. This simplified version of NTP is
generally used when full implementation of NTP is not needed.

SNMP:

Simple Network Management Protocol (SNMP) is an Internet Standard protocol for collecting
and organizing information about managed devices on IP networks and for modifying that
information to change device behavior. Devices that typically support SNMP include cable
modems, routers, switches, servers, workstations, printers, and more.

RPC protocols:

Remote Procedure Call (RPC) is a protocol that one program can use to request a service from a
program located in another computer on a network without having to understand the network's
details. A procedure call is also sometimes known as a function call or a subroutine call.

4-71
ITOT:

ISO Transport Service on top of TCP (ITOT) is a mechanism that enables ISO applications to be
ported to a TCP/IP network. There are two basic approaches which can be taken when “port:ing”
ISO applications to TCP/IP (and IPv6) environments. One approach is to port each individual
application separately, devel:oping local protocols on top of TCP. A second approach is based on
the notion of layering the ISO Transport Service over TCP/IP. This approach solves the problem
for all applications which use the ISO Transport Service.

RDP:

RDP is a connection:oriented transport protocol designed to ef:ficiently support the bulk transfer
of data for such host moni:toring and control applications as loading/dumping and remote
debugging. It attempts to provide only those services necessary, in order to be efficient in
operation and small in size.

TCP:

Transmission Control Protocol (TCP) is the transport layer pro:tocol in the TCP/IP suite, which
provides a reliable stream de:livery and virtual connection service to applications through the use
of sequenced acknowledgment with retransmission of pack:ets when necessary. Along with the
Internet Protocol (IP), TCP represents the heart of the Internet protocols.

UDP:

UDP is a connectionless transport layer (layer 4) protocol in the OSI model which provides a
simple and unreliable message service for transaction:oriented services. UDP is basically an
interface between IP and upper:layer processes. UDP protocol ports distinguish multiple
applications running on a single device from one another.

Routing protocols:

A routing protocol specifies howrouters communicate with each other, distributing information
that enables them to select routes between any two nodes on a computer network. ... Interior

4-72
gateway protocols type 2, distance:vectorrouting protocols, such
as Routing InformationProtocol, RIPv2, IGRP.

Border gateway protocol:

The Border Gateway Protocol (BGP), runs over TCP and is an inter:Autonomous System routing
protocol. BGP is the only pro:tocol that is designed to deal with a network of the Internet’s size,
and the only protocol that can deal well with having mul:tiple connections to unrelated routing
domains.

Internet protocol:

The Internet Protocol (IP) is the principal communications protocol in the Internet protocol
suite for relaying datagrams across network boundaries. Its routing function
enables internetworking, and essentially establishes the Internet.

IPv4:

Internet Protocol Version 4 (IPv4) is the fourth revision of the Internet Protocol and a widely
used protocol in data communication over different kinds of networks. IPv4 is a connectionless
protocol used in packet:switched layer networks, such as Ethernet. It provides the logical
connection between network devices by providing identification for each device.

IPv6:

Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP),
the communications protocol that provides an identification and location system for computers
on networks and routes traffic across the Internet. IPv6 was developed by the Internet
Engineering Task Force (IETF) to deal with the long:anticipated problem of IPv4 address
exhaustion. IPv6 is intended to replace IPv4.

Internet Message Control Protocol:

The Internet Control Message Protocol (ICMP) is a supporting protocol in the Internet
protocol suite. It is used by network devices, including routers, to send error messages and

4-73
operational information indicating, for example, that a requested service is not available or that a
host or router could not be reached.[1] ICMP differs from transport protocols such
as TCP and UDP in that it is not typically used to exchange data between systems, nor is it
regularly employed by end:user network applications (with the exception of some diagnostic
tools like ping and traceroute).

ARP:

Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP
address) to a physical machine address that is recognized in the local network. For example, in IP
Version 4, the most common level of IP in use today, an address is 32 bits long.

IPCP:

In computer networking, Internet Protocol Control Protocol (IPCP) is a Network Control

Protocol (NCP) for establishing and configuring Internet Protocol over a Point:to:Point
Protocol link. IPCP is responsible for configuring the IP addresses as well as for enabling and
disabling the IP protocol modules on both ends of the point:to:point link.

RARP:

The Reverse Address Resolution Protocol (RARP) is an obsolete computer networking protocol
used by a client computer to request its Internet Protocol (IPv4) address from a computer
network, when all it has available is its link layer or hardware address, such as a MAC address.

Wide Area Network Protocols:

A Wide Area Network (WAN) is a computer network covering multiple dis:tance areas, which
may spread across the entire world. WANs often connect multiple smaller networks, such as
local area networks (LANs) or metro area networks (MANs). The world’s most popular WAN is
the Internet. Some seg:ments of the Internet are also WANs in themselves. A wide area network
may be privately owned or rented from a service provider, but the term usu:ally connotes the
inclusion of public (shared user) networks.

4-74
 Important contents beyond syllabus:

Session initiation protocols: The Session Initiation Protocol (SIP) is a

communications protocol for signaling and controlling multimedia communication sessions in
applications of Internet telephony for voice and video calls, in private IP telephone systems, as
well as in instant messaging over Internet Protocol (IP) networks.

Real time transport protocol: The Real:time Transport Protocol (RTP) is a network protocol for
delivering audio and video over IP networks. RTP is used extensively in communication and
entertainment systems that involve streaming media, such as telephony, video
teleconferenceapplications including WebRTC, television services and web:based push:to:
talk features. RTP typically runs over User Datagram Protocol (UDP). RTP is used in
conjunction with the RTP Control Protocol (RTCP). While RTP carries the media streams (e.g.,
audio and video), RTCP is used to monitor transmission statistics and quality of service (QoS)
and aids synchronization of multiple streams. RTP is one of the technical foundations of Voice
over IP and in this context is often used in conjunction with a signaling protocol such as
the Session Initiation Protocol (SIP) which establishes connections across the network.

Internet telephony: An Internet telephony service provider (ITSP) offers digital

telecommunications services based on Voice over Internet Protocol (VoIP) that are provisioned
via the Internet.

Network management: Network management refers to the broad subject

ofmanaging computer networks. There exists a wide variety of software and hardware products
that helpnetwork system administrators manage a network.

Real time transport control protocol: The RTP Control Protocol (RTCP) is a sisterprotocol of
the Real:time Transport Protocol (RTP). Its basic functionality and packet structure is defined in
RFC 3550. RTCP provides out:of:band statistics andcontrol information for an RTP session.

Streaming live audio and video: Streaming media is multimedia that is constantly received by
and presented to an end:user while being delivered by a provider. The verb "to stream" refers to
the process of delivering or obtaining media in this manner; the term refers to the delivery
method of the medium, rather than the medium itself, and is an alternative to file downloading, a

4-75
process in which the end:user obtains the entire file for the content before watching or listening
to it. A client end:user can use their media player to begin to play the data file (such as a digital
file of a movie or song) before the entire file has been transmitted. Distinguishing delivery
method from the media distributed applies specifically to telecommunications networks, as most of
the delivery systems are either inherently streaming (e.g. radio, television, streaming apps) or
inherently non:streaming (e.g. books, video cassettes, audio CDs). For example, in the
1930s, elevator music was among the earliest popularly available streaming media;
nowadays Internet television is a common form of streamed media. The term "streaming media"
can apply to media other than video and audio such as live closed captioning, ticker tape, andreal:
time text, which are all considered "streaming text".The term "streaming" was first used for tape
drives made by Data Electronics Inc. for drives meant to slowly ramp up and run for the entire
track; the slow ramp times resulted in lower drive costs, making a more competitive product.
"Streaming" was applied in the early 1990s as a better description for video on demand on IP
networks; at the time such video was usually referred to as "store and forward video",[1]which
was misleading nomenclature.Live streaming refers to Internet content delivered in real:time, as
events happen, much as live television broadcasts its contents over the airwaves via a television
signal. Live internet streaming requires a form of source media (e.g. a video camera, an audio
interface, screen capture software), an encoder to digitize the content, a media publisher, and
a content delivery network to distribute and deliver the content. Live streaming does not need to be
recorded at the origination point, although it frequently is. As of 2017, streaming is generally
taken to refer to cases where a user watches digital video content or listens to digital audio
content on a computer screen and speakers (ranging from a Smartphone, through a desktop
computer to a large:screen home entertainment system) over the Internet. With streaming content,
the user does not have to download the entire digital video or digital audio file before they start to
watch/listen to it. There are challenges with streaming content on the Internet. If the user does
not have enough bandwidth in their Internet connection, they may experience stops in the content
and some users may not be able to stream certain content due to not having compatible computer
or software systems. Some popular streaming services are the video sharing website YouTube,
which contains user:uploaded videos on a huge range of topics; Twitch and Mixer, which live
stream the playing of video games; Netflix, which streams movies and TV shows;
and Spotify and Apple Music, which stream music.

4-76
SDP: Session Description Protocol: The Session Description Protocol (SDP) describes
multimedia sessions for the purpose of session announcement, session invitation and other forms
of multimedia session initiation. Session directories assist the advertisement of conference
sessions and communicate the relevant conference setup information to prospective participants.
SDP is designed to convey such information to recipients. SDP is purely a format for session
description : it does not incorporate a transport protocol, and is intended to use different transport
protocols as appropriate including the Session Announcement Protocol (SAP), Session Initiation
Protocol (SIP), Real:Time Streaming Protocol (RTSP), electronic mail using the MIME
extensions, and the Hypertext Transport Protocol (HTTP).
SDP is intended to be general purpose so that it can be used for a wider range of network
environments and applications than just multicast session directories. However, it is not intended
to support negotiation of session content or media encodings. On Internet Multicast backbone
(Mbone) a session directory tool is used to advertise multimedia conferences and communicate
the conference addresses and conference tool:specific information necessary for participation.
The SDP does this. It communicates the existence of a session and conveys sufficient
information to enable participation in the session. Many of the SDP messages are sent by
periodically multicasting an announcement packet to a well:known multicast address and port
using SAP (Session Announcement Protocol). These messages are UDP packets with a SAP
header and a text payload. The text payload is the SDP session description. Messages can also be
sent using email or the WWW (World Wide Web).

SIP: Session Initiation Protocol: Session Initiation Protocol (SIP) is an application:layer control
protocol that can establish, modify, and terminate multimedia sessions such as Internet telephony
calls. SIP can also invite participants to already existing sessions, such as multicast conferences.
Media can be added to (and removed from) an existing session. SIP transparently supports name
mapping and redirection services, which supports personal mobility – users can maintain a single
externally visible identifier regardless of their network location. SIP supports five facets of
establishing and terminating multimedia communications:
User location: determination of the end system to be used for communication; User availability:
determination of the willingness of the called party to engage in communications; User
capabilities: determination of the media and media parameters to be used; Session setup:

4-77
“ringing”, establishment of session parameters at both called and calling party; Session
management: including transfer and termination of sessions, modifying session parameters, and
invoking services.SIP is a component that can be used with other IETF protocols to build a
complete multimedia architecture, such as the Realtime Transport Protocol (RTP) for
transporting real:time data and providing QoS feedback, the Real:Time streaming protocol
(RTSP) for controlling delivery of streaming media, the Media Gateway Control Protocol
(MEGACO) for controlling gateways to the Public Switched Telephone Network (PSTN), and
the Session Description Protocol (SDP) for describing multimedia sessions. Therefore, SIP
should be used in conjunction with other protocols in order to provide complete services to the
users. However, the basic functionality and operation of SIP does not depend on any of these
protocols.SIP provides a suite of security services, which include denial: of:service prevention,
authentication (both user to user and proxy to user), integrity protection, and encryption and
privacy services.

T.120: Multipoint Data Conferencing and Real Time Communication Protocols: The ITU
T.120 standard is made up of a suite of communication and application protocols. T.120
protocols are designed for multipoint Data Conferencing and real time communication including
multilayer protocols which considerably enhance multimedia, MCU and codec control
capabilities. Depending on the type of T.120 implementations, the resulting product can make
connections, transmit and receive data, and collaborate using compatible data conferencing
features, such as program sharing, whiteboard conferencing, and file transfer. The key
functionalities of T.120 are:
• Establish and maintain conferences without any platform dependence.
• Manage multiple participants and programs.
• Send and receive data accurately and securely over a variety of supported networking
connections.
The T.120 protocol suite includes the following protocols:
T.121 provides a template for T.120 resource management that developers should use as a guide
for building application protocols. T.121 is mandatory for standardized application protocols and
is highly recommended for non:standard application protocols. The template ensures consistency
and reduces the potential for unforeseen interaction between different protocol implementations.

4-78
T.122 defines the multi:point services available to the developer. Together with T.125, it forms
MCS, the multi:point “engine” of the T.120 conference. MCS relies on T.123 to actually deliver
the data. MCS is a powerful tool that can be used to solve virtually any multi:point application
design requirement. MCS is an elegant abstraction of a rather complex organism. Learning to use
MCS effectively is the key to successfully developing realtime applications.
T.123 specifies transport profiles for each of the following: 1) Public Switched Telephone
Networks (PSTN) 2) Integrated Switched Digital Networks (ISDN); 3) Circuit Switched Digital
Networks (CSDN); 4) Packet Switched Digital Networks (PSDN); 5) Novell Netware IPX (via
reference profile); and 6) TCP/IP (via reference profile). T.120 applications expect the
underlying transport to provide reliable delivery of its Protocol Data Units (PDUs) and to
segment and sequence that data. T.125 describes the Multipoint Communication Service
Protocol (MCS). It defines: 1) Procedures for a single protocol for the transfer of data and
control information from one MCS provider to a peer MCS provider; and 2) The structure and
encoding of the MCS protocol data units used for the transfer of data and control information.
T.126 defines a protocol for viewing and annotating still images transmitted between two or
more applications. This capability is often referred to as document conferencing or shared
whiteboarding. T.127 specifies a means for applications to transmit files between multiple
endpoints in a conference. Files can be transferred to all participants in the conference or to a
specified subset of the conference. Multiple file transfer operations may occur simultaneously in
any given conference and developers can specify priority levels for the file delivery. Finally,
T.127 provides options for compressing files before delivering the data.

G.7xx: Audio (Voice) Compression Protocols: G.7xx is a suite of ITU:T standards for audio
compression and de:commpressions. It is primarily used in telephony. In telephony, there are 2
main algorithms defined in the standard, mu:law algorithm (used in America) and a:law
algorithm (used in Europe and the rest of the world). Both are logarithmic, but the later a:law
was specifically designed to be simpler for a computer to process.

4-79
 Any other important information

Important questions:

1. How we can say that HTTP is a stateless protocol?

2. Give the similarity and difference in between Transmission Control Protocol and User
Data:gram Protocol.
3. How client:server connection differs from peer to peer connection?
4. List three LDAP Client utilities or applications.
5. Describe certain operations on LDAP Servers?
6. Discuss status code in HTTP?
7. Explain why FTP does not have a message format.
8. Discuss HTTP Vs HTTPs.
9. Define Compressed TCP.
10. Discuss the function of RPC protocol?
11. List the transport layer protocols.
12. What is the length of border gateway protocol (BGP).
13. Define Internet Protocol.
14. Write the types of exterior gateway protocol (EGP) message.
15. List the main functions of Session layer.
16. Draw a diagram to show the use of a proxy server that is part of client computer.
a) Show the transactions between the client, proxy server, and the target server when the
response is stored in the proxy server.
b) Show the transactions between the client, proxy server, and the target server when the
response is not stored in the proxy server.
17. Show Connection establishment and termination phase from aaa@xxx.com to
bbb@yyy.com.
18. Discuss the architecture of electronic mail using all four scenarios in detail.
19. Elaborate the concept of ISO:OSI with all layers. How OSI reference model differs from
TCP/IP reference model.

20. Explain the salient features of IPV6 in detail.

21. Explain the role of DNS in Computer network.

4-80
22. Plot the differences between connection oriented and connectionless schemes using the
concept of TCP and UDP
23. List some of the roles of MIME.
24. Write features of Internet Message Control Protocol and IRDP.
(a) What is border gateway protocol (BGP) and how does it works?
(b)Write the structure format of message of border gateway protocol (BGP) and define all
its parts.
25. Explain Gigabit Ethernet.
26. What is the role of WiMax? Explain.
27. What is the size of MAC address? How we can map that in its corresponding IP address?
28. What are the basic security issues related to wide area network? how that can be solved?
Elaborate your answer in detail.
29. Discuss Storage area network and its all types.
30. Discuss WLAN and its all 802.11 family in detail.
31. How mapping from Logical address to Physical address is possible?Elaborate.
32. Explain ATM protocol in short.

33. Describe the concept of Serial Line Internet Protocol in Short.

34. Discuss IPv6 protocol and its packet format.How it is differ from IPv4?
35. Explain Resource Reservation Protocol and its working in detail.

36. Discuss the protocol “WorldwideInteroperability for Microwave Access” in detail.How it

is differ from WiFi?

37. What is OSI model? Describe its layered architecture.

38. Describe TCP/IP model along with its layered framework.

39. What is Internet Protocol? Explain in detail

40. Explain routing protocols of Network layer.

41. What is Internet Message Control Protocol?

42. Describe Post Office Protocol and its version 3.
43. What are the transport layer protocols?
44. Describe the SSL protocol of transport layer?

4-81
45. Describe Session layer protocols.
46. What are the differences between IPV4 and IPv6?
47. Differentiate between HTTP and SHTTP?
48. Describe protocol structure of Lightweight Presentation protocol.
49. What is an ISO Transport Service on top of TCP?
50. Describe protocol description of Border Gateway protocol .
51. Explain in detail about the Transport layer security protocol.
52. Define LDAP and where it can be deployed?
53. What is Session layer and what is its relationship with presentation layer.
54. Describe the protocol structure of Reliable Data Protocol.
55. What is the role of network layer in OSI model. Give an introduction to its protocols.
56. Explain IPv4 and IPv6 in detail along with their formats.
57. Define RMON. What are its standards and advantages.
58. What is RPC protocol? Also describe the model used by RPC along with its diagram.
59. What are the functions of Presentation layer? Give an overview of its protocols.
60. Explain the security protocols in transport layer.
61.What is DTLS in secure transport layer? Describe in detail.

62. How does the Application level of the TCP/IP model map to the ISO/OSI model?

63. What is the protocol description of Tekelec’sTransport Adapter Layer Interface?

64. Describe the protocol structure of Remote Procedure Call protocols.
65. Which routing protocol is used to determine routes between autonomous systems?
Explain in detail.
66. Explain how information flows in a layered Architecture?
67. Which Internet standard is used for describing message content types? Explain its
features also.
68. Give a brief introduction to the network management protocol used in the application
layer.
69. Describe Van Jacobson in detail.
70. What are the functions of Transport Layer? What is the role of Security in transport
layer?

4-82
71. Describe the packet format and addressing of Internet protocol.
72. What is data link layer and what is its relation with physical layer and network layer?
73. Give a brief introduction to the protocols of data link layer.
74. What are Ethernet Protocols? Discuss briefly.
75. Define Metropolitan Area Network and its protocols.
76. Give a brief introduction to FDMA and WIFI.
77. Explain MAC protocols of data link layer in detail.
78. Describe IPCP and IPv6CP in detail.
79. What is LAN? Discuss its protocols in brief.
80. Discuss DQDB and SMDS for Metropolitan Area Networks.
81. What is Storage Area Network? Describe its Architecture in detail.
82. What is ARP? Why it is used and explain its frame format along with its description.
83. Define Point to Point Protocols.
84. What are WIMAX Protocols and also discuss their security issues.
85. Explain about Multi:casting Protocols.
86. What is Resource Reservation Protocol? Explain briefly.
87. Explain about CSMA and CSMA/CD in detail.
88. Describe Broadband Protocols in detail.
89. What are VLAN protocols? Also discuss the types of Virtual LANs?
90. What are SAN Protocols? Discuss NDMP and SCSI in detail.
91. Discuss Unicasting, Multicasting and Broadcasting communication in routing protocols.
92. What is SLIP protocol? Differentiate between SLIP and PPP protocols.
93. What is ATM? Describe its protocol architecture.
94. Discuss Fast Ethernet and Gigabit Ethernet protocols in detail.
95. Describe IEEE 802.3 Local Area Network Protocols.
96. What is IGMP? Discuss its various versions of IGMP.
97. Define IP Control Protocol along with its negotiation.
98. What is WAN and which major characteristics are to be considered for evaluation of
WAN protocols?
99. What is Mobile IP? Discuss Mobile Support Protocol for IPv4 and IPv6 in brief.
100. Define Wireless LAN Protocols and what is the Access Point in Wireless LAN?

4-83
101. Discuss the variant protocols of IGMP.
102. What are the functions of ARP and RARP?
103. What is ATM Adaptation layer and ATMPNNI?
104. Explain the Ethernet Protocol IEEE 802.3ae for LAN,WAN and MAN
105. Give a brief introduction to IEEE 802.1X, IEEE 802.15 and Bluetooth in WLAN.
106. Explain BGMP and MSDP in detail.
107. Discuss Network Security Protocols in detail.
108. What do you mean by tunneling Protocols? Discuss briefly.
109. What is ESP? Also discuss its Header format.
110. Define WPAN and its main characteristics.
111. Explain RRC and PDCP in Radio signaling protocol.
112. Define L2F and L2TP. Also discuss their protocol structure.
113. Explain WEP. What are various Attacks and security issues in WEP?
114. What is Bluetooth? Discuss its architecture along with its diagram.
115. What are the various services provided by WCDMA?
116. Define IPSEC and describe its stack structure.
117. Explain Kerberos and its authentication process in detail.
118. What is meant by DiffServ in Secured Routing Potocols?
119. What is IEEE 802.11? Explain the Structure of 802.11 MAC?
120. Give an overview of Radio Signaling Protocols in WCDMA.
121. What is meant by Bluetooth? Discuss its application areas.
122. What are Secured Routing Protocols? Why these protocols are used in network
security?
123. What is the Security architecture for IP? Discuss in detail.
124. Discuss Gateway architecture, authentication and encryption in 802.11 networks
125. Discuss Radio Signaling Protocol and Multimedia Signaling Protocol of
WCDMA.
126. Explain about IEEE 802.16A and its services.
127. Define Remote Authentication Dial In User Service (RADIUS). What are its
features and explain its format with the help of diagram.
128. What is Denial:of:services attacks in 802.11? Discuss its types.

4-84
129. Explain IKE and its types of management. Also discuss Key Determination
Protocol of IKE.
130. Discuss standards and communication protocols of WCDMA.
131. Discuss WPAN, its characteristics, standards and communication Protocols.
132. Which protocol is used for secure remote login in Network Security? What are its
major components?
133. Define WEP and what are the major problems encountered with WEP?
134. What is Wireless Personal Area Network? Discuss IEEE project 802 and IEEE
802.15 working group.
135. Does the service of UDP or TCP is used by ISAKMP? Discuss briefly.
136. What is Networks device addressing and System Addressing in WCDMA?
137. What is meant by network security? Explain AAA, VPN and firewalls in brief.
138. Why Generic Routing Encapsulation (GRE) is used for encapsulation of an
arbitrary network layer protocol over another arbitrary network layer protocol?
139. Discuss Authentication Header IPSECAH. What is provided by IPSECAH?
140. Define WCDMA and its Services. Write the difference between WCDMA and
GSM.
141. Give an overview of IEEE 802.16, IEEE 802.16A. Discuss their services also.

4-85