CompTIA Network+ Rapid Review: Network Concepts

Objective 1.6: Explain the function of common networking protocols

Objective 1.6 requires Network+ exam candidates to know the basic functions of the most important protocols in the TCP/IP suite. These protocols are scattered throughout the layers of the OSI model, and many of them are covered in greater detail in other objectives. For those protocols that are not covered elsewhere, you should be familiar with their functions and where they fit into the OSI model, but there is no need to go too deeply into their intricacies.

Exam need to know

• TCP/IP suite

  For example: What are the primary protocols of the TCP/IP suite at the network and transport layers?

• TCP

  For example: What services does TCP provide that UDP does not?

• UDP

  For example: What types of transactions is UDP generally used for?

• DHCP

  For example: What is the purpose of DHCP?

• FTP

  For example: How does FTP differ from TELNET?

• TFTP

  For example: What type of file is TFTP typically used to download?

• DNS

  For example: Where does DNS store its information about names and addresses?

• HTTP

  For example: What command does an HTTP client use to request a file from a web server?

• HTTPS

  For example: How does HTTPS increase the security of web transactions?

• ARP

  For example: How does ARP resolve IP addresses into MAC addresses?

• SIP (VoIP)

  For example: Why is it necessary for a system to use SIP to establish a session before it sends VoIP data?

• RTP (VoIP)

  For example: What function does RIP provide in a Voice over IP session?

• TELNET

  For example: What functions can you perform on a remote computer using TELNET?

• SSH

  For example: Why is SSH preferable to TELNET?

• NTP

  For example: Why is it necessary for servers on a network to synchronize their clocks?

• POP3

  For example: What is the primary difference between the POP3 and IMAP protocols?

• IMAP4

  For example: Where do IMAP clients store their message data?

• SMTP

  For example: How does SMTP determine where to send email message traffic?

• SNMP2/3

  For example: A network management console uses SNMP to gather information from what client components?

• ICMP

  For example: What TCP/IP utilities use the ICMP protocol?

• IGMP

  For example: Why is multicasting a critical function of IPv6?

• TLS

  For example: Which protocol does TLS replace?

TCP/IP suite

The TCP/IP suite is a collection of protocols that span layers 2 through 7 of the OSI reference model. Together, the protocols provide a complete networking solution, with the exception of a physical layer implementation. The TCP/IP protocols are defined in documents called Requests for Comments (RFCs), published by the Internet Engineering Task Force. Some of the most important protocols in the TCP/IP suite are listed in Table 1-3.

Table 1-3 TCP/IP protocols.

ACRONYM	PROTOCOL	FUNCTION	OSI LAYER
ARP	Address Resolution Protocol	Resolves IP address into MAC addresses	Data-link
FTP	File Transfer Protocol	Transfers files to and from a remote host	Application
HTTP	Hypertext Transfer Protocol	Requests and receives files from web servers	Application
ICMP	Internet Control Message Protocol	Provides error messaging, diagnostic, and routing functions for IP	Network
IGMP	Internet Group Management Protocol	Provides multicast group registration services	Network
IMAP	Internet Message Access Protocol	Retrieves mail from a server and stores it permanently for client access	Application
IP	Internet Protocol	Provides connectionless network services, including addressing, routing, and fragmentation	Network
POP3	Post Office Protocol, version 3	Retrieves mail from a server and stores it temporarily for client download	Application
SMTP	Simple Mail Transfer Protocol	Provides mail transport service	Application
SNMP	Simple Network Management Protocol	Carries operational status information from agents to network management consoles	Application
TCP	Transmission Control Protocol	Provides connection-oriented services, including guaranteed delivery, error correction, and flow control	Transport
UDP	User Datagram Protocol	Provides connectionless transport service	Transport

True or false: A network can conceivably run using only protocols from the TCP/IP suite.

Answer: False. The TCP/IP suite does not include physical layer implementations. Therefore a network cannot run without a protocol that provides the physical layer, such as Ethernet.

TCP

The TCP/IP suite uses two protocols at the transport layer to provide different levels of service for applications: the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP). Both TCP and UDP generate protocol data units (PDUs) that are carried inside IP datagrams. TCP is a connection-oriented protocol that provides reliable service with guaranteed delivery, packet acknowledgment, flow control, and error correction and detection.

TCP is designed for transmitting data that requires perfect bit accuracy, such as program and data files. Not surprisingly, TCP generates much more control traffic than UDP does, because it provides so many services.

True or false: Before a system can transmit data using TCP, it must exchange connection establishment messages with the destination system.

Answer: True. TCP performs a connection establishment procedure called a three-way handshake before sending application data.

UDP

UDP is a connectionless transport layer protocol that provides unreliable service with a minimum of overhead. Many applications use UDP for short transactions that consist only of a single request and reply; others use it for data transmissions that can survive the loss of a few bits, such as audio and video streams.

True or false: The PDUs that UDP and IP create are both called datagrams.

Answer: True. The term datagram is used for the PDUs created by any connectionless protocol. UDP and IP are both connectionless, so they can both utilize that term.

DHCP

Dynamic Host Configuration Protocol (DHCP) is a service that automatically configures the TCP/IP client computers on a network by assigning them unique IP addresses and other parameters. Unlike its predecessor, the Bootstrap Protocol (BOOTP), DHCP leases addresses to clients for a given period of time and reclaims them when they are no longer in use.

True or false: DHCP can permanently assign IP addresses to clients.

Answer: True. DHCP servers can assign specific addresses manually, assign permanent addresses from a pool, and assign addresses dynamically, on a leased basis.

FTP

FTP, the File Transfer Protocol, is an application layer TCP/IP protocol that is used by an authenticated client to connect to a server and transfer files to and from its drives. Using FTP is not the same as sharing a drive with another system on the network, nor is it a terminal emulator like TELNET. Access is limited to a few basic file management commands, and the primary function of the protocol is to copy files to a local system, not to access them in place on the server.

True or false: To use FTP, you must purchase an FTP client application.

Answer: False. Virtually all operating systems include a character-based FTP client, so there is no need to purchase one. Most web browsers are also capable of functioning as FTP clients.

TFTP

The Trivial File Transfer Protocol (TFTP) is a minimized, low-overhead version of FTP that can transfer files across a network. TFTP uses UDP at the transport layer instead of TCP and does not include FTP’s authentication and user interface features. TFTP was originally designed for use on diskless workstations that have to download an executable system file from a network server in order to boot.

True or false: TFTP can work together with DHCP to provide all the services needed to start a diskless workstation.

Answer: True. A diskless workstation can retrieve an IP address and other TCP/IP configuration settings from a DHCP server and then download a boot file using TFTP.

DNS

The Domain Name System (DNS) is a distributed database that contains name and IP address information about the systems on a network. TCP/IP computers can use DNS servers to resolve host names into IP addresses before they initiate communication.

True or false: Each DNS server contains information about all of the hosts on the network.

Answer: False. Each DNS server can only contain information about a part of the network. The system is designed to distribute authoritative data among many servers and forward requests to provide access to any data a client needs.

HTTP

Communication between web servers and their browser clients is largely dependent on an application layer protocol called the Hypertext Transfer Protocol (HTTP). HTTP is a relatively simple protocol that takes advantage of the services provided by the TCP protocol at the transport layer to transfer files from servers to clients. When a client connects to a web server by typing a URL in a browser or clicking a hyperlink, the client generates an HTTP request message and transmits it to the server. HTTP consists of only two message types: requests and responses. As with many other application layer protocols, HTTP messages take the form of text commands.

True or false: Displaying a single webpage on a browser can require many HTTP request/response transactions.

Answer: True. Each HTTP request and response can retrieve a single file from the web server, but a single webpage can require many text and media files, which the browser must request separately.

HTTPS

Hypertext Transfer Protocol Secure (HTTPS) is a variant of HTTP that uses the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) security protocols to provide data encryption and server identification services. HTTPS is the accepted standard for secured Internet transactions such as online banking and e-commerce. An HTTPS connection uses the https:// prefix in its URL and connects by default to port 443, instead of port 80, which is used by HTTP.

True or false: All websites have support for HTTPS connections. All you have to do is change the prefix in the URL.

Answer: False. HTTPS is not an automatic feature provided by all web servers. An administrator must enable and configure it for users to establish an encrypted connection.

ARP

The function of Address Resolution Protocol (ARP) is to reconcile the IP addresses used to identify systems at the upper layers of the protocol stack with the MAC addresses at the data-link layer. When a TCP/IP application requests network resources, it supplies the destination IP address used in the IP protocol header. ARP converts the IP address into the MAC address used in the data-link layer protocol header by broadcasting a request containing the IP address on the local network and waiting for the holder of that IP address to respond with a reply containing the equivalent MAC address.

True or false: ARP can only resolve IP addresses for systems on the local network into MAC addresses.

Answer: True. Because it relies on broadcast transmissions, which are limited to the local network, ARP can only resolve local IP addresses into MAC addresses.

SIP

The Session Initiation Protocol (SIP) is an application layer request/response protocol that Voice over IP (VoIP) uses to establish a session between two network nodes and terminate the session when the data exchange is completed. SIP does not carry the actual voice traffic; it simply sets up the call between the two parties in preparation for the data exchange.

True or false: Voice over IP relies on TCP to establish a communications session between two callers.

Answer: False. VoIP uses a specialized application layer protocol called SIP to establish sessions between callers. At the transport layer, SIP can use either TCP or UDP.

RTP

In a VoIP call, after the SIP protocol establishes a session, the two callers use the Real-Time Transport Protocol (RTP) to transmit the actual audio stream across the network. At the same time, the systems use the RTP Control Protocol (RTCP) to manage and monitor the transmissions.

True or false: VoIP uses application layer protocols to manage call sessions and transmit media streams.

Answer: True. RTP and RTCP (and the other protocols that VoIP uses) are all application layer protocols.

TELNET

TELNET is a terminal emulation program that provides users with access to a text-based interface on a remote system. Unlike FTP, which is designed for file transfers and has only a limited set of file management commands that you can execute on the server, TELNET enables the remote user to execute programs and configure operating system components. As a result, TELNET and FTP tend to complement each other; together, they are known as the DARPA commands and can provide reasonably comprehensive access to a UNIX or Linux system.

True or false: TELNET and FTP provide roughly the same access to a remote system.

Answer: False. TELNET provide access to the command line on the remote system, while FTP provides a limited command set used for file management and transfers.

SSH

Secure Shell (SSH) is a protocol that provides encrypted command line access to another computer on the network. Used primarily by UNIX/Linux systems, SSH is an improvement over TELNET, which transmits passwords and other data over the network in clear text (that is, unencrypted) form.

True or false: SSH requires that the communicating systems have a client program and a server program.

Answer: True. As with TELNET, one of the computers involved in an SSH session must be running a client program and one must be running a server. Most UNIX and Linux distributions include both.

NTP

The Network Time Protocol (NTP) is an application layer protocol designed to synchronize the clocks of computers on packet-switching networks with varying degrees of latency. Because transmissions on a packet-switching network are not precisely predictable, there is no way of knowing exactly how long it will take for a packet to travel from its source to its destination. Therefore, any attempt to transmit a time signal over the network with precise accuracy is likely to be futile. NTP is designed to overcome that network latency and enable systems to synchronize their clocks with a great deal of precision.

True or false: Active Directory requires all of the domain controllers on a network to have synchronized clocks.

Answer: True. Because administrators can modify the Active Directory database from any domain controller, properly calibrated time stamps are necessary to ensure that changes are applied in the proper order.

POP3

The Post Office Protocol, version 3 (POP3) is designed to provide mailbox services for client computers that are themselves not capable of performing transactions with SMTP servers. Most of the clients that require a mailbox service are not continuously connected to the Internet and are therefore not capable of receiving messages any time a remote SMTP server wants to send them. A POP3 server is continuously connected and is always available to receive messages for offline users. The server then retains the messages in an electronic mailbox until the user connects to the server and requests them.

POP3 is similar to SMTP in that it communicates with clients using text-based commands and responses. As with SMTP, the client transmits commands to the server, but in POP3, there are only two possible response codes, +OK, indicating the successful completion of the command, and –ERR, indicating that an error has occurred to prevent the command from being executed. In the case of POP3, the server also sends the requested email message data to the client, rather than the client sending outgoing messages to the server as in SMTP.

True or false: POP3 servers must remain connected to the Internet at all times to receive messages destined for clients.

Answer: True. SMTP servers forward email traffic based on the MX resource records supplied by DNS servers. The MX records specify the address of the mail server that must be ready to receive message traffic at any time. If the server is offline, mail messages sent to it will bounce.

IMAP4

Internet Message Access Protocol (IMAP) version 4 is a mailbox service that is designed to improve upon POP3’s capabilities. IMAP functions similarly to POP3 in that it uses text-based commands and responses, but the IMAP server provides considerably more functionality than a POP3 server. The biggest difference between IMAP and POP3 is that IMAP is designed to store email messages on the server permanently and provides a wider selection of commands that enable clients to access and manipulate their messages. Storing the mail on the server enables users to easily access their mail from any computer.

True or false: IMAP clients store email messages in encrypted form on the client computer.

Answer: False. IMAP clients permanently store all email messages on the server.

SMTP

Simple Mail Transfer Protocol (SMTP) is an application layer messaging protocol that is responsible for most of the server-to-server mail traffic on the Internet. Like HTTP and FTP messages, SMTP messages are based on text commands. SMTP communications can take place between email clients and servers or between pairs of servers. In each case, the basic communication model is the same. One computer, called the sender-SMTP, initiates communication with the other, the receiver-SMTP, by establishing a TCP connection using the standard three-way handshake.

True or false: Email clients connect to SMTP servers to download their incoming email messages.

Answer: False. Email clients use SMTP servers for their outgoing messages, but to download their incoming messages, they must connect to a POP3 or IMAP server.

SNMP2/3

The Simple Network Monitoring Protocol (SNMP) is a TCP/IP application layer protocol and query language that specially equipped networking devices use to communicate with a central console. Many of the networking hardware and software products on the market, including routers, switches, network adapters, operating systems, and applications, are equipped with SNMP agents.

An SNMP agent is a software module that is responsible for gathering information about a device and delivering it to a computer that has been designated as the network management console. The agents gather specific information about the network devices and store them as managed objects in a management information base (MIB). At regular intervals, the agents transmit their MIBs to the console by using SNMP messages, which are carried inside UDP datagrams.

True or false: All versions of SNMP secure the data being collected from agents.

Answer: False. SNMPv1 has no security protection other than a community string, which functions as a password, and which systems transmit in clear text. SNMPv2 added a new security system that many people criticized as being overly complex. An interim version, called SNMPv2c, consisted of SNMPv2 without the new security system, and with the old version 1 community string instead. SNMP version 3 has standard security services, including authentication, message integrity, and encryption.

ICMP

The Internet Control Message Protocol (ICMP) is a network layer protocol that does not carry user data, although its messages are encapsulated in IP datagrams. ICMP fills two roles in the TCP/IP suite; it provides error reporting functions, informing the sending system when a transmission cannot reach its destination, for example, and it carries query and response messages for diagnostic programs. The Ping utility, for instance, which is included in every TCP/IP implementation, uses ICMP echo messages to determine if another system on the network is able to receive and send data.

True or false: ICMP messages are encapsulated in UDP datagrams.

Answer: False. Unlike most TCP/IP protocols, ICMP does not use the transport services provided by TCP or UDP. Instead, its messages are carried directly within IP datagrams, with no intervening header.

IGMP

Class D IP addresses ranging from 224.0.1.0 to 238.255.255.255 are reserved for multicasting purposes. A multicast transmission is simply a packet transmitted to one of those Class D addresses. However, determining which systems are part of the multicast group that recognizes that address and receives the packets is a process that involves the use of the Internet Group Management Protocol (IGMP).

True or false: Multicasts are preferable to broadcasts because they can be transmitted to systems on other networks.

Answer: True. Broadcast transmissions are limited to the local network because routers do not propagate them. However, routers do propagate multicasts, so they can address systems on other networks.

TLS

Transport Layer Security (TLS) is the successor to Secure Sockets Layer (SSL) and is now the standard cryptographic protocol for web communications. Virtually all current web servers and browsers support TLS, as do many other Internet applications.

True or false: HTTPS is a combination of HTTP and the TLS security protocol.

Answer: True. When you access a secure website on the Internet by using the https:// prefix on a URL, the web server uses TLS to secure the data it would normally deliver using only HTTP.

Can you answer these questions?

Find the answers to these questions at the end of this chapter.

1. Which of the protocols covered by this objective are considered to be transport protocols?
2. Which of the application layer protocols covered by this objective are used by Voice over IP?
3. Which protocols covered by this objective carry email messages?
4. Which transport layer protocol does DNS use for most of its transmissions?
5. Which of the protocols covered in this objective is the only one that operates at the data-link layer?