Simply having a wired or wireless physical connection between end devices is not enough to enable communication. For communication to occur, devices must know “how” to communicate. Communication, whether face-to-face or over a network, is governed by rules called protocols. These protocols are specific to the type of communication method occurring.
For example, consider two people communicating face-to-face. Prior to communicating, they must agree on how to communicate. If the communication is using voice, they must first agree on the language. Next, when they have a message to share, they must be able to format that message in a way that is understandable. For example, if someone uses the English language, but poor sentence structure, the message can easily be misunderstood.
Similarly, network protocols specify many features of network communication, as shown in the figure.
The figure is a star diagram that has protocols as the central word and the branches are characteristics of protocols. These characteristics include message encoding, message formatting and encapsulation, message size, message timing, and message delivery options.
Network protocols provide the means for computers to communicate on networks. Network protocols dictate the message encoding, formatting, encapsulation, size, timing, and delivery options. Networking protocols define a common format and set of rules for exchanging messages between devices. Some common networking protocols are Hypertext Transfer Protocol (HTTP), Transmission Control Protocol (TCP), and Internet Protocol (IP). As a cybersecurity analyst, you must be very familiar with the structure of protocol data and how the protocols function in network communications.
Note: IP in this course refers to both the IPv4 and IPv6 protocols. IPv6 is the most recent version of IP and will eventually replace the more common IPv4.
The router on the left is connected to a computer. The router on the right is connected to a server. A message below the computer reads: I will send this message across the network using an IPv4 header. A message below the attached router reads: I can forward this message because I understand the IPv4 header. A message below the server reads: I can accept this message because I understand IPv4.
The TCP/IP Protocol Suite
Today, the TCP/IP protocol suite includes many protocols and continues to evolve to support new services. Some of the more popular ones are shown in the figure.
The figure shows the TCP/IP layers and associated protocols. At the application layer: DNS is a name system protocol; DHCPv4, DHCPv6, and SLAAC are host config protocols; SMTP, POP3, and IMAP are email protocols; FTP, SFTP, and TFTP are file transfer protocols; and HTTP, HTTPS, and REST are web and web service protocols. At the transport layer: TCP is a connection-oriented protocol and UDP is a connectionless protocol. At the internet layer: IPv4, IPv6, and NAT are Internet protocols; ICMPv4, ICMPv6, and ICMPv6 ND are messaging protocols; and OSPF, EIGRP, and BGP are routing protocols. At the network access layer: ARP is an address resolution protocol; and Ethernet and WLAN are data link protocols. Text at the bottom reads: TCP/IP is the protocol suite used by the internet and the networks of today. TCP/IP has two important aspects for vendors and manufacturers: Open standard protocol suite – This means it is freely available to the public and can be used by any vendor on their hardware or in their software. Standards-based protocol suite – This means it has been endorsed by the networking industry and approved by a standards organization. This ensures that products from different manufacturers can interoperate successfully
- DNS – Domain Name System. Translates domain names such as cisco.com, into IP addresses.
- DHCPv4 – Dynamic Host Configuration Protocol for IPv4. A DHCPv4 server dynamically assigns IPv4 addressing information to DHCPv4 clients at start-up and allows the addresses to be re-used when no longer needed.
- DHCPv6 – Dynamic Host Configuration Protocol for IPv6. DHCPv6 is similar to DHCPv4. A DHCPv6 server dynamically assigns IPv6 addressing information to DHCPv6 clients at start-up.
- SLAAC – Stateless Address Autoconfiguration. A method that allows a device to obtain its IPv6 addressing information without using a DHCPv6 server.
- SMTP – Simple Mail Transfer Protocol. Enables clients to send email to a mail server and enables servers to send email to other servers.
- POP3 – Post Office Protocol version 3. Enables clients to retrieve email from a mail server and download the email to the client’s local mail application.
- IMAP – Internet Message Access Protocol. Enables clients to access email stored on a mail server as well as maintaining email on the server.
- FTP – File Transfer Protocol. Sets the rules that enable a user on one host to access and transfer files to and from another host over a network. FTP is a reliable, connection-oriented, and acknowledged file delivery protocol.
- SFTP – SSH File Transfer Protocol. As an extension to Secure Shell (SSH) protocol, SFTP can be used to establish a secure file transfer session in which the file transfer is encrypted. SSH is a method for secure remote login that is typically used for accessing the command line of a device.
- TFTP – Trivial File Transfer Protocol. A simple, connectionless file transfer protocol with best-effort, unacknowledged file delivery. It uses less overhead than FTP.
Web and Web Service
- HTTP – Hypertext Transfer Protocol. A set of rules for exchanging text, graphic images, sound, video, and other multimedia files on the World Wide Web.
- HTTPS – HTTP Secure. A secure form of HTTP that encrypts the data that is exchanged over the World Wide Web.
- REST – Representational State Transfer. A web service that uses application programming interfaces (APIs) and HTTP requests to create web applications.
Message Formatting and Encapsulation
When a message is sent from source to destination, it must use a specific format or structure. Message formats depend on the type of message and the channel that is used to deliver the message.
A common example of requiring the correct format in human communications is when sending a letter. Click Play in the figure to view an animation of formatting and encapsulating a letter.
An envelope has the address of the sender and receiver, each located at the proper place on the envelope. If the destination address and formatting are not correct, the letter is not delivered.
The process of placing one message format (the letter) inside another message format (the envelope) is called encapsulation. De-encapsulation occurs when the process is reversed by the recipient and the letter is removed from the envelope.
The animation shows an envelope with a stamp, a sender of 4085 SE Pine Street, Ocala, Florida 34471 and a recipient at 1400 Main Street, Canton, Ohio 44203. The envelope opens and shows a letter: dear Jane, I just returned from my trip. I thought you might like to see my pictures. John. A breakout table appears with the following headings: Recipient (destination) location address, sender (source) location address, salutation (start of message indicator), recipient (destination) identifier, the content of letter (encapsulated data) sender (source) identifier, end of frame (end of message indicator).
The next row has an envelope addressing under the first 2 sections, then encapsulated letter under the next 4 sections. The 1400 Main Street Canton, Ohio 44203 goes in a new row under the recipient (destination) and envelope addressing sections. The 4085 SE Pine Street Ocala, Florida 34471 goes under the sender (source) and envelope addressing sections.
The dear goes under the salutation (start of message indicator) and encapsulated letter sections. Jane goes under the recipient (destination) identifier and encapsulated letter sections. The words I just returned from my trip. I thought you might like to see my pictures. Goes under the content of the letter (encapsulated data) and encapsulated letter sections. The word John goes under the sender (source) identifier and encapsulated letter sections. The stamp on the letter goes under the end of the frame (end of message indicator) section.
Another rule of communication is message size.
Click Play in the figure to view an animation of message size in face-to-face communications.
When people communicate with each other, the messages that they send are usually broken into smaller parts or sentences. These sentences are limited in size to what the receiving person can process at one time, as shown in the figure. It also makes it easier for the receiver to read and comprehend.
Message timing is also very important in network communications. Message timing includes the following:
- Flow Control – This is the process of managing the rate of data transmission. Flow control defines how much information can be sent and the speed at which it can be delivered. For example, if one person speaks too quickly, it may be difficult for the receiver to hear and understand the message. In network communication, there are network protocols used by the source and destination devices to negotiate and manage the flow of information.
- Response Timeout – If a person asks a question and does not hear a response within an acceptable amount of time, the person assumes that no answer is coming and reacts accordingly. The person may repeat the question or instead, may go on with the conversation. Hosts on the network use network protocols that specify how long to wait for responses and what action to take if a response timeout occurs.
- Access method – This determines when someone can send a message. Click Play in the figure to see an animation of two people talking at the same time, then a “collision of information” occurs, and it is necessary for the two to back off and start again. Likewise, when a device wants to transmit on a wireless LAN, it is necessary for the WLAN network interface card (NIC) to determine whether the wireless medium is available.
The animation shows a woman and a man speaking at the same time. The woman says What time is the movie? and the man says When are we meeting for dinner?. Because they spoke simultaneously, neither understood the other and they both say Sorry? I did not understand you.
Unicast, Multicast, and Broadcast
A message can be delivered in different ways. Sometimes, a person wants to communicate information to a single individual. At other times, the person may need to send information to a group of people at the same time, or even to all people in the same area.
Hosts on a network use similar delivery options to communicate. These methods of communication are called unicast, multicast, and broadcast.
A one-to-one delivery option is referred to as a unicast, meaning there is only a single destination for the message.
This animation consists of three hosts and a printer connected to a switch and router. The animation illustrates the host with IP address 172.16.4.1 sending a unicast packet to IP address 172.16.4.253. When the switch receives the frame, it forwards it out to the printer with IP address 172.16.4.253.
The Benefits of Using a Layered Model
You cannot actually watch real packets travel across a real network the way you can watch the components of a car being put together on an assembly line. so, it helps to have a way of thinking about a network so that you can imagine what is happening. A model is useful in these situations.
Complex concepts such as how a network operates can be difficult to explain and understand. For this reason, a layered model is used to modularize the operations of a network into manageable layers.
These are the benefits of using a layered model to describe network protocols and operations:
- Assisting in protocol design because protocols that operate at a specific layer have defined information that they act upon and a defined interface to the layers above and below
- Fostering competition because products from different vendors can work together
- Preventing technology or capability changes in one layer from affecting other layers above and below
- Providing a common language to describe networking functions and capabilities
As shown in the figure, there are two layered models that are used to describe network operations:
- Open System Interconnection (OSI) Reference Model
- TCP/IP Reference Model
At the top of the image are two LANs connected via a WAN with the text: A networking model is only a representation of a network operation. The model is not the actual network. Underneath are the OSI and TCP/IP model layers and protocols. The seven layers of the OSI model from top to bottom and their associated protocols are: application, presentation, session (protocols at the top three layers are HTTP, DNS, DHCP, and FTP), transport (TCP and UDP), network (IPv4, IPv6, ICMPv4, and ICMPv6), data link, and physical (protocols at the bottom two layers are Ethernet, WLAN, SONET, and SDH). The four layers of the TCP/IP model from top to bottom and their associated protocols are: application (HTTP, DNS, DHCP, and FTP), transport (TCP and UDP), Internet (IPv4, IPv6, ICMPv4, and ICMPv6), and network access (Ethernet, WLAN, SONET, and SDH).
The OSI Reference Model
The OSI reference model provides an extensive list of functions and services that can occur at each layer. This type of model provides consistency within all types of network protocols and services by describing what must be done at a particular layer, but not prescribing how it should be accomplished.
It also describes the interaction of each layer with the layers directly above and below. The TCP/IP protocols discussed in this course are structured around both the OSI and TCP/IP models. The table shows details about each layer of the OSI model. The functionality of each layer and the relationship between layers will become more evident throughout this course as the protocols are discussed in more detail.
|OSI Model Layer||Description|
|7 – Application||The application layer contains protocols used for process-to-process communications.|
|6 – Presentation||The presentation layer provides for common representation of the data transferred between application layer services.|
|5 – Session||The session layer provides services to the presentation layer to organize its dialogue and to manage data exchange.|
|4 – Transport||The transport layer defines services to segment, transfer, and reassemble the data for individual communications between the end devices.|
|3 – Network||The network layer provides services to exchange the individual pieces of data over the network between identified end devices.|
|2 – Data Link||The data link layer protocols describe methods for exchanging data frames between devices over a common media|
|1 – Physical||The physical layer protocols describe the mechanical, electrical, functional, and procedural means to activate, maintain, and de-activate physical connections for a bit transmission to and from a network device.|
Note: Whereas the TCP/IP model layers are referred to only by name, the seven OSI model layers are more often referred to by number rather than by name. For instance, the physical layer is referred to as Layer 1 of the OSI model, the data link layer is Layer 2, and so on.
The TCP/IP Protocol Model
The TCP/IP protocol model for internetwork communications was created in the early 1970s and is sometimes referred to as the internet model. This type of model closely matches the structure of a particular protocol suite. The TCP/IP model is a protocol model because it describes the functions that occur at each layer of protocols within the TCP/IP suite. TCP/IP is also used as a reference model. The table shows details about each layer of the OSI model.
|TCP/IP Model Layer||Description|
|4 – Application||Represents data to the user, plus encoding and dialog control.|
|3 – Transport||Supports communication between various devices across diverse networks.|
|2 – Internet||Determines the best path through the network.|
|1 – Network Access||Controls the hardware devices and media that make up the network.|
The definitions of the standard and the TCP/IP protocols are discussed in a public forum and defined in a publicly available set of IETF request for comment (RFC) documents. An RFC is authored by networking engineers and sent to other IETF members for comments.
I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.
Download Our App.
Follow Us On Telegram
CEHNigeria On Google Playstore
GET SEOPOZ . OUTSMART YOUR BLOG COMPETITORS
Join Our Whatsapp Group
Follow Us On Twitter and I will Follow Back
Follow Us On Twitter
Kindly follow me on Twitter and I promise I will follow back. Aside you will get updated when we post new articles.