Unit 2 – Networking

Bevan Kanishka Liyanage

Lecturer IT
MSc Information Technology Specialized in Cyber Security (SLIIT)
Postgraduate Diploma (PgD) in Information Technology (SLIIT)
BEng (Hons) in Computer Netwrorking (London met) , UK
Network Protocols
 Network Protocol
A network protocol is a set of rules that govern how devices
communicate with each other on a network. It is like a common
language that allows devices to understand each other's messages.
Without network protocols, devices would not be able to communicate
effectively, and the internet would not function.
They allow devices to communicate with each other efficiently and
reliably, regardless of their differences in hardware, software, or
internal processes.
There are many different types of network protocols, each with its own
specific purpose.
 TCP (Transmission Control Protocol)
The Transmission Control Protocol (TCP) is one of the main protocols of
the Internet protocol suite. It is a connection-oriented protocol, which
means that a connection is established between two hosts before any
data is sent. This ensures that the data is delivered reliably and in the
correct order.
It provides reliable, ordered, and error-checked delivery of data between
applications running on devices connected over an IP network.
TCP is responsible for breaking data into packets, establishing and
terminating connections, flow control, and retransmitting lost or
corrupted packets.
TCP (Transmission Control Protocol)
When it comes to TCP protocol there are 3 stages.
1. Session starting
2. Data transmission
3. Session termination
 How TCP works
Connection Establishment :
• Before data can be exchanged, a connection must be established between the sender
(client) and the receiver (server).
• Which is This is achieved through a three-way handshake process.

Reliable Data Transfer:

• Once the connection is established, data transfer occurs.
• Data is divided into smaller segments and numbered with sequence numbers.
• The receiver acknowledges the received segments by sending acknowledgment (ACK)
packets back to the sender.
• If the sender does not receive an ACK within a specific timeout period, it retransmits the
unacknowledged segment.
 How TCP works
Flow Control:
• TCP implements flow control to ensure that a fast sender does not overwhelm a slower receiver.
• The receiver can indicate its available buffer space by using the window size parameter in TCP
segments.
• The sender adjusts its transmission rate based on the receiver's window size to maintain optimal data
flow.
Connection Termination:
When the data transfer is complete, the connection is terminated, through a process of four-way
handshake.
The client sends a TCP segment with the FIN (finish) flag set to indicate the intention to close the
connection.
The server acknowledges the client's request by sending an ACK segment.
The server then initiates its own termination by sending a TCP segment with the FIN flag set.
The client responds with an ACK segment, acknowledging the server's termination request.
 UDP (User Datagram Protocol)
UDP (User Datagram Protocol) is a connectionless protocol.
Unlike TCP, UDP does not provide reliable, ordered, or error-checked
delivery of data.
It is a simpler protocol that focuses on delivering data with minimal
overhead and lower latency.
UDP is often used for real-time applications, multimedia streaming,
DNS (Domain Name System), and other scenarios where low latency is
more important than guaranteed delivery.
How UDP works
Connectionless Communication:
• UDP does not establish a connection before transmitting data.
• Each UDP datagram (packet) is treated independently and can be sent
without any prior setup.
Data Packetization:
• Applications using UDP divide their data into smaller packets called UDP
datagrams.
• Each datagram contains the necessary addressing information, including
the source and destination port numbers, which identify the sending
and receiving applications or services.
How UDP works
Unreliable Delivery:
Unlike TCP, UDP does not provide mechanisms for reliable delivery, flow
control, or retransmission of lost packets.
Once a UDP datagram is sent, it is up to the receiving application to
handle any lost, duplicated, or out-of-order packets.
Lower Overhead:
UDP has lower overhead compared to TCP since it does not include
features like sequence numbers, acknowledgments, or congestion
control.
This makes UDP faster and more efficient in terms of network resources.
 ARP (Address Resolution Protocol)
ARP (Address Resolution Protocol) is a protocol used to resolve IP
addresses to physical MAC (Media Access Control) addresses on a local
network.
It is primarily used in Ethernet networks to map an IP address to its
corresponding MAC address.
 DHCP (Dynamic Host Configuration
Protocol)
DHCP (Dynamic Host Configuration Protocol) is a network protocol used
to dynamically assign IP addresses and network configuration
parameters to devices on a network.
It simplifies the process of network configuration by automating the
assignment of IP addresses, subnet masks, default gateways, and other
network settings.
 How DHCP works
DHCP Discover:
• When a device (DHCP client) connects to a network, it sends a DHCP
Discover message broadcast on the network.
• This message indicates that the device is seeking an IP address and other
network configuration information.
DHCP Offer:
• DHCP servers on the network receive the DHCP Discover message and
respond with a DHCP Offer message.
• The DHCP Offer contains an available IP address and associated network
configuration parameters that the server is willing to assign to the client.
 How DHCP works
DHCP Request (client):
• The DHCP client receives multiple DHCP Offer messages from various servers
and selects one.
• It sends a DHCP Request message to the chosen server, requesting the offered
IP address and confirming the lease.
DHCP Acknowledge:
The DHCP server responds to the client's DHCP Request with a DHCP
Acknowledge message, indicating that the requested IP address has been
assigned to the client.
The message also provides additional network configuration parameters, such
as subnet mask, default gateway, DNS server, and lease duration.
 How DHCP works
IP configuration:
• Upon receiving the DHCP Acknowledge, the client configures its network
interface with the assigned IP address and other parameters received from the
DHCP server.
• The client can now communicate on the network using the assigned IP address.
Lease renewal:
• DHCP leases are typically assigned for a limited period. Before the lease
expiration, the client can request a lease renewal from the DHCP server to
extend the lease duration.
• If the server grants the renewal, the client continues to use the same IP address
and configuration parameters.
 DHCP
DHCP operates using UDP (User Datagram Protocol) for communication
between clients and servers.
It uses two well-known port numbers:
• Port 67: This is the DHCP server port. DHCP servers listen for incoming
DHCP messages on this port.
• Port 68: This is the DHCP client port. DHCP clients use this port to
send DHCP messages to the server.
 What is a port?

• A port is a virtual point where network connections start and end.

• Ports are software-based and managed by a computer's operating
system.
• Each port is associated with a specific process or service.
• Ports allow computers to easily differentiate between different kinds of
traffic: i.e. emails go to a different port than webpages.
• Ports are standardized across all network-connected devices, with each
port assigned a number.
• Most ports are reserved for certain protocols — for example, all
Hypertext Transfer Protocol (HTTP) messages go to port 80
 Ports
The port numbers are divided into three ranges:

Well-known ports - The well known ports are those from 0 - 1,023. DCCP well
known ports should not be used without IANA registration. The registration
procedure is defined in document RFC4340, section 19.9.
Registered ports - The registered ports are those from 1,024 - 49,151. DCCP
registered ports should not be used without IANA registration. The registration
procedure is defined in document RFC4340, section 19.9.
Dynamic and/or private ports - The dynamic and/or private ports are those from
49,152 - 65,535.
 ICMP (Internet Control Message Protocol)
• The Internet Control Message Protocol (ICMP) is a network layer
protocol used by routers, intermediary devices, and hosts to
communicate error information or updates to other routers,
intermediary devices, and hosts.
• It is primarily used to send error messages, check network connectivity,
diagnostic and gather information about network devices.
• ICMP is a connectionless protocol, which means that it does not
establish a connection between the sender and receiver of a message.
ICMP messages are sent as individual packets, and each packet is
treated independently.
 ICMP is used for
• Reporting errors: ICMP can be used to report errors that occur during the
transmission of data packets. For example, if a packet is lost or corrupted, the
router that dropped the packet will send an ICMP message back to the sender
of the packet.
• Performing network diagnostics: ICMP can be used to perform network
diagnostics, such as ping and traceroute. Ping sends an ICMP echo request
message to a destination host and waits for an echo reply message.
Traceroute uses ICMP to trace the path that a packet takes through the
network to reach its destination.
• Managing congestion: ICMP can be used to manage congestion in the
network. For example, if a router is overloaded, it can send ICMP messages to
hosts to tell them to slow down their transmission of data packets.
 File Transfer Protocol (FTP)
File Transfer Protocol (FTP) is a standard network protocol used for
transferring files between a client and a server on a computer network.
It provides a way to upload and download files from a remote server
over a TCP/IP-based network, such as the Internet.
 How FTP works
The FTP client initiates a connection to the FTP server using the server's
IP address or domain name and the FTP port (usually port 21). The
client can use dedicated FTP software or command-line tools to
establish this connection.
Then the client needs to authenticate itself by providing a username
and password. After authentication, the client and server communicate
over the command channel. The client sends various commands (e.g.,
list directory, change directory, upload file, download file) to the server,
which interprets and executes these commands.
 How FTP works
When file transfer is required, the client and server establish a separate
data channel for transferring the actual file contents.
Once the data channel is established, the actual file transfer occurs
 HTTP (Hypertext Transfer Protocol)
• HTTP (Hypertext Transfer Protocol) is a protocol used for
communication between web browsers (clients) and web servers.
• It facilitates the transfer of hypertext, which includes HTML
documents, images, videos, and other resources, over the internet.
• HTTP defines a set of rules and standards for how clients and servers
interact and exchange information.
• HTTP clients generally use Transmission Control Protocol (TCP)
connections to communicate with servers.
 How HTTP works
• Client request: The web browser (HTTP client) sends an HTTP request to a web server. The
request typically includes a URL (Uniform Resource Locator) that specifies the desired resource
(e.g., a web page) and the HTTP method (such as GET, POST, or PUT) to indicate the desired
action.
• Server response: The web server (HTTP server) receives the request and processes it. The server
generates an HTTP response that contains the requested resource or an error message if the
resource is not found or an issue occurs. The response includes an HTTP status code (e.g., 200 for
success, 404 for not found) to indicate the outcome of the request.
• Data transfer: The server sends the HTTP response back to the client, which includes the
requested resource and associated metadata. The data is transferred over the network in the
form of text, binary files, or other media types, depending on the content.
• Client rendering: The web browser receives the HTTP response and interprets it. It renders the
HTML content, processes any embedded resources (like images or stylesheets), and displays the
web page to the user. The browser may also send additional requests to fetch linked resources
(e.g., images, scripts, or stylesheets) referenced in the HTML.
 How HTTP works
HTTP uses port 80 as the default port number for communication
between clients and servers.
When a client makes an HTTP request to a server, it connects to the
server's IP address on port 80 to establish the connection.
 What is HTTPS
• HTTPS stands for Hypertext Transfer Protocol Secure. It is a secure
version of the HTTP protocol.
• HTTPS uses Transport Layer Security (TLS) or Secure Sockets Layer
(SSL) to encrypt data sent between a web server and a web browser.
• HTTPS is used to protect the privacy and security of data exchanged
over the internet.
• HTTPS uses port number 443 by default.
 Benefits of HTTPS
• Increased security: HTTPS helps to protect the privacy and security of
data exchanged over the internet.
• Improved trust: HTTPS can help to build trust with website visitors by
showing that the website is secure.
• Better SEO ranking: Google and other search engines may rank
websites that use HTTPS higher in search results.
 Telnet
• Telnet is a network protocol that allows you to establish a remote
terminal session over a TCP/IP network.
• It enables you to connect to and interact with a remote device or
computer as if you were physically present at its location.
• Telnet uses port 23 as the default port for communication.
• Telnet is a text-based protocol, so all data is transmitted in plain text.
This means that any data that is transmitted over a telnet connection,
including passwords and other sensitive information, is not encrypted.
As a result, telnet is not considered to be a secure protocol and
should not be used to transmit sensitive data.
SSH - Secure shell protocol
 SSH - Secure shell protocol
• Secure Shell, is a network protocol that provides a secure way to
access a remote computer.
• It works by encrypting all data that is transmitted between the two
computers, including passwords and other sensitive information.
• This makes it much more difficult for hackers to eavesdrop on or steal
data that is being transferred over an SSH connection.
• SSH uses port 22 by default.
Domain Name System (DNS) protocol
 Domain Name System (DNS) protocol
• The Domain Name System (DNS) protocol is a set of rules that define how computers
communicate with each other to translate domain names into IP addresses.
• Domain names are the human-readable addresses of websites and other online
resources, while IP addresses are the numerical addresses that computers use to
communicate with each other.
• The DNS protocol works by using a distributed database of domain names and IP
addresses. When a computer wants to access a website, it sends a DNS query to a DNS
server.
• The DNS server then searches its database for the IP address associated with the
domain name. If the DNS server finds the IP address, it returns it to the computer. The
computer then uses the IP address to connect to the website.
• The DNS protocol uses the User Datagram Protocol (UDP) on port 53 to communicate
between DNS clients and DNS servers.
 STMP
SMTP stands for Simple Mail Transfer Protocol.
SMTP is a network protocol used for sending and routing email
messages between servers.
It follows the client-server model.
SMTP uses port 25 as the default port for communication.
The client establishes a TCP connection with the server on port 25 to
initiate the email transfer process.
 POP3
• POP3 (Post Office Protocol version 3) is a standard internet protocol used
for receiving email from a remote mail server to a local email client.
• POP3 typically uses port 110 for communication. The client establishes a
TCP connection with the server on port 110 to retrieve email.
• POP3 assumes that the email client accessing the server will be the only
device used to retrieve messages. By default, it downloads and removes
emails from the server upon retrieval.
• POP3 does not support advanced synchronization between multiple
devices, and it only synchronize inbox.
 IMAP
• IMAP stands for Internet Message Access Protocol. It is a protocol
used to access email messages on a mail server.
• IMAP works by using a client-server model. The client is the email
program that you use to read and manage your email messages. The
server is the computer that stores your email messages.
• IMAP allows you to view, search, and manage your email messages on
the mail server. You can also move, copy, and delete email messages.
• IMAP uses port 143 by default.