Protocols & Services

DNS Protocol Overview

Part of the confusion associated with the DNS protocol is that it lacks a special name. Thus DNS can refer either to the entire system, or to the protocol that makes it work. This page documents the protocol, which operates in one of two basic modes - lookups or zone transfers.

DNS Lookups

Normal resource records lookups are done with UDP. An "intelligent retransmission" is to be used, though one is not specified in the protocol, resulting in a mix of poor strategies with good ones. The protocol itself is stateless; all the information needed is contained in a single message, fully documented in RFC 1035 §4.1, and having the following format:

+---------------------+ | Header |

 +---------------------+ | Question | the question for the name server

 +---------------------+ | Answer | RRs answering the question

 +---------------------+ | Authority | RRs pointing toward an authority

 +---------------------+ | Additional | RRs holding additional information

(freesoft.org n.d)

Whois

Whois is used to lookup records in InterNIC's main database for second-level domains.

Whois can be used as a program, or by telneting to ds.internic.net, or by contacting URL http://rs.internic.net/cgi-bin/whois

Whois performs generic, string-based searches on several databases maintained by InterNIC, the most important of these being the domain registration database. This database contains entries for all valid second-level DNS names, along with contact information and name server addresses. Another database contains thousands of contact people, arranged alphabetically. All of these records are indexed by keys, which can be used (if known) to match records exactly.

(freesoft.org n.d.)

Http explained:

What happens when I follow a link?

Step 1: Parsing the URL

The first thing the browser has to do is to look at the URL of the new document to find out how to get hold of the new document. Most URLs have this basic form: "protocol://server/request-URI". The protocol part describes how to tell the server which document the you want and how to retrieve it. The server part tells the browser which server to contact, and the request-URI is the name used by the web server to identify the document. (I use the term request-URI since it's the one used by the HTTP standard, and I can't think of anything else that is general enough to not be misleading.)

Step 2: Sending the request

Usually, the protocol is "http". To retrieve a document via HTTP the browser transmits the following request to the server: "GET /request-URI HTTP/version", where version tells the server which HTTP version is used. (Usually, the browser includes some more information as well. The details are covered later.)

One important point here is that this request string is all the server ever sees. So the server doesn't care if the request came from a browser, a link checker, a validator, a search engine robot or if you typed it in manually. It just performs the request and returns the result.

Step 3: The server response

When the server receives the HTTP request it locates the appropriate document and returns it. However, an HTTP response is required to have a particular form. It must look like this:HTTP/[VER] [CODE] [TEXT] Field1: Value1 Field2: Value2 ...Document content here...

The first line shows the HTTP version used, followed by a three-digit number (the HTTP status code) and a reason phrase meant for humans. Usually the code is 200 (which basically means that all is well) and the phrase "OK". The first line is followed by some lines called the header, which contains information about the document. The header ends with a blank line, followed by the document content. This is a typical header:HTTP/1.0 200 OK Server: Netscape-Communications/1.1 Date: Tuesday, 25-Nov-97 01:22:04 GMT Last-modified: Thursday, 20-Nov-97 10:44:53 GMT Content-length: 6372 Content-type: text/html <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <HTML> ...followed by document content...

We see from the first line that the request was successful. The second line is optional and tells us that the server runs the Netscape Communications web server, version 1.1. We then get what the server thinks is the current date and when the document was modified last, followed by the size of the document in bytes and the most important field: "Content-type".

The content-type field is used by the browser to tell which format the document it receives is in. HTML is identified with "text/html", ordinary text with "text/plain", a GIF is "image/gif" and so on. The advantage of this is that the URL can have any ending and the browser will still get it right.

An important concept here is that to the browser, the server works as a black box. Ie: the browser requests a specific document and the document is either returned or an error message is returned. How the server produces the document remains unknown to the browser. This means that the server can read it from a file, run a program that generates it, compile it by parsing some kind of command file or (very unlikely, but in principle possible) have it dictated by the server administrator via speech recognition software. This gives the server administrator great freedom to experiment with different kinds of services as the users don't care (or even know) how pages are produced.

What the server does

When the server is set up it is usually configured to use a directory somewhere on disk as its root directory and that there be a default file name (say "index.html") for each directory. This means that if you ask the server for the file "/" (as in "http://www.domain.tld/") you'll get the file index.html in the server root directory. Usually, asking for "/foo/bar.html" will give you the bar.html file from the foo directory directly beneath the server root.

Usually, that is. The server can be set up to map "/foo/" into some other directory elsewhere on disk or even to use server-side programs to answer all requests that ask for that directory. The server does not even have to map requests onto a directory structure at all, but can use some other scheme.

(apache.org 2015)

Email Protocols - POP3, SMTP and IMAP

What is POP3, IMAP, SMTP and which are the default ports for them

In this tutorial we will provide you with detailed information about the most commonly used Email protocols on the internet - POP3, IMAP and SMTP. Each one of them has specific function and way of work. Read on to see which configuration will best server your particular email needs.This tutorial covers the following topics:What is POP3 and which are the default POP3 portsWhat is IMAP and which are the default IMAP portsWhat is SMTP and which are the default SMTP ports

What is POP3 and which are the default POP3 ports

Post Office Protocol version 3 (POP3) is a standard mail protocol used to receive emails from a remote server to a local email client. POP3 allows you to download email messages on your local computer and read them even when you are offline. Note, that when you use POP3 to connect to your email account, messages are downloaded locally and removed from the servers. This means that if you access your account from multiple locations, that may not be the best option for you. On the other hand, if you use POP3, your messages are stored on your local computer, which reduces the space your email account uses on your web server.

By default, the POP3 protocol works on two ports:

Port 110 - this is the default POP3 non-encrypted port

Port 995 - this is the port you need to use if you want to connect using POP3 securely

What is IMAP and which are the default IMAP ports

The Internet Message Access Protocol (IMAP) is a mail protocol used for accessing email on a remote web server from a local client. IMAP and POP3 are the two most commonly used Internet mail protocols forretrieving emails. Both protocols are supported by all modern email clients and web servers.

While the POP3 protocol assumes that your email is being accessed only from one application, IMAP allows simultaneous access by multiple clients. This is why IMAP is more suitable for you if you're going to access your email from different locations or if your messages are managed by multiple users.

By default, the IMAP protocol works on two ports:

Port 143 - this is the default IMAP non-encrypted port

Port 993 - this is the port you need to use if you want to connect using IMAP securely

What is SMTP and which are the default SMTP ports

Simple Mail Transfer Protocol (SMTP) is the standard protocol for sending emails across the Internet.

By default, the SMTP protocol works on three ports:

Port 25 - this is the default SMTP non-encrypted port

Port 2525 - this port is opened on all SiteGround servers in case port 25 is filtered (by your ISP for example) and you want to send non-encrypted emails with SMTP

Port 465 - this is the port used, if you want to send messages using SMTP securely

(siteground.com n.d.)

MTA : Mail Transfer Agent : An MTA receives and sends out mail. Postfix is the default MTA on Ubuntu (though Exim4 is also in the main repository).

MDA : Mail Delivery Agent : An MDA makes messages received by MTA available for download using eg. IMAP or POP3. Dovecot is the default MDA on Ubuntu (though Courier with support for external database server is also in the main repository). Since Dovecot supports IMAP & POP3, Dovecot is also called an IMAP & POP3 server.

MUA : Mail User Agent : A MUA is the email program you use to create email messages and to receive and read them, eg. Outlook Express or Thunderbird.

LDA : Local Delivery Agent : Then an MTA decides that it is itself the final MTA destination for an email message, the

MTA instead of forwarding the email message to yet another MTA needs to store the email message on local storage.

Postfix can store an email message if the storage format is either mbox or Maildir, however the MTA can also let an LDA handle the local storage, eg. DovecotLDA is a Postfix plugin that handles delivering email messages from the Postfix server to the local storage media.

IMAP : : High bandwith protocol for MUA to download email messages from MDA. Typically email messages are only cached on the MUA (also other good stuff).

POP3 : : Low bandwith protocol for MUA to download email messages from MDA. Typically email messages are downloaded to the MUA and deleted on the server by the MDA.

SMTP : Simple Mail Transfer Protocol : Protocol for transfering email messages from MUA to MTA and from MTA to another MTA.

Mailbox : A mailbox is an email message storage format. The two most popular are mbox and Maildir (both supported by Postfix for direct local delivery without using an LDA). mbox stores email messages in one big file for each email account while Maildir stores each email message in its own file.

SASL : Simple Authentication and Security Layer : SASL is an SMTP Authentication protocol/plugin. Postfix supports 2 SASL implementations, Cyrus SASL & Dovecot SASL.

(Rummel n.d.)

What is FTP, and how do I use it to transfer files?

Overview

FTP is an acronym for File Transfer Protocol. As the name suggests, FTP is used to transfer files between computers on a network. You can use FTP to exchange files between computer accounts, transfer files between an account and a desktop computer, or access online software archives. Keep in mind, however, that many FTP sites are heavily used and require several attempts before connecting.

Note: You need to use a client that supports secure FTP to transfer files to and from Indiana University's central systems. For more, see At IU, what SSH/SFTP clients are supported and where can I get them?

How to use FTP

Graphical FTP clients

Graphical FTP clients simplify file transfers by allowing you to drag and drop file icons between windows. When you open the program, enter the name of the FTP host (e.g.,ftp.microsoft.com) and your username and password. If you are logging into ananonymous FTP server, you may not have to enter anything. Two common FTP programs are Cyberduck (for Mac) and WinSCP (for Windows). 

(Widiono 2009)

Without an IP-address a computer can not communicate using IP-traffic. Before a computer can start communicate using the IP-protocol the computer needs to know what IP-address to use as its own. An IP-address can be assigned manually. This works fine if the computer always is used on the same network all the time and if the computer is active. But if the computer needs to change network from time to time and have a static (manually) assigned IP-address there is now way for the computer to know if the static assigned IP-address already are in use by another computer or are in a valid range on the different networks.

DHCP (Dynamic Host Configuration Protocol) - To solve this problem there is a mechanism called DHCP (Dynamic Host Configuration Protocol). This protocol also involves a server on the network that is often called DHCP server. DHCP servers often resides within routers. A router can be a simple broadband firewall/router or a computer on the network, assigned the service task to act as a DHCP server. To acquire a valid IP-address from a DHCP server the computer can ask the DHCP server for an address to use.

(Laneye 2015)

 File Sharing Services and SMB Protocol

The Server Message Block (SMB) is a client/server file sharing protocol. IBM developed Server Message Block (SMB) in the late 1980s to describe the structure of shared network resources, such as directories, files, printers, and serial ports. It is a request-response protocol. Unlike the file sharing supported by FTP, clients establish a long term connection to servers. Once the connection is established, the user of the client can access the resources on the server as if the resource is local to the client host. SMB file-sharing and print services have become the mainstay of Microsoft networking. With the introduction of the Windows 2000 series of software, Microsoft changed the underlying structure for using SMB. In previous versions of Microsoft products, the SMB services used a non-TCP/IP protocol to implement name resolution. Beginning with Windows 2000, all subsequent Microsoft products use DNS naming. This allows TCP/IP protocols to directly support SMB resource sharing, as shown in the figure. The LINUX and UNIX operating systems also provide a method of sharing resources with Microsoft networks using a version of SMB called SAMBA.The Apple Macintosh operating systems also support resource sharing using the SMB protocol.

The SMB protocol describes file system access and how clients can make requests for files. It also describes the SMB protocol inter-process communication. All SMB messages share a common format. This format uses a fixed-sized header followed by a variable-sized parameter and data component. SMB messages can:

*Start, authenticate, and terminate sessions

*Control file and printer access

*Allow an application to send or receive messages to or from another device.

(Highteck.net n.d.)

 P2P Services and Gnutella Protocol

You learned about FTP and SMB as ways of obtaining files, here is another Application protocol. Sharing files over the Internet has become extremely popular. With P2P applications based on the Gnutella protocol, people can make files on their hard disks available to others for downloading. Gnutella-compatible client software allows users to connect to Gnutella services over the Internet and to locate and access resources shared by other Gnutella peers. Many client applications are available for accessing the Gnutella network, including: BearShare, Gnucleus, LimeWire, Morpheus, WinMX and XoloX (see a screen capture of LimeWire in the figure). While the Gnutella Developer Forum maintains the basic protocol, application vendors often develop extensions to make the protocol work better on their applications. Many P2P applications do not use a central database to record all the files available on the peers. Instead, the devices on the network each tell the other what files are available when queried and use the Gnutella protocol and services to support locating resources. When a user is connected to a Gnutella service, the client applications will search for other Gnutella nodes to connect to. These nodes handle queries for resource locations and replies to those requests. They also govern control messages, which help the service discover other nodes. The actual file transfers usually rely on HTTP services. The Gnutella protocol defines five different packet types:

ping - for device discovery

pong - as a reply to a ping

query - for file location

query hit - as a reply to a query

push - as a download request

(Highteck.net n.d.)

Telnet Services and Protocol

Long before desktop computers with sophisticated graphical interfaces existed, people used text-based systems which were often just display terminals physically attached to a central computer. Once networks were available, people needed a way to remotely access the computer systems in the same manner that they did with the directly attached terminals. Telnet was developed to meet that need. Telnet dates back to the early 1970s and is among the oldest of the Application layer protocols and services in the TCP/IP suite. Telnet provides a standard method of emulating text-based terminal devices over the data network. Both the protocol itself and the client software that implements the protocol are commonly referred to as Telnet. Appropriately enough, a connection using Telnet is called a Virtual Terminal (VTY) session, or connection. Rather than using a physical device to connect to the server, Telnet uses software to create a virtual device that provides the same features of a terminal session with access to the server command line interface (CLI). To support Telnet client connections, the server runs a service called the Telnet daemon. A virtual terminal connection is established from an end device using a Telnet client application. Most operating systems include an Application layer Telnet client. On a Microsoft Windows PC, Telnet can be run from the command prompt. Other common terminal applications that run as Telnet clients are HyperTerminal, Minicom, and TeraTerm. Once a Telnet connection is established, users can perform any authorized function on the server, just as if they were using a command line session on the server itself. If authorized, they can start and stop processes, configure the device, and even shut down the system.

Telnet is a client/server protocol and it specifies how a VTY session is established and terminated. It also provides the syntax and order of the commands used to initiate the Telnet session, as well as control commands that can be issued during a session. Each Telnet command consists of at least two bytes. The first byte is a special character called theInterpret as Command (IAC) character. As its name implies, the IAC defines the next byte as a command rather than text.

Some sample Telnet protocol commands include:

Are You There (AYT) - Lets the user request that something appear on the terminal screen to indicate that the VTY session is active.

Erase Line (EL) - Deletes all text from the current line.

Interrupt Process (IP) - Suspends, interrupts, aborts, or terminates the process to which the Virtual Terminal is connected. For example, if a user started a program on the Telnet server via the VTY, he or she could send an IP command to stop the program. While the Telnet protocol supports user authentication, it does not support the transport of encrypted data. All data exchanged during a Telnet sessions is transported as plain text across the network. This means that the data can be intercepted and easily understood. If security is a concern, the Secure Shell (SSH) protocol offers an alternate and secure method for server access. SSH provides the structure for secure remote login and other secure network services. It also provides stronger authentication than Telnet and supports the transport of session data using encryption. Application layer iso osi. As a best practice, network professionals should always use SSH in place of Telnet, whenever possible.

(Highteck.net n.d.)