advanced networking v2

7/26/2019 Advanced Networking v2

1/64

Advanced Networking v2.0

1


On completion of this module you will have developed an understanding of

advanced network topics to a protocol level, aiding in the diagnosis and resolution

of protocol and network issues in complex networks.

The specific areas covered are:

Advanced network theory

Network Applications & Environments

Directory Services


2/64


2

Module training overview

Target audience will be:

Any Service Professional that has advanced networking responsibilities. It is suggested that Outward

Professional Certification also be completed.

This training is aims to cover advanced network topics to a protocol level, aiding in the diagnosis and

resolution of protocol and network issues in complex networks.

Attainment Targets:

Understand how a network works on a fundamental level and troubleshoot network

connectivity issues in complex environments

To understand remote access/terminal environments and complex network applications

To understand how to resolve issues relating to directory services by understanding the

protocols involved

Knowledge check questions are provided at the end of each chapter to revise the main points

discussed. The knowledge check questions require a written response and the suggested course of

action is as follows:

Read through the chapter thoroughly.

Fill in the knowledge check questions.

If you have answered all the questions with the correct response, proceed to the next chapter.

If you have missed a question or answered incorrectly, revise the topic and repeat the

question.

On successful completion of all questions, proceed to the next chapter.

2006 KONICA MINOLTA BUSINESS TECHNOLOGIES, INC


3/64


3

Contents

1 Advanced Network Theory

1.1 Introduction 5

1.2 Protocols (Lower layers) 5

1.2.1 The OSI Model 5

1.2.2 TCP/IP (IPv4) 6

1.2.3 TCP/IP (IPv6) 11

1.3 About TCP/IP 15

1.3.1 Well known port 15

1.3.2 Network Utilities 16

1.4 Diagnostic Tools 23

1.4.1 Packet Capturing / Protocol Analyzers 23

1.4.2 Network testing 25

1.5 Protocols (Middle/Higher layers) 28

1.5.1 SNMP 28

1.5.2 SLP 30

1.5.3 NTP / SNTP 31

1.5.4 NTLM 33

1.5.5 Kerberos 34

1.5.6 Zero Configuration Networking (Zeroconf/Bonjour/Rendezvous/APIPA for Windows) 35

1.5.7 Further Research 36

1.6 Knowledge check 37

2 Network Applications and Environments

2.1 Introduction 40

2.2 Terminal Solution 40

2.2.1 Windows Terminal Server 42

2.2.2 Citrix Server 43

2.2.3 X Window Server 43

2.3 Other Applications 45

2.3.1 IP phone system 46



4/64


4

3 Directory Services

3.1 Introduction 51

3.2 LDAP 51

3.2.1 X500/DAP 51

3.2.2 URL Style 52

3.2.3 Reading 52

3.2.4 Operations 53

3.2.5 Schema 55

3.2.6 LDAP with TLS 57

3.3 Active Directory 58

3.3.1 Overview 58

3.3.2 Active Directory vs. the systems it's based on 59

3.4 eDirectory (NDS) 60

3.4.1 Overview 60

3.4.2 Replication 60

3.4.3 Hierarchy System 60

3.5 Other Directory Services 61

3.5.1 Overview 61

3.6 DNS/Dynamic DNS 61

3.6.1 Overview 61



5/64


5

1Advanced Network Theory

1.1

Introduction

In this module you will find details about networking protocols and applications that are

commonly used for business networks. This is an advanced module. It assumes that you are

familiar with basic networking concepts.

1.2

Protocols (Lower layers)

1.2.1The OSI Model

The International Standards Organization (ISO), an organization that develops industry

standards, developed the Open Systems Interconnection (OSI) standard. The OSI provides a

performance standard to allow the flexibility to add and replace network devices independent

of vendor.

OSI is a model only, and reflects a "way of looking at things" rather than hard and fast rules.

Simpler models also exist (such as the TCP/IP model) with fewer layers, but OSI is accepted as

a standard way of understanding networks.

The OSI specifies 7 layers of protocols that communicating systems should adopt. Each layers

protocol is written so that it works together with the protocol above and directly below it.

When two different operating systems are communicating with each other, each layer

communicates with the corresponding layer in the other system.


6/64


6

1.2.2

TCP/IP (IPv4)

TCP/IP is a reliable and versatile combination of protocols that are very widely used today on

the Internet and many other corporate networks that connect to the Internet.

The name TCP/IP is derived from its two core protocols: TCP (Transmission Control Protocol)

and IP (Internet Protocol), although many other protocols make up the entire TCP/IP suite.

The original intention behind the creation of TCP/IP was to eliminate single points of failure or

control in the underlying network and to allow for multiple redundant communication paths

between any two points in the network. These characteristics combined with its open andwell publicized design have led TCP/IP to be the dominant protocols of communication

between many different types of computers.


7/64


7

It is the default transport protocol for several operating systems, including Windows 2003

Server and Windows XP, NetWare 5, UNIX and GNU/Linux.

The IP protocol most commonly in use today is version 4 with version 6 being the next andupcoming revision of the protocol. IPv6 provides multiple enhancements over version 4 and

introduces a much larger address space as well.

The TCP and IP protocols work closely with each other however they can also interoperate

with other protocols as well. IP for instance can work with other protocols such as UDP.

Respectively, TCP can work over IPX for rather than IP.

This is made possible because of the concept of encapsulation. By encapsulation we mean the

ability for data from one of the higher layers of the protocol stack to be embedded (or

encapsulated) inside the payload of lower protocols for transmission over the network. The

diagram below shows what this encapsulation looks like at a high level.

As you can see, an upper layer message is packaged into a TCP or UDP message. This then

becomes the payload of an IP datagram.


8/64


8

The IP datagram is then passed down to layer 2 where it is in turn encapsulated into a suitable

frame depending on what the underlying physical network is such as a wired LAN, WAN or

wireless network. Finally the information is then converted to bits and transmitted at the

physical layer.

If the message to be transmitted is too large for the size of the underlying network, it may first

be fragmented. This is analogous to splitting up a large delivery into multiple smaller

envelopes or boxes.

In this case, each IP datagram carries only part of the higher-layer message. The receiving

device must reassemble the message from the IP datagrams. So, a datagram doesn't always

carry a full higher-layer message; it may hold only part of one.

An IP datagram is shown below. Note that the area marked as DATAis used to encapsulate

the TCP information or the information of whatever other protocol is used on top of IP in theparticular environment.

Network MTU and fragmentation

IP hosts send datagrams up to the MTU size of the physical network. MTU stands for

Maximum Transmission Unit and it defines the maximum number of bytes that can be

transported in one packet

Routers mayhave to fragment datagrams if outbound the MTU size is smaller than the

inbound frame size

Each fragment has the format of an IP datagram

Fragments reassembled at receiving host (may be inefficient)

Higher probability of retransmission --> losing one fragment loses entire datagram


9/64


9

IP Options

Loose and strict source routing - used to route a datagram along a specific path

Record route - used to trace a route

Internet timestamp - used to record timestamps along the route

A TCP segment has the following format as shown below:

Connection defined by the pair of numbers (source IP, source port) and (dest IP, destport)

Different connections can use the same destination port on server host as long as the

source ports or source IPs are different

Sequence numbers used to place received segment data in the correct order

Initial sequence number (ISN) marks the beginning of data stream

ISN is random and negotiated when connection is established

Acknowledgement numbers tell sender that receiver expects nextsegment

TCP is a connection-oriented protocol aiming at providing guaranteed delivery of data

(through the use of retransmission). As a result it has inherent overheads compared to UDP

because of the connection establishment and tearing-down phases.

UDP is more lightweight and can start transmitting data immediately since it is connection-

less. On the other hand it has no way of providing guaranteed delivery and if packets are lost

during the transmission over the network it has no way of knowing and taking any corrective

action.


10/64


10

A UDP datagram requires far less overhead than a TCP segment and it is structured as shown

below:

Internet Control Message Protocol (ICMP) datagrams are used in IP networks as the format for

reporting IP datagram delivery problems. They are usually initiated at gateways but can also

be initiated by hosts. They are sent back to the source IP host and not gateways and there are

different types of ICMP datagrams depending on what error condition they are used to signify.

They are also encapsulated over IP datagrams as shown in the diagram below:

Because of the inherent unreliability of IP networks, a lot of ICMP datagrams are generated

and transmitted in typical network environment, therefore they were designed to be small

and really lightweight.

The structure of ICMP datagrams is as shown below:

The most commonly known ICMP datagram is called ICMP Echo Request/Reply. It is used to

test whether a network destination is reachable and responding. These packets are generatedand tracked by the packet internet groper utility, better known as ping.


11/64


11

1.2.3TCP/IP (IPv6)

IP version 6 (IPv6) is a network layer IP standard used to exchange data between devices using

a packet-switched internetwork. IPv6 is the next version of the IP protocol in use today (IPv4)and it offers a number of major improvements over its predecessor. One of these

improvements is the increase in the number of IP addresses available for devices on various

networks, including the Internet.

IPv4 supports 32 bit addresses providing about 4.3 (2 to the power of 32) billion addresses

which is proving inadequate as more and more devices exist that need to be interconnected

via IP. IPv6 supports 128 bit addresses that should last for a while longer at least.

IPv6 addresses are separated into two logical parts of 64 bits each. The first one is called

network or sub-network prefix and the second is called host part. The host part of an

address is either automatically generated based on the interfaces MAC address or it is

assigned sequentially.

IPv6 addresses are normally written as eight groups of four hexadecimal digits and they can

therefore be quite verbose to write out. In order to simplify the notation a number of simple

rules have been set as follows:

If a four digit group is 0000, the zeros may be omitted.

Any group of consecutive 0000 groups may be reduced to two colons, as long as there

is only one double colon used in an address.

Leading zeros in a group of digits can also be omitted.


12/64


12

Application of the above rules can reduce the following IPv6 address from this:

2001:0db8:0000:0000:0000:0000:1428:57a

to this:

2001:db8::1428:57a

without any loss of meaning.

The structure of IPv6 datagrams header is as follows:

Version

Internet Protocol Version number (IPv6 is 6).

Priority

Enables a source to identify the desired delivery priority of the packets. Priority values

are divided into ranges: traffic where the source provides congestion control and non-

congestion control traffic.

Flow label

Used by a source to label those products for which it requests special handling by the

IPv6 router. The flow is uniquely identified by the combination of a source address and

a non-zero flow label.

Payload length

Length of payload (in octets).

Next header

Identifies the type of header immediately following the IPv6 header.


13/64


13

Hop limit

8-bit integer that is decremented by one by each node that forwards the packet. The

packet is discarded if the Hop Limit is decremented to zero.

Source address

128-bit address of the originator of the packet.

Destination address

128-bit address of the intended recipient of the packet.

Other features of IPv6 over IPv4 include:

Stateless auto configuration of hosts based on details provided by their local router

device.

Support for multicast as part of the base protocol resulting in more bandwidth and

efficient use of the network infrastructure for some applications.

Jumbograms allowing for large packets that can improve performance over high-

throughput network links.

Faster routing via a more systematic packet header structure, although this may not be

as significant anymore since recent advances to routing technology yield similar

results for even IPv4 now.

Network-layer security through the integration of IPSec in the base IPv6 protocol.

In IPv6 the ICMP protocol has also been updated accordingly bringing it to also version 6.

In addition, the multicast control functions of the IPv4 Group Membership Protocol (IGMP) are

now incorporated with the ICMPv6.

The structure of the ICMPv6 header is as shown below:

Type

The type of the message. Messages can be error or informational messages. Error

messages can be Destination unreachable, Packet too big, Time exceed, Parameter

problem. The possible informational messages are, Echo Request, Echo Reply, Group

Membership Query, Group Membership Report, and Group Membership Reduction.


14/64


14

Code

For each type of message several different codes are defined. An example of this is the

Destination Unreachable message, where possible messages are: no route to

destination, communication with destination administratively prohibited, not a

neighbor, address unreachable, port unreachable. For further details, refer to the

standard.

Checksum

Used to check data corruption in the ICMPv6 message and parts of the IPv6 header.

One other key difference between IPv4 and IPv6 is the replacement of ARP in IPv4 with the

neighbor discovery protocol (NDP) in IPv6. For simple purposes, NDP and ARP are very similar:one node sends out a request packet (called a neighbor solicitation in NDP), and the node it

was looking for sends back a reply (neighbor advertisement) giving its link-layer address. NDP

is part of ICMPv6. With IPv4 this function is fulfilled by a completely different and stand-alone

protocol called ARP. ARP does not even run over IP and it uses broadcast packets. On the

contrary, NDP makes use of multicast packets instead.

For each unicast address it responds to, each host listens on a solicited-node multicast

address. The solicited-node multicast address for a given unicast address is constructed by

taking the last three octets of the unicast address and prepending

FF02::1:FF00:0000/104

Thus, the solicited-node multicast address of 2001:630:200:8100:02C0:4FFF:FE68:12CBis

FF02::1:FF68:12CB.

It's the solicited-node multicast address that a node uses as the destination of a neighbor

solicitation packet. This use of multicast means that most hosts don't get disturbed by

neighbor solicitations that aren't either for them or for a host with a very similar IPv6 address.

With broadcast on the other hand, every host on the network segment receives every packet

that is broadcasted.

IPv4 and IPv6 are not directly interoperable and therefore an intermediate proxy is necessary

for a client to communicate with a server when one uses IPv4 and the other IPv6. This is one of

the major reasons for the slower than expected adoption of IPv6 on the Internet.

To assist with the conversion process from IPv4 to IPv6 many operating systems, including

Microsoft WindowsTMand GNU/Linux, are now supporting dual stacks effectively allowing for

both IPv4 and IPv6 communication at the same time.

However, not all higher-level protocols are able to use IPv6 directly and therefore some

software adjustment is still necessary. The file transfer protocol (FTP) for example is bound to

the IP version that the server was built for and it cannot transparently support IPv6 clients.


15/64


15

Further to dual stack operating systems, tunneling of IPv6 packets on the Internet

encapsulated inside IPv4 packets is also another commonly used technique to ease the

transition from IPv4 to IPv6.

1.3About TCP/IP

1.3.1Well known port

TCP communication across applications on different hosts is point to point using the concept

of ports to identify each stream of data. A port is represented by a 16-bit number attached to

the transmitted message.

Servers are identified by their well-known port numbers. For example, it is highlyrecommended that TCP/IP systems providing FTP (File Transfer Protocol) services do so using

port 21. A list of well-known port numbers is provided below:

Port number Use Description

20 ftp data File Transfer Protocol (Default Data)

21 ftp File Transfer Protocol (Control)

23 telnet Telnet

25 smtp Simple Mail Transfer Protocol

53 domain Domain Name Server

67 bootps Bootstrap Protocol Server (DHCP)

68 bootpc Bootstrap Protocol Client (DHCP)

80 www World Wide Web (HTTP)

110 Pop3 Post Office Protocol 3

119 nntp Network News Transfer Protocol

Socket address

When the IP address is combined with the port number then we have what is called a socket

address. For example combining the IP address of 192.168.0.1 with the SMTP port 25 is often

written as follows: 192.168.0.1:25 with a colon separating the IP address from the port

number.


16/64


16

The combination of IP addresses and ports allows a single machine on a network to provide

different services at the same time (by using different ports for each service).

The socket pair (the client IP address and port number, plus the server IP address and portnumber) uniquely identifies each TCP connection in a network.

1.3.2Network Utilities

NETCAT (NC)

Netcat (aka. nc) is a command line utility for UNIX and UNIX-like operating systems that

provides the ability for its users to interactively send and receive data to and from any TCP

port on their local computer or on a remote system across the network.

This tool is extremely useful in troubleshooting networking-related issues that it is often

referred to as the Swiss army knife of TCP/IP. Because of this although the roots of the tool

are in the UNIX world several ports of it exist for the Microsoft WindowsTMenvironment.

The tool is command line driven and rich in configurable options as shown below:


17/64


17

To demonstrate the power of this tool, you can set an instance of it in listening mode on any

TCP port on a remote host and then from a different computer you can invoke:

nc.exe -e cmd.exe

This will spawn a command line shell on that remote host allowing you to run commands

against it as shown below:

Other popular uses of the tool include the ability to do source routing up to four hops away,

portscanning remote hosts, checking for firewalls blocking certain ports across subnetworks

and more.

Netcat is not intended as a replacement for dedicated port scanning software such as Nmap

however it is useful as a quick and easy diagnostic tool for most networking problems.

TELNET

Telnet is typically the first tool one comes across when diagnosing network connectivity

issues, particularly for TCP since Telnet only uses TCP. Netcat on the other hand can also deal

with UDP issues. Typical uses of Telnet are to connect to a mail servers port 25 for instance

and issue commands to create a new mail message so that you can validate if the mail server

allows relaying or not. To do so you would first run telnet by issuing a command such as:

telnet 25


18/64


18

Once the connection was established you could then issue the following commands as

follows:

helo

response should be as follows

250 OK

mail from:


250 OK - mail from

rcpt to:


250 OK - Recipient

data


354 Send data. End with CRLF.CRLF

To:


19/64


19

PING

Ping stands for Packet INternet Groper. A ping command sends a diagnostic packet to a

nominated network node to check network connectivity. If the node receives the packet, it

responds, confirming that the link is operational. If the node does not respond, the user is

alerted to a link failure.

Ping uses the Internet Control Message Protocol (ICMP) to send the request and return the

response or the fact that the message was indeed undeliverable.

A network administrator will ping a node in order to try and isolate a problem on the

network, or to measure performance.

The examples on the next page show the ping command and the network response.

Ping indicating failed connectivity.


20/64


20

Ping indicating successful connectivity.

ARP (RARP)

The command arp is used to display and modify the IP-to-Physical address translation tables

used by Address Resolution Protocol (ARP). This command allows to set a static link between a

given IP address and a Physical address and to display the contents of the computers ARP

tables.

RARP stands for Reverse Address Resolution Protocol and given a physical address, the

computer is able to find out the IP address of another computer on the same LAN segment.

Below is the output produced from running arp a used to query the arp tables for the

current machine:

C:\Documents and Settings\user>arp a

Interface: 10.10.11.156 --- 0x10003

Internet Address Physical Address Type

10.10.11.1 00-40-63-df-f0-9e dynamic

As you can see, the IP address 10.10.11.1 is mapped to the physical address dynamically which

implies that the physical address was discovered via the use of ARP as opposed to being

statically set.

ARP is a non-routable, broadcast protocol. Therefore it cannot cross routers by default. Special

configuration on some routers may allow it to do so but this is generally a bad network

management practice and hardly ever done in actual networks. The purpose of having the

ARP table distributed across each client machine so that each one maintain their own is done

to minimize the amount of broadcasting necessary in order for machines to be identified on

the network each time communication is required to take place.


21/64


21

TRACERT

The tracert command is sort for trace route. It picks up from where ping stops, in that it is

able to show the individual network nodes a packet goes through to reach its destination. If at

any point connectivity is lost using tracert it is possible to see up to what node(s) the

communication was successful.

This is what a typical few lines of output from tracert look like:

6 27 ms 24 ms 21 ms 61.88.221.135

7 28 ms 30 ms 25 ms ConnectCom.un2.optus.net.au [61.88.171.206]

8 19 ms 36 ms 30 ms so-3-1-0.cre1.syd.connect.com.au [202.10.4.91]

9


22/64


22

We only touched upon another whole class of diagnostic utilities for the network when we

were discussing netcat. We then made reference to its capabilities as a rudimentary port

scanner. Port scanners form an entire class of diagnostic utilities on their own and within that

class you can find many excellent commercial and open source pieces of software.

A port scanner takes one or more IP addresses and looks for open TCP or UDP ports that areavailable on each IP address. They employ very sophisticated technology to also be able to

perform operating system detection given the characteristics and behaviors of the target

operating system to the TCP port probing.

Finally, a lot of these port scanners are able to perform what are known as stealth scans that

can mostly go undetected by the target host so its administrators are not alarmed and take

additional security measures. Port scanning is equally valuable for administrators in taking an

automated audit of what services run on their network and on their end-user desktop and

laptop systems.

One of the most commonly known and feature rich port scanner is Nmap which is also freely

available software that can be used by anyone free of charge. Also note that using a port

scanner on a network other than one you own is considered not only bad etiquette, it can also

be a punishable act even lead to prosecution depending on the type and owner of the

network and their policies. In short, never user a port scanner without having obtained the

explicit consent of the owner of the network and host(s) you are going to be targeting.


23/64


23

1.4Diagnostic Tools

1.4.1Packet Capturing / Protocol Analyzers

Packet capturing and protocol analysis are widely used techniques for identifying network

and application related issues. One of the most common tools for performing these activities

is Wireshark.

Wireshark is an open source project aimed at developing a feature-full, easy to use and free

network packet capture and analysis tool. Wireshark used to be called Ethereal and recently

the project changed names for legal reasons.

Network packet capture and analysis tools can prove extremely useful as diagnostic tools

because they allow their users to gain visibility into the working of their network. The tool

uses one of the network interfaces on the machine it is running on to collect network data and

subsequently analyze it and present it to the user in an easy to read format.

In an Ethernet LAN for instance all data is transmitted in frames, Wireshark is able to capture

those and assemble them to packets and from there identify the protocols that make up this

traffic, separate it by protocol and color code it. Wireshark has extensive support for a very

large number of protocols that it can understand and analyze.

The user is able to drill down and inspect the various pieces of data that were captured.

Because Wireshark captures all network data that goes to the host it is running (and in some

configuration all data transmitted on the switch or the entire network) you can use it to

troubleshoot IP, TCP, UDP or even HTTP related issues regardless of what layer each of theseprotocols operate in.


24/64


24

Operating Wireshark requires three main steps, namely: Start a capture (of data flowing on the

network), filter the results of the capture (to reduce the amount of information presented and

increase relevance) and finally analyze the information to troubleshoot the issue at hand.

Many other network packet capture and analysis tools exist in both open source and

commercial running on a variety of operating systems from Microsoft WindowsTMto Linux,

MacOS X, Sun Solaris and others. Some are console-based without a GUI whereas others

contain a GUI.

One such alternative tool is EtherPeek which performs traffic monitoring and packet capture.It can decode over 1,000 protocols and subprotocols, but as the name implies, EtherPeek's

support is limited to Ethernet networks.

Unlike Wireshark, EtherPeek is a commercial product. It offers a very user-friendly interface

with support for triggers, alarms, and filters. Triggers, which are used to start and stop packet

capturing, can be set off by a time event or by network traffic.

Alarms warn you of abnormalities in LAN activity, such as bottlenecks, when traffic deviates

from a specified limit. Filters work similarly to those in Wireshark and allow the user to capture

only the traffic that is of interest to them and reject other noise traffic on the network.


25/64


25

Two types of fi lters are supported in EtherPeek, simple and advanced. Simple filters consist of

just the traffic source and destination specified by MAC or the network-layer address,

protocols that rest on the network layer (and up), or port numbers.

Advanced options allow you to build more complex filters through logic statements and

filtering options. Information like downloaded HTTP or FTP files can be displayed, as well as

detailed information like TCP window sizes.

1.4.2Network testing

A wide range of network testing tools exists each with their own relative strengths andweaknesses. Fairly simple tools such as EtherPeek with its packet injection system allow users

to craft network packets and inject them in the network. On the other hand large and feature

full packages exist such as SolarWinds providing a complete environment for network testing,

benchmarking, discovery and monitoring.

Also in this category you can find very simple tools that have stood the test of time and can be

indispensable even though they were not originally designed for network testing per se. One

good example of such a tool is telnet that was originally designed to allow remote access to

systems over the network. Because it is easy to use and present in so many systems by default

it is also widely used as a diagnostic tool to see if a daemon or service is listening on a remotesystem across the network.


26/64


26

For example, if we wanted to check that a SMTP (mail) server is indeed up and running on a

remote machine we could issue the following command on a windows or UNIX prompt:

telnet mail.example.com 25

The above command establishes a TCP connection with the server mail.example.com (as

resolved by the DNS) on port 25. Port 25 is arbitrary however we use it here because we wish

to test the SMTP services provided by that server and by convention port 25 is the one used

for SMTP.

If the machine is up and the SMTP server is running we should get a connection established.

Otherwise after a little while we will receive a time-out message.

Once we get connection to the port we can then issue commands manually to check that

responses are received and they are correct. Building on our previous example, we couldrequest that the mail server allows us to send an email message by feeding it manually with

the commands a browser would have passed as well. This could be done as follows (server

responses are shown in italicfor readability):

helo


250 OK

mail from:


250 OK - mail from

rcpt to:


250 OK - Recipient

data


354 Send data. End with CRLF.CRLF


27/64


27

To:


28/64


28

1.5Protocols (Middle/Higher layers)

IPSec is short for Internet Protocol Security. It is a standard in network communicationsecurity and provides encryption at a lower layer (Network Layer - Layer 3 of the OSI Model)

than normal encrypted communication methods. This effectively means that all network

communication (even insecure protocols such as FTP) gain advanced encryption.

IPSec is optional on normal IPv4 networks. However, on IPv6 networks it is required. IPSec has

two different modes of security. These are "Transport" and "Tunnel" modes.

In Transport Mode, only the data within the packet is encrypted. All other parts of the packet,

such as destination header information and so on are left unaltered. This means that most

network routing methods will work as expected, however in cases where NAT is used,

Transport mode cannot be used due to the hash value (essentially a checksum) no longer

matching the destination.

In Tunnel Mode, the entire packet is encrypted. This would normally mean that the packet

can never be routed and this mode couldn't be used on any normal networks at all. However

in Tunnel Model, IPSec will encapsulate (wrap) the encrypted packet inside another

unencrypted packet. Because of this, it can be routed exactly like any other network traffic.

In general, Tunnel Mode is not used between hosts in the same network. This is because, as

explained, Tunnel Mode adds another unencrypted IP header to the encrypted packet and as

a result, there is a significant increase in network traffic.

1.5.1SNMP

SNMP stands for Simple Network ManagementProtocol and it is used to keep track of vital

information of various networking devices and servers such as routers, switches and server

systems. It consists of a set of standards for network management, including an Application

Layer protocol, a database schema, and a set of data objects.

It works in a client-server mode allowing the management client to query servers for statistics

of their different components. Also, servers can push information to the management console

as needed by raising what is known as a trap.

SNMP is currently in its third version however there are still devices in use that only support

version 1 of the protocol and therefore one may see a mixed version of the protocol in active

use in most large scale networks with older legacy equipment.

SNMP version 1 (SNMPv1) is the initial implementation of the SNMP protocol. SNMPv1

operates over protocols such as User Datagram Protocol (UDP), Internet Protocol (IP),

AppleTalk Datagram-Delivery Protocol (DDP), and Novell Internet Packet Exchange (IPX).

SNMPv1 is widely used and is the de facto network-management protocol in the Internet

community. Version 1 suffers from poor security. Authentication of clients is performed onlyby a "community string", in effect a type of password, which is transmitted in clear text.


29/64


29

There are several editions of SNMP v2 due to disagreements in security. SNMP version 2

offered improvements in the areas of performance, security, confidentiality, and manager-to-

manager communications over SNMP v1.

Unfortunately, it was not widely adopted because of serious disagreements over the security

framework in the standard. Eventually version 2c was released that was essentially v2 without

the controversial security framework. Instead it used a similar community-string based

mechanism for authentication.

Security issues aside, SNMP version 2 was rather complex compared to v1 and therefore, as a

compromise and to assist in its adoption SNMP v2u was released. It offers greater security

than SNMP v1 but without incurring the high degree of complexity that other version 2

editions of the protocol have had in the past. This edition is what is commercially known as

SNMP v2.

As of 2004, SNMP v3 is recognized as the current standard and all previous versions are

marked as obsolete or historical. In practice however one can find a mixture of versions

used including mostly v1, v3 and to some extend v2c, although v2 is incompatible with v1

which tends to further complicates interoperability in large scale networks.

SNMP tracks usage parameters of the various components in networking and server devices

by assigning them to unique identifiers called Object Identifiers (IODs). OIDs are used within

the management information base (MIB) that SNMP uses to track the different performance

counters within components of the various equipment.

A management information base (MIB) stems from the OSI/ISO Network management model

and is a type of database used to manage the devices in a communications network. It

comprises a collection of objects in a (virtual) database used to manage entities (such as

routers, switches and servers) in a network. It is hierarchical (tree structured) and entries are

addressed through OIDs. MIBs are periodically updated to add new functionality, remove

ambiguities and to fix defects.

A trap in the context of SNMP according to Cisco Systems is A notification event issued by a

managed device to the network management station when a significant event (not

necessarily an outage, a fault, or a security violation) occurs. Traps are raised by the device

that is being monitored and get caught by the monitoring station where the management

console is attached to.

This is how traps then become known to the operators of the network who can then decide to

take some action based on the traps received or otherwise.

Common uses of SNMP include

Monitoring device uptime

Collect hard disk drive usage statistics from servers

Inventory of OS versions


30/64


30

Collect interface information

Measuring network interface throughput

Querying a remote ARP cache

Konica Minolta devices have a fairly comprehensive MIB for SNMP. The basic Printer MIB (both

printmib and hostmib) are supported as well as Konica Minolta's own proprietary MIB.

Because of this, SNMP enterprise management systems are able to access all of the expected

functions of a printer, and where Konica Minolta supply a plugin to the EMS, information

specific to Konica Minolta devices.

The most common uses of SNMP with Konica Minolta (and other) print devices is the status

information reported to an operating system's print system. This allows, for example,Microsoft Windows to display "Out of Paper" along with the printer object when the device is

out of paper.

Konica Minolta's PageScope Net Care application also makes extensive use of SNMP both for

reading current status and settings as well as writing new settings to a device.

1.5.2SLP

The Service Location Protocol (SLP) was originally an Internet Engineering Task Force (IETF)

standards track protocol that provides a framework to allow networking applications to

discover the existence, location, and configuration of networked services in enterprise

networks.

Traditionally, in order to locate services on the network, users of network applications have

been required to supply the host name or network address of the machine that provides a

desired service. Ensuring that users and applications are supplied with the correct information

has, in many cases, become an administrative nightmare.

Protocols that support service location are often taken for granted; mostly because they are

already included in many network operating systems. For example, without Microsoft's SMBservice location facilities, "Network Neighborhood" could not discover services available for

use on the network and Novell NetWare would be unable to locate eDirectory trees.

Nevertheless, an IETF sponsored protocol for service location was not standardized until the

advent of SLP. Because it is not tied to a proprietary technology, SLP provides a service

location solution that could become extremely important (especially on UNIX) platforms. SLP

can eliminate the need for users to know the names of network hosts.

With SLP, the user only needs to know the description of the service he is interested in. Based

on this description, SLP is then able to return the URL of the desired service.


31/64


31

SLP makes use of software components called agents that are used to process protocol

messages accordingly. There are three types of agents, namely, user agents, service and

directory agents.

The SLP User Agent is a software component that is looking for the location of one or more

services. Usually implemented (at least partially), as a library to which client applications link,

it provides client applications with a simple interface for accessing SLP registered service

information.

The SLP Service Agent is a software component that advertises the location of one or more

services. SLP advertisement is designed to be both scalable and effective, minimizing the use

of network bandwidth through the use of targeted multi-cast messages, and uni-cast

responses to queries.

The SLP Directory Agent is a software component that acts as a centralized repository forservice location information. Both Service Agents and User Agents make it a priority to

discover available Directory Agents, as using a Directory Agent minimizes the amount of

multi-cast messages sent by the protocol on the network.

1.5.3NTP / SNTP

NTP stands for Network Time Protocol and it is used to provide consistent date and time

information across an entire network of machines. It employs a client/server architecture with

one or more (typically many more than two) time servers that are responsible for answering

client queries for time synchronization. On the other hand, clients are responsible for

periodically requesting time information from the time servers and then use this information

to adjust the clock of the host machine they are running on.

The protocol scales very well by working off a tree-like structure for servers and clients

providing and consuming time-related information. A number called a Stratum number

identifies the level of the server in the NTP tree hierarchy.

Stratum 1 is the top level of the tree where servers have access to time sources of high

accuracy directly. They provide synchronization to secondary servers operating at Stratum 2and so on to higher strata. In this hierarchy, clients are simply servers that have no

dependents.


32/64


32

TP Servers/Pools

Stratum 1 time servers are also computers and their internal clocks are just as inaccurate as

the ones of the clients they are trying to serve, therefore for keeping correct track of time an

external clock is used. This is typically an atomic clock that is of very high accuracy.

To ease configuration of NTP systems, the concept of NTP Server pools has been developed

(www.pool.ntp.org). This is comprised of a large number of NTP servers available via round-

robin DNS behind generic DNS names such as pool.ntp.org.

There are also a number of regional DNS entries that are better suited to ensure that the

server you end up using is geographically closer to the client or NTP sever that is requesting

information from it.
http://www.pool.ntp.org/http://www.pool.ntp.org/http://www.pool.ntp.org/


33/64


33

NTP support is built into most modern operating systems including Microsoft WindowsTM2000

and Windows XP, MacOS X, Gnu/Linux distributions and Sun Solaris 10 to name a few.

Microsoft and Apple do not use the freely available NTP server pools directly (via the DNS load

balanced entries) they instead define their own set of DNS entries with (presumably a numberof) NTP servers behind it.

NTP/SNTP is primarily considered a convenience function, however can also be used to avoid

issues that arise from an incorrectly set clock. Konica Minolta devices that have it enabled will

not require manually setting the time and the user can be sure that it is accurate. This is

considered important in environments where the print log is monitored and must be

accurate.

Additionally, some functions such as Active Directory Authentication require that the clock on

the client (the Konica Minolta device in this case) is set to the same time (within a certain

tolerance) of the Active Directory server or the authentication attempt will fail. By using NTP,

the Konica Minolta device can synchronize itself with the Active Directory server, ensuring

that the authentication will always succeed.

NTP sets the date and time by exchanging timestamps from higher-level Stratum servers to

lower level ones. The 64-bit timestamps used by NTP consist of a 32-bit seconds part and a 32-

bit fractional second part with an epoch of January 1, 1900, giving NTP a time scale of 232

seconds (136 years) and a theoretical resolution of 2-32 seconds (0.233 nanoseconds).

Although the NTP timescale wraps around every 232 seconds, implementations should

disambiguate NTP time using prior knowledge of the approximate time from other sources.Since this only requires time accurate to a few decades, this is unlikely to ever be a problem in

general use. Even so, future versions of NTP will extend the time representation to 128 bits: 64

bits for the second and 64 bits for the fractional-second.

SNTP stands for Simple Network Time Protocol and it is a simpler form of NTP that does not

require storing information about previous communications. It is mainly used in some

embedded devices and in applications where high accuracy timing is not required.

1.5.4

NTLM

NTLM is a Microsoft authentication protocol used with the SMB protocol. It is the successor of

LANMAN, an older Microsoft authentication protocol, and attempted to be backwards

compatible with LANMAN. The NTLM initials stand for NT LanMan (i.e. LanMan for Windows

NT). NTLM was followed by version two NTLMv2, at which time the original was renamed

NTLMv1.

There seems to be no official documentation of the protocol, however it has been reverse

engineered by the SAMBA team and their documentation is quite current and thorough. We

will only discuss the latest NTLMv2 protocol here and use the term NTLM to refer to it.


34/64


34

NTLM is a challenge response authentication protocol that is cryptographically stronger than

NTLMv1. The challenge-response mechanism of the protocols involves the exchange of three

messages between the client (wishing to authenticate) and the server (requesting

authentication) as follows:

1.

The client first sends a Type 1 message containing a set of flags of features supported

or requested (such as encryption key sizes, request for mutual authentication, etc.) to

the server.

2.

The server responds with a Type 2 message containing a similar set of flags supported

or required by the server (thus enabling an agreement on the authentication

parameters between the server and the client) and, more importantly, a random

challenge (8 bytes long).

3.

Finally, the client uses the challenge obtained from the Type 2 message and the user'scredentials to calculate the response. The calculation differs based on the NTLM

authentication parameters negotiated previously, but in general they apply MD4/MD5

hashing algorithms and DES encryption to compute the response. The client then

sends the response to the server in a Type 3 message.

1.5.5Kerberos

Kerberos is a computer network authentication protocol, which allows individuals

communicating over an insecure network to prove their identity to one another in a secure

manner.

The name also refers to a suite of free software published by Massachusetts Institute of

Technology (MIT) that implements this protocol. Kerberos prevents eavesdropping or replay

attacks, and ensures the integrity of the data. Be design it adopts a client-server model, and

provides mutual authentication where both the user and the server verify each other's

identity. Kerberos builds on symmetric key cryptography and requires a trusted third party.

Kerberos makes use of a trusted third party, termed a Key Distribution Center (KDC), which

consists of two logically separate parts: an Authentication Server (AS) and a Ticket GrantingServer (TGS). Kerberos works on the basis of "tickets" which serve to prove the identity of

users.

Kerberos maintains a database of secret keys; each entity on the network - whether a client or

a server - shares a secret key known only to itself and to Kerberos. Knowledge of this key

serves to prove an entity's identity. For communication between two entities, Kerberos

generates a session key that they can use to secure their interactions.

A client, once granted with a relevant ticket, presents it to the host that offers a service the

client would like to use and there the ticket is validated. If valid, the client is allowed to access

the service.


35/64


35

Kerberos is routinely transported using UDP protocol, but when the user datagram exceeds

approximately 2,000 KB, the OS will switch to TCP to ensure data integrity.

1.5.6Zero Configuration Networking

(Zeroconf/Bonjour/Rendezvous/APIPA for Windows)

Zeroconf or Zero Configuration Networking is a set of techniques that automatically create a

usable IP network without configuration or special servers. This allows unknowledgeable

users to connect computers, networked printers, and other items together and expect them

to work automatically.

Without Zeroconf or something similar, a knowledgeable user must either set up special

servers, like DHCP and DNS, or set up each computer's network settings by hand, which is atedious task, and can be challenging for non-technical people.

The basis for Zero Configuration is clever use of the DNS space. Computers with services

enabled typically register a name with their local DNS server so other computers can query

the DNS and find those available services. Implementation of this key idea varies quite a bit

between different vendors and the open source implementations available.

Apple for instance offers the DNS Service Discovery (DNS-SD) solution built on top of the

tested and robust Domain Name System. It uses DNS SRV, TXT, and PTR records to advertise

Service Instance Names. The hosts offering the different services publish details of available

services like instance, service type, domain name and optional configuration parameters.

Service types are given informally on a first-come basis.

A service type registry is maintained and published by DNS-SD.org. DNS-SD is used in Apple

products, many network printers and a considerable number of third party products and

applications on various operating systems. It is considered simpler and easier to implement

than Microsoft's competing technology, SSDP, because it uses DNS rather than HTTP.

Microsoft on the other hand offers a similar concept but incompatible in implementation

method for automatic service discovery based on Simple Service Discovery Protocol (SSDP).

This is a UPnP protocol, used in Windows XP and several brands of network equipment.Despite its name, it is considered complex and requires more effort to implement than DNS-

SD. SSDP uses HTTP notification announcements that give a service-type URI and a Unique

Service Name (USN).

Service types are regulated by the Universal Plug and Play Steering Committee. SSDP is

supported in many firewall appliances used in small offices and home offices (SOHO), where

host computers behind it may pierce holes for applications. It is also used in media center

systems, where media exchange between host computers and the media center are facilitated

using SSDP.

Even though there is support in many third party devices and operating systems for either of

the two protocols for automatic service discovery, none is a ratified standard. The Service


36/64


36

Location Protocol (SLP) on the other hand, is the only protocol for service discovery to have

reached the IETF RFC status. Novell, Sun Microsystems, Apple and other vendors mostly in the

networking hardware space support SLR.

1.5.7Further Research

This section has provided an overview of various middle and high level networking protocols

commonly encountered in modern LANs. There is a wealth of information available for all of

these protocols that cannot be covered in this module, however most of this information is

easily accessible online. The two major sources of information are RFCs and online discussion

forums.

RFCs stand for Request For Comments and are documents maintained by the InternetEngineering Task Force (IETF). These documents are on their one proposals encompassing

findings of new research, innovations, and methodologies applicable to Internet technologies.

Although they are not standards per-se, IETF regularly adopts some of the proposals

published in RFCs as Internet standards.

Upon receipt of the content from its authors, the RFC Editor issues each RFC document with a

unique serial number. Once issued a numerical identifier and published, an RFC is never

rescinded or modified; if the document requires amendments, the authors publish a revised

document; therefore, some RFCs make others obsolete. Together, the serialized RFCs compose

a continuous historical record of the evolution of Internet standards.

RFCs offer a very good source of highly technical, in-depth information and are not plagued

by ambiguity or mis-features that are common in formal standards such as those published by

the International Standards Organization (ISO) for instance as a result of multiple committee

meetings.

The official source for RFCs on the World Wide Web is the RFC Editor (www.rfc-

editor.org/rfc.html). However, in reality you can freely download RFCs from a number of

mirror sites around the world.

The other valuable source of information related to network protocols are online discussionforums and newsgroups such as those found at www.go6.net/

for IPv6.
http://www.rfc-editor.org/rfc.htmlhttp://www.rfc-editor.org/rfc.htmlhttp://www.rfc-editor.org/rfc.htmlhttp://www.go6.net/http://www.go6.net/http://www.rfc-editor.org/rfc.htmlhttp://www.rfc-editor.org/rfc.html


37/64


37

1.6Knowledge check

1. How many layers does the OSI model define? What are the top and bottom layers?

2. Explain the origin of the name of TCP/IP.


38/64


38

3. What is netcat?

4. What is arp?


39/64


39

5. What is Wireshark and what was its previous name?

6. What is SNMP?


40/64


40

2Network Applications and Environments

2.1

Introduction

This section covers details of the most dominant and widely used Terminal Solutions as well as

details about the various directory systems available. These include Microsofts Active

Directory and Novells eDirectory. The section also provides details about the underlying

protocol these directory systems use called LDAP.

2.2

Terminal Solution

Terminal based solutions allow end-users to access powerful backend applications, file

storage, printing and other services through a very simple, low powered client device. This

centralization of computing resources can offer simpler management of the infrastructure,

economies of scale when upgrading and faster resolution of problems.

The terminal based computing model was very dominant in the early days of computing

adoption where powerful mainframe systems would be centrally hosted and managed

allowing a number of users to interact with them via simple terminal devices.

The evolution of the personal computer brought a shift in that paradigm for most business

uses of computers. Data and processing, as well as interfaces to devices, were all moved to the

client PC.

In recent times, however, we are seeing a shift towards centralization again that is now

available not only for UNIX or mainframe based applications but also for Microsoft WindowsTM

based users and line of business applications.


41/64


41

Unlike the days of the mainframe era, with newer terminal solutions resources need not only

be available on the remote/terminal server. Instead, a variety of clients can be used to access

the terminal solution. These can include thin client computer terminals that are only there to

provide a user interface to the terminal server and applications served therein.

They can also include full blown desktop computers that may still have their own processing

and storage capabilities in addition to providing access to applications, processing or storage

at the terminal server.


42/64


42

2.2.1Windows Terminal Server

Microsoft offers a solution for terminal server access for a number of years now. The Microsoft

Terminal Services solution has changed names over time but remains similar in essence. It

used to be called Terminal Server when it was offered as an add-on to Windows NT, later

renamed to Terminal Services when it was bundled with Windows 2000 Server and it even

exists on Windows XP and Microsoft WindowsTM2003 Server as Remote Desktop Services. Via

Microsoft Terminal Services end-users can access a remote server and run any number of

applications from it over the network with the impression that they are directly accessing that

server.

The degree of use organizations get out of Terminal Services varies from using it just to allow

access to one or two applications that are otherwise difficult to install and manage on each

client workstation, all the way to having users run their entire desktop, all applications,

printing and data via terminal services access.

The latest re-incarnation of the Microsoft Terminal Services solution is called Microsoft

Remote Desktop Services and like its predecessors is based on the Remote Desktop Protocol

(RDP). RDP is a multi-channel protocol that allows a user to connect to a computer running

Microsoft Terminal Services. Clients exist for most versions of Windows, and other operating

systems such as Linux, FreeBSD, and Mac OS X.

The server listens by default on TCP port 3389. RDP is derived from the T.128 protocol and in

Windows XP Professional version 5.1 has been implemented. Windows 2003 Serverimplements version 5.2 and version 6.0 has been introduced with Windows Vista. Version 6.0

includes a lot of new features including support to remotely access a single application

instead of the entire desktop, and support for 32bit color.

Microsofts Terminal Services offering grew out of its relationship with Citrix, a company

specializing in the provision of thin client middleware technology. The Microsoft Remote

Desktop Protocol was built using technology licensed by Citrix in 1997. Since then the two

products, by Microsoft and Citrix respectively have been growing independently and they are

now both stable and robust offering a host of advanced features.

Historically however the Citrix product has always been technologically ahead whereas theMicrosoft one is offered from Windows NT onwards, first as an add-on and later bundled for

free into the core operating system, starting with the Windows 2000 family of products.

Microsoft has a longstanding agreement with Citrix to facilitate sharing of technologies and

patent licensing between Microsoft Terminal Services and Citrix Presentation Server. In this

arrangement, Citrix has access to key source code for the Windows platform enabling their

developers to improve the security and performance of the Terminal Services platform. In late

December, 2004 the two companies announced a five-year renewal of this arrangement to

cover the upcoming release of Windows Vista.


43/64


43

2.2.2Citrix Server

Citrix offers its own terminal service middleware called Citrix Presentation Server (formerly

Citrix MetaFrame and before that called WinFrame). It is a remote access/applicationpublishing product built on the Independent Computing Architecture (ICA), Citrix Systems'

thin client protocol.

The Presentation Server product resides on a Microsoft WindowsTM machine, which can be

either standalone or part of a larger cluster of Citrix servers. Presentation Server also supports

three UNIX variants: HP-UX, Solaris, and AIX.

There is a web-based Citrix client, freely available under the name Web Interface for

Presentation Server. The Web Interface may be used as a secure ICA proxy over HTTPS when

combined with Citrix Secure Gateway, both of which are included in the base Presentation

Server product.

Citrix MetaFrame runs over Port 1494 or since Citrix MetaFrame Presentation Server 3.0 port

2598. There is a Citrix client that must be used to connect to the Citrix Presentation Server and

this is different from the Microsoft RDP client (rdesktop) that is built into Windows NT, 2000

and XP operating systems.

Citrix has traditionally also offered better support for printing, multimedia and peripheral

devices when accessing applications over the network on other servers.

2.2.3X Window Server

The X Window System (commonly X11 or X) is a networking and display protocol which

provides windowing on bitmap displays. It provides the standard toolkit and protocol to build

graphical user interfaces (GUIs) on UNIX, UNIX-like operating systems, and OpenVMS, and is

supported by almost all other modern operating systems.

X provides the basic framework, or primitives, for building GUI environments: drawing and

moving windows on the screen and interacting with a mouse and/or keyboard. X does not

mandate the user interface individual client programs handle this. As such, the visual styling

of X-based environments varies greatly; different programs may present radically different

interfaces.

X features network transparency: the machine where application programs (the client

applications) run can differ from the user's local machine (the display server). X's usage of the

terms "client" and "server" reverses what people often expect, in that "server" refers to the

user's local display ("display server") rather than to a remote machine.

X originated at MIT in 1984. The current protocol version, X11, appeared in September 1987.

The X.Org Foundation leads the X project, with the current reference implementation, version

11 release 7.1


44/64


44

X uses a client-server model: an X server communicates with various client programs. In X the

user's terminal is the "server" and the remote applications as the "clients". This term reversal

from common convention is because X takes the perspective of the program, rather than that

of the end-user or of the hardware. Therefore the local X display provides display services toprograms, so it acts as a server and any remote program uses these services, thus it acts as a

client.

The X server takes input from a keyboard and mouse and displays to a screen. A web browser

and a terminal emulator run on the user's workstation, and a system updater runs on a remote

server but is controlled from the user's machine. Note that the remote application runs just as

it would locally.

The communication protocol between server and client operates network-transparently. The

client and server may run on the same machine or on different ones, possibly with different

architectures and operating systems, but they run the same in either case. A client and server

can even communicate securely over the Internet by tunneling the connection over an

encrypted network session.

The design philosophy behind X is worth mentioning as it is based on simplicity and keeping

the number of features to a minimum. This is in line with the wider UNIX philosophy of havinga number of simple, discreet components working with one another to offer powerful


45/64


45

capabilities. In X11 the first design principle is "Do not add new functionality unless you know

of some real application that will require it".

Applications running on UNIX hosts can also be used through MacOS X and Windows clientcomputers using X. Windows does not offer native support for X however a number of

commercial and free implementations of X servers are available. Free implementations

include: Cygwin/X, Xming, WeirdMind and WeirdX. On the other hand, commercial

implementations include: Reflection X, Xmanager, X-Deep/32, WiredX, Exceed and X-Win32.

Apples MacOS X comes with a free X server that can be used to run applications off remote X

client machines.

2.3

Other Applications

Web Services for Devices, known commonly as WSD, is a new function in Microsoft Windows

Vista that allows automatic discovery and configuration of devices. It is a competing system

to Bonjour from Apple, which evolved from and contributes back to the open "ZeroConf"

networking standard.

WSD allows Windows Vista to automatically discover a device on the network (including its

current configuration), install it and make it available to users. WSD is, as the name suggests, a

web based system, making extensive use of SOAP/XML as with other web based network

services.

Konica Minolta only supports WSD on the newest range of Emperon2 based MFPs such as the

bizhub C550.

WebDAV stands for "Web Distributed Authoring and Versioning" and is an extension of the

HTTP Web protocol that allows for collaborative file management on web systems. It is most

commonly seen by end users as the "Web Folders" feature of Microsoft Windows operating

systems since Windows 98 and has been further integrated in Windows Vista. In essence,

most client implementations simply allow you to treat a web-based location as if it was a local

folder, allowing the user to treat the remote location as if it were a part of their local file

system.

The WebDAV protocol may be introduced in the future in some of the devices that support

the next version of the Konica Minolta network architecture.


46/64


46

2.3.1IP phone system

IP Telephony is also called voice over Internet Protocol (VoIP), Internet telephony, Broadband

telephony, Broadband Phone and Voice over Broadband and it refers to the routing of voice

conversations over the Internet or through any other IP-based network.

This allows voice applications to be quickly and easily deployed in small and large scale for

domestic and commercial uses. Particularly for medium to large organizations, IP telephony

provides the ability to interconnect several branch offices together and also bridge them with

the external, public telephone network. The diagram below shows how such interconnection

can take place.

There are several other IP telephony applications by Microsoft and other vendors that instead

of requiring PSTN gateways or hardware phone devices they instead allow computer users

talk with each other by using special client software programs. Such programs are freely

available and include Microsofts NetMeeting and currently the revised MSN Messenger,

Skype, Gizmo and others.

These applications are mostly popular with hobbyists and non-corporate users since they are

quick an easy to setup. On the other hand corporations require increased security, control andmanagement of their VoIP infrastructure and therefore deploy PBX systems that in turn use

Session Initiation Protocol (SIP), AIX and other relevant protocols for communication.


47/64


47

The Session Initiation Protocol (SIP) is an application-layer control (signaling) protocol for

creating, modifying, and terminating sessions with one or more participants. These sessions

include Internet telephone calls, multimedia distribution, and multimedia conferences. SIP is a

lightweight, transport-independent, text-based protocol.

SIP has the following features:

Lightweight, in that SIP has only six methods, reducing complexity

Transport-independent, because SIP can be used with UDP, TCP, ATM & so on.

Text-based, allowing for low overhead

SIP works in concert with several other protocols and is only involved in the signaling portion

of a communication session. SIP acts as a carrier for the Session Description Protocol (SDP),which describes the media content of the session, e.g. what IP ports to use, the codec being

used etc.

In typical use, SIP "sessions" are simply packet streams of the Real-time Transport Protocol

(RTP). RTP is the carrier for the actual voice or video content itself.

SIP is used with Konica Minolta devices for SIP Fax. SIP Fax is a VoIP system that carries a fax

instead of normal voice. In traditional systems, the tolerance of faxes to noisy lines, variances

in volume and so on can be a serious problem, and this has always been a hurdle when

translating faxes to a digital signal. SIP fax gets around these issues by sending the fax in a

purely digital format instead of attempting to encode an analogue fax stream in to a digitalsignal.

If the fax is to pass through a PBX/Router to the PSTN, the PBX/Router will simply act as the

sending analogue fax based on the digital data, again avoiding the direct conversion issues

with digital to analogue conversion of fax signal.


48/64


48

2.4Knowledge check

1. What benefits do Terminal Solutions offer?

2. When talking about the X Windows System, what do we mean by it offering network

transparency?


49/64


49

4. What is the SIP protocol used for?

3. Explain what we mean by IP Telephony or VoIP.


50/64


50

5. What is the RTP protocol used for?


51/64


51

3Directory Services

3.1

Introduction

In the context of computers and networks, a directory system is typically a set of software

applications running across a network and whose main purpose is to hold information about

various entities such as people, computers, printers etc and present relevant parts of the

stored information to clients that query the system.

A directory system employs a directory protocol in order to offer better formalization and

interoperability between client querying the directory server and servers querying each other

or keeping each other in sync.

3.2

LDAP

3.2.1X500/DAP

In the 1980s the International Standards Organization (ISO) and the International

Telecommunication Union (ITU) came up with the X.500 series of standards. This is a series of

computer networking standards covering electronic directory services.

The directory services were developed in order to support the requirements of X.400

electronic mail exchange and name lookup. ISO was a partner in developing the standards,

incorporating them into the Open Systems Interconnection suite of protocols. ISO/IEC 9594 is

the corresponding ISO identification.

The protocols defined by X.500 include:

DAP (Directory Access Protocol)

DSP (Directory System Protocol)

DISP (Directory Information Shadowing Protocol)

DOP (Directory Operational Bindings Management Protocol)

X.509 was originally developed to fulfill the needs of the X500 directory protocols but has

since survived on its own as well. It is the standard for public key infrastructure (PKI) and

specifies, amongst other things, standard formats for public key certificates and a certification

path validation algorithm. It assumes a strict hierarchical system of certificate authorities (CAs)

for issuing the certificates.

Because the X500 series of protocols used the OSI networking stack, a number of alternatives

to DAP were developed to allow Internet clients access to the X.500 Directory using the TCP/IP

networking stack. The most well-known alternative to DAP is Lightweight Directory Access


52/64


52

Protocol (LDAP). While DAP and X.500 protocols can now use the TCP/IP networking stack,

LDAP remains a popular directory access protocol.

The latest version of LDAP is version 3.

3.2.2URL Style

An LDAP URL format exists which clients support in varying degree, and which servers return

in referrals and continuation references. This is defined in RFC 4516 as follows:

where most components after "ldap://" can be omitted.

Attributes is a comma-separated list of attributes to retrieve.

Scope can be "base" (the default), "one" or "sub".

Filter e.g, (objectClass=*) see RFC 4515.

Extensions are extensions to the LDAP URL format.

As in other URLs, special characters must be escaped with %hex format.

There is a similar non-standard "ldaps:" URL scheme for LDAP over SSL.

For example, "ldap://ldap.example.com/cn=John%20Doe,dc=example,dc=com" refers to all

user attributes in John Doe's entry in ldap.example.com.

"ldap:///dc=example,dc=com??sub?(givenName=John)" searches for him in the default server.

"ldap://host:port/DN?attributes?scope?filter?extensions"

3.2.3Reading

LDAP directories typically use a binary data store to persist information given to them. Open

LDAP for instance uses Berkley DB as the underlying database of choice allowing others to beused instead via a set of pluggable backends.

To interface with the information in the directory two ways are provided, programmatically

while the directory is running or via batch operations over a representation of the directory

data offline. There is a standard format for exporting LDAP data for offline operations called

the LDAP Data Interchange Format (LDIF).

The LDAP Data Interchange Format (LDIF) is a standard data interchange format for

representing (LDAP) directory content as well as directory update (Add, Modify, Delete,

Rename) requests.


53/64


53

LDAP is an acronym for "Lightweight Directory Access Protocol". It conveys directory content

as a set of records, one record for each object (or entry). It represents update requests as a set

of records, one record for each update request. In both cases, the data is presented in a plaintext form. Below is a simple example of a single entry from an LDAP directory shown in LDIF

format:

The OSI directory model used distinguished name as the primary key for entries in the

directory. The naming model is outlined briefly in RFCs 1777 and 2251. The LDAP naming

model was further enumerated in RFC 1779 A String Representation of Distinguished Names

and RFC 2253 Lightweight Directory Access Protocol (v3): UTF-8 String Representation of

Distinguished Names. Distinguished Name Entries are arranged in the directory information

tree based on their Distinguished Name. The Distinguished Name consists of a series of

Relative Distinguished Names and serves as a primary key for an object in the directory

information tree. Each naming component represents a branch in the directory information

tree. A Distinguished Name is analogous to the absolute path name to a file in the Windows

file system. Following are examples of Distinguished Names. In these examples, cn means

CommonName and dc means DomainComponent. cn=Dan,dc=Microsoft,dc=com

cn=tim,cn=mydomain,dc=com.

Each component of the Distinguished Name is a Relative Distinguished Name. The Relative

Distinguished Name is unique within its container, and is analogous to a file name or directory

in a file system. The RDN consists of an attribute type and a value, and is formatted as:

:== = . Examples of RDNs are listed below, where OU stands for

organizational unit: cn=Dan ou= Sales dc= Microsoft.

dn: cn=The Postmaster,dc=example,dc=com

objectClass: organizationalRole

cn: The Postmaster

3.2.4Operations

LDAP supports a number of well-defined operations over the data that it stores. These

operations are as follows:

Search Given a set of criteria the directory is able to perform searches and return the number

of matching records to the user / client.

Compare- This operation allows a client to ask the server whether the named entry has an

attribute/value pair. This allows the server to keep certain attribute/value pairs secret (i.e., not

exposed for general "search" access) while still allowing the client limited use of them. Some


54/64


54

servers might use this feature for passwords, for example, although it is insecure for the client

to pass clear-text passwords in the "compare" operation itself.

Add Allows new records to be added into the directory via a client interface and the additionoperation does not affect the rest of the directory and its ability to serve other clients.

Additions are slow in comparison to querying the directory and therefore most LDAP

implementations also allow for batch imports of data into the directory for enhanced

performance, however some implementation require that the directory is put offline while the

batch addition takes place.

Delete Allows subtrees, records or parts of records to be removed from the current running

directory. In most cases this is an operation that requires prior authentication and certain

privileges to perform because its actions cannot be undone. Deletions out of the directory are

permanent.

Modify This operation allows a client to ask the server to modify a particular record. It is far

more efficient than dropping a record and re-adding it and allows attribute-level granularity,

so modifications need only touch the attributes to be changed and not the entire record. The

schema of the directory and its associated access control lists (ACLs) will specify the attributes

that can be changed and those that cannot be.

Abandon This operation allows the client to request that another outstanding extended

operation is cancelled (or abandoned). The Abandon operation in LDAP does not have a

response and requires no response from the abandoned operation.

These semantics provide the client with no clear indication of the outcome of the Abandon

operation. It is highly suggested therefore that the LDAP Cancel operation is used should the

client wish to abandon an outstanding operation. The LDAP Cancel operation has a response

and also requires the abandoned operation to return a response indicating it was canceled.

Unbind This operation is the opposite of the Bind operation. Clients use these to identify

themselves with the directory and gain access to operations and data elements that would

otherwise be forbidden. LDAP defines anonymous level of access that everyone is granted

unless they specifically bind (or authenticate) with the directory. Unbind allows a client to

remove their credentials recognition and therefore fall back to using the anonymous level of

access.

Extended Operations These operations are defined as part of LDAPv3 and each one is

identified by an OID. Extended operations allow for custom-build operations to be introduced

to the directory and LDAPv3 then provides a standard set of interfaces for invoking and

querying the results of those operations. Note however that for extended operations to be

called and performed both the client and server must understand them.

Extensive details about each of these operations can be found in the relevant RFC documents.


55/64


55

3.2.5Schema

LDAP uses a tree-like hierarchical structure to store information. The contents of the entries in

each subtree are governed by a schema. The schema defines the attribute types that directoryentries can contain.

An attribute definition includes syntax, and most non-binary values in LDAPv3 use UTF-8

string syntax. For example, a "mail" attribute might contain the value "[email protected]". A

"jpegPhoto" attribute would contain photograph(s) in binary JPEG/JFIF format.

A "member" attribute contains DNs of other directory entries. Attribute definitions also specify

whether the attribute is single-valued or multi-valued, how to search/compare the attribute

(e.g. case-sensitive vs. case-insensitive and whether substring matching is supported), etc.

The schema defines object classes. Each entry must have an objectClass attribute, containingnamed classes defined in the schema. The schema definition of the classes of an entry defines

what kind of object the entry may represent - e.g. a person, organization or domain.

The object class definitions also list which attributes the entry MAY and MUST contain. For

example, an entry representing a person might belong to the classes "top" and "person".

Membership in the "person" class would require the entry to contain the "sn" and "cn"

attributes, and allow the entry also to contain "userPassword", "telephoneNumber", and other

attributes. Since entries may belong to multiple classes, each entry has a complex of optional

and mandatory attribute sets formed from the union of the object classes it represents.

The schema also includes various other information controlling directory entries. Most schema

elements have a name and a globally unique Object identifier (OID).

Directory servers may publish the directory schema controlling an entry at a base DN given by

the entry's subschemaSubentry operational attribute. (An operational attribute describes

operation of the directory rather than user information and is only returned from a search

when it is explicitly requested.)

Server administrators can define their own schemas in addition to the standard ones. A

schema for representing individual people within organizations is termed a white pages

schema.


56/64
