what is session layer
TRANSCRIPT
-
8/13/2019 What is Session Layer
1/101
-
8/13/2019 What is Session Layer
2/101
the fifth layer of the Open System Interconnection(OSI) model
commonly called layer 5 in computer networking defines how to start, control and end conversations
(called sessions) between applications. controls the connections between multiple
computers.
keep tracks the dialogs between computers, whichare also called sessions.
-
8/13/2019 What is Session Layer
3/101
-
8/13/2019 What is Session Layer
4/101
When the Session Layer is signaled by the
Presentation Layer, it determines which port toestablish the connection on, whether the datatransfer will be half duplex or full duplex and whatprotocols will be used during the connection. Oncethe communication is complete or has been idle for aset amount of time, Session Layer terminates thesession.
-
8/13/2019 What is Session Layer
5/101
Session layer protocols are particularly useful formultimedia applications for which it is necessary tocoordinate the timing of two or more types of data, suchas voice and moving images, with a high degree ofprecision. The session layer of the OSI model isresponsible for session checkpointing and recovery. Itallows information of different streams, perhapsoriginating from different sources, to be properlycombined or synchronized.
Example:Application in Web ConferencingApplication in live TV programs
-
8/13/2019 What is Session Layer
6/101
Common protocols that are used by the Session Layer: ADSP, AppleTalk Data Stream Protocol ASP, AppleTalk Session Protocol H.245, Call Control Protocol for Multimedia Communication ISO-SP, OSI session-layer protocol (X.225, ISO 8327)
iSNS, Internet Storage Name Service L2F, Layer 2 Forwarding Protocol L2TP, Layer 2 Tunneling Protocol NetBIOS, Network Basic Input Output System PAP, Password Authentication Protocol PPTP, Point-to-Point Tunneling Protocol RPC, Remote Procedure Call Protocol RTCP, Real-time Transport Control Protocol SMPP, Short Message Peer-to-Peer SCP, Session Control Protocol SOCKS, the SOCKS internet protocol
ZIP, Zone Information Protocol SDP, Sockets Direct Protocol
-
8/13/2019 What is Session Layer
7/101
-
8/13/2019 What is Session Layer
8/101
AppleTalk DataStream Protocol
(ADSP)
-
8/13/2019 What is Session Layer
9/101
it was released for the original Macintosh in 1985 and wasthe primary protocol used by Apple devices through the1980s and 90s.
a proprietary suite of networking protocols developed by Apple Inc. for their Macintosh computers.
included a number of features that allowed local areanetworks to be connected with no prior setup or the needfor a centralized router or server of any sort.
a protocol which provides a simple transport method for
data across a network. sometimes called a connection-oriented protocol. manages and controls the data ow between the two
sockets throughout the session to ensure that the data isdelivered and received in the order in which it was sent.
-
8/13/2019 What is Session Layer
10/101
includes both session and transport services, and itis the most commonly used of the port protocols. builds a session connection on top of the packet
transfer services that DDP provides so thatapplications using ADSP can exchange data as acontinuous stream.
assigns a socket to be used when you initializeeach end of the connection, and your applicationbecomes a client of that socket. Because this
connection exists for the duration of the exchange. application or process at the receiving end of the
connection has the buffer capacity to accept thedata.
-
8/13/2019 What is Session Layer
11/101
a connection attempt could be rejected
there were no "half-open" connections; once one
end initiated a tear-down of the connection, thewhole connection would be closed (note: ADSPis full-duplex, not dual simplex).
-
8/13/2019 What is Session Layer
12/101
AppleTalkSession Protocol
-
8/13/2019 What is Session Layer
13/101
provides an application programming interface forthe workstation side only.
is not commonly used by application programdevelopers.
primary use is to provide services for theAppleTalk Filing Protocol (AFP) that, in turn,provides all of the services necessary to access anAppleTalk AppleShare server.
most developers who want to write an AppleTalk
application that establishes a session use theAppleTalk Data Stream Protocol (ADSP) because itprovides peer-to-peer services.
-
8/13/2019 What is Session Layer
14/101
Apple Filing Protocol
formerly AppleTalk Filing Protocol, is the protocolfor communicating with AppleShare file servers.
built on top of AppleTalk Session Protocol (forlegacy AFP over DDP) or the Data Stream Interface(for AFP over TCP).
it provides services for authenticating users(extensible to different authentication methodsincluding two-way random-number exchange) andfor performing operations specific to the MacintoshHFS file system.
is still in use in Mac OS X, even though most otherAppleTalk protocols have been deprecated.
-
8/13/2019 What is Session Layer
15/101
was an intermediate protocol, built on top of ATP,which in turn was the foundation of AFP.
it provided basic services for requesting responses
to arbitrary commands and performing out-of-bandstatus queries. it also allowed the server to send asynchronous
attention messages to the client.
-
8/13/2019 What is Session Layer
16/101
-
8/13/2019 What is Session Layer
17/101
Datagram Delivery Protocol
was the lowest-level data-link-independenttransport protocol.
it provided a datagram service with no guaranteesof delivery.
All application-level protocols, including the
infrastructure protocols NBP, RTMP and ZIP, werebuilt on top of DDP.
-
8/13/2019 What is Session Layer
18/101
Name Binding Protocol
was a dynamic, distributed system for managingAppleTalk names.
provided a system for checking that no othermachine had already registered the same name.
Later, when a client wanted to access that service,
it used NBP to query machines to find that service.
-
8/13/2019 What is Session Layer
19/101
AppleTalk Echo Protocol
is a transport layer protocol designed to test thereachability of network nodes.
generates packets to be sent to the network nodeand is identified in the Type field of a packet as anAEP packet.
packet is first passed to the source DDP.
-
8/13/2019 What is Session Layer
20/101
Printer Access Protocol was the standard way of communicating with PostScript
printers. it was built on top of ATP. When a PAP connection was opened, each end sent the
other an ATP request which basically meant "send memore data".
The client's response to the server was to send a blockof PostScript code, while the server could respond withany diagnostic messages that might be generated as aresult, after which another "send-more-data" requestwas sent.
provided automatic flow control; each end could onlysend data to the other end if there was an outstandingATP request to respond to.
-
8/13/2019 What is Session Layer
21/101
Routing Table Maintenance Protocol
was the protocol by which routers kept each otherinformed about the topology of the network.
the only part of AppleTalk that required periodicunsolicited broadcasts: every 10 seconds, eachrouter had to send out a list of all the networknumbers it knew about and how far away it
thought they were.
-
8/13/2019 What is Session Layer
22/101
Zone InformationProtocol
(ZIP)
-
8/13/2019 What is Session Layer
23/101
was the protocol by which AppleTalk networknumbers were associated with zone names.
A zone was a subdivision of the network thatmade sense to humans but while a networknumber had to be assigned to a topologically-contiguous section of the network, a zone couldinclude several different discontiguous portions
of the network.
-
8/13/2019 What is Session Layer
24/101
provides applications and processes withaccess to zone names. a zone is a logical grouping of nodes in an
AppleTalk internet, and each zone is identied by a name.
a zone name is typically used to identify anaffiliation between a group of nodes, such as agroup of nodes belonging to a particulardepartment within an organization.
builds a zone information table that includeseach networks number (extended networkshave network number ranges) in associationwith the networks list of zones.
-
8/13/2019 What is Session Layer
25/101
ZIP maintains the mapping of networks andthe zones they include for all networksbelonging to an AppleTalk internet:
every node on a network belongs to a zone; anode can belong to only one zone at a time.
a non-extended network contains only onezone, and all nodes in that network belong tothe same zone.
a single extended network can contain nodesthat belong to up to 255 different zones.
-
8/13/2019 What is Session Layer
26/101
Call ControlProtocol forMultimedia
Communication(H.245)
-
8/13/2019 What is Session Layer
27/101
is a control channel protocol used within H.323 andH.324 communication sessions, and involves the linetransmission of non-telephone signals.
it also offers the possibility to be tunneled within
H.225.0 call signaling messages. capable of conveying information needed for
multimedia communication, such as encryption, flowcontrol, jitter management, preference requests, aswell as the opening and closing of logical channelsused to carry media streams.
it also defines separate send and receive capabilitiesand the means to send these details to other devicesthat support H.323.
-
8/13/2019 What is Session Layer
28/101
Network BasicInput/output
System(NETBIOS)
-
8/13/2019 What is Session Layer
29/101
introduced in 1983 by IBM as an improvement to thestandard BIOS used by Windows-based computers
a program that allows applications on differentcomputers to communicate within a local area network
(LAN) provides services related to the session layer of the OSImodel allowing applications on separate computers tocommunicate over a local area network
is an application programming interface (API), not a
networking protocol was created by IBM for its early PC Network and was
adopted by Microsoft is used in Ethernet and Token Ring networks
-
8/13/2019 What is Session Layer
30/101
does not support a routing mechanism on a wide areanetwork (WAN)
frees the application from having to understand thedetails of the network, including error recovery (insession mode)
specifies a message location and the name of adestination
provides the session and transport services described inthe Open Systems Interconnection (OSI) model
it does not provide a standard frame or data format fortransmission
prevents programmers from having to "reinvent thewheel" just to get their program to connect to a network
included as part of NetBIOS Extended User Interface(NetBEUI), in recent Microsoft Windows operatingsystems
-
8/13/2019 What is Session Layer
31/101
NetBIOS provides three distinct services:
1. Name service (NetBIOS-NS)- for name registration and resolution
The name service primitives offered by NetBIOS are:
Add name registers a NetBIOS nameAdd group name registers a NetBIOS "group" nameDelete name un-registers a NetBIOS name or group nameFind name looks up a NetBIOS name on the network
-
8/13/2019 What is Session Layer
32/101
2. Datagram distribution service (NetBIOS-DGM)
- for connectionless communication
The datagram service primitives offered by NetBIOSare:
Send Datagram
send a datagram to a remoteNetBIOS name.Send Broadcast Datagram send a datagram toall NetBIOS names on the network.Receive Datagram wait for a packet to arrivefrom a Send Datagram operation.Receive Broadcast Datagram wait for a packetto arrive from a Send Broadcast Datagramoperation.
-
8/13/2019 What is Session Layer
33/101
3. Session service (NetBIOS-SSN)-for connection-oriented communication
The session service primitives offered byNetBIOS are:
Call opens a session to a remote NetBIOS name.Listen listen for attempts to open a session to a NetBIOSname.Hang Up close a session.Send sends a packet to the computer on the other end of asession.Send No Ack like Send, but doesn't require anacknowledgment.Receive wait for a packet to arrive from a Send on the otherend of a session.
-
8/13/2019 What is Session Layer
34/101
TWO COMMUNICATION MODESSession mode
- lets two computers establish a connection for a"conversation
- allows larger messages to be handled- provides error detection and recovery
Datagram- is "connectionless" (each message is sent
independently)- messages must be smaller- the application is responsible for error detection and
recovery- also supports the broadcast of a message to every
computer on the LAN
-
8/13/2019 What is Session Layer
35/101
NETBIOS NAME
16 ASCII characters usually an IP address often the same as that computer's host name although truncated to
15 characters a sequence of alphanumeric characters hyphen ("-") and full-stop (".") characters may also be used in the
NetBIOS name, but not as the first or last character
-
8/13/2019 What is Session Layer
36/101
NetBIOS SuffixesFor unique names:
00: Workstation Service (workstation name)03: Windows Messenger service06: Remote Access Service20: File Service (also called Host Record)21: Remote Access Service client1B: Domain Master Browser Primary Domain Controller for a domain1D: Master Browser
For group names:00: Workstation Service (workgroup/domain name)1C:Domain Controllers for a domain (group record with up to 25 IP addresses)1E: Browser Service Elections
-
8/13/2019 What is Session Layer
37/101
PasswordAuthentication
Protocol (PAP)
-
8/13/2019 What is Session Layer
38/101
an authentication protocol that uses a password a protocol where two entities share a password in
advance and use the password as the basis of
authentication used by Point to Point Protocol to validate users
before allowing them access to server resources transmits unencrypted ASCII passwords over the
network and is therefore considered insecure
-
8/13/2019 What is Session Layer
39/101
validate the identity of the originator of theconnection
passwords are sent over the circuit "in the clear" a
nd there isno protection against playback or repeated "trial and error" attacks
principle of the PAP is to send the username andpassword in clear text across the network
-
8/13/2019 What is Session Layer
40/101
WORKING CYCLEClient sends username and passwordServer sends authentication-acknowledgement (if credentials are OK)
or authentication-notacknowledgement (otherwise)
AUTHENTICATION SCHEMES1. Weak-Password Authentication Schemes
tend to have lighter computational overheadthe designs are simplerimplementation is easier
2. Strong-Password Authentication Schemesmore secure compare to Weak-Password Authentication Schemeshas higher entropy
-
8/13/2019 What is Session Layer
41/101
-
8/13/2019 What is Session Layer
42/101
Session ControlProtocol (SCP)
-
8/13/2019 What is Session Layer
43/101
also known as X.225 or ISO 8327 a protocol specification recommended by the
International Telecommunication Union (ITU) this protocol may try to recover the connection (In case
of a connection loss) this protocol may close a connection if is not used for
a long period and re-open it provides for either full duplex or half-duplex operation provides synchronization points in the stream of
exchanged messages provide services for coordinating communicationbetween local and remote applications (establishing,managing and terminating connections)
-
8/13/2019 What is Session Layer
44/101
ISO-SP, OSI Session-Layer Protocol
X.225 (ISO 8327)
-
8/13/2019 What is Session Layer
45/101
is a connection-oriented session layer protocol inthe Open Systems Interconnection (OSI) model. The ITU X.225 protocol specification is arecommendation of the International
Telecommunication Union (ITU) .
-
8/13/2019 What is Session Layer
46/101
ITU X.225 and other session layer protocol use:
suspend/resume
checkpoint/rollback capabilities
for synchronization of audio and video
-
8/13/2019 What is Session Layer
47/101
Internet Storage
Name Service(iSNS)
-
8/13/2019 What is Session Layer
48/101
provides management services similar to those found in
Fibre Channel networks, allowing a standard IPnetwork to operate in much the same way that a FibreChannel storage area network does.
Because iSNS is able to emulate Fibre Channel fabricservices and manage both iSCSI and Fibre Channeldevices, an iSNS server can be used as a consolidatedconfiguration point for an entire storage network.
However, standards-compliant iSNS implementations
are required to support the iFCP protocol, supportingthe iSCSI protocol is optional.
-
8/13/2019 What is Session Layer
49/101
The iSNS standard defines fourcomponents:
iSNS Protocol
iSNS Clients
iSNS Servers
iSNS Databases
-
8/13/2019 What is Session Layer
50/101
iSNS Protocol
iSNSP is a protocol that specifies how iSNS clients
and servers communicate. It is intended to be usedby various platforms, including switches andtargets as well as server hosts.
-
8/13/2019 What is Session Layer
51/101
-
8/13/2019 What is Session Layer
52/101
iSNS Servers
iSNS servers respond to iSNS protocol queries and
requests made by iSNS clients using the iSNSP.iSNS servers initiate iSNSP State ChangeNotifications and store properly authenticatedinformation submitted by a registration request inan iSNS database.
-
8/13/2019 What is Session Layer
53/101
iSNS Databases
iSNS databases are the information repositories
for iSNS server(s). They maintain informationabout iSNS client attributes; whileimplementations will vary, a directory-enabledimplementation of iSNS, for example, might storeclient attributes in an LDAP directory.
-
8/13/2019 What is Session Layer
54/101
Services
An iSNS implementation provides four primary
services:
Name Registration and Storage Resource Discovery Discovery Domains and Login Control State Change Notification Bidirectional Mappings Between Fibre Channel and
iSCSI Devices
-
8/13/2019 What is Session Layer
55/101
Name Registration and StorageResource Discovery
iSNS implementations allow all entities in a storagenetwork to register and query an iSNS database. Bothtargets and initiators can register with the iSNS database,and each entity can inquire about other initiators andtargets. For example, a client initiator can obtaininformation about target devices from an iSNS server.
-
8/13/2019 What is Session Layer
56/101
Discovery Domains and Login
ControlAdministrators can use the Discovery Domains to
divide storage nodes into manageable, non-exclusivegroups.
By grouping storage nodes, administrators are ableto limit the login process of each host to the mostappropriate subset of targets registered with the iSNS,which allows the storage network to scale by reducing thenumber of unnecessary logins and by limiting the amountof time each host spends establishing login relationships.
-
8/13/2019 What is Session Layer
57/101
State Change Notification The State Change Notification (SCN) service
allows an iSNS Server to issue notifications about
each event that affects storage nodes on themanaged network.Each iSNS client may register for notifications
on behalf of its storage nodes, and each client isexpected to respond according to its ownrequirements and implementation.
-
8/13/2019 What is Session Layer
58/101
Bidirectional mappings between fibrechannel and iSCSI device
Because the iSNS database stores naming anddiscovery information about both Fibre Channel andiSCSI devices, iSNS servers are able to store mappingsof Fibre Channel devices to proxy iSCSI device imageson the IP network. These mappings may also be madein the opposite direction, allowing iSNS servers to storemappings from iSCSI devices to proxy WWNs.
-
8/13/2019 What is Session Layer
59/101
-
8/13/2019 What is Session Layer
60/101
A media-independent tunnelling protocol developed byCisco Systems.
The Layer 2 Forwarding (L2F) protocol tunnels data-linklayer frames in such protocols as Point-to-PointProtocol (PPP) or Serial Line Internet Protocol (SLIP),
making it possible to create virtual private networks(VPNs) over a public network such as the Internet. On the server side, L2F can be used with such features
as user authentication through Remote AuthenticationDial-In User Service (RADIUS), dynamic allocation of
addresses, and quality of service (QoS). L2F is implemented in Cisco routers through Ciscos
Internetwork Operating System (IOS).
-
8/13/2019 What is Session Layer
61/101
-
8/13/2019 What is Session Layer
62/101
NOTE :
L2F has been largely superseded by the newer Layer
2 Tunneling Protocol (L2TP), an Internet Engineering Task Force (IETF) standard protocol that provides avendor-neutral tunneling solution. L2TP is anextension of the PPP protocol that supports the bestfeatures of the Point-to-Point Tunneling Protocol(PPTP) and the L2F protocol.
-
8/13/2019 What is Session Layer
63/101
-
8/13/2019 What is Session Layer
64/101
-
8/13/2019 What is Session Layer
65/101
Published in 1999 as proposed standard RFC 2661,L2TP has its origins primarily in two older tunnelingprotocols for Point-to-Point communication: Cisco's
Layer 2 Forwarding Protocol (L2F) and USRobotics Point-to-Point Tunneling Protocol (PPTP).
A new version of this protocol, L2TPv3, was published asproposed standard RFC 3931 in 2005.
L2TPv3 provides additional security features, improvedencapsulation, and the ability to carry data links otherthan simply PPP (PPP) over an IP network (e.g., Frame
Relay, Ethernet, ATM, etc.).
-
8/13/2019 What is Session Layer
66/101
1. L2TP Access Concentrator (LAC) is the initiator of the tunnel which is the device that physically terminates a call
2. L2TP Network Server (LNS)
is the server, which waits for new tunnels which is the device that terminates and possiblyauthenticates the PPP stream.
-
8/13/2019 What is Session Layer
67/101
-
8/13/2019 What is Session Layer
68/101
The end device, often a user PC or laptop, establishes a PPP
connection to a server known as the LAC (L2TP Access Concentrator)using dialup POTS, DSL, and so on. The LAC then initiates an L2TPtunneling session, using normal IP, to the remote device with which theoriginating device wants to set up a session. This remote device is calledthe LNS (L2TP Network Server). Typically the authentication,authorization, and accounting (AAA) of the end user is done on the LNS
itself using a local database or AAA server.
-
8/13/2019 What is Session Layer
69/101
The LAC is the initiator of the tunnel while the LNS isthe server, which waits for new tunnels. Once a tunnelis established, the network traffic between the peers isbidirectional. To be useful for networking, higher-levelprotocols are then run through the L2TP tunnel. To
facilitate this, an L2TP session (or ' call' ) is establishedwithin the tunnel for each higher-level protocol such asPPP. Either the LAC or LNS may initiate sessions. Thetraffic for each session is isolated by L2TP, so it is
possible to set up multiple virtual networks across asingle tunnel.
-
8/13/2019 What is Session Layer
70/101
Voluntary L2TP Tunneling The client is aware of the presence of an L2TP connection.
The LAC is unaware of L2TP. (client) PPP + L2TP + Data (LAC) L2TP + Data (LNS)
Compulsory L2TP Tunneling The client is completely unaware of the presence of an L2TP
connection. The L2TP Access Concentrator (LAC) is aware of L2TP.
(client) PPP + Data (LAC) L2TP + Data (LNS)
-
8/13/2019 What is Session Layer
71/101
An L2TP packet consists of :Bits 0 15 Bits 16 31
Flags and Version Info Length (opt) Tunnel ID Session IDNs (opt) Nr (opt)Offset Size (opt) Offset Pad (opt)......Payload data
Field meanings:Flags and version control flags indicating data/control packet and presence of length, sequence,and offset fields.
Length (optional) Total length of the message in bytes, present only when length flag is set.Tunnel ID Indicates the identifier for the control connection.Session ID Indicates the identifier for a session within a tunnel.Ns (optional) sequence number for this data or control message, beginning at zero and
incrementing by one for each message sent. Present only when sequence flag set.Nr (optional) sequence number for expected message to be received. Nr is set to the Ns of the last
in-order message received plus one In data messages, Nr is reserved and, if present (asindicated by the S bit), MUST be ignored upon receipt..
Offset Size (optional) Specifies where payload data is located past the L2TP header. If the offsetfield is present, the L2TP header ends after the last byte of the offset padding. This fieldexists if the offset flag is set.
Offset Pad (optional) Variable length, as specified by the offset size. Contents of this field are
undefined.Payload data Variable length (Max payload size = Max size of UDP packet size of L2TP header)
-
8/13/2019 What is Session Layer
72/101
-
8/13/2019 What is Session Layer
73/101
The Point-to-Point TunnelingProtocol (PPTP ) is a method forimplementing virtual private networks.
PPTP uses a controlchannel over TCP anda GRE tunnel operating toencapsulate PPP packets.
PPTP is considered cryptographicallybroken and its use is no longerrecommended by Microsoft.
The PPTP specification does notdescribe encryption or authenticationfeatures and relies on the Point-to-Point Protocol being tunneled toimplement security functionality.However, the most common PPTP
implementation shipping withthe Microsoft Windows productfamilies implements various levels ofauthentication and encryptionnatively as standard features of theWindows PPTP stack.
The intended use of thisprotocol is to provide securitylevels and remote accesslevels comparable withtypical VPN products.
-
8/13/2019 What is Session Layer
74/101
A specification for PPTP was published in July 1999 as RFC2637 and was developed by a vendor consortium formedby Microsoft, Ascend Communications (today part of Alcatel-Lucent), 3Com, and others. PPTP has not been proposed norratified as a standard by the IETF.A PPTP tunnel is instantiated by communication to the peeron TCP port 1723. This TCP connection is then used to initiate andmanage a second GRE tunnel to the same peer.
The PPTP GRE packet format is non standard, including anadditional acknowledgement field replacing the typical routing fieldin the GRE header. However, as in a normal GRE connection,those modified GRE packets are directly encapsulated into IP
packets, and seen as IP protocol number 47.In the Microsoft implementation, the tunneled PPP traffic can beauthenticated with PAP, CHAP, MS-CHAP v1/v2 or EAP-TLS. ThePPP payload is encrypted using Microsoft Point-to-PointEncryption (MPPE) when using MS-CHAPv1/v2 or EAP-TLS. MPPE
is described by RFC 3078.
-
8/13/2019 What is Session Layer
75/101
PPTP was the first VPN protocol that was supported by Microsoft Dial-up Networking. All releases of Microsoft Windows since Windows 95 OSR2 arebundled with a PPTP client, although they are limited to only 2 concurrentoutbound connections. Microsoft Windows Mobile 2003 and higher alsosupport the PPTP protocol. The Routing and Remote Access
Service for Microsoft Windows contains a PPTP server. The Microsoftimplementation uses single DES in the MS-CHAP authentication protocolwhich many find unsuitable for data protection needs.
Windows Vista and later support the use of PEAP with PPTP. Theauthentication mechanisms supported are PEAPv0/EAP-MSCHAPv2(passwords) and PEAP-TLS (smartcards and certificates). Windows Vista
removed support for using the MSCHAP-v1 protocol to authenticate remoteaccess connections.
-
8/13/2019 What is Session Layer
76/101
Linux server-side support for PPTP is provided by the PoPToP daemonand kernel modules for PPP and MPPE. Client-side Linuximplementations of PPTP appeared in 1997,[5] but the first widely usedserver-side Linux PPTP implementation was developed by MatthewRamsay in 1999[6] and initially distributed under the GNU GPL byMoreton Bay. However, Linux distributions initially lacked full PPTPsupport because MPPE was believed to be patent encumbered. FullMPPE support was added to the Linux kernel in the 2.6.14 release onOctober 28, 2005. SuSE Linux 10 was the first Linux distribution toprovide a complete working PPTP client. There is also ACCEL-PPP PPTP/L2TP/PPPoE server for Linux[7] which supports PPTP in kernel-mode.OS X and iOS are bundled with a PPTP client. Cisco and EfficientNetworks sell PPTP clients for older Mac OS releases. Palm PDA deviceswith Wi-Fi are bundled with the Mergic PPTP client.[citation needed]Many different Mobile phones with Android as the operating systemsupport PPTP as well.
-
8/13/2019 What is Session Layer
77/101
PPTP is (as of October 2012) considered cryptographicallybroken and its use is no longer recommended byMicrosoft[citation needed].
A summary of these vulnerabilities is below:
MSCHAP-v1 is fundamentally insecure. Tools exist to triviallyextract the NT Password hashes from a captured MSCHAP-v1exchange.When using MSCHAP-v1, MPPE uses the same RC4 sessionkey for encryption in both directions of the communication
flow. This can be cryptanalysed with standard methods byXORing the streams from each direction together.MSCHAP-v2 is vulnerable to dictionary attack on thecaptured challenge response packets. Tools exist to performthis process rapidly.
-
8/13/2019 What is Session Layer
78/101
In 2012, it was shown that brute-force attack on MSCHAP-v2is equivalent to single DES key brute-force attack. Onlineservice was presented, which is capable to restore MSCHAP-v2passphrase's MD4 in 23 hours.MPPE uses RC4 stream cipher for encryption. There is nomethod for authentication of the ciphertext stream and
therefore the ciphertext is vulnerable to a bit-flipping attack.An attacker could modify the stream in transit and adjustsingle bits to change the output stream without possibility ofdetection. These bit flips may be detected by the protocolsthemselves through checksums or other means.
EAP-TLS is seen as the superior authentication choice forPPTP;however, it requires implementation of a Public KeyInfrastructure for both client and server certificates. As such itis not a viable authentication option for many remote accessinstallations.
-
8/13/2019 What is Session Layer
79/101
-
8/13/2019 What is Session Layer
80/101
-
8/13/2019 What is Session Layer
81/101
The idea of treating network operations as remoteprocedure calls goes back at least to the 1980s inearly ARPANET documents.
-- Bruce Jay Nelson is generally credited with coiningthe term.One of the first business uses of RPC wasby Xerox under the name "Courier" in 1981.
The first popular implementation of RPCon Unix was Sun's RPC (now called ONC RPC), used asthe basis for Network File System.
-
8/13/2019 What is Session Layer
82/101
An RPC is initiated by the client , which sends a request message to a
known remote server to execute a specified procedure with suppliedparameters.he remote server sends a response to the client, and the applicationcontinues its process.While the server is processing the call, the client is blocked (it waits untilthe server has finished processing before resuming execution), unless the
client sends an asynchronous request to the server, such as an XHTTPcall. There are many variations and subtleties in variousimplementations, resulting in a variety of different (incompatible) RPCprotocols.An important difference between remote procedure calls and local calls isthat remote calls can fail because of unpredictable network problems.
Also, callers generally must deal with such failures without knowingwhether the remote procedure was actually invoked.Idempotent procedures (those that have no additional effects if calledmore than once) are easily handled, but enough difficulties remain thatcode to call remote procedures is often confined to carefully written low-level subsystems.
-
8/13/2019 What is Session Layer
83/101
o The client calls the client stub. The call is a local procedure call,with parameters pushed on to the stack in the normal way.
o The client stub packs the parameters into a message and makesa system call to send the message. Packing the parameters is
called marshalling .o The client's local operating system sends the message from theclient machine to the server machine.
o The local operating system on the server machine passes theincoming packets to the server stub.
o The server stub unpacks the parameters from the message.Unpacking the parameters is called unmarshalling .
o Finally, the server stub calls the server procedure. The replytraces the same steps in the reverse direction.
-
8/13/2019 What is Session Layer
84/101
To let different clients access servers, a number ofstandardized RPC systems have been created. Most ofthese use an interface description language (IDL) to letvarious platforms call the RPC. The IDL files can then be
used to generate code to interface between the client andserver. The most common tool used for this is RPCGEN
RPCGEN is an interface generator pre-compiler for Sun Microsystems ONC RPC. Ituses an interface definition file to createclient and server stubs in C. RPCGENcreates stubs based on informationcontained within an IDL file.
-
8/13/2019 What is Session Layer
85/101
-
8/13/2019 What is Session Layer
86/101
The Sockets Direct Protocol (SDP) is a networking protocol
originally defined by the Software Working Group (SWG) ofthe InfiniBand Trade Association. Originally designedfor InfiniBand (IB),
SDP now has been redefined as a transport-agnostic protocolfor Remote Direct Memory Access (RDMA) network fabrics.
SDP defines a standard wire protocol over an RDMA fabric tosupport stream sockets (SOCK_STREAM). SDP uses variousRDMA network features for high-performance zero-copy datatransfers. SDP is a pure wire-protocol level specification anddoes not go into any socket API or implementation specifics.
-
8/13/2019 What is Session Layer
87/101
The purpose of the Sockets Direct Protocol is to provide anRDMA-accelerated alternative to the TCP protocol on IP.
The goal is to do this in a manner which is transparent to theapplication.
Oracle Solaris 10 and Oracle Solaris 11 Express also includesupport for SDP. Several other Unix operating system variants
plan to include support for Sockets Direct Protocol. MicrosoftWindows offers a subsystem called Winsock Direct, which couldbe used to support SDP.
SDP support was introduced to the JDK 7 release of the Java
Platform, Standard Edition (July 2011) for applications deployedin the Solaris operating system and on Linux operating systems(OFED 1.4.2 and 1.5).
Oracle Database 11g supports connection over SDP.
-
8/13/2019 What is Session Layer
88/101
Sockets Direct Protocol only deals with stream sockets, andif installed in a system, bypasses the OS resident TCP stackfor stream connections between any endpoints on the RDMAfabric.
All other socket types (such as datagram, raw, packet, etc.)are supported by the Linux IP stack and operate over
standard IP interfaces (i.e., IPoIB on InfiniBand fabrics).
The IP stack has no dependency on the SDP stack; however,the SDP stack depends on IP drivers for local IP assignmentsand for IP address resolution for endpoint identifications.
SDP is used by the Australian telecommunicationscompany Telstra on their 3G platform Next G to deliverstreaming mobile TV.
-
8/13/2019 What is Session Layer
89/101
Real-timeTransport Control
Protocol (RTCP)
-
8/13/2019 What is Session Layer
90/101
Sister protocol of the Real-time TransportProtocol(RTP)
provides out-of-band statistics and controlinformation for an RTP flow.
gathers statistics for a media connection andinformation such as transmitted octet and packetcounts, lost packet counts, jitter, and round-tripdelay time.
does not provide any flow encryption orauthentication methods.
-
8/13/2019 What is Session Layer
91/101
Protocol Function The primary function of RTCP is to gather statistics onquality aspects of the media distribution during a sessionand transmit this data to the session media source andother session participants.
RTCP provides canonical end-point identifiers (CNAME) toall session participants. RTCP reports are expected to be sent by all participants,
even in a multicast session which may involve thousands ofrecipients.
The provisioning of session control functions, becauseRTCP is a convenient means to reach all sessionparticipants, whereas RTP itself is not. RTP is onlytransmitted by a media source.
-
8/13/2019 What is Session Layer
92/101
Message/Packets Types
Sender report (SR)- The sender report is sent periodically by the active
senders in a conference to report transmission andreception statistics for all RTP packets sent during theinterval .
Receiver report (RR)- It is for passive participants, those that do not send RTPpackets. The report informs the sender and other receiversabout the quality of service .
Source description (SDES)- is used to send the CNAME item to session participants.
End of participation (BYE)- A source sends a BYE message to shut down a stream.
Application-specific message (APP)- Provides a mechanism to design application-specificextensions to the RTCP protocol .
-
8/13/2019 What is Session Layer
93/101
-
8/13/2019 What is Session Layer
94/101
Short MessagePeer-to-Peer (SMPP)
-
8/13/2019 What is Session Layer
95/101
Designed by Aldiscon, Irish company that wasacquired by Logica.
Created by Ian J. Chambers The SMPP is an open, industry standard protocol
designed to provide a flexible data communicationinterface for the transfer of short message databetween External Short Messaging Entities (ESME),Routing Entities (RE) and Message Centres.
Because of its support for non-GSM SMS protocols,like UMTS, IS-95 (CDMA), CDMA2000, ANSI-136 (TDMA) and iDEN, the SMPP is the mostcommonly used protocol for short message exchangeoutside SS7 networks.
-
8/13/2019 What is Session Layer
96/101
SMPP Versions SMPP 3.3
SMPP 3.4
SMPP 5.0
-
8/13/2019 What is Session Layer
97/101
SOCKS InternetProtocol
-
8/13/2019 What is Session Layer
98/101
an Internet protocol that routes networkpackets between a client and server througha proxy server.
SOCKS additionally provides authentication soonly authorized users may access a server.
-
8/13/2019 What is Session Layer
99/101
-
8/13/2019 What is Session Layer
100/101
-
8/13/2019 What is Session Layer
101/101
PRESENTED BY:ACLAN, MELVIN Z.CASTOR, CLENT CYRUS T.CERILLO, JENNY ROSE V.JUROGUAS, MARVIN R.MARASIGAN, VENUS C.ODICPA, JOSEPH MARK E.