Network Management Assignment 1

Answer 1 :ICMP (Internet Control Message Protocol) :ICMP is the Internet Control Message Protocol. ICMP is a complementary protocol to IP (Internet Protocol). Like IP, ICMP resides on the Network Layer of the OSI Model. ICMP is designed for sending control and test messages across IP networks. Unlike the Transport Layer protocols TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) which operate on top of IP, ICMP exists alongside IP. The ability to understand ICMP is a requirement for any IP-compatible network device. However, many security devices such as firewalls block or disable all or part of ICMP functionality for security purposes. ICMP Message Types ICMP messages are divided into error ICMP error--reporting messages and query messages. The error messages. error--reporting messages report problems that a router or a host (destination) may encounter. The query messages get specific information from a router or another host.

MESSAGE FORMAT An ICMP message has an 8An 8--byte header and a variable byte variable--size data section. Although the general format of the header is different for each message type, the first 4 bytes are common to all.

___________________________________________________________________________ ___________________________________________________________________________

Answer 2 :TCP :-

TCP uses an end-to-end flow control protocol to avoid having the sender send data too fast for the TCP receiver to receive and process it reliably. Having a mechanism for flow control is essential in an environment where machines of diverse network speeds communicate. For example, if a PC sends data to a hand-held PDA that is slowly processing received data, the PDA must regulate data flow so as not to be overwhelmed. TCP uses a sliding window flow control protocol. In each TCP segment, the receiver specifies in the receive window field the amount of additional received data (in bytes) that it is willing to buffer for the connection. The sending host can send only up to that amount of data before it must wait for an acknowledgment and window update from the receiving host. 3.3 TCP timers TCP maintains seven timers for each connection.[7][8] Connection-establishment timer: starts when a SYN is sent to establish a new connection. If the sender doesn't receive an ACK within 75 seconds, the connection establishment is aborted. Retransmission timer: is set when TCP sends data. If the other end does not acknowledge the data when this timer expires, TCP retransmits the data. This timer is calculated dynamically based on the RTT (round-trip time). Delayed ACK timer: is set when TCP receives data that must be acknowledged but need not be acknowledged immediately. In Linux, this timer is set to 300ms. Persist timer: is set when the other end of a connection advertise a zero window but it still has data to send. The sender keeps probing the closed window during a retransmission interval. Its value is calculated dynamically. Keepalive timer: If the connection is idle for 2 hours, the keepalive timer expires and a special segment is sent to the other end. If other end is down, the sender will receive a RESET and the connection will be closed. If there is a segment exchange during 2 hours, the keepalive timer is set to 2 hours again. FIN_WAIT_2 timer: is set to 10 minutes when a connection moves from the FIN_WAIT_1 state to the FIN_WAIT_2 state and the connection cannot receive any more data. When this timer expires it is reset to 75 seconds. When it expires, the connection is dropped. 2MSL timer: is set when the connection is actively closed. MSL (maximum segment lifetime) is the maximum amount of time any segment can exist in the network before being discarded. When TCP performs an active close, and sends the final acknowledgement, that connection must stay in the TIME_WAIT state for twice the MSL to let TCP resend the final ACK in case this ACK is lost. The delayed ACK timer is different from the other six because when it is set a delayed ACK must be sent the next time TCP's 300-ms timer expires. But the other six timers are counters that are decremented by 1 every time TCP's 500-ms timer expires. When any one of the counters reaches 0, one of the following actions is taken: Drop the connection.

 Retransmit a segment. Send a keepalive probe. 3.4 TCP operations In the receiver side, the transition to the LISTEN state is initiated by the process itself by a call to the function listen (). The process informs the kernel that it should handle incoming communication requests. When a segment containing a SYN and ISS (initial send sequence number) has been received, the receiver TCP goes into SYN-RECEIVED state. Then an acknowledgment containing SYN/ACK and IRS (initial receiver sequence number) is returned to the sender. The receiver is now waiting for the ACK from the sender. After a correct ACK has been received, the connection is established. The receiver side TCP is in ESTABLISHED state.[9] In the sender side, the sender uses the function connect () to set up a connection to the receiver. The function sends a segment containing a SYN and ISS to the receiver and then goes over to the SYN_SENT state. If the sender does not receive an ACK before the connection-timer expires the connection establishment is aborted. When the SYN/ACK has been received by the receiver, the sender TCP is in ESTABLISHED state and an ACK is returned to other side. This is called three-way handshake connection. Once a connection is established between the sender and the receiver, data can be transferred between the two. Data is communicated by the exchange of segments. During data transmission, segments may be damaged, lost, duplicated or delivered out of order by the Internet communication system. When TCP transmits a segment containing data, it puts a copy of the segment on a retransmission queue and starts a retransmission timer. When the acknowledgment for that data is received, the segment is deleted from the queue. If the other end does not acknowledge the segment before the retransmission timer expires, TCP retransmits the segment. To maintain flow control, TCP provides a means for the receiver to govern the amount of data sent by the sender. This is achieved by using sliding-window techniques. That is, the sender can send multiple segments before it receives acknowledgements from receiver. Efficiency can be greatly improved by allowing multiple segments to be in transit at the same time.[1] Sender and receiver maintain their own slidingwindow. Sender window: snd_una - oldest unacknowledged sequence number. snd_nxt - next send sequence number. snd_wnd - offered window (advertised by receiver) The acceptable ACK is: snd_una < ACK <= snd_next

Receiver window: rec_next - next receive sequence number. rec_wnd - receiver window (advertised to sender). The acceptable segment is: rcv_next <= beginning sequence number of segment < rcv_nxt + rcv_wnd rcv_nxt <= ending sequence number < rec_nxt + rec_wnd.

In Linux kernel, three functions are used to perform the comparison of the sequence number. They are in the file /net/tcp.h int before(__u32 seq1, __u32 seq2); int after(__u32 seq1, __u32 seq2); int between(__u32 seq1, __u32 seq2, __u32 seq3); While it takes three segments to establish a connection, it takes four to terminate a connection.[7] By calling close () or a similar termination routine, one side of the TCP connection initiates the release of the connection. This sends a FIN to the opposite communication end-point. Each end can send a FIN when it is finished sending data. TCP

provides the ability for one end of a connection to terminate its output, while still receiving data from the other end. This is called a half-close. If an ACK has been received but no FIN, further data may still arrive from the other side. When FIN/ACK has been received, we need to wait for twice the maximum lifetime of a TCP segment to ensure proper handling of segments still in the network. If a FIN/ACK is received during the FIN_WAIT1 state, FINWAIT2 is skipped[9]. The receipt of a FIN only means there will be no more data flowing in that direction. TCP can still send data after receiving a FIN. But after it receives a FIN, it needs to send an ACK back to other end. When we have received a FIN from the remote host, we send the buffered data and report the start of connection release to the program. After the program sends out all its data, it will send a FIN. If an ACK is received for the other side, the connection is now terminated. All information related to it is deleted and the communication end-point can be re-used.

Answer 3 :-

X Windows is the predominate windowing system on UNIX computers, developed by the X Consortium, lead by M.I.T. An X server manages the display on the workstation. Clients can connect to server via TCP/IP and perform graphics operations. This makes X Windows much more network capable than Microsoft Windows, for example, which can only be accessed via a local API. X Windows operates over TCP, typically using server port numbers starting with 6000. The X server for a system's first display listens on port 6000; if the system has a second display, its server listens on port 6001; a third display would listen on 6002; etc. The protocol used over this reliable stream connection is essentially request/reply, and it's reputation is as a fat protocol that consumes a lot of bandwidth. Lightweight X (LWX), introduced in X11R6, attempts to reduces X's bandwidth needs to the point where it can be run over dialup modem connections. The X Protocol, documented in a postscript file, defines dozens of messages that can be exchanged between a client and a server. They can generally be classified into four categories: Requests, Replies, Events, and Errors. Typical requests include Draw PolyLine, Draw Text, Create Window, Fill. Replies are matched to particular Requests. Events are asynchronous occurances such as keystrokes and mouse clicks. Errors are matched to particular Requests. If a window is partially or fully obscured by another, overlapping window, the server has two options available to it. The server can allocate additional memory, called backing store, to record to contents of the obscured window. This is purely optional, however. The server can simply ignore the obscured part of the window. Later, when that part of the window becomes visible again, the server sends an Expose event to the client, which must then redraw the affected area. The client, therefore, must be prepared to redraw any part of its windows at any time.

Network File System (NFS), originally developed by Sun Microsystems and then extended by IETF, allows file sharing over network among different types of systems. In other words, NFS was designed for remote file access and sharing over network with various types of machines, operating systems, network architecture and transport protocols. NFS uses a client/server architecture and consists of a client program and a server program. The server program makes file systems available for access by other machines via a process called exporting. NFS clients access shared file systems mountingthem from an NFS server machine. NFS mount protocol is used to communicate between the server and the client for the file access and sharing. NFS mount protocol also allows the server to grant remote access privileges to a restricted set of clients via export control. NFS Version 2, the first widely implemented version of NFS, originally operated entirely over UDP and was meant to keep the protocol stateless. Several vendors had extended NFSv2 to support TCP as transport. NFS Version 3 introduced support for using TCP as transport. Using TCP as transport made using NFS over a WAN more feasible . Inheritated the good features of the previous versions, the current NFS Version 4 features the following improvements: Improved access and performance on the Internet. The protocol is designed to transit firewalls easily, perform well where latency is high and bandwidth is low, and scale to very large numbers of clients per server. Strong security with negotiation built into the protocol. The protocol builds on the work of the ONCRPC working group in supporting the Remote Prcedure Call (RPC) RPCSEC_GSS protocol. Additionally, the NFS version 4 provides a mechanism to allow clients and servers to negotiate security and require clients and servers to support a minimal set of security schemes. Designed for protocol extensions. The protocol is designed to accept standard extensions that do not compromise backward compatibility. NFS is strongly associated with UNIX systems, though it can be used on any platform such as Macintosh and Microsoft Windows operating systems. The Server Message Block (SMB) and Common Internet File System (CIFS) are a similar protocol that have equivalent implementation of a network file system under Microsoft Windows.