PROTOCOLS , PORT NUMBERS AND

IP SUBNETTING

RAGHURAM V
 PROTOCOL CONTENTS
[Link] Name System
[Link] Transfer Protocol
[Link] Text Transfer Protocol
[Link] Socket Layer
[Link] Shell
[Link] Network Management Protocol
[Link] Host Configuration Protocol
[Link] control message protocol
[Link] resolution protocol
[Link] Protocol Security
[Link]
[Link] Mail Transfer Protocol
[Link] Office Protocol
[Link] Access Control
Common Protocols and ports
IP and SUBNETTING
 DNS: Domain Name System
• The DNS protocol helps in translating or mapping host names to IP addresses.
• DNS works on a client-server model
Advantages
• DNS facilitates internet access.
• Eliminates the need to memorize IP addresses.

Disadvantages
DNS root servers, if compromised, could enable hackers to redirect to other pages for phishing data.
• DNS queries don't carry information pertaining to the client who initiated it.
 FTP: File Transfer Protocol
• FTP enables file sharing between hosts, both local and
remote, and runs on top of TCP.
• For file transfer,FTP creates two TCP connections: control
and data connection. The control connection is used to
transfer control information like passwords, commands to
retrieve and store files, etc., and the data connection is used
to transfer the actual file. Both of these connections run in
parallel during the entire file transfer process.
Advantages
enables sharing large files
resume file sharing if interrupted.
recover lost data, and schedule a file transfer.
Disadvantages
FTP lacks security. Data, usernames, and passwords are
transferred in plain text
FTP lacks encryption capabilities
HTTP: Hyper Text Transfer
Protocol
• HTTP is an application layer protocol.
• It works on a client-server model.
• Data such as text, images, and other multimedia files are shared over the World Wide Web using HTTP.
• As a request and response type protocol, the client sends a request to the server, which is then processed by the
server before sending a response back to the client.
Advantages
• Memory usage and CPU usage.
Disadvantages
• HTTP lacks encryption capabilities
Secure Shell Protocol (SSH)
• SSH is a cryptographic network protocol for operating network services securely over an unsecured network.
• It works on a client-server model.
• The SSH protocol is a method for secure remote login from one computer to another. It provides several
alternative options for strong authentication, and it protects the communications security and integrity with
strong encryption. It is a secure alternative to the non-protected login protocols (such as telnet, rlogin) and
insecure file transfer methods (such as FTP).
Secure Socket Layer (SSL)
• SSL provides security to the data that is
transferred between web browser and
server. SSL encrypts the link between a
web server and a browser which
ensures that all data passed between
them remain private and free from
attack.
Simple Network Management Protocol.
• SNMP is a framework used for
managing devices on the internet.
• It provides a set of operations for
monitoring and managing the
internet.
• SNMP has two components Manager
and agent.
• The manager is a host that controls
and monitors a set of agents such as
routers.
• A manager is a host that runs the
SNMP client program while the agent
is a router that runs the SNMP server
program.
DHCP: Dynamic Host Configuration Protocol
• DHCP is a communication protocol that enables network administrators to automate the
assignment of IP addresses in a network.
• DHCP lets network admins distribute IP addresses from a central point and automatically
send a new IP address when a device is plugged in from a different place in the network.
• DHCP works on a client-server model.
ICMP: Internet Control Message Protocol

• ICMP is a network layer supporting

protocol used by network devices to send
error messages and operational
information.
• ICMP is used to announce network errors,
congestion, and timeouts, as well assist in
troubleshooting.
• Source quench message
• Parameter problem
• Time exceeded message
• Destination un-reachable
Address Resolution Protocol
• The Address Resolution Protocol helps map IP addresses to physical machine addresses (or a
MAC address for Ethernet) recognized in the local network.
• A table called an ARP cache is used to maintain a correlation between each IP address and
its corresponding MAC address.
• ARP offers the rules to make these correlations, and helps convert addresses in both
directions.
IP security
• The IPSec is an Internet Engineering Task Force (IETF) standard suite of protocols between 2 communication points across the IP network
that provide data authentication, integrity, and confidentiality. It also defines the encrypted, decrypted and authenticated packets. The
protocols needed for secure key exchange and key management are defined in it.
• Uses of IP Security
• To encrypt application layer data.
• To provide security for routers sending routing data across the public internet.
• Components of IP Security
• [Link] Security Payload (ESP)
• It provides data integrity, encryption, authentication and anti replay. It also provides authentication for payload.
• [Link] Header (AH)
• It also provides data integrity, authentication and anti replay and it does not provide encryption. The anti replay protection, protects
against unauthorized transmission of packets. It does not protect data’s confidentiality.
• [Link] Key Exchange (IKE)
• It is a network security protocol designed to dynamically exchange encryption keys and find a way over Security Association (SA) between
2 devices. The Security Association (SA) establishes shared security attributes between 2 network entities to support secure
communication. The Key Management Protocol (ISAKMP) and Internet Security Association which provides a framework for
authentication and key exchange.
Syslog
• Syslog stands for System Logging Protocol and is a
standard protocol used to send system log or event
messages to a specific server, called a syslog server.
It is primarily used to collect various device logs
from several different machines in a central
location for monitoring and review.

• The protocol is enabled on most network

equipment such as routers, switches, firewalls, and
even some printers and scanners. In addition,
syslog is available on Unix and Linux based systems
and many web servers including Apache. Syslog is
not installed by default on Windows systems, which
use their own Windows Event Log. These events
can be forwarded via third-party utilities or other
configurations using the syslog protocol.
 SMTP: Simple Mail Transfer Protocol
• SMTP is a protocol designed to transfer electronic mail reliably and efficiently. SMTP is a push protocol and is
used to send the emailSMTP transfers emails between systems, and notifies on incoming emails. Using SMTP, a
client can transfer an email to another client on the same network or another network through a relay or
gateway access available to both networks.
Post Office Protocol
• The Post Office Protocol is also an email protocol. Using this protocol, the end user can
download emails from the mail server to their own email client. Once the emails are
downloaded locally, they can be read without an internet connection. Also, once the emails
are moved locally, they get deleted from the mail server, freeing up space.
• POP3 is the latest version of the Post Office Protocol.
Media Access Control (MAC) Address
• MAC Addresses are unique 48-bits hardware number of
a computer, which is embedded into a network card
(known as a Network Interface Card) during the time of
manufacturing.
• MAC Address is also known as the Physical Address of a
network device.
• In IEEE 802 standard, Data Link Layer is divided into two
sublayers
• Logical Link Control(LLC) Sublayer
• Media Access Control(MAC) Sublayer
COMMON PROTOCOLS AND
PORTS
• A port is a virtual point where network
connections start and end. Ports are
software-based and managed by a
computer's operating system. Each port is
associated with a specific process or service.
 COMMON PROTOCOLS AND PORTS
• Ports 20 and 21: File Transfer Protocol (FTP). FTP is for transferring files between a client and a server.
• Port 22: Secure Shell (SSH). SSH is one of many tunneling protocols that create secure network connections.
• Port 25: Simple Mail Transfer Protocol (SMTP). SMTP is used for email.
• Port 53: Domain Name System (DNS). DNS is an essential process for the modern Internet; it
• matches human-readable domain names to machine-readable IP addresses, enabling users to load websites and
applications without memorizing a long list of IP addresses.
• Port 80: Hypertext Transfer Protocol (HTTP). HTTP is the protocol that makes the World Wide Web possible.
• Port 123: Network Time Protocol (NTP). NTP allows computer clocks to sync with each other, a process that is essential
for encryption.
• Port 179: Border Gateway Protocol (BGP). BGP is essential for establishing efficient routes between the large networks
that make up the Internet (these large networks are called autonomous systems).
• Autonomous systems use BGP to broadcast which IP addresses they control.
• Port 443: HTTP Secure (HTTPS). HTTPS is the secure and encrypted version of HTTP. All HTTPS web traffic goes to port
443. Network services that use HTTPS for encryption, such as DNS over HTTPS, also connect at this port.
• Port 500: Internet Security Association and Key Management Protocol (ISAKMP), which is part of the process of setting
up secure IPsec connections.
• Port 3389: Remote Desktop Protocol (RDP). RDP enables users to remotely connect to their desktop computers from
another device
What is an IP Address?
• All the computers of the world on the Internet network communicate with each other with underground or underwater
cables or wirelessly. If I want to download a file from the internet or load a web page or literally do anything related to the
internet, my computer must have an address so that other computers can find and locate mine in order to deliver that
particular file or webpage that I am requesting. In technical terms, that address is called IP Address or Internet Protocol
Address.
Types of IP Address
• 1. IPv4
• Internet Protocol version 4. It consists of 4 numbers separated by the dots. Each number can be from 0-255 in decimal
numbers. But computers do not understand decimal numbers, they instead change them to binary numbers which are
only 0 and 1. Therefore, in binary, this (0-255) range can be written as (00000000 – 11111111). Since each number N can
be represented by a group of 8-digit binary digits. So, a whole IPv4 binary address can be represented by 32-bits of binary
digits. In IPv4, a unique sequence of bits is assigned to a computer, so a total of (2^32) devices approximately =
4,294,967,296 can be assigned with IPv4.
Classes of IPv4 Address:
• There are around 4.3 billion IPv4 addresses its difficult finding an address from 4.3 billion addresses. For easier
management and assignment IP addresses are organized in numeric order and divided into the following 5 classes
IPV6
• IPv6: there is a problem with the IPv4 address. With IPv4, we can connect only the above number of 4 billion devices
uniquely, and apparently, there are much more devices in the world to be connected to the internet. So, gradually
we are making our way to IPv6 Address which is a 128-bit IP address. In human-friendly form, IPv6 is written as a
group of 8 hexadecimal numbers separated with colons(:). But in the computer-friendly form, it can be written as
128 bits of 0s and 1s. Since, a unique sequence of binary digits is given to computers, smartphones, and other
devices to be connected to the internet. So, via IPv6 a total of (2^128) devices can be assigned with unique
addresses which are actually more than enough for upcoming future generations.
• What is Subnetting?
• Subnetting is the practice of dividing a network into two or smaller networks. It increases routing efficiency,
which helps to enhance the security of the network and reduces the size of the broadcast domain.
• What is Subnet Mask?
• A subnet mask is a 32 bits address used to distinguish between a network address and a host address in IP
address. A subnet mask identifies which part of an IP address is the network address and the host address
 What is a static IP address?
A static IP address is simply an address that doesn't change. Once your device is assigned a static IP address,
that number typically stays the same until the device is decommissioned or your network architecture changes.
Static IP addresses generally are used by servers or other important equipment.
What is a dynamic IP address?
As the name suggests, dynamic IP addresses are subject to change, sometimes at a moment's notice. Dynamic
addresses are assigned, as needed, by Dynamic Host Configuration Protocol (DHCP) servers.
We use dynamic addresses because IPv4 doesn't provide enough static IP addresses to go around. So, for
example, a hotel probably has a static IP address, but each individual device within its rooms would have a
dynamic IP address.
Private IP and Public IP address
• Private IP address of a system is the IP address that is used to communicate within the same network. Using
private IP data or information can be sent or received within the same network.
• Public IP address of a system is the IP address that is used to communicate outside the network. A public IP
address is basically assigned by the ISP (Internet Service Provider).
THANK
YOU