What is TCP/IP?
TCP and IP protocols refer to two network protocols or data transmission methods used on the Internet ). They are transmission control protocol and Internet connection protocol. These two protocols are part of many TCP/IP protocol groups.
The protocols in TCP/IP protocol groups ensure data transmission over the Internet and provide almost all services used for Internet access. These services include: the publishing of the email transmission file transmission newsgroup to access the World Wide Web
The TCP/IP protocol consists of two protocols: the Protocol at the network layer and the protocol at the application layer.
Network Layer Protocol
The Network Layer Protocol manages data transmission between discrete computers. These protocols do not work on the system surface. For example, the IP protocol provides information packet transmission methods for users and remote computers. It works on the basis of a lot of information, such as the IP address of the machine. Based on the machine IP address and other information, the IP address ensures that the information package can reach the target machine correctly. Through this process, IP and other network layer protocols are used for data transmission. Without a network tool, you cannot see the IP address that works in the system.
Application Layer Protocol
On the contrary, application-layer protocol users can see it. For example, you can see the file transfer protocol (FTP. A user requests a connection to another computer to transmit a file. After the connection is established, the user starts to transmit the file. During transmission, part of the exchange between the user and the remote computer is visible.
Remember this summative sentence: TCP/IP refers to a group of protocols that make it easier for machines on the Internet to communicate with each other.
How does TCP/IP work?
TCP/IP works by using the protocol stack. This stack is a collection of all protocols used to complete one transmission between two machines. This is a path through which data is transferred from one machine to another .) Stack is divided into five layers. The following figure shows the concept of a layer.
After the data passes through the steps shown in the figure, it passes from one machine on the network to another. In this process, a complex error detection system is executed on the starting machine and target machine.
Each layer of the stack can receive or send data from adjacent layers. Each layer is associated with many protocols. At each layer of the stack, these protocols are working. The next part of this chapter will analyze these services and how they are linked in the stack. At the same time, we also analyze their functions, the services they provide, and their relationship with security.
Protocol Introduction
We already know how data is transmitted using the TCP/IP protocol stack. Now carefully analyze the key protocols used in the stack. Start with the network layer protocol.
Network Layer Protocol
Network-layer protocols are those that make transmission transparent. In addition to some tools used to monitor system processes, you cannot see these protocols.
Sniffers is the device that can see these steps. This device can be software or hardware, and she can read every packet sent over the network. Sniffers is widely used to isolate problems that are invisible to users and cause network performance degradation. Sniffers can read any activity that occurs in the network layer protocol. Moreover, as you have already guessed, sniffers may pose a threat to security issues. See Chapter Sniffers.
Important network layer protocols include:
Address Resolution Protocol (ARP)
Internet Control Message Protocol (ICMP)
Internet Protocol (IP)
Transmission Control Protocol (TCP)
The following is a brief introduction.
Address Resolution Protocol ARP
The IP Address Resolution Protocol maps IP addresses to physical addresses. This is especially important when information passes through the network. Before a message or other data is sent, It is packaged into an IP address package or an information block suitable for Internet transmission. This includes the IP addresses of the two computers. Before this package leaves the computer, you must find the target hardware address. This is where ARP was originally used.
An ARP request message is broadcast on the Internet. A request is received by a process, which replies to the physical address. This reply message was received by the original broadcast message computer, and the transmission process began.
ARP design includes a cache. To understand the concept of caching, consider: many modern HTML browsers such as Netscape or Microsoft Internet
Explorer) uses a cache. Cache is a part of a disk. Items that are frequently accessed from the Web, such as buttons or general graphics, exist in the cache ). This is logical, because when you return to these homepages, these things no longer have to be loaded from a remote computer. Loading from the cache is faster.
Similarly, ARP includes a cache. In this way, the hardware address of the network or remote computer is stored and prepared for subsequent ARP requests. This saves time and network resources.
However, it is precisely because of the cache that security is caused.
This is not the most important security issue for network security. However, the address cache is not only in ARP, but also in other examples.) it does cause security problems. Once these addresses are saved, hackers may forge a remote connection. They are very welcome to the cached addresses. Internet Control Message Protocol ICMP
The Internet Control Message Protocol is used to handle errors and control messages during transmission between two computers. It allows these hosts to share information. In this regard, ICMP is an important tool used to diagnose network problems. An example of using ICMP to collect diagnostic information is as follows:
Shutdown a host
One gateway is congested and not working properly
Other network failures
Perhaps the most famous ICMP network tool is ping. Ping is usually used to determine whether a remote machine is on, and data packets are sent from the user's computer to the remote computer. These packages are usually returned to the user's computer. If no data packet is returned to the user's computer, the ping program generates an error message indicating that the remote computer is shut down.
Application Layer Protocol
The application layer protocol provides application services for users. It is built on the network layer protocol.
Telnet
Telnet in RFC
The purpose of the Telnet protocol is to provide a common, bidirectional, eight-byte-oriented communication mechanism. It was initially designed to allow interaction between terminals and terminal-oriented processes.
Telnet not only allows a user to log on to a remote host, but also allows the user to execute commands on that computer. In this way, a person from Los Angeles can Telnet to New
A machine in York and running programs on this machine are the same as users in New York.
For users familiar with Telnet, the operations are the same as those on the BBS interface. Telnet is an application that provides database access based on the terminal font. For example, directories in libraries of more than 80% of universities can be accessed through Telnet.
Even if GUI applications are widely used, Telnet, a character-based application, is still quite popular. There are many reasons for this. First, Telnet allows you to implement various functions such as sending and receiving emails at a low cost of network resources ). Implementing secure Telnet is very simple. There are many such programs, common is Secure Shell.
To use Telnet, you must specify the command to start the Telnet client and the name of the target host. In Linux, you can:
$ Telnet internic.net
This command starts the Telnet process and connects to internic.net. The connection may be accepted or rejected, which is related to the configuration of the target host. In UNIX, the Telnet command was built in a long time ago. That is to say, Telnet has been included in the UNIX release version for ten years. However, not all operating systems use Telnet as the built-in Telnet client.
File Transfer Protocol FTP
The file transfer protocol is a standard method for transferring files from one system to another. The target is clearly written in RFC 0765.
The goal of FTP is 1) to promote file and program sharing; 2) to encourage indirect and implicit use of remote computers; 3) to prevent users from having to face different file storage systems used between hosts, 4) efficiently and reliably transfers files. FTP, although users can use it directly through terminals, is designed to be used by other programs.
For about 20 years, researchers have investigated a wide range of file transfer methods. FTP has undergone many changes. The first definition was made in 1971. For the entire definition, see RFC 114.
How does FTP work?
FTP file transfer is applied in the customer/service environment. Request the machine to start an FTP client. This sends a request to the target file server. Typically, this requirement is sent to port 21. After a connection is established, the target file server must run an FTP service software.
FTPD is a standard FTP service daemon. Its function is simple: reply to the connection requests received by inetd and meet these requests for file transfer. This daemon is a standard in many release versions of UNIX.
FTPD waits for a connection request. When such a request arrives, FTPD requests the user to log on. The user provides its legal login name and password or anonymous login.
Once the logon is successful, you can download the file. In some cases, users can upload files if the server security permits.
SMTP
The purpose of Simple Mail transmission protocol is to make mail Transmission reliable and efficient.
SMTP is a relatively small and effective protocol. The user sends a request to the SMTP server. A two-way connection is established later. The customer sends a MAIL command indicating that it wants to send a MAIL to a recipient somewhere on the Internet. If SMTP permits this operation, a confirmation is sent back to the client. Then, the session starts. The customer may inform the recipient of the name, IP address, and message to be sent.
Although SMTP is quite simple, mail service is the source of endless security vulnerabilities.
The SMTP service is built in Linux. Other network operating systems also provide some forms of SMTP.
Gopher
Gopher is a distributed file acquisition system. It was initially used as Campus Wide Information
System is implemented at Minnesota University. It is defined as follows:
Internet
The Gopher protocol was initially designed for the most Distributed File Sending System. Documents are stored on many servers. The Gopher client software provides customers with a hierarchical item and directory, which looks like a file system. In fact, the Gopher interface is designed to be similar to a file system, because the file system is the best model for finding files and services.