Internetworking ISO Layers and Protocols

http://www.wilsonmar.com/1isotp.htm

Site Map

ISO Layers and Protocols

The ISO-OSI 7 layer Reference Model (officially known as ISO Standard 7498, 1984, 7498-1:1994. and CCITT standard X.200) was developed by the Internet Architecture Board and drafted by the IETF.

Topics this page: TCP/IP Architecture Ports More... Related: Web

About this site

WilsonMar.com

It provides a common basis for the coordination of standards development for the purpose of systems interconnection, while allowing existing standards to be placed into perspective within the overall Reference Model. The model identifies areas for developing or improving standards. It does not intend to serve as an implementation specification.

Network Speeds TCP/IP Addressing Data Communications IT Security Countermeasures Cryptography Secure Emails

Homer Simpson asks Welcome to the Internet, my friend. How can I help you?

Memonic ISO-OSI Layers

All

Microsoft

TCP/IP
4. Application messages or streams

Protocol
HTTP, S/MIME, Winsock, FTP, NCP, RPC, MS-SMB, MS-CAPI , SET , WAE DNS , TFTP, DHCP, BOOTP, SNMP , RLOGIN, SMTP, MIME, NFS, FINGER, Telnet, XDR NetBIOS/NBT, LPP of X.700 CMIP( CMOT/), Apple
WSP / WTP

API (Applications 7. Application Layer Processes using ports Programming within sockets Interface)

People

6. Presentation Layer

Encoding and Formatting

File System Drivers: Network clients using Network File, print, & messaging services

Seem

5. Session Layer

Channels of communication TDI (Transport Driver 3. Transport of Device Interface) protocol packets

To

4. Transport Layer

Sequence & divide/re-combine packets to assure reliability of connections Need

NetBEUI, DLC, SPX/ NWLink, TCP, UDP, RARP, SOCKS, SSL3/ TLS1, PCT, SChannel, WTLS, WDP IP, ICMP, IGMP, ARP, RTMP, IPX/ NWLink, ODI, NLSP, IPSec AH, ESP, & IKE, QoS, BAP? RIP, IGRP, EIGRP, ATM, OSPF, SLIP, PPP, PPTP, L2TP, HDLC X.25 Frame Relay

3. Network Layer NDIS (Network Driver 2. Internet IP Addressing & Routing Interface Spec) datagrams Datagrams through routers

Data

2. Data Link Layer

802 sublayers: 1. Logical Link Control (LLC) and 2. MAC sublayer

Physical (Network Interface Cards/Adapters)

1. Network Access Interface frames map logical IP addresses to physical addresses

1 de 10

28/04/2013 14:59

Internetworking ISO Layers and Protocols

http://www.wilsonmar.com/1isotp.htm

Memonic ISO-OSI Layers

through switches Processing
1. Physical Layer

Microsoft

TCP/IP
of devices.

Protocol

Bits over transmission media cables

The table above show how the OSI model corresponds to the 4 Layers of the 1981 TCP/IP Core Transport Prototol Conceptual model. Both provide virtual connections this way: Each layer uses the services of the layer below it to transparently send data to a peer layer in a receiving machine. This conceptually hides the technical intricacies of lower layers. Headers are appended (added) to each data package (service data units) by each middle layer. Headers are removed by the same layer in the receiving computer.
These models provide a common basis for various vendors to use in describing how their products conceptually fit with other products already on the market. For example, IPSec runs at Layer 3, so can carry only IP packets. PPTP and L2TP run at Layer 2, so they can carry packets from other protocols (the set of rules governing communication between technical components). Cisco calls the upper 4 OSI layers the Host layers responsible for accurate data delivery between end devices. Cisco calls the lower 3 OSI layers the Media layers responsible for physical delivery of data over the network.

Application Layer Here user applications access file (database), print, messaging (email), and other services plus support error recovery.

A socket is the combination Microsoft v3.0 of NetBIOS was first developed in 1983 of IP address and port. The by Sytek for IBM. It has a flat namespace. Its Windows Sockets API access Broadcast makes setup easier. ports in the SERVICES file. (RFC 1700) BSD UNIX was Function Command NT Winnt\ the first to open-reador Server System32\ write-close sockets to Diagnostic Service Files perform I/O. My 15 Name NBTSTAT -N Among the 1,024 ports user/16 Registration HOSTNAME historically assigned by the system Request, IANA and tracked by char. Response, Portsdb.org, Richard Ackerman, NetBIOS Renewal, Network Ice, and Neohapsis: Name with Release seg. Scope Server Port ID Service FTP data to client FTP for binding TFTP 20 21 69 ? My IP Address, Subnet, Gateway?
IPCONFIG /all Return of subnet 0.0.0.0 indicates a duplicate address

Secure Shell 22 (SSH)

2 de 10

28/04/2013 14:59

Internetworking ISO Layers and Protocols

http://www.wilsonmar.com/1isotp.htm

Telnet remote logins SMTP time SIMAP (IMAP over SSL) SSMTP (SMTP over SSL) DNS [RFC 1034 & 1035] DHCP Whois Finger

23

25 37 993

Register, Renew, Release associations of IP Address with NetBIOS Name

NET USE X: \\server\ ... UNC NBTSTAT -R to puRge, -C

1. Local cache 2. WINS Windows

Internet Name Server (an RFC 1001/2 NetBios Name Server)

465

to show, then CP, Services, Tools, WINS Manager, Mappings, Show Database

sends an internet group (of up to 25 domain names) to clients Dynamic file Wins\
Wins.mdb,
Winstmp.mdb, J50.log, J50.chk

53

3. Local network broadcast 4. Static Drivers\Etc\ LMHOSTS.SAM <IP

address of> <master browser server NetBIOS name> #PREload #DOM: <remote PDC & BDC NetBIOS name>

68 43 79
NSLOOKUP local or <hostname> remote Hostname gives DNS server & IP (Fully address for Qualified

HTTP Server 80 Auth POP3 SPOP3 (POP3 over SSL) NNTP Network News Transfer Protocol RPC RMI registry NetBIOS session service 113 110 995

1. same as local? 2. local (UNIX) HOSTS. file 3. DNS Server

(requested at 5, 10, 20, 40, 5, 10, 20 seconds) resolved iteratively by domain. File CACHE.DNS

Domain Name)

to IP Address 119

PING <hostname>

4. WINS NetBIOS-IP cache 5. Local network Broadcast Network to local network Domain ID's TCP/IP and IPX/SPX binding to NIC MAC addresses Service name to Sockets Port Name
ARP

NETWORKS.

135,139,445 1099 137 - 139

Direct Host TCP/UDP (NetBIOSv2) 445 IMAP SQLSRV AD-LDAP LDAP NIX-specific ports 143 156 389 1002 443

PROTOCOL. NWLINK (RPF 1060) CSNW Client Services for NetWare SERVICES.

NETSTAT

HTTPS (SSL) 512 - 515 HTTP HTML Browsers 1210

3 de 10

28/04/2013 14:59

Internetworking ISO Layers and Protocols

http://www.wilsonmar.com/1isotp.htm

SOCKS 1080 Proxy server NIX-based NFS mySQL Oracle PnP IRC 2049 3306 1521 5000 6667

Web caching 8080 proxy servers Total 65,536 ports (16 bit numbers)
To check ports used, use
netstat -a .

Presentation Layer

Network redirector makes remote printers appear attached character set (ASCII - EBCDIC) conversion interpretation of graphics commands data encryption (scrambling and descrambling the data as it is transmitted and received). data compression (into zip format) In Windows 9x and before, at the session layer TCP/IP must access the network using NetBT (NetBIOS over TCP/IP).
Windows 2000 uses WinSock sockets. Session layer manages checkpoints to limit re-transmission (which improves thruput).

name-to-station address Session layer translation, enable two security authentication, computers to connection ID establish, establishment, synchronize, data transfer (using maintain, then session), end a session. acknowledgements, and connection release. Transport layer ensures data is delivered error-free by dividing and combining message segments in sequences; resolving logical address/names by starting sessions of TCP or UDP services used for establishing end-to-end connection between

NetBEUI is reroutable outside a segment only on Connection-oriented TCP IBM Token Ring networks, not on TCP/IP networks. It Transmission Control starts on Windows 2000 using registry entry Protocol [RFC 793] use 3-way handshaking HKLM\System\Servicse\NBF\Parameters (acknowledgments and responses) to start and end The NBF is for NetBIOS Frame Microsoft's each session: implementation of NetBEUI v3, which overcomes the 1. Initiating host sends data segment with
synchronization SYN flag = on

original 254-session connection limit. DLC (Data Link Control protocol) used by HP JetDirect cards. It is reroutable on TCP/IP networks. UDP (User Datagram Protocol) [RFC 768] supplies IP address & port number of destination makes for a connection-less oriented link with no guarantees that packets were delivered. This is used by applications that don't require ACK of receipt of (usually small amounts of) data. This is faster because of no acknowledgement overhead. UDP port 137 - NetBIOS-NS name service UDP Port 138 - NetBIOS-DGM datagram service

2. Receiving host acknowledges with a segment having SYN=on Acknowledged Sequence number of the starting byte for a segment it may send.

4 de 10

28/04/2013 14:59

Internetworking ISO Layers and Protocols

http://www.wilsonmar.com/1isotp.htm

Transport Layer peer computers. sends acknowledgement for data packets received; manages error and flow control.
Multicasting? Download TDIMon.exe to monitor TCP/UDP Protocol stack I/O activity TCP/IP Tutorial

ACK byte sequence number of the next segment it expects to receive. 3. Requesting host sends back a segment with the acknowledged sequence number and ACK number.
in order to guarantee the delivery of packets, in the proper sequence, AND provides a checksum feature that validates both the packet header and its data for accuracy. To reduce the impact on performance, most hosts send an acknowledgment for every other segment. Netmon Sniffers capture data that travels across the network as packets, each contain:

UDP Port 69 - TFTP Trivial FTP UDP Port 15 - NETSTAT to view a list of all current TCP/IP connections UDP port 161 - Under SNMP Simple Network Management Protocol methods, agents (wiring hubs, routers, bridges) act as traps to store information about significant events in a MIB (Management Information Base). SNMP managed devices respond to polling from a Microsoft SMS Systems Management Server in its SNMP community or generate interrupt messages. UDP port 162 - SNMP traps received. UDP Header Packet Structure: Source Port, Destination Port, Message Length, Checksum

Source address Destination address Protocol headers The actual data payload A cyclical redundancy check, or CRC Network Internet Layer 3 Handles logical addressing and translates logical names into physical addresses.
Encapsulates packets into datagrams (small networktransportable packets) using routing algorithms. Concerned with routing -addressing and looking for the best path on which to send

Connectionless IP sends data to destinations over one or more gateway hops. Gateways: Max 126 character URL Domain name
ping IPaddress to verify connections (127.0.0.1 loopback to itself) Use ROUTE.EXE to configure static gateways. route -add [destination network address] mask [netmask] [gateway]. RIP Routing Internet Protocol and OSPF Open Shortest Path First are two common routing protocols Diskless workstations send RARP Reverse Address Resolution Protocol requests to find IP addresses for a known MAC address. When a host requests communications to be initiated, ARP (Address Resolution Protocol [RFC 826]) obtains hardware MAC (Media Access Control) addresses of destination hosts by examining subnet mask, Routing table, default gateway. To collect data packets to analyse them with a spreadsheet program, use Performance Monitor. 1. ARP checks the subnet mask to see if the address is local or remote. 2. If Local 1. host ARP checks own cache for the address of the destination host. NT maintains a separate ARP cache for each IP address requested: Dynamic entries have a potential lifetime of 10 minutes but are automatically deleted after 2 minutes unless Registry parameter ARPCacheLife overrides this

5 de 10

28/04/2013 14:59

Internetworking ISO Layers and Protocols

http://www.wilsonmar.com/1isotp.htm

information. Prioritizes data and other Quality of Service (QoS) functions.

default # of Seconds. Static entries remain in cache until computer is restarted To manually check the cache:
arp -s IPaddress MACaddress arp -a or arp -g

To add a static entry to the ARP cache: Entry can be manually deleted with arp -d 2. ARP uses address FF FF FF FF FF FF to broadcast a request for the address to all local hosts on the same physical node 3. Each host on the local network reads the broadcast and ignores it if it doesn't own the IP address requested. If the host sees that it owns the IP address requested, the host sends its hardware address in a reply to the source host. 3. If Remote Address Resolution: 1. Source host checks its local ARP routing table for a route to the destination host or network. 2. If no mapping is found, ARP broadcasts a request to default gateways. If a gateway router responds with the destination host's address, ARP sends the data packet to the responding router. The router then does its own Resolution. 3. After destination host receives the request, it formulates an ICMP echo reply vice versa. To manually retrieve system information from a remote computer, finger a remote IP address which supports the finger service. To determine what route a packet takes to get from the source to the destination, use Windows TRACERT or UNIX traceroute or Net.Medic from Vital Signs Software. 4. ICMP (Internet Control Message Protocol [RFC 792] by Jon Postel specifies the Error and Query IP datagrams sent by a gateway: responding to a Ping Echo Request with an Echo reply (The default ping packet-size is set to 64 bytes) or host reporting Destination Unreachable errors reporting IP datagrams (Time Exceeded) timeout (TTL=zero) redirecting hosts to use a router with a better path responding to network congestion by requesting flow control Source Quench to a Host to slow down rate of transmission But multihomed NT's with several NIC cards used as Routers drop packets and do not send Source Quench messages!
Note: ICMP messages are not generated concerning multicast frames. ICMP Type Numbers assigned by IANA

5. IGMP (Internet Group Management Protocol [RFC 1112] is used by IP hosts to send (unreliable) IP datagrams to inform multicast routers that hosts of a specific multicast group are available on a given network. Data Link Layer 2 Defines the logical network topology through which frames travel with CRC for error checking. Bridges extend the network and can translate protocols between two mixed

Organizes raw data protocol networks. into a logical Switches (Intelligent hubs such as Cisco's Catalyst product family) contain structure of Application-Specific Integrated Circuits (ASICs) to route Point to Point to individual frames workstations. (addressable units of information) thru Switches join groups of ports on a LAN switch to form a Virtual LAN (VLAN). This

6 de 10

28/04/2013 14:59

Internetworking ISO Layers and Protocols

http://www.wilsonmar.com/1isotp.htm

NIC's fed by Switches and Bridges. Concerned with physical (as opposed to network logical) addressing, network topology, line discipline (how end systems will use the network link), data transmission synchronization: ordered delivery (sequencing) of frames, Flow control: waits for a positive ACK. Performs error notification.

segmentation separates users and services into smaller groups to reduce broadcast traffic and wasted bandwidth. 2 sub-layers:

1. The lower MAC Media Access Control sublayer provides the 48 bit (6 octet) Physical Address such as hex 00-10-5A-E2-EF-81 burnt into the ROM on each NIC ( Network Interface Card). The first octet, the OUI (Organizationally Unique Identifier) is issued by the Institute of Electrical and Electronic Engineers (IEEE). For example, 08.00.20 is for Sun Microsystems; 00.00.0C is for 3Com. 2. The higher LLC Logical Link Control software driver sublayer ensures that each frame is encapsulated in the correct frame type (such as IEEE 802.2). Two types of LLC sub-layer frames, both containing source and distination Service Access Point (SAP). The Subnetwork Access Protocol (SNAP) sets the Destination and Source SAP fields to AA hex, the Control field to 03, Type code to identify itself and whether the frame is backward compatible to Ethernet Version II. This is used by Apple/Novell's ODI Open Driver Interface. Microsoft's NDIS Network Device Interface Specification uses SAP. Carrier Sense Multiple Access CSMA/CA Collision Avoidance sends a signal before broadcasting. Is used by Appletalk. CSMA/CD Collision Detection (a contention method) is used by Ethernet (IEEE 802.3) sends a signal after listening for 9.6 microseconds. If the device detects a collision again, it does exponential back-offwaiting twice as long as the last try to re-transmit the message. Because of attenuation, collision-detection sensing is limited to a distance of 2500 meters (1.5 miles). Token Bus 802.4 & Token Ring IEEE 802.5 for graceful degredation under load LAN Local Area Network: WAN Wide Area Network ( Explorer Internet (Windows Explorer Neighborhood) requires Windows NT RAS Remote Network Neighborhood) Access Service: baseband Ethernet Serial lines (RFC 1055) (with modems) over signaling uses the entire dial-up, digital, or leased lines. bandwidth. Broadband NT4 doesn't support obsolete UNIX SLIP Serial (802.7) signaling uses only Line Internet Protocol clients PPP Point to Point part of the bandwidth, datalink protocol [RFC 1547 & 1661] is more allowing several signals to secure. L2F. L2TP (Level 2 Tunneling Protocol) [ be sent at the same time RFC 2661] supported by Win2K is even better. (like cable TV). IANA parameters 1972-3, Robert modems Metcalfe (later Packet-switched networks: co-founder of 3Com) X.25 and colleagues at the Frame Relay Xerox Palo Alto ATM Asynchronous Transfer Mode Research Center constantly transmits delay-sensitive audio, (PARC) designed and video, data in cells of 53 octets (5 octet announced the first header) over fiber optic or copper between Ethernet network, switched PPP circuits of a IEEE 802.9 named the ALTO BISDN Broadband Integrated Services ALOHA Network. Digital Network mbone. Programmers use September 1980: CAPI to access ISDN cards. Ethernet II 10base5 AS/400 Connectivity thicknet thick coax Network Speeds from 2.5 m to 500 m (8.25 to 1,650 feet)

Physical Layer 1 Establishes, maintains, and terminates pointto-point data links.

Signal Encoding: Puts raw data bits on the wire and pulls them off the transmission medium. Cables, Connectors, Terminators, Transeivers, Repeaters, Passive Hubs, Active Hubs, Switches send data to specific lines Controls the transmission technique, pin layout, and connector type. Concerned with

7 de 10

28/04/2013 14:59

Internetworking ISO Layers and Protocols

http://www.wilsonmar.com/1isotp.htm

voltage levels, data rates, timing of voltage changes. Cabling

The BNC (British Naval Connector) connectors are attached with vampire taps . Transceiver box with Male DIX connectors attach to the server. 1985: 10base2 thinnet IEEE 802.3 thin coax from 2.5 m to 180 m (1992 RFC 1340) bus topology of RG-58AU coaxial cable threads with no more than 30 devices (T-connectors) and electrical Continuity of 50 ohms with a 50 ohm resistor terminator at each end (of which ONLY ONE is earthed). (25+ Ohm impedence between center & shell of T connectors) Minimum 1 meter and maximum 300 meters per cable segment. Volt meters should see -.9 to -1.2 for carrier sense. Variation from this indicates that one or more cards are ignoring the carrier signal. high = -.2 to -.5, low = -1.6 to -1.9, -1.7v on streaming (continuously sending) NIC's. Noise should be lower than 0.04v per cable segment when all workstations are turned off. For both types: Max 4 repeaters (3 with nodes) among 5 segments. 10 Mbps (10baseT) star Hub with (using only lines 1,2,3,6 of) RJ-45 connectors and 22, 23, or 26 AWG American Wire Guage EIA Electrical Industries Association Category 5 data grade UTP Unshielded Twisted Pair cables

8 de 10

28/04/2013 14:59

Internetworking ISO Layers and Protocols

http://www.wilsonmar.com/1isotp.htm

carrying 85 to 110 ohms as individual segments. 100 Mbps VG Voice Grade AnyLAN of 4 pairs (8 lines) of cat 3-5 UTP max. 250 meters to a cascaded star topology. Uses demand 2 priority access and supports Token Ring packets. 100 Mbps (100baseT4) VG Voice Grade AnyLAN of 4 pairs (8 lines) of cat 3-5 UTP max. 250 meters to a cascaded star topology. Uses demand 2 priority access and supports Token Ring packets. 100baseTX of two pairs cat 5 UTP 10baseFL to Fiber Optic star Hub concentrators of up to 1,024 segments max. 2,000 meters each Segmentation Monitor traffic and TCP/IP statistics with command NETSTAT -e
-s

IEEE 802.3z and 802.3ab standards for Gigabit Ethernet have been finalized. IEEE 802.5 Token logical Ring uses 9 pin connectors on STP cable set at 4 or 16Mbps reaching IBM 8228 MSAU's Multi Station Access Units . ArcNet token ring max. 121 m between max. 32 stations on UTP 105 Ohm impedence or max. 303 m between 8 nodes on RG-62/U coax cable with 93 Ohm terminators. FDDI IEEE 802.8 sends tokens synchronously (without waiting) thru dual or single MIC's Medium Interface Connectors around

9 de 10

28/04/2013 14:59

Internetworking ISO Layers and Protocols

http://www.wilsonmar.com/1isotp.htm

primary and counterrotating secondary rings up to 13 km. Fiber Optic Testing MAN Metropolitan Area Network (TV cable) IEEE 802.6 Wireless IEEE 802.11 RadioLAN ATM is an implementation of the Broadband/ISDN protocol. It defines fixed cells, each 53 bytes (5 byes for routing information and 48 bytes data). Infrared Data Association (IrDA) architecture is for the bottom 5 layers. For More Information ... Take the Brainbench certification test on Networking Concepts These notes relate to skills being measured in the MCSE TCP/IP Exam. RFC's Requests For Comments listed on the IAB Internet Architecture Board Official Protocol Standard Classifications: Required, Recommended, Elective, Limited Use, Not Recommended Maturity Levels: Proposed, Draft, Standard Cisco Systems' Internetworking Technology Overview and Troubleshooting Guide, and Glossary Patrick de Boer's Architectural Overview Essentials of Networking slide show OSPF Authentication codes defined by IANA

Get this print framed for your wall!

Portions Copyright 1996-2010 Wilson Mar. All rights reserved. | Privacy Policy | Last updated

Top of Page Your rating of this page: Low High Your family name: Your location (city, country): Your Email address: Your first name:

Your comments on this topic, please:

Thank you!

Email me updates Publish this comment publicly

10 de 10

28/04/2013 14:59