OSI Model is Layered abstract Representation, created as a guide line for network Protocol Design.

Application AL protocol establish consistent rule for exchanging data between applications to services
loaded on participating devices.
Presentation
Session
Transport
Network
Data Link
Physical

SSH, Telnet and Rlogin are network protocols that allow you to log into a multi-user PC from
another computer, over a network.From your PC, you can run a client to make a network
connection to the other computer (the server). The network connection carries your keystrokes
and commands from the client to the server, and carries the server’s responses back to you.

Operating systems like Unix have a command-line interface similar to ‘Command Prompt’ or
‘MS-DOS Prompt’ in Windows. The system prints a prompt, where you can type commands for
the system to execute.SSH, Telnet or Rlogin are very useful when you want to access a unix or
linux server from your PC.

Unlike Unix, computers running windows operating system, have their own ways of networking
among themselves, and you may not find the need to use any of these remote login protocols.

How do SSH, Telnet and Rlogin differ?

 SSH stands for ‘secure shell’ and it is a relatively new high-security protocol. It uses
strong cryptography to protect your connection against eavesdropping, hijacking and
other attacks. Telnet and Rlogin are both older protocols offering minimal security.
 Both SSH and Rlogin allow you to log in to the server without having to type a password.
However Rlogin’s method of doing this is insecure, and can allow an attacker to access
your account on the server. SSH’s method is much more secure, and breaking it requires
the hacker to gain access to your PC (client machine).
 SSH allows you to connect to the server and automatically send a command, so that the
server will run that command and then disconnect. So you can use it in automated
processing.

While it is advisable to use SSH if you are connecting to the server across the open Internet, you
can use Telnet or Rlogin only if your client and server are both behind a good firewall.

Telnet
Telnet is a network protocol used on the Internet or local area networks to provide a bidirectional
interactive text-oriented communications facility using a virtual terminal connection.

The Telnet program runs on your computer and connects your PC to a remote multi-user PC or
server on the network. You can then enter commands through the Telnet program and they will
be executed as if you were entering them directly on the server console. This enables you to
control the server and communicate with other servers on the network. To start a Telnet session,
you must log in to a server by entering a valid username and password. Telnet is a common way
to remotely control Web servers. So, the program which implements TELNET acts as a terminal
emulation program.

On the Web, HTTP and FTP protocols allow you to request specific files from remote
computers, but not to actually be logged on as a user of that computer. With Telnet, you log on
as a regular user with whatever privileges you may have been granted to the specific application
and data on that computer.

Telnet is a client-server protocol, based on a reliable connection-oriented transport. Typically

this protocol is used to establish a connection to Transmission Control Protocol (TCP) port
number 23, where a Telnet server application (telnetd) is listening.

Telnet is most likely to be used by program developers and anyone who has a need to use
specific applications or data located at a particular host computer.

Security

When Telnet was initially developed in 1969, most users of networked computers were in the
computer departments of academic institutions, or at large private and government research
facilities. In this environment, security was not nearly as much of a concern as it became after
the bandwidth explosion of the 1990s. The rise in the number of people with access to the
Internet, and by extension, the number of people attempting to hack other people's servers made
encrypted alternatives much more of a necessity.

Experts in computer security, such as SANS Institute, recommend that the use of Telnet for
remote logins should be discontinued under all normal circumstances, for the following reasons:

 Telnet, by default, does not encrypt any data sent over the connection (including
passwords), and so it is often practical to eavesdrop on the communications and use the
password later for malicious purposes; anybody who has access to a router, switch, hub
or gateway located on the network between the two hosts where Telnet is being used can
intercept the packets passing by and obtain login and password information (and
whatever else is typed) with any of several common utilities like tcpdump and Wireshark.
 Most implementations of Telnet have no authentication that would ensure communication
is carried out between the two desired hosts and not intercepted in the middle.
 Commonly used Telnet daemons have several vulnerabilities discovered over the years.
These security-related shortcomings have seen the usage of the Telnet protocol drop rapidly,
especially on the public Internet, in favor of the Secure Shell (SSH) protocol, first released in
1995. SSH provides much of the functionality of telnet, with the addition of strong encryption to
prevent sensitive data such as passwords from being intercepted, and public key authentication,
to ensure that the remote computer is actually who it claims to be. As has happened with other
early Internet protocols, extensions to the Telnet protocol provide Transport Layer Security
(TLS) security and Simple Authentication and Security Layer (SASL) authentication that address
the above issues. However, most Telnet implementations do not support these extensions; and
there has been relatively little interest in implementing these as SSH is adequate for most
purposes.

rlogin
rlogin is the name of the application layer protocol used by the software, part of the TCP/IP protocol
suite.

Rlogin (remote login) is a UNIX command that allows an authorized user to login to other UNIX
machines (hosts) on a network and to interact as if the user were physically at the host computer. Once
logged in to the host, the user can do anything that the host has given permission for, such as read, edit, or
delete files.

Rlogin is similar to the better known Telnet command. Rlogin is considered useful for simple logins that
don't require a lot of control over the client/host interaction, but is thought to be less useful than Telnet
where a lot of customization is desired, for multiple sessions, for connections between very distant
terminals or to terminals that are not running UNIX, for that matter, since rlogin can only connect to
UNIX hosts. A benefit of rlogin is the ability to use a file called .rhosts that resides on the host machine
and maintains a list of terminals allowed to login without a password.

rlogin is a software utility for Unix-like computer operating systems that allows users to log in on another
host via a network, communicating via TCP port 513.

A secure version of rlogin (slogin) was combined with two other UNIX utility, ssh and scp, in the Secure
Shell suite, an interface and protocol created to replace the earlier utilities.

Use

rlogin is most commonly deployed on corporate or academic networks, where user account information is
shared between all the Unix machines on the network (often using NIS). These deployments essentially
trust most other machines (and the network infrastructure itself) and the rlogin protocol relies on this
trust. rlogind allows logins without password (where rlogind trusts a remote rlogin client) if the remote
host appears in the /etc/hosts.equiv file, or if the user in question has a .rhosts file in their home directory
(which is frequently shared using NFS).

Security
rlogin has several serious security problems:

 All information, including passwords, is transmitted unencrypted (making it vulnerable to

interception).
 The .rlogin (or .rhosts) file is easy to misuse (potentially allowing anyone to login
without a password) - for this reason many corporate system administrators prohibit
.rlogin files and actively search their networks for offenders.
 The protocol partly relies on the remote party's rlogin client providing information
honestly (including source port and source host name). A corrupt client is thus able to
forge this and gain access, as the rlogin protocol has no means of authenticating other
machines' identities, or ensuring that the rlogin client on a trusted machine is the real
rlogin client.
 The common practice of mounting users' home directories via NFS exposes rlogin to
attack by means of fake .rhosts files - this means that any of NFS's security faults
automatically plague rlogin.

Due to these serious problems rlogin was rarely used across untrusted networks (like the public
internet) and even in closed deployments it has fallen into relative disuse (with many Unix and
Linux distributions no longer including it by default). Many networks which formerly relied on
rlogin and telnet have replaced it with SSH and its rlogin-equivalent slogin.

FTP
FTP refers to a network protocol responsible for transferring files from one computer to another over a
TCP computer network or the Internet, which explains the origin of its name, formed as an acronym of
File Transfer Protocol. Generally, FTP is the generic term for a group of computer programs which
implements FTP Protiocol.

FTP is built on a client-server architecture and utilizes separate control and data connections between the
client and server.

It originated in the Massachusetts Institute of Technology (MIT) in the early 1970s when
mainframes, dumb terminals and time-sharing were the standard.

Traditionally, when communications speeds were low (ranging from the then-standard 9.8 kbps to
the "fast" 16.8 Kbps unlike today's broadband 1 Mbps standard) FTP was the method of choice for
downloading large files from various websites. Although the FTP programs have been improved
and updated over time, the basic concepts and definitions remain the same and are still in use
today.

FTP is most commonly used to download a file from a server using the Internet or to upload a file to a
server (e.g., uploading a Web page file to a server).
The protocol is specified in RFC 959, which is summarized below.

The FTP service is provided through a TCP network protocol. In order to establish an FTP connection the
user needs to point his FTP client to an FTP server. The information needed includes an FTP host, FTP
account credentials (username or password) and an FTP port.

The FTP port is the network port on the server where the server's ftp service is listening for incoming
connections. By default, the FTP port is set to 21, but it can be easily set to another port. So, a client
makes a TCP connection to the server's port 21. This connection, called the control connection, remains
open for the duration of the session, with a second connection, called the data connection, opened by the
server from its port 20 to a client port (specified in the negotiation dialog) as required to transfer file data.
The control connection is used for session administration (i.e., commands, identification, passwords)
exchanged between the client and server using a telnet-like protocol. Due to this two-port structure, FTP
is considered an out-of-band, as opposed to an in-band protocol such as HTTP.

The server responds on the control connection with three digit status codes in ASCII with an optional text
message, for example "200" (or "200 OK.") means that the last command was successful. The numbers
represent the code number and the optional text represent explanations (e.g., <OK>) or needed parameters
(e.g., <Need account for storing file>). A file transfer in progress over the data connection can be aborted
using an interrupt message sent over the control connection.

FTP can be run in active or passive mode, which determine how the data connection is established.

Active mode - When the FTP server is set to use connections in Active mode it waits for the user's FTP
client to open a dynamic port. Then the client sends a PORT command containing the dynamic port
number on which it is listening over the control stream and waits for a connection from the FTP server.
When the FTP server initiates the data connection to the FTP client it binds the source port to port 20 on
the FTP server.

An example of an FTP connection log using an Active mode

Status: Resolving address of my-best-domain.net
Status: Connecting to 66.40.34.171:21...

Status: Connection established, waiting for welcome message...

Response: 220 ProFTPD 1.2.10 Server (sc109.info) [66.40.34.171]

Command: USER demomovie

Response: 331 Password required for demomovie.

Command: PASS *****

Response: 230 User demomovie logged in.

Command: SYST

Response: 215 UNIX Type: L8

Command: FEAT

Response: 211-Features:

Response: 211-MDTM

Response: 211-REST STREAM

Response: 211-SIZE

Response: 211 End

Status: Connected

Status: Retrieving directory listing...

Command: PWD

Response: 257 "/" is current directory.

Command: TYPE I

Response: 200 Type set to I

Command: PORT 10,1,242,250,180,46

 Response: 200 PORT command successful

Command: LIST

Response: 150 Opening ASCII mode data connection for file list

Response: 226 Transfer complete.

Status: Directory listing successful

Passive mode - Once the connection is opened in passive mode, the FTP server doesn't wait for the FTP
client to send the data transfer port information. The server uses a PASV command and sends the FTP
client the server's IP address to connect to and the port on which it is listening. In this case, the FTP
client binds the source port of the connection to a dynamic port.

An example of an FTP connection log using a Passive mode

Status: Resolving address of my-best-domain.net

Status: Connecting to 66.40.34.171:21...

Status: Connection established, waiting for welcome message...

Response: 220 ProFTPD 1.2.10 Server (sc109.info) [66.40.34.171]

Command: USER demo

Response: 331 Password required for demomovie.

Command: PASS **********

Response: 230 User demo logged in.

Command: SYST

Response: 215 UNIX Type: L8

Command: FEAT

Response: 211-Features:

Response: 211-MDTM

Response: 211-REST STREAM

 Response: 211-SIZE

Response: 211 End

Status: Connected

Status: Retrieving directory listing...

Command: PWD

Response: 257 "/" is current directory.

Command: TYPE I

Response: 200 Type set to I

Command: PASV

Response: 227 Entering Passive Mode (66,40,34,171,137,225).

Command: LIST

Response: 150 Opening ASCII mode data connection for file list

Response: 226 Transfer complete.

Status: Directory listing successful

How to use FTP

Graphical FTP clients

Graphical FTP clients simplify file transfers by allowing you to drag and drop file icons between
windows. When you open the program, enter the name of the FTP host (e.g., ftp.empire.gov)
and your username and password. If you are logging into an anonymous FTP server, you may
not have to enter anything. Two common FTP programs are Cyberduck (for Mac) and WinSCP
(for Windows).

Web browser

You can use a web browser to connect to FTP addresses exactly as you would to connect to
HTTP addresses. Using a web browser for FTP transfers makes it easy for you to browse large
directories and read and retrieve files. Your web browser will also take care of some of the
details of connecting to a site and transferring files. While this method is convenient, web
browsers are often slower and less reliable and have fewer features than dedicated FTP clients.

To use your web browser to connect to an FTP site such as ftp.empire.gov, where you
normally enter a URL, enter:

ftp://username@ftp.empire.gov/

Command line FTP

Windows, Mac OS X, and Linux have built-in command line clients;

to start FTP, at the command line prompt, enter:

ftp ftp.empire.gov

If you are connecting to your own account, enter your username and password. If you are
connecting to an anonymous FTP site, for your username, enter anonymous . For your password,
enter your email address.

Differences between FTP and HTTP

The major difference between FTP and HTTP is that FTP is a two-way system – it can be used to copy or
move files from a server to a client computer as well as upload or transfer files from a client to a server.
HTTP, on the other hand, is strictly one-way: "transferring" text, pictures and other data (formulated into
a web page) from the "server" to a client computer which uses a web browser to view the data.

Another point to bear in mind is that File Transfer in FTP means exactly that: files are automatically
copied or moved from a file server to a client computer's hard drive, and vice versa. On the other hand,
files in an HTTP transfer are viewed and can 'disappear' when the browser is turned off unless the user
executes commands to move the data to the computer's memory.

Another major difference between the two systems lies in the manner in which the data is encoded and
transmitted. FTP systems generally encode and transmit their data in binary sets which allow for faster
data transfer; HTTP systems encode their data in MIME format which is larger and more complex. Note
that when attaching files to emails, the size of the file is usually larger than the original because of the
additional encoding involved.

TFTP

Trivial File Transfer Protocol, a simple form of the File Transfer Protocol (FTP) to transfer files. It has
been implemented on top of the User Datagram Protocol (UDP) using port number 69. TFTP is designed
to be small and easy to implement, therefore, lacks most of the features of a regular FTP. TFTP only
reads and writes files (or mail) from/to a remote server. It cannot list directories, and currently has no
provisions for user authentication.
Due to its simple design, TFTP could be implemented using a very small amount of memory. It was
therefore useful for booting computers such as routers which did not have any data storage devices. It is
still used to transfer small amounts of data between hosts on a network, such as IP phone firmware or
operating system images when a remote X Window System terminal or any other thin client boots from a
network host or server. The initial stages of some network based installation systems (such as Solaris
Jumpstart, Red Hat Kickstart, Symantec Ghost and Windows NT's Remote Installation Services) use
TFTP to load a basic kernel that performs the actual installation.

In TFTP, any transfer begins with a request to read or write a file, which also serves to request a
connection. If the server grants the request, the connection is opened and the file is sent in fixed length
blocks of 512 bytes. Each data packet contains one block of data, and must be acknowledged by an
acknowledgment packet before the next packet can be sent. A data packet of less than 512 bytes signals
termination of a transfer. If a packet gets lost in the network, the intended recipient will timeout and
may retransmit his last packet (which may be data or an acknowledgment), thus causing the sender of
the lost packet to retransmit that lost packet. The sender has to keep just one packet on hand for
retransmission, since the lock step acknowledgment guarantees that all older packets have been
received. Notice that both machines involved in a transfer are considered senders and receivers. One
sends data and receives acknowledgments, the other sends acknowledgments and receives data.

Uses

 TFTP is used to read files from, or write files to, a remote server.
 Due to the lack of security, it is dangerous over the open Internet. Thus, TFTP is generally only
used on private, local networks.

Example TFTP session

1. The initiating host A sends an RRQ (read request) or WRQ (write request) packet to host S at the
well-known port number 69, containing the filename and transfer mode.
2. S replies with an ACK (acknowledgement) packet to WRQ and directly with a DATA packet to
RRQ. Packet is sent from a freshly allocated ephemeral port, and all future packets to host S
should be to this port.
3. The source host sends numbered DATA packets to the destination host, all but the last
containing a full-sized block of data (512 bytes). The destination host replies with numbered ACK
packets for all DATA packets.
4. The final DATA packet must contain less than a full-sized block of data to signal that it is the last.
If the size of the transferred file is an exact multiple of the block-size, the source sends a final
DATA packet containing 0 bytes of data.
5. Receiver responds to each DATA with associated numbered ACK. Sender responds to the first
received ACK of a block with DATA of the next block.
6. If an ACK is not eventually received, a retransmit timer resends DATA packet.