Server Message Block (SMB)

The Server Message Block (SMB) is a network protocol that allows the host to share data within the same network. It is share directories, files, printers, and serial ports as easily as if they were on the local computer. It is a request-response protocol and it used TCP port 445 for communication. All the messages of Server Message Block protocol have a common format, which uses a fixed-sized header, with a parameter of variable size and a data component.

The Server Message Block protocol suite is comparatively easy and simple. It includes commands for resource operation that you might perform on a local disk or printer, such as:

• Creating new files and directories


• Deleting files and directories


• Opening and closing files


• Searching for files and directories


• Reading and writing and editing files


• Queuing and dequeueing files in a print spool

style="display:block; text-align:center;"
data-ad-layout="in-article"
data-ad-format="fluid"
data-ad-client="ca-pub-5785941393087442"
data-ad-slot="5068931457">

The Server Message Block servers make the file systems and resources available to the clients in the network. The clients make SMB requests for the available resources on the server using the commands and the servers create SMB response messages. The following are the SMB messages types:-

• Initiate, authenticate, and terminate the sessions


• Control access to file and printer


• Allow to send and receive messages using application

The files sharing and printer sharing both are the main services of Microsoft networking. With releasing of Windows 2000, Microsoft changed the original structure for using SMB. Before Windows 2000, the Server Message Block services used a non-TCP/IP protocol to execute name resolution but after windows2000; all Microsoft products use DNS naming, which allows TCP/IP protocols to support SMB resource sharing. The figure below illustrates the SMB protocols connection establishment.

Using Server Message Block, once the connection is established, the user of the client can access the resources on remote end as if the resource is local to the client host.

although SMB was initially created for Windows; now it can also be used by Linux Unix and Mac OSX, using a software called Samba. With using Samba, Linux, Mac, Windows, and Unix computers can share the same files, folders, and printers.

File Transfer Protocol (FTP)

File Transfer Protocol is an another most used and standard Internet protocol for transmitting files between computers on the Internet over TCP/IP connections. It is application layer protocol. It was first created in 1971 to transfer data between a client and a server. To use this protocol, FTP client application is required on a computer that is used to send and receive data from a server running an FTP daemon (FTPd). The FTP is client-server protocols that work on two channels between client and server:

• Command channel for controlling the conversation between host and server


• Data channel for transmitting and receiving files between client and server

style="display:block; text-align:center;"
data-ad-layout="in-article"
data-ad-format="fluid"
data-ad-client="ca-pub-5785941393087442"
data-ad-slot="5068931457">

Clients initiate a connection to the servers to manage traffic using port 21, consisting of client command and server replies. After the client command and server replies, the client establishes the second connection to the server for the transfer of actual data using TCP port 20. The connection to port 20 is established every time there is data to be transferred. The figure below illustrates the FTP connection.

The FTP client can download, upload, delete, rename, move and copy data on a server depending upon user rights. A user typically needs to log on to the FTP server, while some servers use anonymous user for some or all of their content available without login.

The File Transfer Protocol sessions work in two modes, passive and active. In active mode, when a client opens a session via a command channel request; the server then open a data connection back to the client and start transferring data. In the passive mode, the server as an alternative uses the command channel to send the client the information it required to open a data channel. Because in the passive mode the client has initiated all connections, it works better across firewalls and NAT.

The FTP client can work via a simple command line interface; with a graphical user interface (GUI) and the Web browsers can also serve as FTP clients.

Dynamic Host Configuration Protocol (DHCP)

Dynamic Host Configuration Protocol (DHCP) is a protocol used to provide fast, automatic, and central management for the allotment of IP addresses within a network. The Dynamic Host Configuration Protocol (DHCP) automates the assigned IP addresses, subnet masks, gateways, and other networking parameters. This is called dynamic or automatic addressing. The alternative to dynamic addressing is static addressing. In the static addressing, the network administrator manually assigns and configures IP addresses on hosts.

When a client device is turned on and connects to the network; the device requests an IP address from a DHCP server; the DHCP server chooses an address from a configured range of addresses called a pool and assigns it to the client device on lease bases.

DHCP is an ideal and efficient system on a larger network to configure IP address settings where client’s changes occurred frequently. New User may arrive and want connection and someone want to leave the network. Static IP address configuration is too difficult in such a larger network.

DHCP addresses are issued to clients on leased bases. When the lease period is expired; the address must be renewed by DHCP if the client is connected to the network. If the client has been powered down or taken off the network; the address is returned to the pool for reuse.

A variety of devices can be as DHCP servers. The DHCP server in most of the networks is generally a local and dedicated PC-based server. The home users DHCP server is usually a local router that connects the home network to the ISP. Several networks use both static and DHCP address settings. The static addressing is used for network devices and DHCP is used for general purpose. The figure below illustrates the types of DHCP servers that can be used.

There are two types of DHCP, DHCPv4 and DHCPv6 both provide similar services for there clients. The main difference between DHCPv4 and DHCPv6 is the gateway, DHCPv6 does not provide a default gateway address. The gateway can only be obtained automatically from the router's Router Advertisement message.

Dynamic Host Configuration Protocol (DHCP) Operation

When device configured for DHCPv4 boots up or connects to the network; the DHCP client sends broadcasts a DHCP discover message to discover any available DHCP server. When DHCP server receive (DHCPDISCOVER) message, it replies with a DHCPOFFER message. The offer message contains the IPv4 address including subnet mask; the IPv4 address of the DNS server, and the IPv4 address of the default gateway. The offer also includes the duration of the lease period.

Incas of multiple DHCP servers exist on the network, and then the client may receive multiple DHCPOFFER messages. So, the client should choose between them, and sends a DHCPREQUEST message. The DHCPREQUEST message identifies the exact server and leases offer that the client is accepting. A client can also request an address that it had previously been allocated by the server and the server should allow the previously used IP address.

Once the offer has been made for the chosen IP address; the device responds to the DHCP server with a DHCPREQUEST packet to accept it; after which the server sends an ACK that's used to confirm that the device has that specific IP address and to define the amount of time that the device can use the address before getting a new one. If the server decides that the device cannot have the IP address, it will send a NACK.

For example, the client requested the IPv4 address, or offered by the server; is still available, the server returns a DHCPACK (DHCP Acknowledge) message that acknowledges to the client that the lease has been finalized. If the offer is no longer valid, then the server responds with a DHCP negative acknowledgment (DHCPNAK) message. If a DHCPNAK message is returned to the client; then the selection process should start again with a new DHCPDISCOVER message from the client. When a client gets a lease, it should be renewed previous to the lease expiration through another DHCPREQUEST message. The DHCP server is responsible to assign are unique IP addresses to the host.

DHCPv6 has the similar set of messages, the messages are SOLICIT, ADVERTISE, INFORMATION REQUEST, and REPLY

Domain Name Service (DNS)

In the network, devices are labeled with numeric numbers called IP addresses to send and receive data over networks. Domain names were created to change the numeric address into a simple, recognizable name. The DNS is short for Domain Name System (or Service or Server). It is a large database which resides on various computers and it contains the names and IP addresses of different hosts on the internet and different domains. It is the Internet's equivalent of a phone book.

The domain name service is an important service because, domain names are easy for people to remember and access a computer, servers, and websites based on IP addresses. The domain name, such as http://fschub.com, are much easier for the humans to remember that its IP address 192.169.80.98.  In case of changing the IP address of http://fschub.com, it is clear to the user because the domain name remains the same. The new address will be simply linked to the existing domain name. The DNS defines an automatic service that matches resource names with the required numeric IP address including queries format, responses, and data. The DNS protocol uses a single format called a message for all types of client queries and server responses, error messages, and the transfer of resource record information bet]. ween servers.

The domain name system is its own complete network. If one DNS server doesn't know how to translate a particular domain name, it asks another DNS, and so on, until the correct IP address is returned. The Figure below illustrates the steps involved in DNS resolution.

DNS Message Format

The DNS server has two types of messages: query and response. The query message contains a header and question records and the response message contains a header, question records, answer records, authoritative records, and additional records.
The DNS server stores names, addresses and some other records to resolve the names.  Some types of records are following:

• A            -   The IPv4 address of An end device


• AAA      -   The IPv6 address record of an end devices


• NS         -   An authoritative name server


• PTR      -   Record contains the name of a node in the DNS namespace.


• SRC      -   Record contains information about a server


• TXT      -   Record contains arbitrary text


• MX       -   A mail exchange record

Whenever a host sends a query for name resolving, the DNS process, first of all, checks its own stored records to resolve the name. If the record is not found in its own stored records, then it forwards the query to other servers to resolve the name. Once a name resolved and returned to the requesting server, the server for the time being stores the IP address in the event that the same name is requested again.  The figure above illustrates that process.

The DNS Client service on Windows PCs also stores subsequently resolved names in memory. The ipconfig /displaydns command displays all subsequently resolved entries that cached in the memory. DNS uses the below message format for all types of client queries and response, error messages and for resource record sharing between DNS servers.

The DNS has two types of messages, query, and response. Both have the same format. The query message consists of a header and the question records and the response message contents of a header, question records, answer records, authoritative records, and additional records as shown in the figure.

Header -The header is an important element for any message because header contains important control fields. In DNS messages, the header section carries several key control flags and is also where we find out which of the additional sections are even being used in the message. The header also states whether the message is a query or a response. The header for both query and response are the same as shown in the figure. The length of the header is 12 bytes.

Questions-The question section contains fields that describe a question to a name server and the question may be query or response. If the message contains a query then this section contains the question expressing the query. If the message is a contain response than this section contains the question sent in the query to which this is the response.

 Answers- The answer section contains resource records that answer the question. If the message contains a non-error response then this section contains the resource record(s) which match the query to which this is the response.

Authority-The authority section contains one or more resource records that point toward an authoritative name server. If the message is an error response then this section may contain resource record(s) identifying DNS servers which can be queried instead.

Additional- the additional records section contains Resource records which relate to the query but are not strictly answers for the question. If the message is a non-error response then this section may contain resource records, which do not match the query but are related to it.

Fully Qualified Domain Name (FQDN)

For understanding the DNS hierarchy It is essential to know about Fully Qualified Domain Name (FQDN).  A fully qualified domain name (FQDN) consists of the hostname and domain name. The hostname are not case sensitive and can also contain alphabetic and numeric letters. An FQDN is the domain name that specifies its accurate site in the DNS hierarchy. It specifies all domain levels including root and top-level domains. The example of FQDN is “mail.fschub.com” where “mail” is the hostname and the “fschub.com” is the domain name.

DNS Hierarchy

The DNS uses a hierarchical system database for resolving name address. DNS uses domain names to form the hierarchy. The DNS hierarchy is comprised of the following five elements:

1) Root Level

2) Top Level Domains

3) Second Level Domains

4) Sub-Domain

5) Host

Root Level

The DNS root zone is the uppermost level in the DNS hierarchy tree. The root name server is server for the root zone. Thes servers contain the information that makes up the root zone, which is the global list of top-level domains.  The root name servers are very important as they are the first step in resolving a domain name. The root name server are the authoritative servers which serve the DNS root zone. These servers contain the global list of the top-level domains. The root servers are operated by 12 different organizations:

• University of Maryland


• VeriSign Global Registry Services


• Cogent Communications


• University of Southern California, Information Sciences Institute


• Internet Systems Consortium, Inc.


• NASA Ames Research Center


• VeriSign Global Registry Services


• US Army Research Lab


• US DoD Network Information Center


• Netnod


• WIDE Project


• RIPE NCC


• ICANN

 Top Level Domains (TLDs)

TLDs are the next level in the DNS hierarchy. There are many TLDs that serve at the moment. As we have seen the TLDs are classified into two subcategories. The different top-level domains represent either the type of organization or the country of origin. Examples of top-level domains are:

• .com     -   A business or industry


• .org       -   A non-profit organization


• .edu      -    Educational Institutions


• .gov      -    Government Intuitions


• .mil      -     Military Groups


• .net      -     Major network Support Centers


• .org      -     Nonprofit Organization and others


• .int       -     International Organization


• .au       -      Australia


• .pk       -      Pakistan


• .us        -      United States

Second Level Domains

Second Level Domain is come after TLDs in the DNS hierarchy. These domain are directly below the TLDs. Second Level domain are an important part  of the DNS. There are no limits of second level domain like the TLDs. If the domain is available anyone can purchase it.

 Sub-domain

The sub-domain is the last level in the DNS servers. It is the part of the main domain. the only domain that is not only a subdomain is the root domain. For example, alfa.example.com and bravo.example.com are subdomains of the example.com domain, which in turn is a sub domain of the com top-level domain (TLD).

This is the DNS hierarchy and elements of the DNS hierarchy. The DNS hierarchy is just like an inverted tree. The figure below illustrates the hierarchy of DNS.

The nslookup Command

The domain name server addresses are important for network device configuration. Generally, the ISPs provide the IP addresses to use for the DNS servers. The host usually requests to connect to a remote device by name; the requesting client queries the name server to resolve the name to IP address.

The operating systems also have a utility called nslookup that give the opportunity to manually query the nameservers to resolve a given host name. The nslookup can also be used to troubleshoot name resolution issues and to verify the current status of the name servers.

Email Protocols - SMTP, POP and IMAP

Email is one of the primary services running on the internet. Here in this article, we will discuss the email that how email is working end devices. What application, protocol and services are required for email? Email messages are stored in a database on the email server. The email is using store-and-forward method for sending and storing the messages. The email clients communicate with the servers running mail services to send and receive email. The client connected server communicates with other mail servers to transport messages from one domain to another. The client does not communicate directly with another email client when sending an email. But, both mail clients rely on the mail server to transport messages.

There is three types of protocol which are used for email process: SMTP (Simple Mail Transfer Protocol), POP(Post Office Protocol), and IMAP(internet messaging Access Protocol). The application layer process that sends mail uses SMTP. But a client retrieves email using POP or IMAP.

Simple Mail Transfer Protocol (SMTP) Operation

The SMTP message formats required a message body with message header. The body of the message can hold any amount of text, the message header must have a properly formatted recipient email address and a sender address.

When a client sends an email message, the client SMTP process connects with a server SMTP process on port 25. When the connection is established, then the client tries to send the email message to the server. After the server receives the email message, it either places the message in a local account in case of the local recipient or forwards the message to another mail server for delivery. If the destination email server is busy or not online then the SMTP spools message to be sent at the later time. The server checks for the queue periodically and attempts to send them again. If the message expiration time is over and the message is still in the queue, it is returned to the sender as an undeliverable message.

 

The figure below illustrates the technique of message sending. The client sends an email message to admin@fschub.com. The SMTP / POP server-1 will receive the message. Server-1 will check the recipient's list of local recipients. If found the message will be placed on the local account, if not found, the message will be forwarded to SMTP / POP server-2.

Post Office Protocol (POP) Operation

The POP server passively listening on TCP port 110 for client connection requests. When a client needs to make use of the POP service; it sends a request to start a TCP connection with the server. On establishing a connection the POP server sends a welcome to the client.  After connection establish both client and POP server exchange commands and responses until the connection is closed or aborted.

With POP, incoming email messages are downloaded to the client and then removed from the server. The POP server works as a temporary holding area for mail until it is downloaded by the mail client. So there is no central place where email messages are kept. Because of no centralized storage for email messages; it is no an attractive choice for a small business that needs a centralized storage for backup.

Internet Messaging Access Protocol (IMAP) Operation

The Internet Message Access Protocol (commonly known as IMAP is another protocol that describes a technique to retrieve email messages from the remote mail server. An IMAP server usually listens on port 143 and IMAP over SSL is assigned port number 993. Unlike POP, when the user connects to an IMAP- server, copies of the mail are downloaded to the client application. The original messages are held in reserve on the server until the user explicitly deletes them. Users view copies of the messages in their email client software.

Incoming email messages are stored on the email server that in the recipient's email box. The user retrieves the messages with an email client that uses one of a number of email retrieval protocols. The majority of clients support the standard protocols, SMTP for sending an e-mail message,  POP and IMAP for retrieving email.

The IMAP client can make a file hierarchy on the server to organize and store emails. When a user wants to delete a mail; the server synchronizes that command and deletes the message from the mail server.

HTTP and HTML

When an address is typed into a browser, the browser establishes a connection to the web service running on the server. The protocol for establishing a connection is HTTP. HTTP means HyperText Transfer Protocol. Hyper Text Transfer Protocol is the basic protocol used by the World Wide Web. This protocol defines how messages are formatted and transmitted, and what actions should take by Web servers and web browsers in response to various commands.

The URL(Uniform Resource Locator) and URI(Uniform Resource Identifier)  are the names the majority people used with the web addresses. If we want to open a web address http://fschub.com/ccna-study-guide.html   we can examine how an address is opened in the browser.

1. Protocol - HTTP


2. Server Name - fschub.com


3. The Specific filename which is requested ccna-study-guide.html

As shown in Figure, entering the mentioned URL in the browser, the browser then checks with a name server to convert fschub.com into a numeric IP address, which it uses to connect to the server. The browser then sends a GET request to the server using HTTP and asks for the ccna-study-guide.html file. The server then sends the HTML code of this particular page to the browser. In conclusion, the browser read the HTML code and formats the page for the browser window and show it to the user. The HTML is the main standard that controls how the World Wide Web works. It covers how the Web pages are formatted and displayed at the user screen.

HTTP and HTTPS

HTTP is a request/response protocol. When a client, sends a request to a web server, the protocol which specifies the message type is HTTP. There are three common message types are GET, POST, and PUT.

GET - A host request for data, generally a webpage request

POST - Uploads data files to the web server

PUT - Uploads resources or content to the web server such as an image, video, and audio.

Hypertext transfer protocol is extraordinarily protocol but it is not secure. The HTTP send request messages to the server in plain text that can be intercepted and read anywhere in the way. The responded HTML pages are also in unencrypted and unsecured pages.

To secure communication across the internet the HTTPS protocol is used which is too secure from Hypertext transfer protocol. This protocol uses authentication and encryption to secure data traveling between the client and server. it uses the same client request-server response process as HTTP; but the data travel between client and server is encrypted with SSL (Secure Socket Layer)

Network Model - Client Server and P2P

Client-Server Network Model

In the client-server network model, the device who is requesting the information is called a client and the device who is responding to the request is called a server. The Client and server processes are working in the application layer. The client device starts the connection by requesting data from the server, the server can either accept or reject the connection. If the connection is accepted, the server establishes and maintains a connection with the client over a specific protocol.

The protocols of application layer explain the format of data exchange between clients and servers. The data exchange between server and client may also require user authentication and the identification of a data file to be transferred.

The email server is one of the best examples of client/server model which send, receive and store email. The client on a remote location issues a request to the email server for any mail to read. The server then replied by sending the requested email to the client. The data stream from the client to server is called upload and the data stream from server to client is called download. The figure below illustrates the email client/server Model

Other examples of servers are web servers, FTP server, TFTP servers and Online multiplayer gaming server. Every one of these servers provides resources to the client. Most servers have a one-to-many relationship with clients, meaning a single server can provide resources to multiple clients at one time.

Peer-to-Peer Network Model

Like Client to Server Model, the peer-to-peer network model has no dedicated server; the data is directly accessed from a peer device without the use of a server. The P2P network model has the part: P2P networks and P2P applications. Both have same features, but in practice, there are little different.

In this model, two or more hosts are connected using a network and be capable of share resources such as printers and files without having a dedicated server. Each connected end device is known as a peer. The peer can work both as a server and a client. One host might suppose the role of server for one transaction at the same time as serving as a client for another. In P2P networking model, the roles of client and server are set on a per request basis.

Peer-to-Peer(P2P) Applications

Due to P2P application devices in this model act both as a client and a server within the same communication; every client is a server and every server a client. The P2P applications need that each end device provides a user interface and run background P2P services.

Various P2P applications make use of a hybrid system where resource sharing is decentralized; but the indexes database that addresses to resource locations are stored in a centralized directory server. Each peer accesses an index server to get the location of a resource stored on another peer.

Common Peer-to-Peer (P2P) Applications

Every computer in the network running the P2P application can act both as a client and server for other computers in the network running the P2P application. Common P2P networks are following:

1. BitTorrent


2. Utorrent


3. eDonkey


4. G2


5. Bitcoin


6. Soulseek


7. eMule


8. KCeasy


9. Ares Galaxy


10. Gnutella

Gnutella protocol also used in some P2P applications, where all user shares entire files with all other users. There are many Gnutella client applications are available, as well as gtk-Gnutella, WireShare, Shareaza, and Bearshare.

A lot of P2P applications permit users to share pieces of many files with each other at the same time. Clients of this application use a small file called a torrent file to locate other users who have pieces that they need so that they can connect directly to them. This torrent also contains information about tracker computers that remain track of which users computer have what files. The torrent clients inquire for pieces from multiple users at the same time, recognized as a swarm. This technology is called BitTorrent. There are many BitTorrent clients as well as BitTorrent, uTorrent, Frostwire, and BitTorrent.

Whit the help of these P2P any type of file can be shared between users. A lot of these files are copyrighted. Usage and distribution of these file without permission from the copyright holder is against the law. Copyright violation is on offense and results in criminal charges and civil lawsuits.