1. Presented by Neeta Jain
DOMAIN NAME SYSTEM
RFC 1034 & RFC 1035
Presented by Neeta Jain

2. Introduction It is 128.175.13.92 It is strauss.udel.edu
1. What is the IP address of udel.edu ?
It is
1. What is the host name of
It is strauss.udel.edu

3. Real Life Analogy: Telephone Example
Telephone connection
Source: Child
Newark, DE
Destination: Dad
Udel-Newark, DE
Information Child Needs: Dad’s Phone #

4. Calls dad Child 1 8 7 2 Older sister University operator operator 3 6
(What is Dad’s Phone#?) 1
Dad’s phone is 8
Dials 0: (what is Newark’s area code?)
Dad’s phone is 7
Older sister 2
operator
University
operator 3
Dials :
(what is Dad phone #?)
(Newark’s area code is 302) 6
(University number: ) 5 4
Dials :
(What is University # ?)
Directory
assist

5. DNS Components Name Space: Resolvers: Name Servers:
There are 3 components:
Name Space:
Specifications for a structured name space and data associated with the names
Resolvers:
Client programs that extract information from Name Servers.
Name Servers:
Server programs which hold information about the structure and the names.

6. Name Space

7. Resolvers A Resolver maps a name to an address and vice versa. Query
Response
Name Server
Resolver

8. Iterative Resolution 5 7 3 iterative response (referral)
a.root server 5
a3.nstld.com 3
a.gtld- server 7
iterative response (referral)
“I don't know. Try a.gtld-servers.net.” 6
iterative request
“What is the IP address of
udel server 1
ns1.google.com 9
iterative response (referral)
“I don't know. Try a.root-servers.net.” 4
iterative response (referral)
“I don't know. Try ns1.google.com.” 8
iterative response (referral)
“I don't know. Try a3.nstld.com.” 2
iterative response
“The IP address of is ” 10
client

9. Recursive Resolution root server 3 edu server 2 com server 4 8 7
recursive request
“What is the IP address of
udel server 1
google
server 5 9
recursive response
“The IP address of is ” 6 10
client

10. Name Server Architecture: Name Server Process Authoritative Data
Zone
data
file
From
disk
Authoritative Data
(primary master and
slave zones)
Agent
(looks up queries
on behalf of resolvers)
Cache Data
(responses from
other name servers)
Name Server Process
Master
server
Zone transfer

11. Name Server (cont’d) Authoritative Data: Name Server Process
(primary master and
slave zones)
Agent
(looks up queries
on behalf of resolvers)
Cache Data
(responses from
other name servers)
Name Server Process
Response
Resolver
Query

12. Name Server (cont’d) Using Other Name Servers: Name Server Process
Authoritative Data
(primary master and
slave zones)
Agent
(looks up queries
on behalf of resolvers)
Cache Data
(responses from
other name servers)
Name Server Process
Response
Response
Arbitrary
name
server
Resolver
Query
Query

13. Name Server (cont’d) Cached Data : Name Server Process
Authoritative Data
(primary master and
slave zones)
Agent
(looks up queries
on behalf of resolvers)
Cache Data
(responses from
other name servers)
Name Server Process
Response
Resolver
Query

14. Block Diagram Foreign User Name Resolver Program Server Cache Query
Response
Response
Reference
Addition
Cache

15. DNS Messages
Messages
Query
Response

16. DNS Message Format Header (12 bytes) Question section
Answer section
Authoritative section
Additional section
Identification
Flags
2 bytes
Number of
Question Records
Answer Records
(zeroed in query)
Number of Auth-
oritative Records
(Zeroed in query)
Additional Records
no error
format error
problem at name server
domain reference problem
query type not supported
administratively prohibited
reserved 1 2 3 4 5
6-15
0 = query,
1 = response QR
OpCode AA TC RD RA
rCode
0 = standard, 1 = inverse,
2 = server status request
Recursion Available flag
Authoritative Answer flag
Truncated flag
Recursion Desired flag

17. Question Record Format
sent in query;
repeated in response
Query type
(16 bits)
Query name
(variable length)
Query class
class of network (1 = Internet) 1 A
Address – IPv4 2 NS
Name Server (authoritative) 5
CNAME
Canonical Name (alias) 12
PTR
Pointer – reverse lookup 15 MX
Mail Exchange 28
AAAA
Address - IPv6
252
AXFR
Zone Transfer 3 r e n 5 c i s 4 u d l
counts

18. Resource Record Format
answer, authoritative, and
additional sections in response
name of host/domain that this record provides information for
Resource data
(variable length)
Domain type
(16 bits)
Domain Name
Domain class
Time to Live
(32 bits)
data length
type of data in resource record
(same types as used in question record)
same as in question record
number of seconds this record may be cached
length of resource data
the “payload” of the resource record

19. Compression Domain Name Header (12 bytes) Query name 3 r e n 5 4 u d l
Query type
(16 bits)
Query Class
Domain Name
(variable length)
Header (12 bytes)
Query name
byte 12
Question
Section 3 r e n 5 4 u d l c i s C0 0C
Answer
Section
= 1210

20. Example forward query/response
3 'w' 'w' 'w'
4 'u' 'd' 'e'
'l' 'e' 'd'
'u' 0
0x0004
same ident
0x8180
0x0001
0x0001(IN)
0x0001(A)
0xC00C
0x80AF0D3F
( )
...0xB2F5
...
flags: query response (QR),
recursion desired (RD),
recursion available (RA) 0x
TTL: seconds ≈ 12.6 hours
“ IP address
is ”
Hdr
Qry
Ans
ident
0x0100
0x0001
0x0000
3 'w' 'w' 'w'
4 'u' 'd' 'e'
'l' 'e' 'd'
'u' 0
0x0001(IN)
0x0001(A)
flags: recursion desired (RD)
“What is the IP address of
Hdr
Qry

21. Example inverse query/response
ident
0x0100
0x0001
0x0000
0x000C(PTR)
0x0001(IN)
2 '6' '3' 2
'1' '3' '1'
'7' '5' '1'
'2' '8' 'i'
'n' '-' 'a' 'd'
'd' 'r' 'a'
'r' 'p' 'a' 0
“What is the name of the
host at ?”
Hdr
Qry
3 'w' 'w' 'w'
4 'u' 'd' 'e'
'l' 'e' 'd'
'u' 0
same ident
0x8180
0x0001
0x0004
0x000C(PTR)
0x0001(IN)
...0xB003 0x
2 '6' '3' 2
'1' '3' '1'
'7' '5' '1'
'2' '8' 'i'
'n' '-' 'a' 'd'
'd' 'r' 'a'
'r' 'p' 'a' 0
0x000E
0xC00C
...
“The host at
is named
Hdr
Qry
Ans
TTL: seconds ≈ 12.5 hours

22. Resource Record Sections
answer = record(s) sent in response to query(s).
authoritative = DNS servers which are authoritative for answer record(s).
additional = any other related information.
MX records:
mail exchange (MX) records provide mail addressing info.
MX query asks “What hosts will accept mail for domain X?”
MX resource records say “You can send mail for domain X to host Y.”
delivery priority (lower value = higher priority)
preference (2 bytes)
exchange
(variable length)
domain name of host that will accept mail
MX Resource Data

23. Example MX response 0xC00C 0x0002(NS) 0x0001(IN) 0x0000... ...0x19FA
4 'D' 'N' 'S'
'1' 0xC00C
0xC00C
0x0002(NS)
0x0001(IN) 0x
'2' 0XC00C
...0x19FA
0xC028
0x0001(A) 0x
0x0007
...0x2FB4
0x0004
0xC040
...0x0D5D
...
Auth
Adtl
0x000A 'c'
'o' 'p' 'l' 'a'
'n' 'd' 0xC00C
ident
0x8180
0x0001
0x0002
0x0004
0x0006
0x0001(IN)
0x000F(MX) 0x
4 'u' 'd' 'e'
'l' 'e' 'd'
'u' 0
0xC00C
0x000C
0x 's'
't' 'r' 'a' 'u'
's' 's' 0xC00C
...0x28F6
...
Hdr
Qry
Ans

24. no limit (up to max. TCP payload size)
Transport IP
header
UDP
DNS message
max. 512 bytes
DNS messages are encapsulated in UDP by default.
If the resolver expects the response to exceed 512 bytes, the resolver encapsulates the query in TCP instead.
If a request is sent over UDP and the response is longer than 512 bytes, the server sends the first 512 bytes of the response using UDP and sets the TC (truncated) flag. The resolver then re-sends the query using TCP.
no limit (up to max. TCP payload size) IP
header
TCP
DNS message
2-byte
DNS msg.
length

25. Dynamic DNS IP Address? DHCP Server Update IP Address Client Zone File
Primary DNS Server

26. HTTP: the hypertext transfer protocol
Skills: none
IT concepts: protocol, the RFC process, communication protocol layers, application layer
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 License.

27. HTTP vs HTML HTML: hypertext markup language
Definitions of tags that are added to Web documents to control their appearance
HTTP: hypertext transfer protocol
The rules governing the conversation between a Web client and a Web server
Both were invented at the same time by the same person

28. What is a protocol?
In diplomatic circles, a protocol is the set of rules governing a conversation between people
We have seen that the client and server carry on a machine-to-machine conversation
A network protocol is the set of rules governing a conversation between a client and a server
There are many protocols, HTTP is just one
Follow protocol – follow the rules of the conversation

29. An HTTP conversation
Client
Server OK
Send page or error message
I would like to open a connection
GET <file location>
Display response
Close connection
HTTP is the set of rules governing the format and content of the conversation between a Web client and server

30. An HTTP example
The message requesting a Web page must begin with the work “GET” and be followed by a space and the location of a file on the server, like this:
GET /fac/lpress/shortbio.htm
The protocol spells out the exact message format, so any Web client can retrieve pages from any Web server.

31. Network protocols The details are only important to developers.
The rules are defined by the inventor of the protocol – may be a group or a single person.
The rules must be precise and complete so programmers can write programs that work with other programs.
The rules are often published as an RFC along with running client and server programs.
The HTTP protocol used for Web applications was invented by Tim Berners Lee.
RFC = request for comments

32. Tim Berners-Lee
Tim Berners-Lee was knighted by Queen Elizabeth for his invention of the World Wide Web. He is shown here, along with the first picture posted on the Web and a screen shot from an early version of his Web browser.

33. HTTP is an application layer protocol
The Web client and the Web server are application programs
Application layer programs do useful work like retrieving Web pages, sending and receiving or transferring files
Lower layers take care of the communication details
The client and server send messages and data without knowing anything about the communication network

34. The application layer is boss – the top layer
Function
Application
Do useful work like Web browsing, , and file transfer
Lower layers
Handle communication between the client and server
Your boss says: Send this package to Miami -- I don't care if you use Federal Express, UPS, or any other means. Also, let me know when it arrives or if it cannot be delivered for some reason.
The application program says: Send this request to the server -- I don't care how you do it or whether it goes over phone lines, radio, or anything else about the details. Just send the message, and let me know when it arrives or if it cannot be delivered for some reason.
There are five TCP/IP layers, the application layer and four lower layers.

35. Many application layer protocols are used on the Internet, HTTP is only one
HTTP: Hypertext Transfer
Retrieve and view Web pages
FTP: File Transfer
Copy files from client to server or from server to client
SMTP: Simple Mail Transport
Send
POP: Post Office
Read

36. The TCP/IP protocol layers
The application program is king – it gets work done using the lower level layers for communication between the client and server.
Application
Transport
Internet
Data link
Physical
Get useful work done – retrieve Web pages, copy files, send and receive , etc.
Make client-server connections and optionally control transmission speed, check for errors, etc.
Route packets between networks
Route data packets within the local area network
Specify what medium connects two nodes, how binary ones and zeros are differentiated, etc,

37. Food for thought
What would happen if a Web client was poorly programmed and instead of sending a message beginning with “GET” it sent a message beginning with “QET?”

38. SMTP – Simple Mail Transfer Protocol

39. Overview Introduction to SMTP and Email Message Breakdown
Sample Messages
Extensions (MIME)
MTA’s and Mailbox Protocols

40. 1st – What is SMTP?
The de facto standard for transmissions across the Internet
It is defined in RFC 821
It is a relatively simple, text-based protocol
Not entirely secure thus vulnerable to SPAM

41. SMTP Originated in 1982 (rfc0821, Jon Postel)
Goal: To transfer mail reliably and efficiently

42. SMTP User Agent Mail Transfer Agents
SMTP clients and servers have two main components
User Agents – Prepares the message, encloses it in an envelope. (Eudora for example)
Mail Transfer Agent (MTA) – Transfers the mail across the internet
User Agent
Mail Transfer Agents

43. SMTP
SMTP also allows the use of Relays allowing other MTAs to relay the mail

44. What is Mail? Mail is a text file Envelope – Message – sender address
receiver address
other information
Message –
Mail Header – defines the sender, the receiver, the subject of the message, and some other information
Mail Body – Contains the actual information in the message

45. Post Office
Mailbox
Return-Path: Delivered-To:
Received: by mail.eecis.udel.edu (Postfix, from userid 62) id 17FBD328DE; Wed, 5 Nov :27:02
Received: from mail.acad.ece.udel.edu
(devil-rays.acad.ece.udel.edu [ ]) by mail.eecis.udel.edu (Postfix) with ESMTP id 5F for Wed, 5 Nov :27:01
Received: by mail.acad.ece.udel.edu (Postfix, from userid 62)id C; Wed, 5 Nov :27:01 Received: from stimpy.eecis.udel.edu(stimpy.eecis.udel.edu [ ])by mail.acad.ece.udel.edu (Postfix) with SMTP id 7C2943D79 for Wed, 5 Nov :26:34 Message-Id: Date: Wed, 5 Nov :26:34 From: To: undisclosed-recipients: ; MIME-Version: 1.0 This is a test.
Post office
and mail route
Receivers
Mailbox

46. How SMTP works The Essentials How about a Demo? Keyword Arguments HELO
Sender’s Host Domain Name
MAIL FROM:
Address of sender
RCPT TO:
of Intended recipient
DATA
Body of the message
QUIT

47. Status Codes
The Server responds with a 3 digit code that may be followed by text info
2## - Success
3## - Command can be accepted with more information
4## - Command was rejected, but error condition is temporary
5## - Command rejected, Bad User!

48. Status Codes 211 System status, or system help reply .
214 Help message.
220 <domain> Service ready.
221 <domain> Service closing transmission channel.
250 Requested mail action okay, completed.
251 User not local; will forward to <forward-path>.
354 Start mail input; end with <CRLF>.<CRLF>.
421 <domain> Service not available, closing transmission channel [This may be a reply to any command if the service knows it must shut down].
450 Requested mail action not taken: mailbox unavailable.
451 Requested action aborted: local error in processing
452 Requested action not taken: insufficient system storage.

49. Status Codes
500 Syntax error, command unrecognized. [This may include errors such as command line too long]
501 Syntax error in parameters or arguments.
502 Command not implemented.
503 Bad sequence of commands.
504 Command parameter not implemented.
550 Requested action not taken: mailbox unavailable.
551 User not local; please try <forward-path>.
552 Requested mail action aborted: exceeded storage allocation.
553 Requested action not taken: mailbox name not allowed [E.g., mailbox syntax incorrect]
554 Transaction failed.

50. Connection Establishment
TCP Connection Establishment

51. Message Progress

52. Connection Termination
TCP Connection Termination

53. Problems with SMTP No inherent security
Authentication
Encryption
Only uses NVT (Network Virtual Terminal) 7-bit ASCII format

54. TOPIC : MIME (Multipurpose Internet Mail Extensions )
By: Cecilia Gomes
COSC 541,DATA COMMUNICATION SYSTEMS & NETWORKS
Instructor: Prof. Anvari (SEU)

55. Multipurpose Internet Mail Extensions ( MIME )
In 1992, a new standard was defined by an Internet Engineering Task Force Working Group - called MIME.
MIME is a specification for enhancing the capabilities of standard Internet electronic mail.

56. When using the MIME standard, messages can contain the following types:
Text messages in US-ASCII.
Character sets other than US-ASCII.
Multi-media: Image, Audio, and Video messages.
Multiple objects in a single message.
Multi-font messages.
Messages of unlimited length.
Binary files.

57. MIME is defined to be completely backwards compatible, yet flexible and open to extensions. Therefore, it builds on the older standard by defining additional fields for the mail message header, that describes new content types, and a distinct organization of the message body.

58. Background
SMPT ( Simple Mail Transfer Protocol ) is widely used around the world, it is the standard protocol for transferring mail between hosts in the TCP/IP suite.

59. However, SMPT has been limited to the delivery of simple text messages which does not meet the rising demand for capability of delivery mail containing various types of data, including voice, images and video clips.
To satisfy this requirement, a new electronic mail standard, which builds on SMPT, has been defined.

60. Limitations of the SMPT scheme
The message may contain only US-ASCII characters
The maximum line length allowed is characters
The message must not be longer than a predefined maximum size
Cannot transmit executable files or other binary objects.

61. Limitations of the SMPT scheme ….contd
It cannot transmit text data that includes national language characters ( 8-bit codes) because it is limited to 7-bit ASCII.
SMPT servers may reject mail message over a certain size.
SMPT gateways that translate between ASCII and the Character code EBCDIC do not use a consistent set of mappings, resulting in translation problems.

62. MIME is compatible with existing implementations
MIME is intended to resolve these problems in a manner that is compatible with exiting implementations.
A number of content formats are defined, thus standardizing representations that support multimedia electronic mail.
Transfer encodings are defined that enable the conversion of any content format that is protected from alteration by the mail system.

63. Technical Specifications
It explicitly describes the set of allowable Content-types.
Text - Used to represent textual information.
Image - this type is for transmitting still images.
Audio- this content type is for transmitting audio or voice data..
Video - The Video content type is for transmission of video data or moving image data.

64. Technical Specifications . .contd
MIME encapsulates binary data in ASCII mail envelope.
Multipart - Used to combine several body parts of possibly different types & subtypes.
Application - Can be used to transmit application data (such as executables) or binary data.

65. MIME defines the following new header fields:
MIME-Version - e.g version: 1.0
Content-Transfer-encoding - which specifies how the data is encoded to allow it to pass through mail transports having data or character set limitations.
Many Content-Types that could be transported by are represented as 8-bit character or binary data. Such data cannot be transmitted over some transport protocols, such as SMTP ( Simple Mail Transfer Protocol is an Internet standard for transporting which restricts mail messages to 7-bit ASCII data). MIME provides re-encoding such data into 7-bit short-line format.

66. Message Fragmentation and Reassembly
allows large entities to be delivered as several separate pieces of mail and automatically reassembled by a receiving user agent.( The concept is similar to IP fragmentation and reassembly in the basic Internet Protocols. )
This makes it possible, for example,to send a large audio message as several partial messages, and still have it appear to the recipient as a simple audio message.

67. File Transfer Protocol
(FTP)

68. CONTENTS CONNECTIONS COMMUNICATION COMMAND PROCESSING FILE TRANSFER
USER INTERFACE
ANONYMOUS FTP

69. FTP uses the services of TCP. It needs two TCP connections
FTP uses the services of TCP. It needs two TCP connections. The well-known port 21 is used for the control connection and the well-known port 20 for the data connection.

70. Figure 20-1
FTP

71. 20.1 Connections: The control connection

72. The Data Connection Uses Server’s well-known port 20
Client issues a passive open on an ephemeral port, say x.
Client uses PORT command to tell the server about the port number x.
Server issues an active open from port 20 to port x.
Server creates a child server/ephemeral port number to serve the client

73. Creating
the data
connection

74. Using the control connection
Figure 20-4
20.2 Communication
Using the control connection

75. NVT
FTP
FTP

76. Format of NVT ASCII characters

77. Format of NVT control characters

78. Using the data connection
Figure 20-5
Using the data connection

79. File Type
ASCII or EBCDIC
Nonprint
TELNET
Image

80. Data Structure
File Structure
Record Structure
Page Structure

81. Transmission Mode
Stream mode
Block mode
Compressed mode

82. 20.3 Command processing
Access Commands
File Management
Data Formatting
Port defining
File transfer
Miscellaneous

83. 20.4 File transfer

84. Figure 20-8
Example 1

85. Figure 20-9
Example 2

86. MIME - Today & Tomorrow
The MIME standard is written to allow todays standard to be extended in certain ways, without having to revise the standard.
Several issues have been left open, and will be defined when their use becomes clearer:

87. e.g. The working group settled on a relatively small set of "legal" character sets, and that several more character sets will inevitably be added to the base set defined in MIME
Also, it is intended that the MIME mechanism will move gracefully into an 8-bit world should 8-bit transport become commonplace in accordance with the mechanisms drafted by the SMTP extensions working group.

88. POP3 vs IMAP
With IMAP, all your mail stays on the server in multiple folders, some of which you have created. This enables you to connect to any computer and see all your mail and mail folders. In general, IMAP is great if you have a dedicated connection to the Internet or you like to check your mail from various locations.
With POP3 you only have one folder, the Inbox folder. When you open your mailbox, new mail is moved from the host server and saved on your computer. If you want to be able to see your old mail messages, you have to go back to the computer where you last opened your mail.
With POP3 "leave mail on server" only your messages are on the server, but with IMAP your folders are also on the server.

89. The TELNET Protocol

90. TELNET vs. telnet
TELNET is a protocol that provides “a general, bi-directional, eight-bit byte oriented communications facility”.
telnet is a program that supports the TELNET protocol over TCP.
Many application protocols are built upon the TELNET protocol.

91. The TELNET Protocol TCP connection
data and control over the same connection.
Network Virtual Terminal
negotiated options

92. Network Virtual Terminal
intermediate representation of a generic terminal.
provides a standard language for communication of terminal control functions.

93. Network Virtual Terminal
Server
Process
NVT
NVT
TCP
TCP

94. Negotiated Options All NVTs support a minimal set of capabilities.
Some terminals have more capabilites than the minimal set.
The 2 endpoints negotiate a set of mutually acceptable options (character set, echo mode, etc).

95. Negotiated Options
The protocol for requesting optional features is well defined and includes rules for eliminating possible negotiation “loops”.
The set of options is not part of the TELNET protocol, so that new terminal features can be incorporated without changing the TELNET protocol.

96. Option examples Line mode vs. character mode echo modes
character set (EBCDIC vs. ASCII)

97. Control Functions
TELNET includes support for a series of control functions commonly supported by servers.
This provides a uniform mechanism for communication of (the supported) control functions.

98. Control Functions Interrupt Process (IP) Abort Output (AO)
suspend/abort process.
Abort Output (AO)
process can complete, but send no more output to user’s terminal.
Are You There (AYT)
check to see if system is still running.

99. More Control Functions
Erase Character (EC)
delete last character sent
typically used to edit keyboard input.
Erase Line (EL)
delete all input in current line.

100. DHCP

101. DHCP Dynamic Host Configuration Protocol (DHCP) From 1993
An extension of BOOTP, very similar to DHCP
Same port numbers as BOOTP
DHCP is the preferred mechanism for dynamic assignment of IP addresses
DHCP can interoperate with BOOTP clients.

102. DHCP Dynamic Host Configuration Protocol
It is a method for assigning Internet Protocol (IP) addresses permanently or to individual computers in an organization’s network
DHCP lets a network administrator supervise and distribute IP addresses from a central point and automatically sends a new IP address when a computer is plugged into a different place in the network

103. Motivation for DHCP Static Vs Dynamic IP
Configuration parameters for network hosts
IP address
Router
Subnet Mask
Others..

104. Dynamic Host Configuration Protocol (DHCP)
Four Key benefits to DHCP:
Centralized administration of IP configuration.
Dynamic host configuration.
Seamless IP host configuration.
Flexibility and scalability.

105. Disadvantages of DHCP
When DHCP server is unavailable, client is unable to access enterprises network
Your machine name does not change when you get a new IP address
Uses UDP, an unreliable and insecure protocol.
DNS cannot be used for DHCP configured hosts.

106. Security problem DHCP is an unauthenticated protocol
When connecting to a network, the user is not required to provide credentials in order to obtain a lease
Malicious users with physical access to the DHCP-enabled network can instigate a denial-of-service attack on DHCP servers by requesting many leases from the server, thereby depleting the number of leases that are available to other DHCP clients

107. Limitations
Some machines on your network need to be at fixed addresses, for example servers and routers
You need to be able to assign a machine to run the DHCP server continually as it must be available at all times when clients need IP access

108. DHCP Interaction (simplified)

109. DHCP Operation
DCHP DISCOVER
DCHP OFFER

110. DHCP Operation DCHP DISCOVER
At this time, the DHCP client can start to use the IP address
Renewing a Lease
(sent when 50% of lease has expired)
If DHCP server sends DHCPNACK, then address is released.

111. DHCP Operation DCHP RELEASE
At this time, the DHCP client has released the IP address

112. BOOTP/DHCP Message Format
(There are >100 different options)

113. DHCP Message Type Value Message Type 1 DHCPDISCOVER 2 DHCPOFFER 3
DHCPREQUEST 4
DHCPDECLINE 5
DHCPACK 6
DHCPNAK 7
DHCPRELEASE 8
DHCPINFORM
Message type is sent as an option.

114. SNMP Simple Network Management Protocol
Chris Francois
CS 417d Fall 1998

115. What is Network Management?
Basic tasks that fall under this category are:
Fault Management
Dealing with problems and emergencies in the network (router stops routing, server loses power, etc.)
Performance Management
How smoothly is the network running?
Can it handle the workload it currently has?
Configuration Management
Keeping track of device settings and how they function

116. What is SNMP?
SNMP is a tool (protocol) that allows for remote and local management of items on the network including servers, workstations, routers, switches and other managed devices.
Comprised of agents and managers
Agent - process running on each managed node collecting information about the device it is running on.
Manager - process running on a management workstation that requests information about devices on the network.

117. Advantages of using SNMP
Standardized
universally supported
extendible
portable
allows distributed management access
lightweight protocol

118. Client Pull & Server Push
SNMP is a “client pull” model
The management system (client) “pulls” data from the agent (server).
SNMP is a “server push” model
The agent (server) “pushes” out a trap message to a (client) management system

119. SNMP & The OSI Model

120. Ports & UDP
SNMP uses User Datagram Protocol (UDP) as the transport mechanism for SNMP messages
Ethernet Frame
IP Packet
SNMP Message
CRC
UDP Datagram
Like FTP, SNMP uses two well-known ports to operate:
UDP Port SNMP Messages
UDP Port SNMP Trap Messages

121. The Three Parts of SNMP
SNMP network management is based on three parts:
SNMP Protocol
Defines format of messages exchanged by management systems and agents.
Specifies the Get, GetNext, Set, and Trap operations
Structure of Management Information (SMI)
Rules specifying the format used to define objects managed on the network that the SNMP protocol accesses
Management Information Base (MIB)
A map of the hierarchical order of all managed objects and how they are accessed

122. Nodes
Items in an SNMP Network are called nodes. There are different types of nodes.
Managed nodes
Typically runs an agent process that services requests from a management node
Management nodes
Typically a workstation running some network management & monitoring software
Nodes that are not manageable by SNMP
A node may not support SNMP, but may be manageable by SNMP through a proxy agent running on another machine
Nodes can be both managed nodes and a management node at the same time (typically this is the case, since you want to be able to manage the workstation that your management application is running on.)

123. Community Names
Community names are used to define where an SNMP message is destined for.
They mirror the same concept as a Windows NT or Unix domain.
Set up your agents to belong to certain communities.
Set up your management applications to monitor and receive traps from certain community names.

124. SNMP Agents Two basic designs of agents
Extendible Agents
Open, modular design allows for adaptations to new management data and operational requirements
Monolithic Agents
not extendible
optimized for specific hardware platform and OS
this optimization results in less overhead (memory and system resources) and quicker execution

125. Proxy & Gateway Agents
Proxy & Gateway Agents extend the capabilities of SNMP by allowing it to:
Manage a device that cannot support an SNMP agent
Manage a device that supports a non-SNMP management agent
Allow a non-SNMP management system to access an SNMP agent
Provide firewall-type security to other SNMP agents (UDP packet filtering)
Translate between different formats of SNMP messages (v1 and v2)
Consolidate multiple managed nodes into a single network address (also to provide a single trap destination)

126. Four Basic Operations Get
Retrieves the value of a MIB variable stored on the agent machine
(integer, string, or address of another MIB variable)
GetNext
Retrieves the next value of the next lexical MIB variable
Set
Changes the value of a MIB variable
Trap
An unsolicited notification sent by an agent to a management application (typically a notification of something unexpected, like an error)

127. Traps
Traps are unrequested event reports that are sent to a management system by an SNMP agent process
When a trappable event occurs, a trap message is generated by the agent and is sent to a trap destination (a specific, configured network address)
Many events can be configured to signal a trap, like a network cable fault, failing NIC or Hard Drive, a “General Protection Fault”, or a power supply failure
Traps can also be throttled -- You can limit the number of traps sent per second from the agent
Traps have a priority associated with them -- Critical, Major, Minor, Warning, Marginal, Informational, Normal, Unknown

128. Trap Receivers
Traps are received by a management application.
Management applications can handle the trap in a few ways:
Poll the agent that sent the trap for more information about the event, and the status of the rest of the machine.
Log the reception of the trap.
Completely ignore the trap.
Management applications can be set up to send off an , call a voice mail and leave a message, or send an alpha-numeric page to the network administrator’s pager that says:
Your PDC just Blue-Screened at 03:46AM. Have a nice day. :)

129. Languages of SNMP Structure of Management Information (SMI)
specifies the format used for defining managed objects that are accessed via the SNMP protocol
Abstract Syntax Notation One (ASN.1)
used to define the format of SNMP messages and managed objects (MIB modules) using an unambiguous data description format
Basic Encoding Rules (BER)
used to encode the SNMP messages into a format suitable for transmission across a network

130. Basic Message Format Message Preamble SNMP Protocol Data Unit
Message Length
Message Version
Message Preamble
Community String
PDU Header
SNMP Protocol Data Unit
PDU Body