Protocols And their functions 


Transmission Control Protocol (TCP) A connection-oriented transport protocol. Connection-oriented transport protocols provide reliable transport, in that if a segment is dropped, the sender can detect that drop and retransmit that dropped segment. Specifically, a receiver acknowledges segments that it receives. Based on those acknowledgments, a sender can determine which segments were successfully received.

TCP operates at the transport layer of the OSI model.
TCP three-way handshake.

1. It sends a message called a SYN to the target host.

2. The target host opens a connection for the request and sends back an acknowledgment message called an ACK (or SYN ACK).

3. The host that originated the request sends back another acknowledgment, saying that it has received the ACK message and that the session is ready to be used to transfer data.


User Datagram Protocol A connectionless transport protocol. Connectionless transport protocols provide unreliable transport, in that if a segment is dropped, the sender is unaware of the drop, and no retransmission occurs. UDP operates at the transport layer


File Transfer Protocol (FTP). Works at the Application layer. FTP provides for the uploading and downloading of files from a remote host running FTP server software. As well as uploading and downloading files, FTP enables you to view the contents of folders on an FTP server and rename and delete files and directories if you have the necessary permissions. One of the big problems associated with FTP is that it is considered insecure. Even though simple authentication methods are associated with FTP, it is still susceptible to relatively simple hacking approaches. In addition, FTP transmits data between sender and receiver in an unencrypted format. Commonly Used FTP Lists the files in the current directory on the remote system cd Changes the working directory on the remote host lcd Changes the working directory on the local host put Uploads a single file to the remote host get Downloads a single file from the remote host put Uploads multiple files to the remote host meet Downloads multiple files from the remote host binary Switches transfers into binary mode ascii Switches transfers into ASCII mode (the default)


Secure File Transfer Protocol. A protocol that transfers files between clients securly,Based on Secure Shell (SSH) technology, provides robust authentication between sender and receiver. It also provides encryption capabilities, which means that even if packets are copied from the network, their contents remain hidden from prying eyes.


Trivial File Transfer Protocol. A variation on FTP is TFTP, which is also a file transfer mechanism. However, TFTP does not have the security capability or the level of functionality that FTP has. TFTP, is most often associated with simple downloads, such as those associated with transferring firmware to a device such as a router and booting diskless workstations. Another feature that TFTP does not offer is directory navigation. TFTP is an application layer protocol that uses UDP, which is a connectionless transport layer protocol. For this reason, TFTP is called a connectionless file transfer method.


Simple Mail Transfer Protocol. SMTP is a protocol that defines how mail messages are sent between hosts. SMTP uses TCP connections to guarantee error-free delivery of messages. SMTP is not overly sophisticated and requires that the destination host always be available. SMTP can be used to both send and receive mail. Post Office Protocol version 3 (POP3) and Internet Message Access Protocol version 4 (IMAP4) can be used only to receive mail.


Hypertext Transfer Protocol. HTTP, is the protocol that enables text, graphics, multimedia, and other material to be downloaded from an HTTP server. HTTP defines what actions can be requested by clients and how servers should answer those requests. HTTP is a connection-oriented protocol that uses TCP as a transport protocol.

Hypertext Transfer Protocol Secure. One of the downsides of using HTTP is that HTTP requests are sent in clear text. For some applications, such as e-commerce, this method to exchange information is unsuitable—a more secure method is needed. The solution is HTTPS, which uses a system known as Secure Socket Layer (SSL), which encrypts the information sent between the client and host.


Post Office Protocol Version 3. A mechanisms for downloading, or pulling, email from a server. They are necessary because although the mail is transported around the network via SMTP, users cannot always immediately read it, so it must be stored in a central location. From this location, it needs to be downloaded or retrieved, which is what POP3 enable you to do. One of the problems with POP3 is that the password used to access a mailbox is transmitted across the network in clear text. This means that if people want to, they could determine your POP3 password with relative ease.


Internet Message Access Protocol Version 4. A mechanisms for downloading, or pulling, email from a server. They are necessary because although the mail is transported around the network via SMTP, users cannot always immediately read it, so it must be stored in a central location. From this location, it needs to be downloaded or retrieved, which is what IMAP4 enable you to do. IMAP4 offers an advantage over POP3. It uses a more sophisticated authentication system, which makes it more difficult for people to determine a password.


Telnet is a virtual terminal protocol. It enables sessions to be opened on a remote host, and then commands can be executed on that remote host. For many years, Telnet was the method by which clients accessed multiuser systems such as mainframes and minicomputers. It also was the connection method of choice for UNIX systems. Today, Telnet is still commonly used to access routers and other managed network devices. One of the problems with Telnet is that it is not secure. As a result, remote session functionality is now almost always achieved by using alternatives such as SSH.


Secure Shell (SSH) is a secure alternative to Telnet. SSH provides security by encrypting data as it travels between systems. This makes it difficult for hackers using packet sniffers and other traffic-detection systems. It also provides more robust authentication systems than Telnet. Two versions of SSH are available: SSH1 and SSH2. Of the two, SSH2 is considered more secure. The two versions are incompatible. If you use an SSH client program, the server implementation of SSH that you connect to must be the same version. Although SSH, like Telnet, is associated primarily with UNIX and Linux systems, implementations of SSH are available for all commonly used computing platforms, including Windows and Macintosh. As discussed earlier, SSH is the foundational technology for Secure File Transfer Protocol (SFTP).


Internet Control Message Protocol. ICMP Is a protocol that works with the IP layer to provide error checking and reporting functionality. In effect, ICMP is a tool that IP uses in its quest to provide best-effort delivery. ICMP can be used for a number of functions. Its most common function is probably the widely used and incredibly useful ping utility, which can send a stream of ICMP echo requests to a remote host. ICMP also can return error messages such as Destination unreachable and Time exceeded. (The former message is reported when a destination cannot be contacted and the latter when the Time To Live [TTL] of a datagram has been exceeded.) ICMP performs source quench. In a source quench scenario, the receiving host cannot handle the influx of data at the same rate as the data is sent. To slow down the sending host, the receiving host sends ICMP source quench messages, telling the sender to slow down. This action prevents packets from dropping and having to be re-sent.


Address Resolution Protocol (ARP). ARP, is responsible for resolving IP addresses to Media Access Control (MAC) addresses. When a system attempts to contact another host, IP first determines whether the other host is on the same network it is on by looking at the IP address. If IP determines that the destination is on the local network, it consults the ARP cache to see whether it has a corresponding entry. The ARP cache is a table on the local system that stores mappings between data link layer addresses (the MAC address or physical address) and network layer addresses (IP addresses).


Reverse Address Resolution Protocol (RARP). Performs the same function as ARP, but in reverse. In other words, it resolves MAC addresses to IP addresses. RARP makes it possible for applications or systems to learn their own IP address from a router or Domain Name Service (DNS) server. Such a resolution is useful for tasks such as performing reverse lookups in DNS.


Network Time Protocol. NTP is the part of the TCP/IP protocol suite that facilitates the communication of time between systems. The idea is that one system configured as a time provider transmits time information to other systems that can be both time receivers and time providers for other systems.


Network News Transfer Protocol. Is a protocol associated with posting and retrieving messages to and from newsgroups. A newsgroup is a discussion forum hosted on a remote system. By using NNTP client software, like that included with many common email clients, users can post, reply to, and retrieve messages. Although web-based discussion forums are slowly replacing newsgroups, demand for newsgroup access remains high. The distinction between web based discussion forums and NNTP newsgroups is that messages are retrieved from the server to be read. In contrast, on a web-based discussion forum, the messages are not downloaded. They are simply viewed from a remote location.


Secure Copy Protocol. Secure Copy Protocol (SCP) is another protocol based on SSH technology. SCP provides a secure means to copy files between systems on a network. By using SSH technology, it encrypts data as it travels across the network, thereby securing it from eavesdropping. It is intended as a more secure substitute for Remote Copy Protocol (RCP). SCP is available as a command-line utility, or as part of application software for most commonly used computing platforms.


Lightweight Directory Access Protocol. Lightweight Directory Access Protocol (LDAP) is a protocol that provides a mechanism to access and query directory services systems. In the context of the Network+ exam, these directory services systems are most likely to be Novell. Directory Services (NDS) and Microsoft’s Active Directory. Although LDAP supports command-line queries executed directly against the directory database, most LDAP interactions are via utilities such as an authentication program (network logon) or locating a resource in the directory through a search utility.


Internet Group Management Protocol. The protocol within the TCP/IP protocol suite that manages multicast groups. It enables, for example, one computer on the Internet to target content to a specific group of computers that will receive content from the sending system. IGMP is used to register devices into a multicast group, as well as to discover what other devices on the network are members of the same multicast group. Common applications for multicasting include groups of routers on an internetwork and videoconferencing clients.


Transport Layer Security. A security protocol designed to ensure privacy between communicating client/server applications. When a server and client communicate, TLS ensures that no one can eavesdrop and intercept or otherwise tamper with the data message. TLS is the successor to SSL. TLS record protocol: Uses a reliable transport protocol such as TCP and ensures that the connection made between systems is private using data encryption. TLS handshake protocol: Used for authentication between the client and server.


Session Initiation Protocol. An application layer protocol designed to establish and maintain multimedia sessions, such as Internet telephony calls. This means that SIP can create communication sessions for such features as audio/videoconferencing, online gaming, and person-to-person conversations over the Internet. SIP does not operate alone; it uses TCP or UDP as a transport protocol.


The Real-time Transport Protocol is the Internet-standard protocol for the transport of real-time data, including audio and video. RTP can use either TCP or UDP as a transport mechanism. However, UDP is used more often because applications using RTP are less sensitive to packet loss but typically are sensitive to delays. UDP, then, is a faster protocol because packet delivery is not guaranteed. RTP is often used with VoIP. VoIP data packets live in RTP packets, which are inside UDP-IP packets. The data part supports applications with real-time properties such as continuous media (such as audio and video), including timing reconstruction, loss detection, security, and content identification. The control part (RTCP) supports real-time conferencing of groups of any size within an internet.


Dynamic Host Configuration Protocol (DHCP), enables ranges of IP addresses, known as scopes, to be defined on a system running a DHCP server application. When another system configured as a DHCP client is initialized, it asks the server for an address. If all things are as they should be, the server assigns an address from the scope to the client for a predetermined amount of time, known as the lease. In addition to an IP address and the subnet mask, the DHCP server can supply many other pieces of information; although, exactly what can be provided depends on the DHCP server implementation. In addition to the address information, the default gateway is often supplied, along with DNS information.


Simple Network Management Protocol. Provides network devices with a method to monitor and control network devices; manage configurations, statistics collection, performance, and security; and report network management information to a management console. Both SNMPv1 and v2 are not secured. SNMPv3 An enhanced SNMP service offering both encryption and authentication services.

SNMP agent

A software component that enables a device to communicate with, and be contacted by, an SNMP management system.

SNMP trap. 

An SNMP utility that sends an alarm to notify the administrator that something within the network activity differs from the established threshold, as defined by the administrator.
NMS (Network Management System) An application that acts as a central management point for network management. Most NMS systems use SNMP to communicate with network devices.


Management Information Base. A data set that defines the criteria that can be retrieved and set on a device using SNMP

SNMP Communities

SNMP communities are logical groupings of systems. When a system is configured as part of a community, it communicates only with other devices that have the same community name. In addition, it accepts Get, Get Next, or Set commands only from an SNMP manager with a community name it recognizes.