1

CCM 4300 Lecture 6Computer Networks: Operation and

Application

Dr E. Ever

School of Computing Science

2

Session Content I||| Recap of last session

||| introduction to network management

- motivation- major components

||| Internet network management framework

- MIB: management information base- SMI: data definition language- SNMP: protocol for network management- security and administration

33

Session Content II||| Introduction to Electronic-mail system

||| Simple Mail Transport Protocol (SMTP)- overview - message formats and representation

||| Mail Access protocols - overview of POP3 and IMAP

||| Domain Name server

3

4

Lesson objectives At the completion of this lesson you should be able to

- define and describe what is Network Management

- understand the functions and protocols of network management

- FCAPS SNMP- understand the Internet-mail system- understand what DNS is- describe different method of finding

addresses from the Internet directory server

555

What is network management?||| Network Management as a term has many definitions

dependent on whose operational function is in question (i.e. fault management, accounting management, etc)

Network management includes the deployment, integration, and coordination of the hardware, software, and human elements to monitor, test, poll, configure, analyse, evaluate and control the network and element resources to meet the real-time, operational performance, and Quality of Service (QoS) requirements at a reasonable cost.

Computer Networking: A Top-Down Approach Featuring the Internet 2007

666

What is network management? - cont

||| In general, network management is a service that employs a variety of tools, applications, and devices to assist human network managers in monitoring and maintaining networks.

||| The aim of Network Management is to ensure an almost 100% availability of the network resources.

Network management is the process of operating, monitoring, controlling the network to ensure it works as intended and provides value to its users.

Business Data Communications and Networking 2006

777

Why is network management important? ||| autonomous systems: 100s or 1000s of interacting hardware/software

components

||| other complex systems requiring monitoring, control:

- jet airplane- nuclear power plant What can network management

be used to ensure 100% service?

Failure of an interface card

Host monitoring

Monitoring traffic to aid in resource deployment

Monitoring of Service Level Agreements (SLAs)

Intrusion Detection

888

ISO - FCAPS||| The International Organization for Standardization (ISO) defined a conceptual model for

describing the key functional areas of network management as described in the X.700:

||| The OSI system management framework provides: - an overall management model- a generic information model - guidelines for the definition of managed objects and - a management protocol for the purpose of exchanging management information

between two open system

||| The Management Functions have been classified into Five Management Functional Areas: Fault Management; Configuration Management; Accounting Management; Performance Management; Security Management (FCAPS)

999

||| Fault Management: provides facilities that allow network managers to discover faults in managed devices, the network, and network operation, to determine their cause and to take remedial action (i.e. log, detect and respond) To enable this, fault management provides mechanisms to:

- report the occurrence of faults

- log reports

- perform diagnostic tests

- correct faults (possibly automatically)

||| Configuration Management: allows a network manager to track which devices are on the managed network and the hardware and software configuration of these devices.

ISO – FCAPS - cont

101010

||| Accounting Management: measures network utilisation of individual users or groups to:

- Provide billing information

- Regulate users or groups

- Help keep network performance at an acceptable level

||| Performance Management: measures various aspects of network performance including the gathering and analysis of statistical data about the system so that it may be maintained at an acceptable level (e.g. throughput). Performance management provides the ability to:

- obtain the utilisation and error rates of network devices

- provide a consistent level of performance by ensuring that devices have a sufficient capacity.

||| Security Management: controls access to network resources so that information can not be obtained without authorisation [e.g. firewall, intrusion detection system (IDS), etc]

ISO – FCAPS – cont…..

111111

Infrastructure for network management||| Using human analogy as an example to understand the infrastructure needed for network management

Director of Company

Branch Manager

The Branch Offices

activities

productivity

budget

121212

Infrastructure for network management - cont||| There are three principle components of a network management architecture:

the managing entity (the boss): locus of activity for network management

- it controls collection, processing, analysis, and/or display of network management information

the managed device (the branch office): piece of network equipment (including software) that resides on a managed network

- host, router, printer, etc….

- within managed device, there may be managed objects (e.g. NIC)

- managed objects information stored in Management Information Base (MIB)

- resident in each managed device is a network management agent (the branch manager)

The network management protocol (standard reports and one-on-one dialogues): runs between the managing entity and managed devices

131313

agent data

agent data

agent data

agent data

managed device

managed device

managed device

managed device

managingentity data

networkmanagement

protocol

managed devices containmanaged objects whose data is gathered into a

Management InformationBase (MIB)

managing entity

Infrastructure for network management - cont

141414

Question?

Which of the following are not functions of network management?

A. Fault Management

B. Control Management

C. Configuration Management,

D. Process Management

E. Performance Management

151515

OSI CMIP (Common Management Information Protocol) - defined by the Int. Telecom. Union ITU -T X.700 ||| Common Management Information Protocol||| designed 1980’s in competition with SNMP: the unifying network management standard||| too slowly standardised because of the complexity and resource requirements of its agents and management systems

The Internet SNMP: Simple Network Management Protocol||| Internet roots - Simple Gateway Monitoring Protocol (SGMP) allows commands to be issued to application protocol entities to set or retrieve values (integer or octet string types) for use in monitoring the gateways on which the application protocol entities reside ||| started simple||| deployed, adopted rapidly||| growth: size, complexity||| currently: SNMP V3||| de facto network management standard

Network Management standards

Both are designed to be independent of vendor-specific products and networks

161616

||| Simple Network Management Protocol is an Application layer protocol.

||| Part of the TCP/IP protocol suite.

||| Basic Components of SNMP (i.e. modular by design):

Manager Agent Management Information Base (MIB)

SNMP overview

171717

SNMP overview - cont SNMP Management Station SNMP Agent

1 2 3 4 5 SNMP Manager UDP/TCP IP Network dependent protocols

Management Application

1 2 3 4 5 SNMP Agent UDP/TCP IP Network dependent protocols

Managed Resources

SNMP Managed Objects

Network Or Internet

1. GetRequest 2. GetNextRequest 3. SetRequest 4. GetResponse 5. Trap

MIBMIB

181818

When describing any framework for network management need to address:

||| What (from a semantic view point) is being monitored? And what form of control can be exercised by the network administrator

||| What is the specific form of the information that will be reported and/or exchanged

||| What is the communication protocol for exchanging this information?

SNMP overview - cont

191919

||| Management information base (MIB):- distributed information store of network management

data (no. of IP datagram discarded, CSMA errors in an NIC, descriptive info. of software version, etc.)

||| Structure of Management Information (SMI):- data definition language for MIB objects (i.e. data

types, rules for writing and revising info, etc)

||| SNMP protocol- convey manager<->managed object info, commands

||| Security, administration capabilities- major addition in SNMPv3

SNMP overview: 4 key parts

202020

||| Database containing the information about the elements to be managed.||| MIBs use the notation defined by ASN.1(Abstract Syntax Notation One)

- A standard and flexible notation that describes data structures for representing, encoding, transmitting, and decoding data [similar to Extensible Markup Language (XML) ]

Structure of Management Information Version 2 (SMIv2)" RFC 2578

||| Each resource to be managed is referred as an object.

||| Network manager monitors the resource by reading the values of the objects and controls the objects by modifying these values.

||| Associated with each object in the MIB is an identifier called the OBJECT IDENTIFIER.

-It is used for naming the object.

-It is a unique identifier for a particular object type and its value consists of a sequence of numbers.

Management Information Base (MIB)

2121

||| OID is a numeric string that is used to uniquely identify an object:- It is created by self-extending a private enterprise

number that an institution has acquired. ||| Typical objects that can be identified using OIDs include attributes in MIBS for network management and encryption algorithms:

- Example, as the university defines attributes for local use within directories it will need OID’s to identify these attributes.

||| OIDs are a managed hierarchy starting with ISO and ITU (International Telecommunication Union):

- ISO and ITU delegate OID management to organizations by assigning them OID numbers; these organizations can then assign OIDs to objects or further delegate to other organizations.

Object Identifiers (OIDs)

2222

Object Identifiers (OIDs) - continued

||| OIDs are associated with objects in protocols and data structures defined using ASN.1:

- OIDs that define data structures and protocol elements are generated and processed by client and server

software.||| OIDs are intended to be globally unique:

- They are formed by taking a unique numeric string (e.g. 1.3.5.7.9.24.68) and adding additional digits in a unique fashion

> e.g. 1.3.5.7.9.24.68.1, 1.3.5.7.9.24.68.2, 1.3.5.7.9.24.68.1.3, etc.)

||| An institution will acquire an arc (e.g. 1.3.5.7.9.24.68) and then extend the arc (called subarcs) as indicated above to create additional OID’s and arcs. There is no limit to the length of an OID, and virtually no computational burden to having a long OID

2323

Manager requires Agent's System Name and prepares a GET message for the appropriate OID. It then passes the message to the UDP layer. The UDP layer adds a data block that identifies the manager port to which the response packet should be sent and the port on which it expects the SNMP agent to be listening for messages. Packet is then passed to the IP layer, where a data block with IP and MAC addresses of the manager and the agent is added before assembled packet passes to the Data Link layer. The Data Link layer verifies media access and availability and places the packet on the media for transmission

SNMP Manager SNMP Agent

Application Layer (SNMP)

Transport Layer (UDP)

Network Layer (IP)

Data Link Layer (10BaseT)

Application Layer (SNMP)

Transport Layer (UDP)

Network Layer (IP)

Data Link Layer (10BaseT)

Transmission Medium

Example of Request-Response Message

2424

Packet arrives at the agent. Passes through the same four layers in exactly the opposite order to the SNMP manager. It is extracted from the media. After confirming the packet is intact and valid, the Data Link layer passes it to IP layer. IP layer verifies MAC and IP address, passes it on to UDP layer where the target port is checked for connected applications. If an application is listening at the target port, the packet is passed to the Application layer. If the listening application is the SNMP agent, the GET request is processed. The agent response then follows the identical path in reverse to reach the manager.

Example of Request-Response Message

SNMP Manager SNMP Agent

Application Layer (SNMP)

Transport Layer (UDP)

Network Layer (IP)

Data Link Layer (10BaseT)

Application Layer (SNMP)

Transport Layer (UDP)

Network Layer (IP)

Data Link Layer (10BaseT)

Transport Medium

2525

Object ID (OID)

Name Position of OID in MIB

Comments

1.3.6.1.2.1.7.1 UDPInDatagrams Counter32 # total datagrams

delivered at this node

1.3.6.1.2.1.7.2 UDPNoPorts Counter32 # underliverable datagrams

1.3.6.1.2.1.7.3 UDInErrors Counter32 # undeliverable datagrams; all other reasons

1.3.6.1.2.1.7.4 UDPOutDatagrams

Counter32 # datagrams sent

1.3.6.1.2.1.7.5 udpTable SEQUENCE of IDPEntry

# one entry for each port in use

by app; gives port and IP addresses

MIB example: UDP module

262626

question: how to name every possible standard object (protocol, data, more..) in every possible network standard??

answer: ISO Object Identifier tree: hierarchical naming of all objects: they are,

basically, strings of numbers allocated in a hierarchical manner

each branch point has name, number

1.3.6.1.2.1.7.1ISO

ISO-ident. Org.US DoDInternet

udpInDatagramsUDPMIB2management

SNMP Naming

27

OSI Object Identifier (OID) Tree

Arcs of OID tree1 - ISO assigned OIDs1.3 - ISO Identified Organization1.3.6 - US Department of Defence1.3.6.1 - OID assignments from Internet1.3.6.1.2 - IETF (Internet Engineering Task Force) Management1.3.6.1.2.1 - SNMP MIB21.3.6.1.2.1.7 - udp 1.3.6.1.2.1.7.1 – udpInDatagrams (Total number of UDP datagrams delivered to UDP users

udpInDatagrams (1)udpInDatagrams (1)

udpNoPorts (2)udpNoPorts (2)

udpInErrors(3)udpInErrors(3)

udpOutDatagrams (4)udpOutDatagrams (4)

udpTable(5)udpTable(5)

282828

Two ways to convey MIB info, commands:

SNMP protocol

•The trap message is sent by the management agent to the managing entity (and requires no response from the managing entity).

•A request-response message is sent by the managing entity, with the response coming back from the management.

292929

Two ways to convey MIB info, commands:

agent data

Managed device

managingentity

response

request

request/response mode

agent data

Managed device

managingentity

trap msg

trap mode

SNMP protocol

Overhead?

Lost Messages?

Response time?

303030

SNMPv2 protocol: message types

GetRequestGetNextRequestGetBulkRequest

Mgr-to-agent: “get me data”(instance,next in list, block)

Message type (PDUProtocol data unit )

Function

InformRequest Mgr-to-Mgr: here’s MIB value

SetRequest Mgr-to-agent: set MIB value

Response Agent-to-mgr: value, response to Request

Trap Agent-to-mgr: inform managerof exceptional event

31

SNMP security and administration

||| SNMP v1 and v2 implementations employ plaintext passwords, known as “community strings,” to enable authentication services

Use of plaintext is inherently insecure. It allows an eavesdropper to run a sniffer, learn the SNMP community string and “become” an administrator. In turn, the eavesdropper can perform any action permitted by SNMP, including the manipulation of network devices.

||| SNMPv3 adds security to the protocol -- not as a replacement for earlier versions of SNMP, but as an added feature set.

||| SNMPv3's security header implements the User Security Model (USM), which provides confidentiality, integrity, authentication and access control for network management communications.

32

||| Confidentiality is provided through the use of Data Encryption Standard (DES) which is quite an advantage over plaintext.

||| Integrity service is provided through the use of the Hashed Message Authentication Code algorithm in conjunction with one of two secure hash functions:

MD5 [a 128-bit message digest from data input (which may be a message of any length) that is as unique to that specific data as a fingerprint is to the specific individual] or the Secure Hash Algorithm (SHA-1). Hash algorithms compute a fixed-length digital representation (known as a message digest) of an input data sequence (the message) of any length. e.g., the domain is "flattened" and "chopped" into "words" which are then "mixed" with one another using carefully chosen mathematical functions. Use of the hashes ensures that the SNMP devices know the communication wasn't altered while in transit (either accidentally or maliciously).

SNMP security and administration-continued

33

||| SNMPv3's User Security Model (USM) also allows for user-based authentication and access control.

||| Administrators can create specific accounts for each SNMP user and grant privileges through those user accounts:

For example, you might grant an operator the ability to monitor device status, but reserve modification privileges for network engineers. This has a significant impact on the security of the system by increasing accountability for user actions. It also facilitates the exclusion of a user from the system without requiring the reconfiguration of all SNMP devices

SNMP security and administration-continued

34

Have a 10 min break

3535

Email: an introduction||| Electronic mail (or e-mail) was one of the earliest applications on the Internet and is still among the most heavily used today

||| From a general perspective, e-mail refers to the concept of creating, sending, and storing messages or documents electronically.

||| Why is e-mail more popular then your regular “snail mail”?

1. Fast delivery compared to regular post and can include HTML formatted text, images, sound and even video

2. Cost – e-mail cost virtually nothing compared to regular post or telephone call charge

3. E-mail can substitute for the telephone – avoiding the process of repeatedly exchanging voice mail messages

4. Effective for people working in different time zones.

?

363636

||| Nearly every computer system has a program that servers as an interface for e-mail service called user agents (sometimes referred to as e-mail reader)

- compose, read, save, forward, etc

||| In addition, a local system’s e-mail service also supports background process

- how incoming and outgoing e-mail messages are stored

- how users are presented with incoming e-mail

- how often delivery of out going messages is attempted

||| The only activity that is not performed by the local user agent is message delivery across a network, which is defined by a mail application protocol

||| Three commonly used standard for message delivery are SMTP (Simple Mail Transfer Protocol), X.400 and Common Messaging Calls (CMC)

Email Introduction - cont

373737

Internet–mail system||| Three major components: user

agent, mail servers, and the SMTP

mai ls e r ve r

us e rage nt

us e rage nt

us e rage nt

mai ls e r ve r

us e rage nt

us e rage nt

mai ls e r ve r

us e rage nt

S M T P

S M T P

S M T P

mai ls e r ve r

mai ls e r ve r

us e rage ntus e r

age ntus e r

age nt

us e rage ntus e r

age ntus e r

age nt

us e rage ntus e r

age ntus e r

age ntmai l

s e r ve rmai l

s e r ve rmai l

s e r ve r

us e rage ntus e r

age ntus e r

age ntus e r

age ntus e r

age ntus e r

age nt

mai ls e r ve r

mai ls e r ve r

mai ls e r ve r

us e rage ntus e r

age ntus e r

age nt

S M T PS M T P

S M T PS M T P

S M T PS M T P

Outgoing message queueUser mailbox

Mail Servers

||| mailbox contains incoming messages (yet to be read) for user

||| message queue of outgoing (to be sent) mail messages

||| smtp protocol between mail servers to send email messages (i.e. two sides a client side and server side)

- client: sending mail server- “server”: receiving mail

server

383838

Electronic Mail - user agent

Remember: Three major components:

user agents mail servers simple mail transfer

protocol: SMTP

User Agent (UA) also called “mail reader”

composing, editing, reading mail messages; e.g., Eudora (e-mail client used on MS Windows and Apple Mac operating systems), Outlook, elm (e-mail client used on Unix), Netscape Messenger

outgoing, incoming messages stored on server

user mailbox

outgoing message queue

mailserver

useragent

useragent

useragent

mailserver

useragent

useragent

mailserver

useragent

SMTP

SMTP

SMTP

393939

Electronic Mail: mail servers Mail Servers

mailbox contains incoming messages for user

message queue of outgoing (to be sent) mail messages

SMTP protocol between mail servers to send email messages

client: sending mail server

“server”: receiving mail server

mailserver

useragent

useragent

useragent

mailserver

useragent

useragent

mailserver

useragent

SMTP

SMTP

SMTP

404040

Electronic Mail: SMTP [RFC 2821]||| Uses to reliably transfer e-mail message from client to server, port

25||| Direct transfer: sending server to receiving server

(i.e. does not normally use intermediate mail servers) ||| Three phases of transfer

- handshaking (greeting)- transfer of messages- Closure

||| Command/response interaction- commands: ASCII text- response: status code (HTTP response)

and phrase (a three-digit number) ||| Messages must be in TEXT, TEXT DOS or 7-bit ASCII

(American Standard Code for Information Interchange) - meaning it uses patterns of seven binary digits (a range of 0 to 127 decimal) to represent each character -

- 1 extra bit for parity digit or check bit

TCP

mailservermail

servermail

servermail

servermail

servermail

serverInternet

SMTP

414141

Internet

Basic Operation of SMTP

Alice invokes her user agent for e-mail, provides e-mail address (e.g. bart@ mdx.ac.uk) compose and then sends the message via user agent

Alice’s user agent sends message to her email server - placed in a message queue

The client side of SMTP opens a TCP connection to an SMTP server

After some initial SMTP handshaking, the SMTP client sends Alice’s message into the TCP connection

At Bart’s mail server host, the server side of SMTP receives the message - places the message in Bart’s mailbox

Bart invokes his user agent to read the message at his convenience

mailserver

mailserver

Alice’s mail server

SMTP

mailserver

mailserverBart’s mail

server

424242

Sample SMTP Interaction

S: 220 tim.mdx.ac.uk C: HELO laa.ly S: 250 Hello laa.ly, pleased to meet you C: MAIL FROM: <jay@laa.ly> S: 250 jay@laa.ly... Sender ok C: RCPT TO: < tim @mdx.ac.uk> S: 250 tim@mdx.ac.uk ... Recipient ok C: DATA S: 354 Enter mail, end with "." on a line C: Do you like ketchup? C: How about pickles? C: . S: 250 Message accepted for delivery C: QUIT S: 221 tim@mdx.ac.uk closing connection

||| Example transcript between client (C) {Jay@laa.ly} and server (S) {tim@mdx.ac.uk} as soon as the TCP connection is established

||| Commands issued by client:

HELO – identifies SMTP sender to SMTP receiver

MAIL FROM – begins mail exchange by identifying originator

RCPT TO – identifies mail recipient

DATA – signifies message follows

QUIT – Ends current session

||| Reply codes issued by server:

220- Service ready

221- Closing transmission

250 – Requested action ok

354 – end with <crlf>.<crlf>

434343

Scenario 2: Alice sends message to Bob

1) Alice uses UA to compose message “to” bob@someschool.gov.uk

2) Alice’s UA sends message to her mail server; message placed in message queue

3) Client side of SMTP opens TCP connection with Bob’s mail server

4) SMTP client sends Alice’s message over the TCP connection

5) Bob’s mail server places the message in Bob’s mailbox

6) Bob invokes his user agent to read message

useragent

mailserver

mailserver user

agent

1

2 3 4 56

444444

Sample SMTP interaction

S: 220 mdx.ac.uk C: HELO clubs.ly S: 250 Hello clubs.ly, pleased to meet you C: MAIL FROM: <alice@clubs.ly > S: 250 alice@clubs.ly... Sender ok C: RCPT TO: <bob@mdx.ac.uk > S: 250 bob@mdx.ac.uk ... Recipient ok C: DATA S: 354 Enter mail, end with "." on a line by itself C: Hi, my name is ….. C: how about if we meet in …. C: . S: 250 Message accepted for delivery C: QUIT S: 221 mdx.ac.uk closing connection

454545

SMTP: Recap SMTP uses persistent

connections – i.e., using the same TCP connection to send and receive multiple HTTP requests/responses, as opposed to opening a new connection for every single request/response pair

SMTP requires message (header & body) to be in 7-bit ASCII

SMTP server uses CRLF.CRLF(Carriage Return and Line Feed) to determine end of message because the dialogue is character based

Comparison with HTTP: HTTP: pull while SMTP: push

both have ASCII command/response interaction, status codes

HTTP: each object encapsulated in its own response msg

SMTP: multiple objects sent in multipart msg

464646

Mail message format

SMTP: protocol for exchanging email msgs

RFC 822: standard for text message format:

header lines, e.g., To: From: Subject:different from SMTP

commands!body

the “message”, ASCII characters only

header

body

blankline

474747

Message format: multimedia extensions MIME: Multimedia Mail Extension, RFC 2045, 2056 additional lines in msg header declare MIME content type

From: alice@clubs.lyTo: bob@mdx.ac.uk Subject: Picture of yummy crepe. MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Type: image/jpeg

base64 encoded data ..... ......................... ......base64 encoded data

multimedia datatype, subtype,

parameter declaration

method usedto encode data

MIME version

encoded data

MIME: Multipurpose Internet Mail Extensions

484848

||| Text

- textual information

||| Image

- image data ||| Audio

- audio data

||| Video

- video data

||| Application- any application-specific data that doesn't fall into the previous categories

||| Multipart

- an encoding that allows multiple items, potentially of different types, to be concatenated together (this is how mail messages with attachments are sent)

||| Message

- an e-mail message, mostly used with the RFC822 subtype

||| The Content-Type field is used to specify the nature of the data in the body of a MIME entity, by giving the media type and subtype names.

||| Currently there are 7 top-level types defined:

MIME(Multipurpose Internet Mail Extensions)Types

49

||| Text- example subtypes: plain, html

||| Image- example subtypes: jpeg, gif

||| Audio - requires an audio output

device to render the contents

- example subtypes: basic (8-bit mu-law encoded), 32kadpcm (32 kbps coding)

||| Video

- example subtypes: mpeg, quicktime

||| Application- other data that must be

processed by reader before “viewable”

- example subtypes: msword. mspowerpoint, etc

||| For each of the 7 types, there is a list of associated subtypes, such as text/html, text/xml and text/plain that are dependent on the top type. Five of these types is as follows:

MIME(Multipurpose Internet Mail Extensions)Types - continued

505050

Multipart Type||| Just as a web page, an e-mail message can contain many objects too

||| Internet e-mail, places all the objects (or “parts”) in the same message

||| When multimedia message contains more than one object (e.g. images, ASCII text and some images), the message typically has Content-type: multipart/mixed

||| This content type header line indicates to the receiving agent that the message contains multiple objects

||| Receiving agent needs a means to determine

- where each object begins

- how each non ASCII was transfer-encoded

- the content type of each message

||| This is done by placing boundary characters between each object and preceding each object in the message with Content-type and Content-Transfer-Encoding: header lines

515151

From: jay@laa.ly To: tim@mdx.ac.uk Subject: Picture of yummy crepe. MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=StartofNextPart -- StartofNextPart Content-Transfer-Encoding: quoted-printableContent-Type: text/plain

Dear Bob, Please find a picture of a crepe.-- StartofNextPart Content-Transfer-Encoding: base64Content-Type: image/jpeg

base64 encoded data ..... ......base64 encoded data -- StartofNextPart Let me know if you would like the recipe .

Multipart Type - cont||| Example showing some ASCII text, followed by JPEG image, and more ASCII text

525252

Mail access protocols

SMTP: delivery/storage to receiver’s server

Mail access protocol: retrieval from server

Application-layer Internet standard protocol used by local e-mail clients to retrieve e-mail from a remote server over a TCP/IP connection.

POP: Post Office Protocol [RFC 1939] authorisation (agent <-->server) and download

IMAP: Internet Mail Access Protocol [RFC 1730] more features (more complex) manipulation of stored msgs on server

HTTP: Hotmail , Yahoo! Mail, etc.

useragent

sender’s mail server

useragent

SMTP SMTP accessprotocol

receiver’s mail server

535353

POP3 protocolauthorisation phaseclient commands:

user: declare username

pass: passwordserver responses

+OK -ERR

transaction phase, client:list: list message numbersretr: retrieve message by

numberdele: deletequit

C: list S: 1 498 S: 2 912 S: . C: retr 1 S: <message 1 contents> S: . C: dele 1 C: retr 2 S: <message 1 contents> S: . C: dele 2 C: quit S: +OK POP3 server signing off

S: +OK POP3 server ready C: user bob S: +OK C: pass hungry S: +OK user successfully logged on

545454

POP3 (more) and IMAPMore about POP3Previous example uses “download and delete” mode.Bob cannot re-read e-mail if he changes client“Download-and-keep”: copies of messages on different clientsPOP3 is stateless across sessions

IMAPKeep all messages in one place: the serverAllows user to organise messages in foldersIMAP keeps user state across sessions:

names of folders and mappings between message IDs and folder name

555555

Secure e-mail

• generates random symmetric private key, KS.• encrypts message with KS

• also encrypts KS with Bob’s public key.• sends both KS(m) and eB(KS) to Bob.

• Alice wants to send secret e-mail message, m, to Bob.

KS( ).

KB( ).++ -

KS(m )

KB(KS )+

m

KS

KS

KB+

Internet

KS( ).

KB( ).-

KB-

KS

mKS(m )

KB(KS )+

565656

Secure e-mail (continued)• Alice wants to provide sender authentication message integrity.

• Alice digitally signs message.• sends both message (in the clear) and digital signature.

H( ). KA( ).-

+ -

H(m )KA(H(m))-

m

KA-

Internet

m

KA( ).+

KA+

KA(H(m))-

mH( ). H(m )

compare

575757

Secure e-mail (continued)

• Alice wants to provide secrecy, sender authentication, message integrity.

Note: Alice uses both her private key, Bob’s public key.

H( ). KA( ).-

+

KA(H(m))-

m

KA-

m

KS( ).

KB( ).+

+

KB(KS )+

KS

KB+

Internet

KS

58

Have a 5 min break

595959

DNS: Domain Name System

People: many identifiers: SSN, name, passport

#Internet hosts, routers:

IP address (32 bit) - used for addressing datagrams

“name”, e.g., ww.yahoo.com - used by humans

Q: map between IP addresses and name ?

Domain Name System: distributed database

implemented in hierarchy of many name servers

application-layer protocol host, routers, name servers to communicate to resolve names (address/name translation)

note: core Internet function, implemented as application-layer protocol

complexity at network’s “edge”

606060

DNS

Why not centralise DNS?single point of failuretraffic volumedistant centralised databasemaintenance

doesn’t scale!

DNS servicesHostname to IP address translationHost aliasing

Canonical and alias names

Mail server aliasingLoad distribution

Replicated Web servers: set of IP addresses for one canonical name

616161

Root DNS Servers

com DNS servers org DNS servers edu DNS servers

ucl.ac.ukDNS servers

ucla.eduDNS servers

yahoo.comDNS servers

amazon.comDNS servers

pbs.orgDNS servers

Distributed, Hierarchical Database

Client wants IP for www.amazon.com; 1st approx: Client queries a root server to find com DNS server Client queries com DNS server to get amazon.com DNS

server Client queries amazon.com DNS server to get IP

address for www.amazon.com

626262

DNS: Root name serverscontacted by local name server that can not resolve name root name server:There are currently 13 root name servers specified, with names in the form letter.root-servers.net

contacts authoritative name server if name mapping not known gets mapping returns mapping to local name server

13 root name servers worldwide

b USC-ISI Marina del Rey, CAl ICANN Los Angeles, CA

e NASA Mt View, CAf Internet Software C. Palo Alto, CA (and 17 other locations)

i Autonomica, Stockholm (plus 3 other locations)

k RIPE London (also Amsterdam, Frankfurt)

m WIDE Tokyo

a Verisign, Dulles, VAc Cogent, Herndon, VA (also Los Angeles)d U Maryland College Park, MDg US DoD Vienna, VAh ARL Aberdeen, MDj Verisign, ( 11 locations)

636363

TLD and Authoritative Servers

Top-level domain (TLD) servers: responsible for com, org, net, edu, gov, int, etc, and all top-level country domains uk, fr, ca, jp, ly. Network solutions maintains servers for com

TLD Educause for edu TLD

Authoritative DNS servers: organisation’s DNS servers, providing authoritative hostname to IP mappings for organisation’s servers (e.g., Web and mail). Can be maintained by organisation or service

provider

646464

Local Name Server Does not strictly belong to hierarchy Each ISP (residential ISP, company, university) has

one. Also called “default name server”

When a host makes a DNS query, query is sent to its local DNS server Acts as a proxy, forwards query into

hierarchy.

656565

requesting hostcs.mdx.ac.uk

gaia.cs.umass.edu

root DNS server

local DNS serverdns.cs.mdx.ac.uk

1

2

45

6

authoritative DNS serverdns.cs.ucl.ac.uk

7

8

TLD DNS server

3

Types of queriesrecursive query:puts burden of name resolution on contacted name server

heavy load?

iterative query:contacted server replies with name of server to contact

“I don’t know this name, but ask this server”

666666

requesting hostcs.mdx.ac.uk

bob.cs.ucl.ac.uk

root DNS server

local DNS serverdns.mdx.ac.uk

1

23

4

5

6

authoritative DNS serverdns.cs.ucl.ac.uk

78

TLD DNS server

ExampleHost at cs.mdx.ac.uk wants IP address for bob.cs.ucl.ac.uk

676767

DNS: caching and updating records

once (any) name server learns mapping, it caches mapping cache entries timeout (disappear) after

some time TLD servers typically cached in local

name servers Thus root name servers not often visited

update/notify mechanisms under design by IETF RFC 2136 http://www.ietf.org/html.charters/dnsind-charter.html

686868

DNS protocol, messagesDNS protocol: query and reply messages, both with same message format

msg headeridentification: 16 bit # for query, reply to query uses same #

flags: query or reply recursion desired recursion available reply is

authoritative

Resource Records (RR)

696969

DNS protocol, messages

Name, type fields for a query

RRs in reponseto query

records forauthoritative servers

additional “helpful”info that may be used

707070

Inserting records into DNSExample: just created startup “Network Consultancy firm”Register name networkconsultancyfirm.co.uk at a registrar (e.g.,

Network Solutions)

Need to provide registrar with names and IP addresses of your authoritative name server (primary and secondary)

Registrar inserts two RRs into the co.uk TLD server:

(networconsultancyfirm.co.uk, dns1.networconsultancyfirm.co.uk, NS)

(dns1. networconsultancyfirm.co.uk, 212.212.212.1, A)

Put in authoritative server Type A record for www. networkconsultancyfirm.co.uk.com and Type MX record for networkconsultancyfirm.co.uk

How do people get the IP address of your Web site?

7171

Finding an IP can be as easy as looking at the full headers of email that they've sent you, or monitoring network connections for certain types of instant messaging and chat applications. Web sites routinely get IP address information for all visitors. The very nature of how the internet works dictates that when two computers talk to each other, they know each other's IP addresses. But once an IP address is received, what can you tell about it?

Some IP's are easy - they're static, and have a DNS name associated with them. For example, in a Windows XP Command Shell, enter the following command:

ping -a 17.254.3.183 The “-a” switch tells ping to do a “reverse DNS lookup”,

and print the first domain name it finds associated with the IP address you've specified.

How do people get the IP address of your Web site?

72

How do people get the IP address of your Web site? - continued If the ping doesn't return a domain name, we then go to ARIN (American Registry for Internet Numbers) and use their IP “whois” tool: If an IP address, e.g., 206.124.145.17 is entered, we'll find that it's part of a block of addresses assigned to an ISP. To determine who actually uses that IP address the ISP is contacted, otherwise, the physical location of a machine at a specific IP address is not easy to determine. (CIDR? VLSM?) An IP address may, or may not, identify a specific computer. In many cases, such as large corporations, it identifies a gateway that acts as a router or proxy for any number of computers:

Behind the gateway, the computers can all see each other, but from the Internet the individual machines are indistinguishable from each other ... they all look like they come from the same IP address. Same is true when using a router at home. You might have any number of computers behind it, but from the internet, it appears as if you have only one IP address. Your individual computers are not directly accessible by default.