Today’s networks use complex protocols to resolve IP addresses, maintain user databases, transfer files, and manage infrastructure devices. In this video, you’ll learn about DHCP, DNS, LDAP and X.500, SNMP, SMB, SSH, and SFTP.
<< Previous Video: Common TCP and UDP PortsNext: An Overview of Wireless Networking Standards >>
If you’ve ever taken your machine and plugged it into the network, booted up and automatically you were able to communicate out to the internet without any additional configuration, then you use DHCP. That stands for dynamic host configuration protocol, and it’s an automated method to provide IP addressing, subnet masking, and other important IP configuration parameters to your device.
This requires on the network that there is a DHCP server somewhere. Usually, if you’re in a home office, this is something that’s already integrated into your router. Something that automatically provides those IP addresses. In larger environments, especially enterprise environments, these might be on active directory servers, or some other large DHCP appliances.
When the DHCP server provides you with that IP address, it also gives you a lease time. You don’t own that IP address permanently, it’s a dynamic IP address, and you can only have it for a certain amount of time. Now fortunately, the DHCP server gives you a chance to check back in as the lease timer is starting to expire, so that you can let the DHCP server know, I’m still here, I’d like to continue to use this IP address.
And that way, the DHCP server knows that you’re there, and it won’t assign that IP address to someone else. Once the lease timer expires, of course, the IP address goes back into the pool, and the next person who connects to the network could receive that IP address. The dynamic IP addresses are great for users that are coming in and turning on their desktop machines.
They can get any IP address they’d like. But servers need to have the same IP address the time. And if you’d like to integrate them also into this automated process of receiving IP addresses, you can set up something called a static DHCP address.
You would simply configure the DHCP server with the MAC address of your web server, and when that web server requests an IP address, the DHCP server says, oh, you’re a web server? I’ve already pre-allocated you an IP address that’s never going to change, and I’m never going to give that IP address out to anyone else. Here’s your static IP address.
This makes it very easy if you have to re-address a bunch of servers in your environment. Instead of going to every console of every server and changing every IP address, which is an involved process, you can simply go directly to the DHCP server. Every single one of the IP addresses is there. You can administratively change anything you would like.
And the next time you start that computer up, it’s going to receive the new IP address, which makes your management process much, much easier. A protocol that we don’t often see, but we rely on it so much is the domain name services protocol, or DNS. This DNS protocol is used to take these names of devices that we know about and convert them into an IP address.
As we go into our browser, we type professormesser.com, we hit Enter, and we get a web page. But behind the scenes, your computer has communicated out to a DNS server and asked for the IP address of professormesser.com. The DNS server provides that to your computer, and from that point forward, your computer uses the IP address of the web server to talk directly to the professormesser.com web server.
So you can obviously assume, then, that this is going to be a very, very important protocol. Nobody’s going to have a list of IP addresses that you have somewhere that you type in when you need to go to a service. You need to know the name. So that DNS server becomes very, very critical. If your DNS server is not working, then you’re not going to be able to communicate to devices using their well known name.
Another protocol that does a lot of work behind the scenes is LDAP. This stands for a Lightweight Directory Access Protocol. It’s a standardized protocol to be able to read and write information to directories over an IP network. These directories are just like you would think of a telephone directory. You remember those, right? Where you have a list of everyone’s name, and next to everyone’s name is a telephone number.
And it might also have a street number. Might be an apartment number. There’s some information in there that identifies that particular person, and gives perhaps more information about that particular person. The standard that is used with LDAP is called X.500. This X.500 specification was one that was created by the international telecommunications union, the ITU.
These are our telecommunications companies. The ones that create those phone directories. These organizations needed some way to quickly find a name and a telephone number. If you call Directory Services looking for the phone number of a particular person, they need a way to look it up very quickly. So they created LDAP as a very standardized way to make that happen.
The original version of this protocol was just called DAP. It was not lightweight. It used the OSI stack to be able to communicate back and forth over these legacy networks. These days we use LDAP. It’s lightweight, and is one that uses TCP/IP ports, TCP 389, and UDP port 389 to be able to communicate.
If you’re authenticating to a Windows Active Directory infrastructure, if you’re using Novell eDirectory, if you’re using Apple Open Directory, they are all using this standardized LDAP protocol. It’s one that you commonly see used on the back end of these enterprise networks. We don’t generally have it in a small environment, a small office, or even at home.
But if you’re plugging into a medium to enterprise size network, you’re almost certainly going to see LDAP being used in the infrastructure. LDAP uses a very easy to read method of sending information. It has an attribute is equal to a particular value. And it puts a number of those pairs in an LDAP string. You can see that the most specific attribute being listed first, and you can see a number of these attributes here.
Something like a common name, an organizational unit, a state, a country, et cetera. So you may see CN equals widget web. That means that the common name of this device is widget web. The OU that this devices is in is marketing. So the organizational unit is marketing. The O, or the organization happens to be widget. The location, the locality is London. The state is London.
The country is GB for Great Britain. The domain component is widget, and another domain component is com. So we can think of widget.com as having this widget web device in the marketing organizational unit, and the other information that’s here. Just by looking at that string of LDAP information, you can get a very good idea of what this device happens to be.
And by looking at that string, you can start to build out the tree of what’s here. LDAP uses this hierarchical method to understand what’s going on. You can see the tree that was built right here, and you can see there’s your CN equals widget web right at the bottom. You have an OU of marketing, and O equals widget. Great Britain, and finally what we call the root of that LDAP tree.
Within this LDAP tree are what we call those container objects. They are containing other things within them. And at the very bottom you’ll see leaf objects like users, or printers, or other devices that we may access. LDAP is relatively complex to set up, and it takes a while to get an understanding of what it’s doing. But it’s a very, very organized way to put a lot of directory information into one cohesive database.
If you’re managing switches and routers and firewalls and other devices on your network, then you’re probably using SNMP to be able to gather health statistics from those devices. SNMP stands for Simple Network Management Protocol, and it really is simple. You might have a management server that’s designed to gather these statistics, and it may send a message to a router that says, how many bytes have you received?
And the router’s going to send back a number that is designated to the request that was made. Later on, that management server may make the same request again five minutes later and say, how many bytes have you now received? And it receives an updated number, and it compares the two.
And it can create graphs, and it can send logs, and it can provide you with alarming and alerting if that number happens to spike up really high, or go down really low. There’s different versions of SNMP. Version one is the original. It used what we call structured tables. Everything was sent in the clear. It was a very, very simple way of gathering those statistics.
But because it was set in the clear, it was not encrypted. So if anybody wanted to see the statistics from those devices, they could certainly do it. Version two was created later on. This was a good next step for SNMP, and it added some enhancements to be able to ask for a lot of information at one time, and get a lot of information back, rather than being these chats that would go on for single queries and single responses.
But unfortunately, still in the clear. Still not encrypted. And that’s why most people these days would like to use SNMP version three. This is the brand new standard that has things like message integrity, so you can be assured that what you’re receiving is what was sent by the other side.
There’s authentication and encryption built into this, so you can be assured that nobody else is going to be able to see these very, very important infrastructure statistics coming from these devices. As you can imagine, the information about the devices in your infrastructure is pretty sensitive information. You don’t want people knowing how your router is configured, what IP addresses are inside of it.
What type of routing protocols it uses. What type of version of the code that is running on that device. Same thing with your switches. Same thing with your firewalls and your servers. SNMP is used to communicate to all of those devices. So if you’re using SNMP in your environment, you want to be sure you’re using the most secure version of SNMP that you can, and you want to be sure that you’re limiting access to this information.
If you’re in a Windows environment, you’re probably using a protocol called SMB. It stands for Server Message Block. This is used by Microsoft Windows to do file sharing, to do printer sharing. It’s the way that Windows sends information between devices that need to transfer files, or need to communicate to servers. You may also see this referred to as CIFS. That is the Common Internet file System. Early versions of Microsoft networking products used SMB, but only over NetBIOS.
There was no way to communicate that SMB communication outside of a subnet unless you were to bridge that information, or switch that information outside of a subnet. These days, we send this SMB information still over NetBIOS, but it’s inside of a TCP/IP packet so that we can then communicate outside of our subnets to separate networks outside of our organization, even around the world.
We use udp/137 and udp/138. we can also use tcp/137 and tcp/139 to perform that communication using NetBIOS inside of TCP/IP. Modern Windows networks, though, don’t need NetBIOS. They don’t need that extra layer within TCP/IP. They can communicate directly using TCP/IP over TCP port 445. And if you’re using SMB in this way, it’s usually called direct host SMB.
If you’ve ever used Telnet to communicate via a terminal screen to another device on the network, then you’ve been communicating that device and sending information over the network that was not encrypted. If anybody got on to the network and was looking at that information, they’d be able to see your username, your password, and any other information that went back and forth.
That’s why these days, we usually use a protocol called SSH. That stands for Secure Shell. This is a way to set up a terminal communication to another device, but the entire communication is encrypted. We can be assured that if somebody grabbed the information in between, they were looking at the packets between those two devices, they would have no idea what was going on.
Because everything from point A to point B was completely encrypted. Not only is our console communication important to encrypt, but our file transfers are also important to encrypt. That’s why you’ll commonly see SFTP being used in many environments. This is a file transfer protocol that is using SSH to be able to communicate. And as we just mentioned, SSH is normally this encrypted terminal communication.
This SFTP is very functional. It allows you to even have graphical displays where you can manage file transfers. You can resume interrupted file transfers. You can manipulate the files that are there. You can rename them. You can add directories. It’s effectively like having the ability that you have on a local machine with a file manager, but you’re using this via SFTP to be able to do it on a remote device.