UNIT 6: APPLICATION LAYER

Answer own Innovation, Creativity & Tinkering.

Check it Spend Time
S.No. Contents (if Study)
Page
in Hour
6.1 Functions of Application layer 1 1
Application Layer Protocols: DNS, DHCP, WWW, HTTP,
6.2 1 2
HTTPs, TELNET, FTP, SMTP, POP, IMAP
Concept of traffic analyzer: MRTG, PRTG, SNMP. Packet
6.3 82 2
tracer, Wireshark.
- ----- - -------------------------- ---------------- ------------------------------------- ---------------------------------- ---------

6.1 Functions of Application layer

The application layer is the highest abstraction layer of the TCP/IP model that provides the interfaces
and protocols needed by the users. It combines the functionalities of the session layer, the presentation layer and
the application layer of the OSI model.
The functions of the application layer are −
• It facilitates the user to use the services of the network.
• It is used to develop network-based applications.
• It provides user services like user login, naming network devices, formatting messages, and e-mails,
transfer of files etc.
• It is also concerned with error handling and recovery of the message as a whole.
The following diagram shows the transport layer in the TCP/IP protocol suite −

Application Layer Protocols: DNS, DHCP, WW W, HTTP, HTTPs, TELNET,

6.2
FTP, SMTP, POP, IMAP

An application layer protocol defines how application processes (clients and servers), running on different end
systems, pass messages to each other. In particular, an application layer protocol defines:

• The types of messages, e.g., request messages and response messages.

• The syntax of the various message types, i.e., the fields in the message and how the fields are delineated.
• The semantics of the fields, i.e., the meaning of the information that the field is supposed to contain;
• Rules for determining when and how a process sends messages and responds to messages.

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 71

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 6: APPLICATION LAYER
Answer own Innovation, Creativity & Tinkering.

1. DNS:
Domain Name System (DNS) − It is a naming system for devices in networks. It provides services for
translating domain names to IP addresses.
1. Name Server (DNS- Domain Name System)
• All system communicate using IP(Numbers)
• Numbers are difficult to remember for human beings than name
• Internet is very large there are millions of computer and servers
• Naming system is introduced(in 1983) for mapping of Host Name to IP address
• In DNS server, there is library procedure (program) called resolver that converts host name to IP.
• ICANN (Internet Corporation for Assigned Names and Numbers) is responsible for managing the
DNS in internet.
• Domain names are unique

1.1. Name Spaces(Domain Name)

• Divided into 2 :
1. Flat Structure
2. Hierarchical Structure
• Hierarchical structure is used.
• Name space have tree structure.
• Example : www.xyz.com
• Here xyz.com is managed by central authority(ICANN) and www is name
given by organization(here xyz)

1.1.1. Domain Name Space

• Inverted Tree Structure, contains
0 to127 (128)levels
• 0 is root level
• Internet have nearly 250 toplevel
domains, where each
Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 72
“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 6: APPLICATION LAYER
Answer own Innovation, Creativity & Tinkering.
domain covers many hosts
• Each domain is partitioned into
subdomains, and these are
further partitioned, and so on
com, edu, gov are example of top
level domain

1.1.2. Domain Name

• All label is terminated by a null
string(.), it is called a FQDN (Fully
Qualified Domain Name)
• Example: challenger.ate.tbda.edu.
• Label is not terminated by a null
string, it is called a PQDN (Partially
Qualified Domain Name)
• A PQDN starts from a node, but it
does not reach the root
• Example : challenger.ate.tbda.edu
• NB: .(dot) Is called root server

1.1.3. Zone
• Zone will keep track of all nodes in domain and all sub-domains under the domain.

1.2. Servers
• Root Server
• A root server is a server whose zone consists of the whole tree
• A root server usually does not store any information about domains but delegates its authority to other
servers
• DNS defines two types of servers
1. Primary Server
• A primary server is a server
• That stores a file about the zone for which it is an authority
• It is responsible for creating, maintaining, and updating the zone file
2. Secondary Server
• A secondary server is a server that transfers the complete information about a zone from
another server (primary or secondary) and stores the file on its local disk

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 73

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 6: APPLICATION LAYER
Answer own Innovation, Creativity & Tinkering.
1.3. Query
• DNS has two types of messages
1. Query - sent by DNS client to server, Query message consists of a header and question records
2. Response – sent by DNS server to client, Response message consists of a header, question, records,
answer records, authoritative records, and additional records
• Query is a question to the server, Client ask about the IP address of the mentioned URL
• Response is answer to the question provided by client from server, i.e. it sent information (IP address) of the
mentioned URL.

2. DHCP:
DHCP(Dynamic Host Configuration Protocol)
• Two possible way for configuring IP are:
1. Manually
2. Dynamically (DHCP)
• DHCP is service that provide IP addresses.
• Server that runs DHCP service is DHCP servers.
• Client that uses DHCP server for IP configuration is DHCP clients.
• DHCP server uses UDP port 67
• DHCP client uses UDP port 68

2.1. DHCP Operation

2.1.1. DHCP Discover Packet

• Sent by DHCP client to DHCP server (Broadcasting).
• DHCP client (computer or device which wants IP) broadcast broadcasts a request for an IP address on
its network. It does this by using a DHCP DISCOVER packet.
• Packet must reach the DHCP server.
• A DHCP client may also request its last-known IP address with discover packet.
• DHCP discovers packet is for checking weather DHCP server is available in network and IP address
lease request.
2.1.2. DHCP Offer Packet
• Sent by DHCP server to DHCP client (Unicasting)
• When a DHCP server receives a DHCPDISCOVER message from a client, which is an IP address
lease request, the server reserves an IP address for the client and makes a lease offer by sending a
DHCPOFFER message to the client
• This message contains the client's MAC address, the IP address that the server is offering, the subnet
mask, the lease duration, and the IP address of the DHCP server making the offer

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 74

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 6: APPLICATION LAYER
Answer own Innovation, Creativity & Tinkering.
2.1.3. DHCP Request Packet
• Sent by DHCP client to DHCP servers (Broadcasting)
• In response to the DHCP offer, the client replies with a DHCP request, broadcast to the server,
requesting the offered address.
• A client can receive DHCP offers from multiple servers, but it will accept only one DHCP offer
• Based on required server identification option in the request and broadcast messaging, servers are
informed whose offer the client has accepted.
• When other DHCP servers receive this message, they withdraw any offers that they might have made
to the client and return the offered address to the pool of available addresses.

5.1.4. DHCP Acknowledgement Packet

• Sent by DHCP servers to DHCP client (Unicasting)
• When the DHCP server receives the DHCP REQUEST message from the client, the configuration
process enters its final phase.
• The acknowledgement phase involves sending a DHCP ACK packet to the client.
• This packet includes the lease duration and any other configuration information that the client might
have requested.
• At this point, the IP configuration process is completed

3. WWW:
 This is a protocol used mainly to access data on the World Wide Web (www).
 The Hypertext Transfer Protocol (HTTP) the Web's main application-layer protocol although current
browsers can access other types of servers
 A respository of information spread all over the world and linked together.
 The HTIP protocol transfer data in the form of plain text, hyper text, audio, video and so on.
 HTTP utilizes TCP connections to send client requests and server replies.
 it is a synchronous protocol which works by making both persistent and non persistent connections.
4. HTTP:
Hyper Text Transfer Protocol, HTTP − It is the underlying protocol for world wide web. It defines how
hypermedia messages are formatted and transmitted.

• The Hypertext Transfer Protocol (HTTP) is a protocol used mainly to access data on the World Wide
Web(WWW)
• It is similar to FTP because it transfers files and uses the services of TCP.
• It uses only one TCP connection
• HTTP uses the services of TCP on well-known port 80
• Accessing of web page is based on URL

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 75

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 6: APPLICATION LAYER
Answer own Innovation, Creativity & Tinkering.
4.1. WWW Architecture

4.2. HTTP Transaction

• HTTP transaction between the client and server
• There are 2 transaction messages
• Request (sent from client to server for requesting a Page or other resource)
• Response (sent from server to client )

4.2. HTTP Transaction Figure

4.2.1 Message Format

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 76

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 6: APPLICATION LAYER
Answer own Innovation, Creativity & Tinkering.
5. HTTPs:
 Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol
(HTTP). It is used for secure communication over a computer network, and is widely used on the
Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security
(TLS) or, formerly, its predecessor, Secure Sockets Layer (SSL). The protocol is therefore also
often referred to as HTTP over TLS, or HTTP over SSL.
 The principal motivations for HTTPS are authentication of the accessed website, protection of
the privacy and integrity of the exchanged data while in transit. It protects against man-in-the-
middle attacks.
 HTTPS creates a secure channel over an insecure network. This ensures reasonable protection
from eavesdroppers and man-in-the-middle attacks, provided that adequate cipher suites are used
and that the server certificate is verified and trusted.
 Therefore, a user should trust an HTTPS connection to a website if and only if all of the
following are true:
o The user trusts that the browser software correctly implements HTTPS with correctly pre-
installed certificate authorities.
o The user trusts the certificate authority to vouch only for legitimate websites.
o The website provides a valid certificate, which means it was signed by a trusted authority.
o The certificate correctly identifies the website (e.g., when the browser visits "
https://www.tribhuvan-university.edu.np/", the received certificate is properly for "
tribhuvan-university.edu.np " and not some other entity).
o The user trusts that the protocol's encryption layer (SSL/TLS) is sufficiently secure
against eavesdroppers.
6. TELNET:
TELNET − It provides bi-directional text-oriented services for remote login to the hosts over the
network. TELNET (Terminal Network):
• TELNET is client-server application that allows a user to log onto remote machine and lets the user to
access any application program on a remote computer.
• TELNET uses the NVT (Network Virtual Terminal) system to encode characters on the local system.
• On the server (remote) machine, NVT decodes the characters to a form acceptable to the remote
machine.
• TELNET is a protocol that provides a general, bi-directional, eight-bit byte oriented communications
facility.
• Many application protocols are built upon the TELNET protocol
• Telnet services are used on PORT 23.

7. FTP:
File Transfer Protocol, FTP − It is a client-server based protocol for transfer of files between client and
server over the network.
• File Transfer Protocol (FTP) is the standard mechanism provided by TCP/IP for copying a file from
one host to another.
• FTP establishes two connections between the hosts
• One connection is used for data transfer, the other for control information (commands and responses)
• Separation of commands and data transfer makes FTP more efficient
• FTP uses two well-known TCP ports: Port 21 is used for the control connection, and port 20 is used
for the data connection.

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 77

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 6: APPLICATION LAYER
Answer own Innovation, Creativity & Tinkering.
7.1. FTP Architecture

7.2. FTP Working

• FTP uses Transmission Control Protocol (TCP) for reliable network communication by
establishing a session before initiating data transfer
• FTP client send command/ request for connection to FTP server establishing connection(Port
21)
• FTP server Responds to the commands about the status wheatear connected/ not connected
(Port 21)
• FTP Client connect to FTP server using control connection i.e. using port 21
• After establishing connection port 20 is used for data transfer

Q. E-mail
• Electronic mail, or more commonly email, used to communicate with different users in internet
• Email uses following protocols for storing & delivering messages, They are :
1. SMTP (Simple Mail Transfer Protocol)
2. POP (Post Office Protocol)
3. IMAP (Internet Message Access Protocol)

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 78

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 6: APPLICATION LAYER
Answer own Innovation, Creativity & Tinkering.
• Email consists of two kinds of subsystems
1. Mail User Agents (also called MUA/email client programs): which allow people to read and send
email (Ex: Outlook)
2. Message Transfer Agents(also called MTA/ Email Server) : which move the messages from the
source to the destination (Ex: Gmail Server)
• Act of sending new messages into the mail system for delivery is called Mail submission (Email Client to
Email Sever)
• The Process of transferring mail from one MTA to another (Ex : from gmail to yahoo server) is called
Message Transfer
• Mailboxes store the email that is received for a user (Working all Protocols)

8. SMTP:
Simple Mail Transfer Protocol, SMTP − It lays down the rules and semantics for sending and receiving
electronic mails (e-mails).

8.1. SMTP (Simple Mail Transfer Protocol)

• Message transfer form originator to the recipient mailbox is done with SMTP
• It uses TCP well known port 25
• SMTP server accepts incoming connections, subject to some security checks, and accepts messages for
delivery
• If a message cannot be delivered, an error report containing the first part of the undeliverable message
is returned to the sender
• Email is submitted by a mail client (MUA, mail user agent) to a mail server (MSA, mail submission
agent) using SMTP on TCP port 587
• MSA delivers the mail to its mail transfer agent MTA
Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 79
“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 6: APPLICATION LAYER
Answer own Innovation, Creativity & Tinkering.
8.1.1. Features of SMTP
• SMTP supports sending of email only It cannot retrieve (deliver to user) messages from a remote
server on demand
• SMTP provides system for sending message to same (or different) servers (gmail to gmail / gmail to
yahoo)
• SMTP provide a mail exchange between users on same (or different) server
SMTP supports:
1. Sending a message to one or more recipients
2. Sending message that includes text, voice, video or graphics
3. Sending message to users on other network

9. POP:
9.1. POP (Post Office Protocol)
• Post Office Protocol (POP) is an application-layer Internet standard protocol used by local e-mail
clients to retrieve e-mail from a remote server over a TCP/IP connection
• POP has been developed through several versions, with version 3 (POP3) being the last standard
• E-mails are downloaded from the server's mailbox to your computer
• No copy of Email will be kept in mailbox after downloading the email
• E-mails are available when you are not connected

9.1.1. POP Working

• Working of POP servers is as following steps:
1. Connect to server
2. Retrieve all mail
3. Store locally as new mail
4. Delete mail from server*
5. Disconnect
* Deletion of mail is default setting , However user can change the settings to keep the copy of email in mail
box

9.1.2.Features of POP
• POP is a much simpler protocol, making implementation easier
• POP mail moves the message from the email server onto your local computer, although there is usually
an option to leave the messages on the email server as well
• POP treats the mailbox as one store, and has no concept of folders
• POP protocol requires the currently connected client to be the only client connected to the mailbox
• When POP retrieves a message, it receives all parts of it

9.1.3. Advantages of POP

• Advantages are:
1. Mail stored locally, i.e. always accessible, even without internet
connection
2. Internet connection needed only for sending and receiving mail
3. Saves server storage space
4. Option to leave copy of mail on server

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 80

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 6: APPLICATION LAYER
Answer own Innovation, Creativity & Tinkering.
10. IMAP:
IMAP (Internet Message Access Protocol)
• Protocols that is used for final delivery is IMAP
• IMAP is an Internet standard protocol used by e-mail clients to retrieve e-mail messages from a mail
server over a TCP/IP connection
• IMAP provides mechanisms for storing messages received by SMTP in a mailbox
• IMAP server stores messages received by each user until the user connects to download and read them
using an email clients
* Now a days IMAP replaced POP in all E-mail services

10.1.1. IMAP Working

• Working of IMAP servers is as following steps:
1. Connect to server
2. Fetch user requested content and cache it locally, e.g. list of new mail, message summaries, or content
of explicitly selected emails
3. Process user edits, e.g. marking email as read, deleting email etc.
4. Disconnect

10.1.2 Features of IMAP

• Connected and disconnected modes of operation (Faster Operation)
• Multiple clients simultaneously connected to the same mailbox
• Access to message parts and partial fetch of messages (No need for complete message to be displayed
only subject / user name can be retrieved)
• Provides message state information ( Message states are : read / unread / replied / forwarded )
• Provides multiple mailboxes on the server (create new mail boxes and copy form one to another)
• Provides mechanisms for server-side searches

10.1.3. IMAP Advantage

Advantages
1. Mail stored on remote server, i.e. accessible from multiple different locations
2. Internet connection needed to access mail
3. Faster overview as only headers are downloaded until content is explicitly requested
4. Mail is automatically backed up if server is managed properly
5. Saves local storage space
6. Option to store mail locally

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 81

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 6: APPLICATION LAYER
Answer own Innovation, Creativity & Tinkering.
Concept of traffic analyzer: MRTG, PRTG, SNMP. Packet
6.3 2
tracer, Wireshark.

Simple Network Management Protocol, SNMP

Simple Network Management Protocol, SNMP − It is for managing, monitoring the network and for
organizing information about the networked devices.

Simple Network Management Protocol (SNMP) is an "Internet-standard protocol for managing devices on IP
networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers,
modem racks, and more. It is used mostly in network management systems to monitor network-attached devices
for conditions that warrant administrative attention.

The Simple Network Management Protocol (SNMP) is a framework for managing devices in an Internet using
the TCPIIP protocol suite. It provides a set of fundamental operations for monitoring and maintaining an
Internet.

An SNMP-managed network consists of three key components:

• Managed device
• Agent — software which runs on managed devices
• Network management system (NMS) — software which runs on the manager

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 82

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 6: APPLICATION LAYER
Answer own Innovation, Creativity & Tinkering.
To do management tasks, SNMP uses two other protocols:
1. Structure of Management Information (SMI)
2. Management Information Base (MIB).

A typical agent usually:

 Implements full SNMP protocol.
 Stores and retrieves management data as defined by the Management Information Base
 Can asynchronously signal an event to the manager
 Can be a proxy (The proxy agent then translates the protocol interactions it receives from the
management station) for some non-SNMP manageable network node.
A typical manager usually:
o Implemented as a Network Management Station (the NMS)
o Implements full SNMP Protocol
o Able to Query agents
o Get responses from agents

MRTG
• The Multi Router Traffic Grapher (MRTG) is free software for monitoring and measuring the traffic
load on network links. It allows the user to see traffic load on a network over time in graphical form.

• It was originally developed by Tobias Oetiker and Dave Rand to monitor router traffic, but has
developed into a tool that can create graphs and statistics for almost anything.

• MRTG is written in Perl and can run on Windows, Linux, Unix, Mac OS and NetWare.

How it works

• SNMP
 MRTG uses the Simple Network Management Protocol (SNMP) to send requests with two object
identifiers (OIDs) to a device.
 The device, which must be SNMP-enabled, will have a management information base (MIB) to look up
the OIDs specified.
 After collecting the information it will send back the raw data encapsulated in an SNMP protocol.
MRTG records this data in a log on the client along with previously recorded data for the device.
 The software then creates an HTML document from the logs, containing a list of graphs detailing traffic
for the selected devices in the server.

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 83

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 6: APPLICATION LAYER
Answer own Innovation, Creativity & Tinkering.
• Script output
 Alternatively, MRTG can be configured to run a script or command, and parse its output for counter
values.

 The MRTG website contains a large library of external scripts to enable monitoring of SQL database
statistics, firewall rules, CPU fan RPMs, or virtually any integer-value data.

Features

o Measures two values (I for Input, O for Output) per target.

o Gets its data via an SNMP agent, or through the output of a command line.
o Typically collects data every five minutes (it can be configured to collect data less frequently).
o Creates an HTML page per target that features four graphs (GIF or PNG images).
o Results are plotted vs time into day, week, month and year graphs, with the I plotted as a full green area,
and the O as a blue line.
o Automatically scales the Y axis of the graphs to show the most detail.
o Adds calculated Max, Average and Current values for both I and O to the target's HTML page.
o Can also send warning emails if targets have values above a certain threshold.

PRTG:
PRTG Network Monitor (Paessler Router Traffic Grapher until version 7) is an agentless network monitoring
software from Paessler AG. It can monitor and classify system conditions like bandwidth usage or uptime and
collect statistics from miscellaneous hosts as switches, routers, servers and other devices and applications.

1. Specifications
o PRTG Network Monitor has an auto-discovery mode that scans predefined areas of an enterprise
network and creates a device list from this data.
o In the next step, further information on the detected devices can be retrieved using various
communication protocols.
o Typical protocols are Ping, SNMP, WMI, NetFlow, jFlow, sFlow, but also communication via
DICOM or the RESTful API is possible.
o The tool is only available for Windows systems. In addition, Paessler AG offers the cloud-based
monitoring solution "PRTG hosted by Paessler"
o

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 84

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 6: APPLICATION LAYER
Answer own Innovation, Creativity & Tinkering.
1.1 Sensors
The software is based on sensors that are configured for a specific purpose. For example,
there are HTTP, SMTP/POP3 (e-mail) application sensors and hardware-specific sensors for
switches, routers and servers. PRTG Network Monitor has over 200 different predefined sensors
that retrieve statistics from the monitored instances, e.g. response times, processor, memory,
database information, temperature or system status.

1.2 Web interface and desktop client

The software can be operated completely via a AJAX-based web interface. The web
interface is suitable for both real-time troubleshooting and data exchange with non-technical staff
via maps (dashboards) and user-defined reports. An additional administration interface in the
form of a desktop application for Windows and macOS is available.

1.3 Notifications and reports

In addition to the usual communication channels such as Email and SMS, notification is
also provided via push notification on smartphones using an app for iOS or Android. PRTG also
offers customizable reports.

1.4 Pricing
PRTG Network Monitor's licensing is based on sensors. Most devices require between
five and ten sensors to be fully monitored. A version with 100 integrated sensors is available free
of charge.

Packet Analyzer:
• A packet analyzer (also known as a packet sniffer) is a computer program or piece of computer
hardware (such as a packet capture appliance) that can intercept and log traffic that passes over a digital
network or part of a network.
• Packet capture is the process of intercepting and logging traffic.
• A packet analyzer used for intercepting traffic on wireless networks is known as a wireless analyzer or
WiFi analyzer.
• A packet analyzer can also be referred to as a network analyzer or protocol analyzer though these terms
also have other meanings.

Capabilities

o On wired shared medias networks, such as Ethernet, Token Ring, and FDDI networks, depending on the
network structure (hub or switch), it may be possible to capture all traffic on the network from a single
machine on the network.
o On modern networks, traffic can be captured using a network switch with a so-called monitoring port
that mirrors all packets that pass through designated ports of the switch.
o On wireless LANs, traffic can be captured on one channel at a time, or by using multiple adapters, on
several channels simultaneously.

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 85

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 6: APPLICATION LAYER
Answer own Innovation, Creativity & Tinkering.
o When traffic is captured, either the entire contents of packets are recorded, or just the headers are
recorded. Recording just headers reduces storage requirements, and avoids some legal issues, yet often
provides sufficient information to diagnose problems.
o Captured information is decoded from raw digital form into a human-readable format that lets users
easily review exchanged information. Protocol analyzers vary in their abilities to display and analyze
data.
o Some protocol analyzers can also generate traffic and thus act as the reference device.
o Protocol analyzers can also be hardware-based, either in probe format or, as is increasingly common,
combined with a disk array. These devices record packets (or a slice of the packet) to a disk array.

Uses:
Packet sniffers can:
o Analyze network problems
o Detect network misuse by internal and external users
o Monitor WAN bandwidth utilization
o Gather and report network statistics

Notable packet analyzers

o Wireshark formerly known as Ethereal)

o ngrep, Network Grep
o Fiddler

Wireshark
• Wireshark, a network analysis tool formerly known as Ethereal, captures packets in real time and
display them in human-readable format.
• Wireshark includes filters, color coding, and other features that let you dig deep into network
traffic and inspect individual packets.
• Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting,
analysis, software and communications protocol development, and education.

Features
Wireshark is a data capturing program that "understands" the structure (encapsulation) of different
networking protocols.

• Data can be captured "from the wire" from a live network connection or read from a file of already-
captured packets.
• Live data can be read from different types of networks, including Ethernet, IEEE 802.11, PPP, and
loopback.
• Data display can be refined using a display filter.
• Wireless connections can also be filtered as long as they traverse the monitored Ethernet.
• Various settings, timers, and filters can be set to provide the facility of filtering the output of the
captured traffic

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 86

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 6: APPLICATION LAYER
Answer own Innovation, Creativity & Tinkering.
Color Coding
It probably can see packets highlighted in a variety of different colors. Wireshark uses colors to help you
identify the types of traffic at a glance. By default, light purple is TCP traffic, light blue is UDP traffic, and
black identifies packets with errors—for example, they could have been delivered out of order.

Filtering Packets
If you’re trying to inspect something specific, such as the traffic a program sends when phoning home, it helps
to close down all other applications using the network so you can narrow down the traffic. Still, you’ll likely
have a large amount of packets to sift through. That’s where Wireshark’s filters come in.

Inspecting Packets

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 87

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 6: APPLICATION LAYER
Answer own Innovation, Creativity & Tinkering.

Check it Spend Time

S.No. Contents (if Difficult) Page
in Hour
6.1 Functions of Application layer 1
Application Layer Protocols: DNS, DHCP, WWW, HTTP,
6.2 2
HTTPs, TELNET, FTP, SMTP, POP, IMAP
Concept of traffic analyzer: MRTG, PRTG, SNMP. Packet
6.3 2
tracer, Wireshark.

INSPIRING LEARNING QUOTES

“NOTHING WILL WORK UNLESS YOU DO.”

Don’t be judgmental towards anyone, including yourself.

“YESTERDAY I WAS CLEVER, SO I CHANGED THE WORLD. TODAY I AM WISE, SO I AM CHANGING

MYSELF.”

“NEVER GIVE UP ON A DREAM JUST BECAUSE OF THE TIME IT WILL TAKE TO ACCOMPLISH IT. THE
TIME WILL PASS ANYWAY.”

“TELL ME AND I FORGET. TEACH ME AND I REMEMBER. INVOLVE ME AND I LEARN.”

Ask yourself: how is this changing me?

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 88

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 7: NETWORK SECURITY
Answer own Innovation, Creativity & Tinkering.

Check it Spend Time

S.No. Contents (if Study) Page
in Hour

7.1 A Model for Network Security  55 1

Principles of cryptography: Symmetric Key and Public
7.2 57 1
Key
1
7.3 Public Key Algorithm - RSA 59

7.4 Digital Signature Algorithm 61 1

Communication Security: IPSec, VPN, Firewalls, Wireless
7.5 63 1
Security.

Point to Note

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 54

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 7: NETWORK SECURITY
Answer own Innovation, Creativity & Tinkering.
Basic Concept Cryptography

Cryptography is a method of using advanced mathematical principles in storing and transmitting data in a
particular form so that only those whom it is intended can read and process it.

Cryptography Terms

 Encryption: It is the process of locking up information using cryptography. Information that has been
locked this way is encrypted.
 Decryption: The process of unlocking the encrypted information using cryptographic techniques.
 Key: A secret like a password used to encrypt and decrypt information. There are a few different types of
keys used in cryptography.
 Steganography: It is actually the science of hiding information from people who would snoop on you. The
difference between steganography and encryption is that the would-be snoopers may not be able to tell
there’s any hidden information in the first place.

7.1 A Model for Network Security 1

A MODEL FOR NETWORK SECURITY
A security-related transformation on the information to be sent. Examples include the encryption of the
message, which scrambles the message so that it is unreadable by the opponent, and the addition of a code
based on the contents of the message, which can be used to verify the identity of the sender.

• Some secret information shared by the two principals and, it is hoped, unknown to the opponent. An
example is an encryption key used in conjunction with the transformation to scramble the message
before transmission and unscramble it on reception.

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 55

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 7: NETWORK SECURITY
Answer own Innovation, Creativity & Tinkering.
• A trusted third party may be needed to achieve secure transmission. For example, a third party may be
responsible for distributing the secret information to the two principals while keeping it from any
opponent. Or a third party may be needed to arbitrate disputes between the two principals concerning the
authenticity of a message transmission.

This general model shows that there are four basic tasks in designing a particular security service:
1. Design an algorithm for performing the security-related transformation. The algorithm should be such
that an opponent cannot defeat its purpose.
2. Generate the secret information to be used with the algorithm.
3. Develop methods for the distribution and sharing of the secret information.
4. Specify a protocol to be used by the two principals that makes use of the security algorithm and the
secret information to achieve a particular security service.

A general model of these other situations is illustrated by Figure 1.5, which reflects a concern for protecting an
information system from unwanted access. Most readers are familiar with the concerns caused by the existence
of hackers, who attempt to penetrate systems that can be accessed over a network. The hacker can be someone
who, with no malign intent, simply gets satisfaction from breaking and entering a computer system. The
intruder can be a disgruntled employee who wishes to do damage or a criminal who seeks to exploit computer
assets for financial gain (e.g., obtaining credit card numbers or performing illegal money transfers).

Programs can pre-sent two kinds of threats:-

• Information access threats: Intercept or modify data on behalf of users who should not have access to
that data.
• Service threats: Exploit service flaws in computers to inhibit use by legitimate users.
The security mechanisms needed to cope with unwanted access fall into two broad categories (see Figure 1.5).
The first category might be termed a gatekeeper function. It includes password-based login procedures that are
designed to deny access to all but authorized users and screening logic that is designed to detect and reject
worms, viruses, and other similar attacks. Once either an unwanted user or unwanted software gains access, the
second line of defense consists of a variety of internal controls that monitor activity and analyze stored
information in an attempt to detect the presence of unwanted intruders.

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 56

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 7: NETWORK SECURITY
Answer own Innovation, Creativity & Tinkering.
Principles of cryptography: Symmetric Key
7.2 1
and Public Key
Symmetrical Encryption

 This is the simplest kind of encryption that involves only one secret key to cipher and decipher
information.
 Symmetrical encryption is an old and best-known technique.
 It uses a secret key that can either be a number, a word or a string of random letters.
 It is a blended with the plain text of a message to change the content in a particular way.
 The sender and the recipient should know the secret key that is used to encrypt and decrypt all the
messages. AES, DES, RC5, and RC6 are examples of symmetric encryption.
 The most widely used symmetric algorithm is AES-128, AES-192, and AES-256.

The main disadvantage of the symmetric key encryption is that all parties involved have to exchange the key
used to encrypt the data before they can decrypt it.
Asymmetrical Encryption

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 57

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 7: NETWORK SECURITY
Answer own Innovation, Creativity & Tinkering.
 Asymmetrical encryption is also known as public key cryptography, which is a relatively new method,
compared to symmetric encryption.
 Asymmetric encryption uses two keys to encrypt a plain text.
 Secret keys are exchanged over the Internet or a large network.
 It ensures that malicious persons do not misuse the keys.
 It is important to note that anyone with a secret key can decrypt the message and this is why
asymmetrical encryption uses two related keys to boosting security.
 A public key is made freely available to anyone who might want to send you a message. The second
private key is kept a secret so that you can only know.
 A message that is encrypted using a public key can only be decrypted using a private key, while also, a
message encrypted using a private key can be decrypted using a public key.
 Security of the public key is not required because it is publicly available and can be passed over the
internet. Asymmetric key has a far better power in ensuring the security of information transmitted
during communication.
Asymmetric encryption is mostly used in day-to-day communication channels, especially over the Internet.
Popular asymmetric key encryption algorithm includes RSA, DSA etc
Asymmetric Encryption in Digital Certificates
To use asymmetric encryption, there must be a way of discovering public keys. One typical technique is
using digital certificates in a client-server model of communication. A certificate is a package of information
that identifies a user and a server. It contains information such as an organization’s name, the organization that
issued the certificate, the users’ email address and country, and users public key.
When a server and a client require a secure encrypted communication, they send a query over the
network to the other party, which sends back a copy of the certificate. The other party’s public key can be
extracted from the certificate. A certificate can also be used to uniquely identify the holder.

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 58

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 7: NETWORK SECURITY
Answer own Innovation, Creativity & Tinkering.

7.3 Public Key Algorithm - RSA 1

RSA algorithm is a public key encryption technique and is considered as the most secure way of encryption. It
was invented by Rivest, Shamir and Adleman in year 1978 and hence name RSA algorithm.
Algorithm

The RSA algorithm holds the following features −

• RSA algorithm is a popular exponentiation in a finite field over integers including prime numbers.
• The integers used by this method are sufficiently large making it difficult to solve.
• There are two sets of keys in this algorithm: private key and public key.
You will have to go through the following steps to work on RSA algorithm −
Step 1: Generate the RSA modulus
The initial procedure begins with selection of two prime numbers namely p and q, and then calculating their
product N, as shown −
N=p*q
Here, let N be the specified large number.
Step 2: Derived Number (e)
Consider number e as a derived number which should be greater than 1 and less than (p-1) and (q-1). The
primary condition will be that there should be no common factor of (p-1) and (q-1) except 1
Step 3: Public key
The specified pair of numbers n and e forms the RSA public key and it is made public.
Step 4: Private Key
Private Key d is calculated from the numbers p, q and e. The mathematical relationship between the numbers is
as follows −
ed = 1 mod (p-1) (q-1)
The above formula is the basic formula for Extended Euclidean Algorithm, which takes p and q as the input
parameters.
Encryption Formula
Consider a sender who sends the plain text message to someone whose public key is (n,e). To encrypt the plain
text message in the given scenario, use the following syntax −
C = Pe mod n

Decryption Formula

The decryption process is very straightforward and includes analytics for calculation in a systematic approach.
Considering receiver C has the private key d, the result modulus will be calculated as −
Plaintext = Cd mod n

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 59

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 7: NETWORK SECURITY
Answer own Innovation, Creativity & Tinkering.
Let us learn the mechanism behind RSA algorithm (Reference to Class Problem):

>> Generating Public Key :

• Select two prime no's. Suppose P = 53 and Q = 59.
• Now First part of the Public key : n = P*Q = 3127.

• We also need a small exponent say e :

• But e Must be
•
• An integer.
•
• Not be a factor of n.
•
• 1 < e < Φ(n) [Φ(n) is discussed below],
• Let us now consider it to be equal to 3.

• Our Public Key is made of n and e

>> Generating Private Key :
• We need to calculate Φ(n) :
• Such that Φ(n) = (P-1)(Q-1)
• so, Φ(n) = 3016

• Now calculate Private Key, d :

• d = (k*Φ(n) + 1) / e for some integer k
• For k = 2, value of d is 2011.
Now we are ready with our – Public Key ( n = 3127 and e = 3) and Private Key(d = 2011)
Now we will encrypt “HI” :
• Convert letters to numbers : H = 8 and I = 9

• Thus Encrypted Data c = 89e mod n.

• Thus our Encrypted Data comes out to be 1394

Now we will decrypt 1394 :

• Decrypted Data = cd mod n.

• Thus our Encrypted Data comes out to be 89

8 = H and I = 9 i.e. "HI".

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 60

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 7: NETWORK SECURITY
Answer own Innovation, Creativity & Tinkering.

7.4 Digital Signature Algorithm 1

Digital signatures are the public-key primitives of message authentication. In the physical world, it
is common to use handwritten signatures on handwritten or typed messages. They are used to bind signatory to
the message.
Similarly, a digital signature is a technique that binds a person/entity to the digital data. This binding
can be independently verified by receiver as well as any third party.
Digital signature is a cryptographic value that is calculated from the data and a secret key known only
by the signer.

Model of Digital Signature

Importance of Digital Signature

Let us briefly see how this is achieved by the digital signature −

• Message authentication − When the verifier validates the digital signature using public key of a
sender, he is assured that signature has been created only by sender who possess the corresponding
secret private key and no one else.
• Data Integrity − In case an attacker has access to the data and modifies it, the digital signature
verification at receiver end fails. The hash of modified data and the output provided by the verification
algorithm will not match. Hence, receiver can safely deny the message assuming that data integrity has
been breached.
• Non-repudiation − Since it is assumed that only the signer has the knowledge of the signature key, he
can only create unique signature on a given data. Thus the receiver can present data and the digital
signature to a third party as evidence if any dispute arises in the future.

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 61

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 7: NETWORK SECURITY
Answer own Innovation, Creativity & Tinkering.
By adding public-key encryption to digital signature scheme, we can create a cryptosystem that can provide
the four essential elements of security namely − Privacy, Authentication, Integrity, and Non-repudiation.

Encryption with Digital Signature

There are two possibilities, sign-then-encrypt and encrypt-then-sign.

However, the crypto system based on sign-then-encrypt can be exploited by receiver to spoof identity of sender
and sent that data to third party. Hence, this method is not preferred. The process of encrypt-then-sign is more
reliable and widely adopted. This is depicted in the following illustration −

The receiver after receiving the encrypted data and signature on it, first verifies the signature using sender’s
public key. After ensuring the validity of the signature, he then retrieves the data through decryption using his
private key.

Advantages of Digital Signature Algorithm Digital Signature Algorithm

• Along with having strong strength levels, the length of the signature is smaller as compared to other
digital signature standards.
• The signature computation speed is less.
• DSA requires less storage to work as compared to other digital standards.
• DSA is patent free so it can be used free of cost.
Disadvantages of Digital Signature Algorithm
• It requires a lot of time to authenticate as the verification process includes complicated remainder
operators. It requires a lot of time for computation.
• Data in DSA is not encrypted. We can only authenticate data in this.
• The digital signature algorithm firstly computes with SHA1 hash and signs it. Any drawbacks in
cryptographic security of SHA1 are reflected in DSA because implicitly of DSA is dependent on it.
• With applications in both secret and non-secret communications, DSA is of the US National Standard.

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 62

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 7: NETWORK SECURITY
Answer own Innovation, Creativity & Tinkering.
Communication Security: IPSec, VPN,
7.5 1
Firewalls, Wireless Security.

IP security (IPSec)
Internet protocol security (IPsec) is a set of protocols that provides security for Internet Protocol. It can
use cryptography to provide security. IPsec can be used for the setting up of virtual private networks (VPNs) in
a secure manner.Also known as IP Security.

IPsec involves two security services:

• Authentication Header (AH): This authenticates the sender and it discovers any changes in data during
transmission.
• Encapsulating Security Payload (ESP): This not only performs authentication for the sender but also
encrypts the data being sent.

There are two modes of IPsec:

• Tunnel Mode: This will take the whole IP packet to form secure communication between two places, or
gateways.
• Transport Mode: This only encapsulates the IP payload (not the entire IP packet as in tunnel mode) to
ensure a secure channel of communication.

The IP security (IPSec) is an Internet Engineering Task Force (IETF) standard suite of protocols between 2
communication points across the IP network that provide data authentication, integrity, and confidentiality. It
also defines the encrypted, decrypted and authenticated packets. The protocols needed for secure key exchange
and key management are defined in it.

Uses of IP Security –
IPsec can be used to do the following things:
• To encrypt application layer data.
• To provide security for routers sending routing data across the public internet.
• To provide authentication without encryption, like to authenticate that the data originates from a known
sender.
• To protect network data by setting up circuits using IPsec tunneling in which all data is being sent
between the two endpoints is encrypted, as with a Virtual Private Network(VPN) connection.
Components of IP Security –
It has the following components:
1. Encapsulating Security Payload (ESP) –
It provides data integrity, encryption, authentication and anti replay. It also provides authentication for
payload.
2. Authentication Header (AH) –
It also provides data integrity, authentication and anti replay and it does not provide encryption. The anti
replay protection, protects against unauthorized transmission of packets. It does not protect data’s
confidentiality.

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 63

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 7: NETWORK SECURITY
Answer own Innovation, Creativity & Tinkering.
Internet Key Exchange (IKE) –

It is a network security protocol designed to dynamically exchange encryption keys and find a way over
Security Association (SA) between 2 devices. The Security Association (SA) establishes shared security
attributes between 2 network entities to support secure communication. The Key Management Protocol
(ISAKMP) and Internet Security Association which provides a framework for authentication and key exchange.
ISAKMP tells how the set up of the Security Associations (SAs) and how direct connections between two hosts
that are using IPsec.
Internet Key Exchange (IKE) provides message content protection and also an open frame for implementing
standard algorithms such as SHA and MD5. The algorithm’s IP sec users produces a unique identifier for each
packet. This identifier then allows a device to determine whether a packet has been correct or not. Packets
which are not authorized are discarded and not given to receiver.

IPsec provides the following security services for traffic at the IP layer:

• Data origin authentication—identifying who sent the data.

• Confidentiality (encryption)—ensuring that the data has not been read en route.
• Connectionless integrity—ensuring the data has not been changed en route.
• Replay protection—detecting packets received more than once to help protect against denial of service
attacks.

Applications of IPSec
As we all know to help in the security of a network the Internet community has done lot of work and developed
application-specific security mechanisms in numerous application areas, including electronic mail (Privacy
Enhanced Mail, Pretty Good Privacy [PGP]), network management (Simple Network Management Protocol
Version 3[SNMPv3]), Web access (Secure HTTP, Secure Sockets Layer [SSL]), and others.
Benefits of IPSec
When IPSec is implemented in a firewall or router, it provides strong security whose application is to all
traffic crossing this perimeter. Traffic within a company or workgroup does not incur the overhead of security-
related processing.
IPSec is below the transport layer (TCP, UDP), and is thus transparent to applications. There is no need
to change software on a user or server system when IPSec is implemented in the firewall or router.
Even if IPSec is implemented in end systems, upper layer software, including applications is not
affected. IPSec can be transparent to end users.

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 64

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 7: NETWORK SECURITY
Answer own Innovation, Creativity & Tinkering.
VPN (Virtual Private Network)

VPN stands for Virtual Private Network (VPN) that allows a user to connect to a private network over the
Internet securely and privately. VPN creates an encrypted connection that is called VPN tunnel and all Internet
traffic and communication is passed through this secure tunnel.
Virtual Private Network (VPN) is basically of 2 types:
1. Remote Access VPN:
Remote Access VPN permits a user to connect to a private network and access all its services and
resources remotely. The connection between the user and the private network occurs through the Internet
and the connection is secure and private. Remote Access VPN is useful for home users and business users
both.
2. Site to Site VPN:
A Site-to-Site VPN is also called as Router-to-Router VPN and is commonly used in the large
companies. Companies or organizations, with branch offices in different locations, use Site-to-site VPN
to connect the network of one office location to the network at another office location.

• Intranet based VPN: When several offices of the same company are connected using Site-to-Site VPN
type, it is called as Intranet based VPN.
• Extranet based VPN: When companies use Site-to-site VPN type to connect to the office of another
company, it is called as Extranet based VPN.

Types of Virtual Private Network (VPN) Protocols:

1. Internet Protocol Security (IPSec):

Internet Protocol Security, known as IPSec, is used to secure Internet communication across an IP
network. IPSec secures Internet Protocol communication by verifying the session and encrypts each data
packet during the connection.
IPSec runs in 2 modes:
• (i) Transport mode
• (ii) Tunneling mode
The work of transport mode is to encrypt the message in the data packet and the tunneling mode encrypts
the whole data packet. IPSec can also be used with other security protocols to improve the security
system.
2. Layer 2 Tunneling Protocol (L2TP):
L2TP or Layer 2 Tunneling Protocol is a tunneling protocol that is often combined with another VPN
security protocol like IPSec to establish a highly secure VPN connection. L2TP generates a tunnel
between two L2TP connection points and IPSec protocol encrypts the data and maintains secure
communication between the tunnel.

3. Point–to–Point Tunneling Protocol (PPTP):

PPTP or Point-to-Point Tunneling Protocol generates a tunnel and confines the data packet. Point-to-
Point Protocol (PPP) is used to encrypt the data between the connection. PPTP is one of the most widely
used VPN protocol and has been in use since the early release of Windows. PPTP is also used on Mac
and Linux apart from Windows.

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 65

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 7: NETWORK SECURITY
Answer own Innovation, Creativity & Tinkering.
4. SSL and TLS:
SSL (Secure Sockets Layer) and TLS (Transport Layer Security) generate a VPN connection where the
web browser acts as the client and user access is prohibited to specific applications instead of entire
network. Online shopping websites commonly uses SSL and TLS protocol. It is easy to switch to SSL by
web browsers and with almost no action required from the user as web browsers come integrated with
SSL and TLS. SSL connections have “https” in the initial of the URL instead of “http”.
5. OpenVPN:
OpenVPN is an open source VPN that is commonly used for creating Point-to-Point and Site-to-Site
connections. It uses a traditional security protocol based on SSL and TLS protocol.
6. Secure Shell (SSH):
Secure Shell or SSH generates the VPN tunnel through which the data transfer occurs and also ensures
that the tunnel is encrypted. SSH connections are generated by a SSH client and data is transferred from a
local port on to the remote server through the encrypted tunnel.

Firewall
A firewall is a network security device, either hardware or software-based, which monitors all incoming
and outgoing traffic and based on a defined set of security rules it accepts, rejects or drops that specific traffic.
Accept : allow the traffic
Reject : block the traffic but reply with an “unreachable error”
Drop : block the traffic with no reply
A firewall establishes a barrier between secured internal networks and outside untrusted network, such
as the Internet.
A firewall is a network security device that monitors incoming and outgoing network traffic
and permits or blocks data packets based on a set of security rules. Its purpose is to establish a barrier between
your internal network and incoming traffic from external sources (such as the internet) in order to block
malicious traffic like viruses and hackers.

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 66

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 7: NETWORK SECURITY
Answer own Innovation, Creativity & Tinkering.
Before Firewalls, network security was performed by Access Control Lists (ACLs) residing on routers. ACLs
are rules that determine whether network access should be granted or denied to specific IP address.
But ACLs cannot determine the nature of the packet it is blocking. Also, ACL alone does not have the capacity
to keep threats out of the network. Hence, the Firewall was introduced.
Connectivity to the Internet is no longer optional for organizations. However, accessing the Internet provides
benefits to the organization; it also enables the outside world to interact with the internal network of the
organization. This creates a threat to the organization. In order to secure the internal network from unauthorized
traffic, we need a Firewall.

How does a firewall work?

Firewalls carefully analyze incoming traffic based on pre-established rules and filter traffic coming from
unsecured or suspicious sources to prevent attacks. Firewalls guard traffic at a computer’s entry point, called
ports, which is where information is exchanged with external devices. For example, “Source address 172.18.1.1
is allowed to reach destination 172.18.2.1 over port 22."
Think of IP addresses as houses, and port numbers as rooms within the house. Only trusted people (source
addresses) are allowed to enter the house (destination address) at all—then it’s further filtered so that people
within the house are only allowed to access certain rooms (destination ports), depending on if they're the owner,
a child, or a guest. The owner is allowed to any room (any port), while children and guests are allowed into a
certain set of rooms (specific ports).

Types of Firewall
Firewalls are generally of two types: Host-based and Network-based.
1. Host- based Firewalls : Host-based firewall is installed on each network node which controls each
incoming and outgoing packet. It is a software application or suite of applications, comes as a part of the
operating system. Host-based firewalls are needed because network firewalls cannot provide protection
inside a trusted network. Host firewall protects each host from attacks and unauthorized access.
2. Network-based Firewalls : Network firewall function on network level. In other words, these firewalls
filter all incoming and outgoing traffic across the network. It protects the internal network by filtering the
traffic using rules defined on the firewall. A Network firewall might have two or more network interface
cards (NICs). A network-based firewall is usually a dedicated system with proprietary software installed.
Generation of Firewall
Firewalls can be categorized based on its generation.
First Generation- Packet Filtering Firewall : Packet filtering firewall is used to control network access by
monitoring outgoing and incoming packet and allowing them to pass or stop based on source and destination IP
address, protocols and ports. It analyses traffic at the transport protocol layer (but mainly uses first 3 layers).

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 67

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 7: NETWORK SECURITY
Answer own Innovation, Creativity & Tinkering.
1. Incoming packets from network 192.168.21.0 are blocked.
2. Incoming packets destined for internal TELNET server (port 23) are blocked.
3. Incoming packets destined for host 192.168.21.3 are blocked.
4. All well-known services to the network 192.168.21.0 are allowed.
Second Generation- Stateful Inspection Firewall : Stateful firewalls (performs Stateful Packet Inspection) are
able to determine the connection state of packet, unlike Packet filtering firewall, which makes it more efficient.

Third Generation- Application Layer Firewall : Application layer firewall can inspect and filter the packets
on any OSI layer, up to the application layer. It has the ability to block specific content, also recognize when
certain application and protocols (like HTTP, FTP) are being misused.

Next Generation Firewalls (NGFW) : Next Generation Firewalls are being deployed these days to stop
modern security breaches like advance malware attacks and application-layer attacks.

Wireless-Security
Like the system's security and data security, keeping a sound knowledge about different wireless security
measures is also essential to know for security professionals. It is because different wireless security
mechanisms have a different level of strength and capabilities.

There are automated wireless hacking tools available that have made cybercriminals more powerful. List of
some of these tools are:
 AirCrack.
 AirSnort.
 Cain & Able.
 Wireshark.
 NetStumbler etc.

Different various techniques of hacking include remote accessing, shoulder surfing, wireless router's dashboard
accessing, and brute-forcing attack that are used to penetrate wireless security.
1. What is Wireless Security?
2. Wired Equivalent Privacy (WEP)
3. Wi-Fi Protected Access (WPA)
4. Wi-Fi Protected Access II (WPA2)
5. Wi-Fi Protected Access 3 (WPA3)

What is Wireless Security?

Wireless security revolves around the concept of securing the wireless network from malicious attempts and
unauthorized access.
The wireless security can be delivered through different ways such as:

1. Hardware-based: where routers and switches are fabricated with encryption measures protects all
wireless communication. So, in this case, even if the data gets compromised by the cybercriminal, they
will not be able to decrypt the data or view the traffic's content.

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 68

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 7: NETWORK SECURITY
Answer own Innovation, Creativity & Tinkering.
2. Wireless setup of IDS and IPS: helps in detecting, alerting, and preventing wireless networks and
sends an alarm to the network administrator in case of any security breach.
3. Wireless security algorithms: such as WEP, WPA, WPA2, and WPA3. These are discussed in the
subsequent paragraphs.

Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP) is the oldest security algorithm of 1999. It uses the initialization vector (IV)
method. The very first versions of the WEP algorithm were not predominantly strong enough, even for that time
when it got released. But the reason for this weak release was because of U.S. limits on the exporting of
different cryptographic technologies, which led the manufacturing companies to restrict their devices to 64-bit
encryption only. As the limitation was withdrawn, the 128 bit and 256 bit WEP encryption were developed and
came into the wireless security market, though 128 became the standard one.

Wi-Fi Protected Access (WPA)

Wi-Fi Protected Access (WPA) was the next Wi-Fi Alliance's project that replaced the increasingly noticeable
vulnerabilities of WEP standard. WPA was officially adopted in the year 2003, one year before the retirement
of WEP. WPA's most common configuration is with WPA-PSK, which is abbreviated as Pre-Shared Key. WPA
uses 256-bit, which was a considerable enhancement above the 64-bit as well as 128-bit keys.

Wi-Fi Protected Access II (WPA2)

Wi-Fi Protected Access II (WPA2) became official in the year 2006 after WPA got outdated. It uses the AES
algorithms as a necessary encryption component as well as uses CCMP (Counter Cipher Mode - Block
Chaining Message Authentication Protocol) by replacing TKIP.

Wi-Fi Protected Access 3 (WPA3)

Wi-Fi Protected Access 3 (WPA3) is the latest, and the third iteration of this family developed under Wi-Fi
Alliance. It has personal as well as enterprise security-support feature and uses 384-bit Hashed Message
Authentication Mode, 256-bit Galois / Counter Mode Protocol (GCMP-256), as well as Broadcast/Multicast
Integrity Protocol of 256-bit. WPA3 also provides perfect forward secrecy mechanism support.

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 69

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge
UNIT 7: NETWORK SECURITY
Answer own Innovation, Creativity & Tinkering.

Check it Spend Time

S.No. Contents (if Difficult) Page
in Hour

7.1 A Model for Network Security  55 1

Principles of cryptography: Symmetric Key and
7.2 57 1
Public Key
1
7.3 Public Key Algorithm - RSA 59

7.4 Digital Signature Algorithm 61 1

Communication Security: IPSec, VPN, Firewalls,
7.5 63 1
Wireless Security.

INSPIRING LEARNING QUOTES

“NOTHING WILL WORK UNLESS YOU DO.”

Don’t be judgmental towards anyone, including yourself.

“YESTERDAY I WAS CLEVER, SO I CHANGED THE WORLD. TODAY I AM WISE, SO I AM CHANGING

MYSELF.”

“NEVER GIVE UP ON A DREAM JUST BECAUSE OF THE TIME IT WILL TAKE TO ACCOMPLISH IT. THE
TIME WILL PASS ANYWAY.”

“TELL ME AND I FORGET. TEACH ME AND I REMEMBER. INVOLVE ME AND I LEARN.”

Ask yourself: how is this changing me?

Er. Sital Pd Mandal (https://computernetwork-mmc.blogspot.com) Page 70

“BE CURIOUS, NOT JUDGMENTAL.” - An up thrust for own knowledge