Defining Networks with the OSI Model | 39 CERTIFICATION READY How do you define the upper layers of the OSI model? 3.1 In the following exercises, you will do the following: • Define the transport layer by showing connections in the command prompt and describing ports. • Define the session layer by logging into Web sites and other servers, as well as logging on and off of Microsoft networks and email programs. • Define the presentation layer by showing encryption in Windows and within Web sites. • Define the application layer by capturing web server packets and analyzing them. Layer 4 governs the transmission of messages through the communications subnetwork. Two common TCPIP protocols that are utilized on this layer include the Transmission Control Protocol TCP, which is a connection-oriented protocol, and the User Datagram Protocol UDP, which is connectionless. An example of an application that uses TCP is a web brows- er, and an example of an application that uses UDP is streaming media. When you download a web page, you don’t want to lose any packets of information because graphics would appear broken, certain text wouldn’t read correctly, and so on. By using TCP, we ensure that data gets to its final destination. If a packet is lost along the way, it will be resent until the destination computer acknowledges delivery or ends the session. But with streaming media, we are either watching or listening in real time. So, if a packet is lost, we don’t really care, because that time frame of the video or music has already passed. Once the packet is lost, we really don’t want it back. Of course, if the packet loss becomes too severe, the streaming media will become incomprehensible. Connection-oriented also known as CO mode communications require that both devices or computers involved in the communication establish an end-to-end logical connection before data can be sent between the two. These connection-oriented systems are often con- sidered reliable network services. If an individual packet is not delivered in a timely manner, it is resent; this can be done because the sending computer established the connection at the beginning of the session and knows where to resend the packet. In connectionless communications CL mode, no end-to-end connection is necessary before data is sent. Every packet that is sent has the destination address located in its header. This is sufficient to move independent packets, such as in the previously mentioned streaming media. But if a packet is lost, it cannot be resent, because the sending computer never established a logical connection and doesn’t know which logical connection to use to send the failed packet. Layer 4 also takes care of the ports that a computer uses for data transmission. Ports act as logical communications endpoints for computers. There are a total of 65,536 ports, numbering between 0 and 65,535. They are defined by the Internet Assigned Numbers Authority or IANA and divided into categories as shown in Table 2-1. ■ Defining the Upper OSI Layers The upper OSI layers are layers 4 through 7—the transport, session, presentation, and application layers. It is this portion of the OSI model that deals with protocols such as HTTP, FTP, and mail protocols. Compression, encryption, and session creation are also classified by these layers. THE BOTTOM LINE 40 | Lesson 2 Table 2-1 IANA port categories P ORT R ANGE C ATEGORY T YPE D ESCRIPTION 0–1023 Well-known ports This range defines commonly used protocols e.g., FTP utilizes port 21 to accept client connections. 1024–49,151 Registered ports Ports used by vendors for proprietary applications. These must be registered with the IANA e.g., Microsoft registered 3389 for use with the Remote Desktop Protocol. 49,152–65,535 Dynamic and These ports can be used by applications, but private ports they cannot be registered by vendors. Port numbers correspond to specific applications; for example, port 80 is used by web browsers via the HTTP protocol. It is important to understand the difference between inbound and outbound ports: • Inbound ports: These are used when another computer wants to connect to a service or application running on your computer. Servers primarily use inbound ports so that they can accept incoming connections and serve data. IP addresses and port num- bers are combined together, for example, a server’s IPport 66.249.91.104:80 is the IP address 66.249.91.104 with port number 80 open in order to accept incoming web page requests. • Outbound ports: These are used when your computer wants to connect to a service or application running on another computer. Client computers primarily use outbound ports, and these are assigned dynamically by the operating system. There are a lot of ports and corresponding protocols you should know. Although you don’t need to know all 65,536 ports, Table 2-2 highlights some of the basic ones that you should memorize. Table 2-2 Ports and associated protocols P ORT N UMBER A SSOCIATED P ROTOCOL F ULL N AME 21 FTP File Transfer Protocol 22 SSH Secure Shell 23 Telnet Terminal Network 25 SMTP Simple Mail Transfer Protocol 53 DNS Domain Name System 80 HTTP Hypertext Transfer Protocol 88 Kerberos Kerberos 110 POP3 Post Office Protocol Version 3 119 NNTP Network News Transfer Protocol 137–139 NetBIOS NetBIOS Name, Datagram, and Session Services, respectively 143 IMAP Internet Access Message Protocol Defining Networks with the OSI Model | 41 DEFINE THE TRANSPORT LAYER GET READY. Let’s take a look at ports and the transport layer in action by performing the following steps:

1. Open a web browser and connect to www.google.com.

2. Open the command prompt and type the command netstat –an. This will display a

list of all the connections to and from your computer in numeric format, as shown in Figure 2-6. Note the two Google connections. We know this is Google because the IP address for the Google Web site is 66.249.91.104. You can test this by pinging that IP address or by entering the IP address into your web browser’s address field. The two connections were initialized by the local computer on outbound ports 49166 and 49167. Google is accepting these connections on its web server’s inbound port 80. You will note that the left-hand column named “Proto” has these connections marked as TCP. So, as we mentioned earlier, HTTP connections utilize TCP on the transport layer, and they are therefore connection-oriented communications. Table 2-2 continued P ORT N UMBER A SSOCIATED P ROTOCOL F ULL N AME 161 SNMP Simple Network Management Protocol 389 LDAP Lightweight Directory Access Protocol 443 HTTPS Hypertext Transfer Protocol Secure uses TLS or SSL 445 SMB Server Message Block 1701 L2TP Layer 2 Tunneling Protocol 1723 PPTP Point-to-Point Tunneling Protocol 3389 RDP Remote Desktop Protocol Microsoft Terminal Server Figure 2-6 Netstat command Google Connections 42 | Lesson 2 3. Now, try the following commands:

a. netstat the original command; shows basic connections

b. netstat –a shows in depth TCP and UDP connections

c. netstat –an shows TCP and UDP connections numerically

DEFINE THE SESSION LAYER GET READY. Every time you connect to a Web site, a mail server, or any other computer on your network or another network, your computer is starting a session with that remote com- puter. Each time you log on or log off of a network, the session layer is involved. Let’s explore this further by carrying out the following actions:

1. Make several connections to other computers. For example:

a. Connect to www.microsoft.com.

b. Connect to a mail account that you have with Gmail, Yahoo, or another such

service.

c. Connect to a network share if available.

d. Connect to an FTP server if available.

2. Go back to the command prompt and run the netstat –a command; then, in a second

command prompt, run the netstat –an command. Analyze the various sessions that you have created. Compare the results of both commands. See whether you can catch the names in one command prompt and their corresponding IP addresses in the other command prompt. Note the “State” of the connections or sessions: Established, Close_wait, and so on.

3. Now, log on to and off of several networks:

a. Log off or on to your Microsoft network if you are connected to one.

b. Log on to a Web site like Amazon or another site that you have membership

with. All of these steps are completed as part of the session layer. The session layer is also in charge of the termination of sessions. You will notice that after a certain period of no activity, web sessions change their state from Established to either Time wait, or closed, or something similar. Log off all of your sessions now, and close any connections to any Web sites or other computers you have connected to. Finally, log off the computer and log back on. DEFINE THE PRESENTATION LAYER GET READY. The presentation layer will change how data is presented. This could include code conversion from one computer system to another that both run TCPIP, or it could be encryption or compression. This layer also comes into play when you connect to a mapped network drive known as a redirector. Carry out the following actions to see several examples of how information is modified before being sent across the network:

1. Access Windows Explorer on a Windows client computer.

2. Create a simple text file with some basic text, and save it to a test folder.

3. Right-click the text file and select Properties.

4. In the Properties window, click the Advanced button.

5. Select the Encrypt contents to secure data checkbox.

6. Click OK. The file should now be displayed in blue. From now on, if the file is sent

across the network, the presentation layer will come into effect due to the encryption.

7. Open a web browser and connect to https:www.paypal.com. Note the https at the

beginning of PayPal’s address, which is short for HyperText Transfer Protocol Secure.