Latest Blog Posts

We're members of the

We've ridden there:


Layne's certifications:


A protocol is a set of standards for communication between network hosts. Protocols often provide services, such as e-mail or file transfer. Most protocols are not intended to be used alone, but instead rely on and interact with other dependent or complimentary protocols. A group of protocols that is intended to be used together is called a protocol suite.

The following table lists several major protocols.

Protocol Characteristics
Transmission Control Protocol (TCP) TCP provides services that ensure accurate and timely delivery of network communications between two hosts. TCP is a layer 4 (Transport layer) protocol. TCP is connection-orientedwhich means that it provides a guaranteed delivery of data between hosts through the following services:
  • Sequencing of data packets
  • Flow control
  • Error checking

The TCP three-way handshake is the process used to establish a TCP session. The steps to a TCP three-way handshake process are:

  1. A host sends a SYN packet to the target host.
  2. The target host responds to the original host with a SYN ACK packet.
  3. The host responds to the target host with an ACK packet.
User Datagram Protocol (UDP) UDP is a host-to-host protocol like TCP. However, UDP is connectionless, which means that it does not include mechanisms for ensuring timely and accurate delivery, but uses a best effort delivery. Because it has less overhead, it offers fast communications, but at the expense of possible errors or data loss. 
Internet Protocol (IP) IP is a layer 3 protocol that is connectionless and relies on upper layer protocols like TCP to ensure delivery and connection orientation.
Internetwork Packet Exchange (IPX) IPX is an older protocol used with older Novell networks. IPX has been replaced with TCP/IP in newer versions of NetWare. Unless you are running a version of NetWare that does not support TCP/IP, or are using applications that rely on IPX, you should disable IPX to eliminate attacks against IPX on your network.
Network Basic Input/Output System (NetBIOS) NetBIOS is the term used to describe the combination of two protocols: NetBEUI and NetBIOS. Because NetBIOS is a non-routable protocol, it was often combined with TCP/IP or IPX/SPX to enable internetwork communications.
  • NetBIOS was used in early Windows networks.
  • Beginning with Windows 2000, NetBIOS is no longer required.
  • NetBIOS might be needed if the network includes clients running previous versions of Windows.
Internet Control Message Protocol (ICMP) ICMP is commonly used for troubleshooting and information gathering. ICMP works closely with IP in providing error and control information, and by allowing hosts to exchange packet status information which helps move the packets through the internetwork. Two common management utilities use ICMP messages to check network connectivity.
  • pingis an ICMP Echo Request and once executed should initiate an Echo Reply to the source from the target device. Ping can be used to determine whether devices are reachable and can communicate across the network.
  • traceroute determines how many routers (hops) are between the source and the target and response time for each router.

ICMP also works with IP to send notices when destinations are unreachable and when devices' buffers overflow. ICMP messages are used to determine the route and hops packets take through the network and whether devices can communicate across the network.

Address Resolution Protocol (ARP) ARP provides IP address-to-MAC address name address resolution. Using ARP, a host that knows the IP address of a host can discover the corresponding MAC address.
Domain Name System (DNS) DNS is a hierarchical, distributed database that maps logical host names to IP addresses. For example, the name would be identified with a specific IP address. When you use the host name of a computer (for example if you type a URL such as, your computer uses the following process to find the IP address.
  1. The host looks in its local cache to see if it has recently resolved the host name.
  2. If the information is not in the cache, it checks the Hosts file. The Hosts file is a static text file that contains hostname-to-IP address mappings.
  3. If the IP address is not found, the host contacts its preferred DNS server. If the preferred DNS server can't be contacted, it continues contacting additional DNS servers until one responds.
  4. The host sends the name information to the DNS server. The DNS server then checks its cache and Hosts file. If the information is not found, the DNS server checks any zone files that it holds for the requested name.
  5. If the DNS server can't find the name in its zones, it forwards the request to a root zone name server. This server returns the IP address of a DNS server that has information for the corresponding top-level domain (such as .com).
  6. The first DNS server then requests the information from the top-level domain server. This server returns the address of a DNS server with the information for the next highest domain. This process continues until a DNS server is contacted that holds the necessary information.
  7. The DNS server places the information in its cache and returns the IP address to the client host. The client host also places the information in its cache and uses the IP address to contact the desired destination device.
SNMP SNMP is a protocol designed for managing complex networks. SNMP lets network hosts exchange configuration and status information. This information can be gathered by management software and used to monitor and manage the network. SNMP uses the following components:
  • A manageris the computer used to perform management tasks. The manager queries agents and gathers responses.
  • An agentis a software process that runs on managed network devices. The agent communicates information with the manager and can send dynamic messages to the manager.
  • The MIB is a database of host configuration information. Agents report data to the MIB, and the manager can then view information by requesting data from the MIB.
  • A trap is an event configured on an agent. When the event occurs, the agent logs details regarding the event.
SNMP version 2 added some security features, but most security comes with SNMP version 3. SNMP version 3 adds the following:
  • Authentication for agents and managers
  • Encryption of SNMP information
  • Message integrity to ensure that data is not altered in transit

Note: Running an antiquated protocol, such as NetBIOS or IPX/SPX, on a system opens the system to attack. Unless there is a critical reason, disable any unnecessary protocols on network devices.