Professional Documents
Culture Documents
ACN Notes
ACN Notes
Module1
Syllabus - Introduction and Physical Layer
Networks – Network Types – Protocol Layering – TCP/IP Protocol suite – OSI Model –
Physical Layer: Performance – Transmission media – Switching – Circuit-switched
Networks – Packet Switching.
---------------------------------------------------------------------------------------------
Instruction – Very firstly study completely what we have discussed in class in module1 and
then focus on topics given below
---------------x---------------x-----------------
Module2
Syllabus - Data-Link Layer & Media Access - Introduction – Link-Layer Addressing –
DLC Services – Data-Link Layer Protocols – HDLC – PPP – Media Access Control – Wired
LANs: Ethernet – Wireless LANs – Introduction – IEEE 802.11, Bluetooth – Connecting
Devices.
---------------------------------------------------------------------------------------------
Instruction – Very firstly study completely what we have discussed in class in module2 and
then focus on topics given below
1. Topics – ARP, RARP, bit oriented protocol, stop and wait protocol, error
detection VRC, LRC, CRC, Checksum, gobackN, selective repeat,
switch(switching), frame format of WLAN/802.11, Bluetooth architecture, Hubs,
Repeaters, and bridges, sliding window protocol, CSMA/CD, ethernet frame format,
hidden node and exposed node problem, basic service set (BSS), extended service set
(ESS), gateway, switch, stop and wait ARQ, high level data link control and types of
frames,
Module3
Syllabus - NETWORK LAYER
Network Layer Services – Packet switching- IPv4 Packet format – Performance – IPV4
Addresses – Forwarding of IP Packets – Network Layer Protocols: IP, ICMP v4 – Unicast
Routing Algorithms – Protocols – Multicasting Basics – IPV6 Addressing – IPV6 Protocol.
--------------------------------------------------------
Instruction – Very firstly study completely what we have discussed in class in module3 and
then focus on following notes
Notes
The services which are offered by the network layer protocol are as follows:
1. Packetizing –
The process of encapsulating the data received from upper layers
of the network(also called as payload) in a network layer packet at
the source and decapsulating the payload from the network layer
packet at the destination is known as packetizing.
The source host adds a header that contains the source and
destination address and some other relevant information required
by the network layer protocol to the payload received from the
upper layer protocol, and delivers the packet to the data link layer.
2. Routing and Forwarding –
These are two other services offered by the network layer. In a
network, there are a number of routes available from the source to
the destination. The network layer specifies has some strategies
which find out the best possible route. This process is referred to as
routing. There are a number of routing protocols which are used in
this process and they should be run to help the routers coordinate
with each other and help in establishing communication throughout
the network.
3. Error Control –
Although it can be implemented in the network layer, but it is
usually not preferred because the data packet in a network layer
maybe fragmented at each router, which makes error checking
inefficient in the network layer.
4. Flow Control –
It regulates the amount of data a source can send without
overloading the receiver. If the source produces a data at a very
faster rate than the receiver can consume it, the receiver will be
overloaded with data. To control the flow of data, the receiver
should send a feedback to the sender to inform the latter that it is
overloaded with data.
5. Congestion Control –
Congestion occurs when the number of datagrams sent by source
is beyond the capacity of network or routers. This is another issue
in the network layer protocol. If congestion continues, sometimes a
situation may arrive where the system collapses and no datagrams
are delivered. Although congestion control is indirectly implemented
in network layer, but still there is a lack of congestion control in the
network layer.
Advantages of Network Layer Services :
• Packetization service in network layer provides an ease of
transportation of the data packets.
• Packetization also eliminates single points of failure in data
communication systems.
• Routers present in the network layer reduce network traffic by
creating collision and broadcast domains.
• With the help of Forwarding, data packets are transferred from one
place to another in the network.
Disadvantages of Network Layer Services :
• There is a lack of flow control in the design of the network layer.
• Congestion occurs sometimes due to the presence of too many
datagrams in a network which are beyond the capacity of network
or the routers. Due to this, some routers may drop some of the
datagrams and some important piece of information maybe lost.
• Although indirectly error control is present in network layer, but
there is a lack of proper error control mechanisms as due to
presence of fragmented data packets, error control becomes
difficult to implement.
Hexadecimal Notation:
Classful Addressing
The 32 bit IP address is divided into five sub-classes. These are:
• Class A
• Class B
• Class C
• Class D
• Class E
Each of these classes has a valid range of IP addresses. Classes D and E are
reserved for multicast and experimental purposes respectively. The order of bits
in the first octet determine the classes of IP address.
IPv4 address is divided into two parts:
• Network ID
• Host ID
The class of IP address is used to determine the bits used for network ID and host
ID and the number of total networks and hosts possible in that particular class.
Each ISP or network administrator assigns IP address to each device that is
connected to its network.
Class B:
IP address belonging to class B are assigned to the networks that ranges from
medium-sized to large-sized networks.
• The network ID is 16 bits long.
• The host ID is 16 bits long.
The higher order bits of the first octet of IP addresses of class B are always set to
10. The remaining 14 bits are used to determine network ID. The 16 bits of host
ID is used to determine the host in any network. The default sub-net mask for
class B is 255.255.x.x. Class B has a total of:
• 2^14 = 16384 network address
• 2^16 – 2 = 65534 host address
IP addresses belonging to class B ranges from 128.0.x.x –
191.255.x.x.
Class C:
IP address belonging to class C are assigned to small-sized
networks.
• The network ID is 24 bits long.
• The host ID is 8 bits long.
The higher order bits of the first octet of IP addresses of class C are
always set to 110. The remaining 21 bits are used to determine
network ID. The 8 bits of host ID is used to determine the host in
any network. The default sub-net mask for class C is 255.255.255.x.
Class C has a total of:
• 2^21 = 2097152 network address
• 2^8 – 2 = 254 host address
IP addresses belonging to class C ranges from 192.0.0.x –
223.255.255.x.
Class D:
IP address belonging to class D are reserved for multi-casting. The
higher order bits of the first octet of IP addresses belonging to class
D are always set to 1110. The remaining bits are for the address that
interested hosts recognize.
Class D does not posses any sub-net mask. IP addresses belonging to
class D ranges from 224.0.0.0 – 239.255.255.255.
Class E:
IP addresses belonging to class E are reserved for experimental and
research purposes. IP addresses of class E ranges from 240.0.0.0 –
255.255.255.254. This class doesn’t have any sub-net mask. The
higher order bits of first octet of class E are always set to 1111.
Classless Addressing
To reduce the wastage of IP addresses in a block, we use sub-netting. What
we do is that we use host id bits as net id bits of a classful IP address. We give
the IP address and define the number of bits for mask along with it (usually
followed by a ‘/’ symbol), like, 192.168.1.1/28. Here, subnet mask is found by
putting the given number of bits out of 32 as 1, like, in the given address, we
need to put 28 out of 32 bits as 1 and the rest as 0, and so, the subnet mask
would be 255.255.255.240.
Some values calculated in subnetting :
1. Number of subnets : 2 (Given bits for mask – No. of bits in default mask)
2. Subnet address : AND result of subnet mask and the given IP address
3. Broadcast address : By putting the host bits as 1 and retaining the network
bits as in the IP address
4. Number of hosts per subnet : 2 (32 – Given bits for mask) – 2
5. First Host ID : Subnet address + 1 (adding one to the binary representation
of the subnet address)
6. Last Host ID : Subnet address + Number of Hosts
Example : Given IP Address – 172.16.0.0/25, find the number of subnets and
the number of hosts per subnet. Also, for the first subnet block, find the subnet
address, first host ID, last host ID and broadcast address.
Solution : This is a class B address. So, no. of subnets = 2(25-16) = 29 = 512.
No. of hosts per subnet = 2(32-25) – 2 = 27 – 2 = 128 – 2 = 126
For the first subnet block, we have subnet address = 0.0, first host id = 0.1,
last host id = 0.126 and broadcast address = 0.127
Packet Sniffing
Packet sniffing is a passive attack, in which the attacker does not change the contents of the packet.
This type of attack is very difficult to detect because the sender and the receiver may never know
that the packet has been copied.
Although packet sniffing cannot be stopped, encryption of the packet can make the attacker’s effort
useless.
The attacker may still sniff the packet, but the content is not detectable.
IP Spoofing
An attacker can masquerade as somebody else and create an IP packet that carries the source
address of another computer.
An attacker can send an IP packet to a bank pretending that it is coming from one of the customers.
Internet Protocol (IP) spoofing is a type of malicious attack where the threat
actor hides the true source of IP packets to make it difficult to know where
they came from. The attacker creates packets, changing the source IP
address to impersonate a different computer system, disguise the sender's
identity or both. The spoofed packet's header field for the source IP
address contains an address that is different from the actual source IP
address.
Organization must have single connection to the Internet through a router that runs the NAT
software.
4 Source quench
11 Time Exceeded
12 Parameter Problem
5 Redirection
• Choke Packet
– A choke packet is a packet sent by a node to the source to inform it of
congestion.
– In backpressure, the warning is from one node to its upstream node,
although the warning may eventually reach the source station.
– In the choke-packet method, the warning is from the router, which has
encountered congestion, directly to the source station.
– The intermediate nodes through which the packet has traveled are not
warned.
– The warning message goes directly to the
source station; the intermediate routers do not take any
action.
• Implicit Signaling
– The source guesses that there is congestion somewhere in the network from other
symptoms.
– For example, when a source sends several packets and there is no acknowledgment
for a while, one assumption is that the network is congested.
– The delay in receiving an acknowledgment is interpreted as congestion in the
network; the source should slow down.
• Explicit Signaling
– The node that experiences congestion can explicitly send a signal to the source or
destination.
– In the choke-packet method, a separate packet is used for this purpose; in the
explicit-signaling method, the signal is included in the packets that carry data.
– Explicit signaling can occur in either the forward or the backward direction.
• The dynamic host configuration protocol is used to simplify the installation and maintenance
of networked computers.
• Ethernet addresses are configured into network by manufacturer and they are unique.
• IP addresses must be unique on a given internetwork but also must reflect the structure of
the internetwork
• Most host Operating Systems provide a way to manually configure the IP information for the
host
• It is necessary to ensure that every host gets the correct network number and that no two
hosts receive the same IP address.
• The primary method uses a protocol known as the Dynamic Host Configuration Protocol
(DHCP).
• The main goal of DHCP is to minimize the amount of manual configuration required for a
host.
• If a new computer is connected to a network, DHCP can provide it with all the necessary
information for full system integration into the network.
• The DHCP server can function just as a centralized repository for host configuration
information.
• The DHCP server maintains a pool of available addresses that it hands out to hosts on
demand.
• This means it will be received by all hosts and routers on that network.
• DHCP uses the concept of a relay agent. There is at least one relay agent on each network.
• DHCP relay agent is configured with the IP address of the DHCP server.
When a relay agent receives a DHCPDISCOVER message, it unicasts it to the DHCP server and awaits
the response, which it will then send back to the requesting client.
• DHCP Message Format
– A DHCP packet is actually sent using a protocol called the User Datagram Protocol
(UDP).
IP - INTERNET PROTOCOL
– IP runs on all the nodes (both hosts and routers) in a collection of networks
– IP defines the infrastructure that allows these nodes and networks to function as a
single logical internetwork.
• IP SERVICE MODEL
– The main concern in defining a service model for an internetwork is that we can
provide a host-to-host service only if this service can somehow be provided over
each of the underlying physical networks.
• The Internet Protocol is the key tool used today to build scalable, heterogeneous
internetworks.
– A key part of the IP service model is the type of packets that can be carried.
– Each node knows the distance (cost) to each of its directly connected neighbors.
– Each node sets a distance of 1 (hop) to its immediate neighbor and cost to itself as 0.
– For node A, nodes B, C, E and F are reachable, whereas nodes D and G are
unreachable.
The initial table for all the nodes are given below
– Each node sends its initial table (distance vector) to neighbors and receives their
estimate.
– Node A sends its table to nodes B, C, E & F and receives tables from nodes B, C, E &
F.
– Each node updates its routing table by comparing with each of its neighbor's table
– Node A learns from C's table to reach node D and from F's table to reach node G.
• Cost = 1 + 1 = 2.
Each node builds complete routing table after few exchanges amongst its neighbors
System stabilizes when all nodes have complete routing information, i.e.,
convergence.
• There are two different circumstances under which a given node decides to send a routing
update to its neighbors.
• Periodic Update
• In this case, each node automatically sends an update message every so often, even if
nothing has changed.
• The frequency of these periodic updates varies from protocol to protocol, but it is typically
on the order of several seconds to several minutes.
• Triggered Update
– In this case, whenever a node notices a link failure or receives an update from one of
its neighbors that causes it to change one of the routes in its routing table.
– Whenever a node’s routing table changes, it sends an update to its neighbors, which
may lead to a change in their tables, causing them to send an update to their
neighbors.
• Routers advertise the cost of reaching networks. Cost of reaching each link is 1 hop. For
example, router C advertises to A that it can reach network 2, 3 at cost 0 (directly
connected), networks 5, 6 at cost 1 and network 4 at cost 2.
• Each router updates cost and next hop for each network number.
• Infinity is defined as 16, i.e., any route cannot have more than 15 hops. Therefore RIP can be
implemented on small-sized networks only.
– Version - It indicates the RIP version number. For RIPv1, the value is 0x01.
• DIJKSTRA’S ALGORITHM
• Nodes create an update packet called link-state packet (LSP) that contains:
– ID of the node
Time to live
• Reliable Flooding
• Each node sends its LSP out on each of its directly connected links.
• When a node receives LSP of another node, checks if it has an LSP already for that node.
• If not, it stores and forwards the LSP on all other links except the incoming one.
• Else if the received LSP has a bigger sequence number, then it is stored and forwarded.
Older LSP for that node is discarded.
• Otherwise discard the received LSP, since it is not latest for that node.
• Thus recent LSP of a node eventually reaches all nodes, i.e., reliable flooding.
➢ When node X receives Y’s LSP (fig a), it floods onto its neighbors A
and C (fig b)
➢ Nodes A and C forward it to B, but does not sends it back to X (fig c).
Route Calculation
• Each node knows the entire topology, once it has LSP from every other node.
• Forward search algorithm is used to compute routing table from the received LSPs.
• Each node maintains two lists, namely Tentative and Confirmed with entries of the form
(Destination, Cost, NextHop).
2. Initialize the Confirmed list with an entry for the Node (Cost = 0).
3. Node just added to Confirmed list is called Next. Its LSP is examined.
4. For each neighbor of Next, calculate cost to reach each neighbor as Cost (Node to Next) +
Cost (Next to Neighbor).
– If Neighbor is neither in Confirmed nor in Tentative list, then add (Neighbor, Cost,
NextHop) to Tentative list.
– If Neighbor is in Tentative list, and Cost is less than existing cost, then replace the
entry with (Neighbor, Cost, NextHop).
5. If Tentative list is empty then Stop, otherwise move least cost entry from Tentative list to
Confirmed list. Go to Step 2.
Example – Write example here that I have discussed in class based on Dijkstra Algorithm
• The best route is determined by the source using the policy it imposes on the route.
• Path-vector routing is not actually used in an internet, and is mostly designed to route a
packet between ISPs.
Spanning Trees
• In path-vector routing, the path from a source to all destinations is determined by the best
spanning tree.
• It is the tree determined by the source when it imposes its own policy.
• If there is more than one route to a destination, the source can choose the route that meets
its policy best.
• One of the common policies uses the minimum number of nodes to be visited. Another
common policy is to avoid some nodes as the middle node in a route.
• The spanning trees are made, gradually and asynchronously, by each node. When a node is
booted, it creates a path vector based on the information it can obtain about its immediate
neighbor.
• A node sends greeting messages to its immediate neighbors to collect these pieces of
information.
• Each node, after the creation of the initial path vector, sends it to all its immediate
neighbors.
•
Each node, when it receives a path vector from a neighbor, updates its path vector using the
formula
• If Path (v, y) includes x, that path is discarded to avoid a loop in the path.
• In other words, x does not want to visit itself when it selects a path to y.
• Example:
• The Figure below shows a small internet with only five nodes.
• Each source has created its own spanning tree that meets its policy.
• The policy imposed by all sources is to use the minimum number of nodes to reach a
destination.
• The spanning tree selected by A and E is such that the communication does not pass through
D as a middle node.
• Similarly, the spanning tree selected by B is such that the communication does not pass
through C as a middle node.
• The Figure below shows all of these path vectors for the example.
• Not all of these tables are created simultaneously.
• The figure also shows how these path vectors are sent to immediate neighbors after they
have been created.
• The Figure below shows the path vector of node C after two events.
• In the first event, node C receives a copy of B’s vector, which improves its vector: now it
knows how to reach node A.
• In the second event, node C receives a copy of D’s vector, which does not change its vector.
• The vector for node C after the first event is stabilized and serves as its forwarding table.
• BGP4 is based on the path-vector algorithm. It provides information about the reachability
of networks in the Internet.
• Each AS have a border router (gateway), by which packets enter and leave that AS. In above
figure, R3 and R4 are border routers.
• BGP Speaker exchange reachability information with other BGP speakers, known as external
BGP session.
• BGP advertises complete path as enumerated list of AS (path vector) to reach a particular
network.
• For example, backbone network advertises that networks 128.96 and 192.4.153 can be
reached along the path <AS1, AS2, AS4>.
• If there are multiple routes to a destination, BGP speaker chooses one based on policy.
• Speakers need not advertise any route to a destination, even if one exists.
• Advertised paths can be cancelled, if a link/node on the path goes down. This negative
advertisement is known as withdrawn route.
• Routes are not repeatedly sent. If there is no change, keep alive messages are sent.
UNICAST ROUTING PROTOCOLS
• A routing protocol shares this information first among immediate neighbors, and then
throughout the network. This way, routers gain knowledge of the topology of the network.
• The ability of routing protocols to dynamically adjust to changing conditions such as disabled
data lines and computers and route data around obstructions is what gives the Internet its
survivability and reliability.
• The specific characteristics of routing protocols include the manner in which they avoid
routing loops, the manner in which they select preferred routes, using information about
hop costs, the time they require to reach routing convergence, their scalability, and other
factors.
MULTICASTING
• In this type of communication, the source address is a unicast address, but the destination
address is a group address.
• In multicasting, a multicast router may have to send out copies of the same datagram
through more than one interface.
• Hosts that are members of a group receive copies of any packets sent to that group’s
multicast address
MULTICAST ROUTING
• To support multicast, a router must additionally have multicast forwarding tables that
indicate, based on multicast address, which links to use to forward the multicast packet.
• Multicast forwarding tables collectively specify a set of trees -Multicast distribution trees.
• Multicast routing is the process by which multicast distribution trees are determined.
• There are two types of Multicast Distribution Trees used in multicast routing. They are
▪ For each combination of (source , group), there is a shortest path spanning tree.
▪ Link-state
– Each router maintains a routing table for all destination through exchange of
distance vectors.
– The packet arrived from the link used to reach the source of the packet
– Flooding
Introduction – Transport Layer Protocols –TCP Segment format - Services – Port Numbers –
User Datagram Protocol – Transmission Control Protocol – SCTP.
-------------------------------------
Instruction – Very firstly study completely what we have discussed in class in module4 and
then focus on following notes
Notes
• The transport layer is the fourth layer of the OSI model and is the core of the Internet model.
• It responds to service requests from the session layer and issues service requests to the
network Layer.
• It provides end-to-end control and information transfer with the quality of service needed
by the application program.
• It is the first true end-to-end layer, implemented in all End Systems (ES).
• TRANSPORT LAYER FUNCTIONS / SERVICES
• The transport layer is located between the network layer and the application layer.
• The transport layer is responsible for providing services to the application layer; it receives
services from the network layer.
– Process-to-Process Communication
– Flow Control
– Error Control
– Congestion Control
• Process-to-Process Communication
• The Transport Layer is responsible for delivering data to the appropriate application process
on the host computers.
• This involves multiplexing of data from different application processes, i.e. forming data
packets, and adding source and destination port numbers in the header of each Transport
Layer data packet.
• Together with the source and destination IP address, the port numbers constitutes a
network socket, i.e. an identification address of the process-to-process communication.
• Using port addressing it is possible to use more than one network-based application at the
same time.
• Well-known ports - These are permanent port numbers. They range between 0 to
1023.These port numbers are used by Server Process.
• Registered ports - The ports ranging from 1024 to 49,151 are not assigned or controlled.
• Ephemeral ports (Dynamic Ports) – These are temporary port numbers. They range between
49152–65535.These port numbers are used by Client Process
• To send a message from one process to another, the transport-layer protocol encapsulates
and decapsulates messages.
• Encapsulation happens at the sender site. The transport layer receives the data and adds the
transport-layer header.
• Decapsulation happens at the receiver site. When the message arrives at the destination
transport layer, the header is dropped and the transport layer delivers the message to the
process running at the application layer.
• Whenever an entity accepts items from more than one source, this is referred to as
• Whenever an entity delivers items to more than one source, this is referred to as
PORT NUMBERS
• Processes are programs that run on hosts. It could be either server or client.
• A process on the local host, called a client, needs services from a process usually on the
remote host, called a server.
• Processes are assigned a unique 16-bit port number on that host.
• ICANN (Internet Corporation for Assigned Names and Numbers) has divided the port
numbers into three ranges:
– Well-known ports
– Registered
• WELL-KNOWN PORTS
• Every client process knows the well-known port number of the corresponding server
process.
• For example, while the daytime client process, a well-known client program, can use an
ephemeral (temporary) port number, 52,000, to identify itself, the daytime server process
must use the well-known (permanent) port number 13.
• The client program defines itself with a port number, called the ephemeral port number.
• The word ephemeral means “short-lived” and is used because the life of a client is normally
short.
• They are neither controlled nor registered. They can be used as temporary or private port
numbers.
• REGISTERED PORTS
• The ports ranging from 1024 to 49,151 are not assigned or controlled.
• Three protocols are associated with the Transport layer.They are
• Each protocol provides a different type of service and should be used appropriately.
• UDP - UDP is an unreliable connectionless transport-layer protocol used for its simplicity and
efficiency in applications where error control can be provided by the application-layer
process.
• TCP - TCP is a reliable connection-oriented protocol that can be used in any application
where reliability is important.
• SCTP - SCTP is a new transport-layer protocol designed to combine some features of UDP
and TCP in an effort to create a better protocol for multimedia communication.
• UDP can be used to send small message where reliability is not expected.
• Sending a small message using UDP takes much less interaction between the sender and
receiver.
• UDP allow processes to indirectly identify each other using an abstract locator called port or
mailbox
• UDP PORTS
• Some well-known UDP ports are 7–Echo, 53–DNS, 111–RPC, 161–SNMP, etc.
• When an application process wants to receive a message, one is removed from the front of
the queue.
• If the queue is empty, the process blocks until a message becomes available.
• These user datagrams, have a fixed-size header of 8 bytes made of four fields, each of 2
bytes (16 bits).
• Source Port Number
• If the source host is client (sending request) then the port number is an temporary one
requested by the process and chosen by UDP.
• If the source is server (sending response) then it is well known port number.
• If the destination host is the server (a client sending request) then the port number is a well
known port number.
• If the destination host is client (a server sending response) then port number is an
temporary one copied by server from the request packet.
• Length
• This field denotes the total length of the UDP Packet (Header plus data)
• The total length of any UDP datagram can be from 0 to 65,535 bytes.
• Checksum
• UDP computes its checksum over the UDP header, the contents of the message body, and
something called the pseudoheader.
• The pseudoheader consists of three fields from the IP header—protocol number, source IP
address, destination IP address plus the UDP length field.
Data
• UDP SERVICES
• Process-to-Process Communication
• Connectionless Services
• There is no relationship between the different user datagrams even if they are
• coming from the same source process and going to the same destination program.
• Flow Control
• The lack of flow control means that the process using UDP should provide for this
service, if needed.
• Error Control
• This means that the sender does not know if a message has been lost or duplicated.
• When the receiver detects an error through the checksum, the user datagram is
silently discarded.
• The lack of error control means that the process using UDP should provide for this
service, if needed.
• Checksum
• UDP checksum calculation includes three sections: a pseudoheader, the UDP header,
and the data coming from the application layer.
• The pseudoheader is the part of the header in which the user datagram is to be
encapsulated with some fields filled with 0s.
• The sender of a UDP packet can choose not to calculate the checksum.
• In this case, the checksum field is filled with all 0s before being sent.
• In the situation where the sender decides to calculate the checksum, but it
happens that the result is all 0s, the checksum is changed to all 1s before the
packet is sent.
• TCP includes a flow-control mechanism for each of these byte streams that allow the
receiver to limit how much data the sender can transmit at a given time.
• Flow control is an end to end issue, whereas congestion control is concerned with
how host and network interact.
• TCP includes a flow-control mechanism for each of these byte streams that allow the
receiver to limit how much data the sender can transmit at a given time.
• Flow control is an end to end issue, whereas congestion control is concerned with
how host and network interact.
• TCP SERVICES
• Process-to-Process Communication
• TCP allows the sending process to deliver data as a stream of bytes and allows
the receiving process to obtain data as a stream of bytes.
• The sending process produces (writes to) the stream and the receiving process
consumes (reads from) it.
• TCP SEGMENT
– A TCP segment encapsulates the data received from the application layer.
– TCP does not, itself, transmit individual bytes over the Internet.
– TCP on the source host buffers enough bytes from the sending process to fill a
reasonably sized packet and then sends this packet to its peer on the destination
host.
– TCP on the destination host then empties the contents of the packet into a receive
buffer, and the receiving process reads from this buffer at its leisure.
– The packets exchanged between TCP peers are called segments, since each one
carries a segment of the byte stream.
• Flags― contains six control bits known as flags. o URG — segment contains urgent data.
• Checksum―It is computed over TCP header, Data, and pseudo header containing IP fields
• UrgPtr ― used when the segment contains urgent data. It defines a value that must be
added to the sequence number.
• TCP is connection-oriented.
• Connection Establishment
• While opening a TCP connection the two nodes(client and server) want to agree on a set of
parameters.
• The parameters are the starting sequence numbers that is to be used for their respective
byte streams.
• Client sends a SYN segment to the server containing its initial sequence number (Flags
• = SYN, SequenceNum = x)
• Server responds with a segment that acknowledges client’s segment and specifies its initial
sequence number (Flags = SYN + ACK, ACK = x + 1 SequenceNum = y).
• Finally, client responds with a segment that acknowledges server’s sequence number
• Data Transfer
– The client and server can send data and acknowledgments in both directions.
– The data traveling in the same direction as an acknowledgment are carried on the
same segment.
• Connection Termination
• When either the sending application program creates data slowly or the receiving
application program consumes data slowly, or both, problems arise.
• Any of these situations results in the sending of data in very small segments, which reduces
the efficiency of the operation.
• The sending TCP may create a silly window syndrome if it is serving an application program
that creates data slowly, for example, 1 byte at a time.
• The application program writes 1 byte at a time into the buffer of the sending TCP.
• The result is a lot of 1-byte segments that are traveling through an internet.
• The solution is to prevent the sending TCP from sending the data byte by byte.
• The sending TCP must be forced to wait and collect data to send in a larger block.
• Nagle’s Algorithm
• If there is data to send but is less than MSS, then we may want to wait some amount of time
before sending the available data
• If we don’t wait long enough, it may end up sending small segments resulting in Silly
Window Syndrome.
• The solution is to introduce a timer and to transmit when the timer expires
Note – Prepare service point addressing as one of the main functions of transport layer, we
have already discussed in class
NETWORK SECURITY
Perimeter, Firewall and Internal Routers, Introduction to Access Lists, Standard Access Lists,
Extended Access Lists, Turning Off and Configuring Network Services, Monitoring Access
Lists.
--------------------------------------------------------
Instruction – Very firstly study completely what we have discussed in class in module1 and
then focus on following notes
Notes
❖ Access Lists - An access list is essentially a list of conditions that categorize
packets, and they really come in handy when you need to exercise control over
network traffic. An ACL would be your tool of choice for decision making in these
situations.
❖ Access control lists (ACLs) perform packet filtering to control the movement of
packets through a network. Packet filtering provides security by limiting the access
of traffic into a network, restricting user and device access to a network, and
preventing traffic from leaving a network.
❖ IP access lists reduce the chance of spoofing and denial-of-service attacks, and
allow dynamic, temporary user-access through a firewall.
✓ An access control list (ACL) contains rules that grant or deny access to certain
digital environments.
✓ Access control lists (ACLs) perform packet filtering to control the flow of
packets through a network.
✓ Packet filtering can restrict the access of users and devices to a network,
providing a measure of security.
✓ Access lists can save network resources by reducing traffic. The benefits of
using access lists are as follows:
Authentication - Access lists can simplify the identification of local users, remote
hosts, and remote users in an authentication database that is configured to control
access to a device.
➢ Committed access rate (CAR) is a feature from Cisco that is used in network
optimization and security. It limits the input or output traffic rate on an interface or
sub-interface based on criteria such as IP precedence, IP access list or incoming
interface.
➢ Class Based Weighted Fair Queuing: Class Based Weighted Fair queuing is an
advanced form of WFQ that supports user defined traffic classes i.e. one can define
traffic classes based on match criteria like protocols, access control lists (ACLs), and
input interfaces.
➢ Limit debug command output—Access lists can limit debug output based on an IP
address or a protocol.
➢ Provide bandwidth control—Access lists on a slow link can prevent excess traffic on
a network.
➢ Provide NAT control—Access lists can control which addresses are translated by
Network Address Translation (NAT).
➢ Reduce the chance of DoS attacks—Access lists reduce the chance of denial-of-
service (DoS) attacks. Specify IP source addresses to control traffic from hosts,
networks, or users from accessing your network. Configure the TCP Intercept feature
to can prevent servers from being flooded with requests for connection.
➢ • Restrict the content of routing updates—Access lists can control routing updates that
are sent, received, or redistributed in networks.
➢ • Trigger dial-on-demand calls—Access lists can enforce dial and disconnect criteria.
➢ An access list can allow one host to access a part of your network and prevent another
host from accessing the same area.
➢ Access lists should be used in firewall routers, which are often positioned between
your internal network and an external network such as the Internet.
➢ To provide some security benefits of access lists, you should at least configure access
lists on border routers--routers located at the edges of your networks
➢ Creating access lists is really a lot like programming a series of if then statements—
if a given condition is met, then a given action is taken.
❑ All decisions are made based on the source IP address. This means that standard
access lists basically permit or deny an entire suite of protocols. They don’t
distinguish between any of the many types of IP traffic such as Web, Telnet, UDP,
and so on.
2. Extended access lists: Extended access lists can evaluate many of the other fields
in the layer 3 and layer 4 headers of an IP packet.
❑ They can evaluate source and destination IP addresses, the Protocol field in the
Network layer header, and the port number at the Transport layer header.
This gives extended access lists the ability to make much more granular decisions
when controlling traffic.
❑ Named access lists; there were only two types of access lists but listed three! Well,
technically there really are only two since named access lists are either standard or
extended and not actually a distinct type. I’m just distinguishing them because they’re
created and referred to differently than standard and extended access lists are, but
they’re still functionally the same.
❑ Any packets that are denied won’t be routed because they’re discarded before the
routing process is invoked.
❑ Outbound access lists When an access list is applied to outbound packets on an
interface, packets are routed to the outbound interface and then processed through the
access list before being queued.
URL
URL stands for Uniform Resource Locator. A URL is nothing more than the address of a given
unique resource on the Web. In theory, each valid URL points to a unique resource. Such
resources can be an HTML page, a CSS document, an image, etc. In practice, there are some
exceptions, the most common being a URL pointing to a resource that no longer exists or that
has moved. As the resource represented by the URL and the URL itself are handled by the Web
server, it is up to the owner of the web server to carefully manage that resource and its
associated URL.
Static documents are prepared using one of the languages which are mentioned below:
For example, when we retrieve the date and time from the web server, the result differs for
each request. This is because the date and time are dynamic as they change from moment to
moment. A client can ask the client to date the program in Unix and send the result of the
program to the client. CGI (Common Gateway Interface) is a technology used to create and
handle the dynamic documents.
CGI:
It is a set of standards that defines how the content in dynamic documents is written, how the
data are input into the program, and how it is shown. It allows programmers to use languages
such as C, A shell, or Perl. Common gateway interface represents the standard that defines a
common set of rules for any language or platform.
There are some predefined terms and variables which can be used in Common gateway
interface programs. A CGI program is a code which is written in one of the languages that CGI
supports. The programmer who knows how to encode the sequence of action or task in the
program, and has a knowledge of syntax, can write a CGI program. Dynamic documents
sometimes referred to as server site dynamic documents.
3. Active Documents
For many applications, we need a program or script to be run at the client site. These are called
as active documents. For example, suppose we want to run a program that creates animation
graphics on the screen. Definitely, the program needs to be run at the client site where
animation action takes place. When a browser requests an active document, the server sends a
copy of the script or document; then, the document is run at the client.
Java Applets:
Java applets are used to create an active document. Java is a high level, an object-oriented
programming language which allows a programmer to write an active document and browser
to run it. It can also be a stand-alone program that doesn’t use a browser. An applet is a program
which is written in java on the server. It is compiled and ready to be run.
The document is always in binary format. The client first creates an instance of this applet and
then run it. The browser can run Java applets in two ways; one way is the browser directly
request a java applet program in URL and receives the applet in binary format, the another way
is browser can retrieve and run HTML file that has embedded the applet’s address as a tag.
HTTP is TCP/IP based communication protocol, which is used to deliver the data like image
files, query results, HTML files etc on the World Wide Web (WWW) with the default port is
TCP 80. It provides the standardized way for computers to communicate with each other.
It is the protocol that allows web servers and browsers to exchange data over the web.
It is stateless means each request is considered as the new request. In other words, server doesn't
recognize the user by default.
HTTP is media independent: It specifies that any type of media content can be sent by HTTP
as long as both the server and the client can handle the data content.
HTTP is stateless: The client and server are aware of each other during a current request only.
Afterwards, both of them forget each other. Due to the stateless nature of protocol, neither the
client nor the server can retain the information about different request across the web pages.
FTP
o FTP stands for File transfer protocol.
o FTP is a standard internet protocol provided by TCP/IP used for transmitting the files
from one host to another.
o It is mainly used for transferring the web page files from their creator to the computer
that acts as a server for other computers on the internet.
o It is also used for downloading the files to computer from other servers.
Objectives of FTP
o It provides the sharing of files.
o It is used to encourage the use of remote computers.
o It transfers the data more reliably and efficiently.
Why FTP?
Although transferring files from one system to another is very simple and
straightforward, but sometimes it can cause problems. For example, two systems may
have different file conventions. Two systems may have different ways to represent text
and data. Two systems may have different directory structures. FTP protocol
overcomes these problems by establishing two connections between hosts. One
connection is used for data transfer, and another connection is used for the control
connection.
Mechanism of FTP
The above figure shows the basic model of the FTP. The FTP client has three
components: the user interface, control process, and data transfer process. The server
has two components: the server control process and the server data transfer process.
FTP Clients
o FTP client is a program that implements a file transfer protocol which allows you to
transfer files between two hosts on the internet.
o It allows a user to connect to a remote host and upload or download the files.
o It has a set of commands that we can use to connect to a host, transfer the files between
you and your host and close the connection.
o The FTP program is also available as a built-in component in a Web browser. This GUI
based FTP client makes the file transfer very easy and also does not require to
remember the FTP commands.
Advantages of FTP:
o Speed: One of the biggest advantages of FTP is speed. The FTP is one of the fastest
way to transfer the files from one computer to another computer.
o Efficient: It is more efficient as we do not need to complete all the operations to get
the entire file.
o Security: To access the FTP server, we need to login with the username and password.
Therefore, we can say that FTP is more secure.
o Back & forth movement: FTP allows us to transfer the files back and forth. Suppose
you are a manager of the company, you send some information to all the employees,
and they all send information back on the same server.
Disadvantages of FTP:
o The standard requirement of the industry is that all the FTP transmissions should be
encrypted. However, not all the FTP providers are equal and not all the providers offer
encryption. So, we will have to look out for the FTP providers that provides encryption.
o FTP serves two operations, i.e., to send and receive large files on a network. However,
the size limit of the file is 2GB that can be sent. It also doesn't allow you to run
simultaneous transfers to multiple receivers.
SMTP
o SMTP stands for Simple Mail Transfer Protocol.
o SMTP is a set of communication guidelines that allow software to transmit an electronic
mail over the internet is called Simple Mail Transfer Protocol.
o It is a program used for sending messages to other computer users based on e-mail
addresses.
o It provides a mail exchange between users on the same or different computers, and it
also supports:
o It can send a single message to one or more recipients.
o Sending message can include text, voice, video or graphics.
o It can also send the messages on networks outside the internet.
o The main purpose of SMTP is used to set up communication rules between servers.
The servers have a way of identifying themselves and announcing what kind of
communication they are trying to perform. They also have a way of handling the errors
such as incorrect email address. For example, if the recipient address is wrong, then
receiving server reply with an error message of some kind.
Components of SMTP
o First, we will break the SMTP client and SMTP server into two components such as user
agent (UA) and mail transfer agent (MTA). The user agent (UA) prepares the message,
creates the envelope and then puts the message in the envelope. The mail transfer
agent (MTA) transfers this mail across the internet.
o SMTP allows a more complex system by adding a relaying system. Instead of just
having one MTA at sending side and one at receiving side, more MTAs can be added,
acting either as a client or server to relay the email.
o The relaying system without TCP/IP protocol can also be used to send the emails to
users, and this is achieved by the use of the mail gateway. The mail gateway is a relay
MTA that can be used to receive an email.
Working of SMTP
1. Composition of Mail: A user sends an e-mail by composing an electronic mail
message using a Mail User Agent (MUA). Mail User Agent is a program which is used
to send and receive mail. The message contains two parts: body and header. The body
is the main part of the message while the header includes information such as the
sender and recipient address. The header also includes descriptive information such as
the subject of the message. In this case, the message body is like a letter and header is
like an envelope that contains the recipient's address.
2. Submission of Mail: After composing an email, the mail client then submits the
completed e-mail to the SMTP server by using SMTP on TCP port 25.
3. Delivery of Mail: E-mail addresses contain two parts: username of the recipient and
domain name. For example, vivek@gmail.com, where "vivek" is the username of the
recipient and "gmail.com" is the domain name.
If the domain name of the recipient's email address is different from the sender's
domain name, then MSA will send the mail to the Mail Transfer Agent (MTA). To relay
the email, the MTA will find the target domain. It checks the MX record from Domain
Name System to obtain the target domain. The MX record contains the domain name
and IP address of the recipient's domain. Once the record is located, MTA connects to
the exchange server to relay the message.
4. Receipt and Processing of Mail: Once the incoming message is received, the
exchange server delivers it to the incoming server (Mail Delivery Agent) which stores
the e-mail where it waits for the user to retrieve it.
5. Access and Retrieval of Mail: The stored email in MDA can be retrieved by using MUA
(Mail User Agent). MUA can be accessed by using login and password.
MIME Protocol
MIME stands for Multipurpose Internet Mail Extensions. It is used to extend the
capabilities of Internet e-mail protocols such as SMTP. The MIME protocol allows the
users to exchange various types of digital content such as pictures, audio, video, and
various types of documents and files in the e-mail. MIME was created in 1991 by a
computer scientist named Nathan Borenstein at a company called Bell
Communications.
MIME is an e-mail extension protocol, i.e., it does not operate independently, but it
helps to extend the capabilities of e-mail in collaboration with other protocols such
as SMTP. Since MIME was able to transfer only text written file in a limited size English
language with the help of the internet. At present, it is used by almost all e-mail related
service companies such as Gmail, Yahoo-mail, Hotmail.
Need of MIME Protocol
MIME protocol is used to transfer e-mail in the computer network for the following
reasons:
1. The MIME protocol supports multiple languages in e-mail, such as Hindi, French,
Japanese, Chinese, etc.
2. Simple protocols can reject mail that exceeds a certain size, but there is no word limit
in MIME.
3. Images, audio, and video cannot be sent using simple e-mail protocols such as SMTP.
These require MIME protocol.
4. Many times, emails are designed using code such as HTML and CSS, they are mainly
used by companies for marketing their product. This type of code uses MIME to send
email created from HTML and CSS.
MIME Header
MIME adds five additional fields to the header portion of the actual e-mail to extend
the properties of the simple email protocol. These fields are as follows: MIME Version
1. Content Type
2. Content Type Encoding
3. Content Id
4. Content description
1. MIME Version
It defines the version of the MIME protocol. This header usually has a parameter value
1.0, indicating that the message is formatted using MIME.
2. Content Type
It describes the type and subtype of information to be sent in the message. These
messages can be of many types such as Text, Image, Audio, Video, and they also have
many subtypes such that the subtype of the image can be png or jpeg. Similarly, the
subtype of Video can be WEBM, MP4 etc.
In this field, it is told which method has been used to convert mail information into
ASCII or Binary number, such as 7-bit encoding, 8-bit encoding, etc.
4. Content Id
In this field, a unique "Content Id" number is appended to all email messages so that
they can be uniquely identified.
5. Content description
This field contains a brief description of the content within the email. This means that
information about whatever is being sent in the mail is clearly in the "Content
Description". This field also provides the information of name, creation date, and
modification date of the file.
Here the browser displays a web page on the client machine when the user clicks
on a line of text that is linked to a page on abd.com, the browser follows the
hyperlink by sending a message to the abd.com server asking for the page.
Working of WWW:
The World Wide Web is based on several different technologies: Web browsers,
Hypertext Markup Language (HTML) and Hypertext Transfer Protocol (HTTP).
A Web browser is used to access web pages. Web browsers can be defined as
programs which display text, data, pictures, animation and video on the Internet.
Hyperlinked resources on the World Wide Web can be accessed using software
interfaces provided by Web browsers. Initially, Web browsers were used only for
surfing the Web but now they have become more universal. Web browsers can
be used for several tasks including conducting searches, mailing, transferring
files, and much more. Some of the commonly used browsers are Internet
Explorer, Opera Mini, and Google Chrome.
Features of WWW:
• HyperText Information System
• Cross-Platform
• Distributed
• Open Standards and Open Source
• Uses Web Browsers to provide a single interface for many services
• Dynamic, Interactive and Evolving.
Working of Email
The email refers to the electronic means of communication of sending and receiving messages
over the Internet. Email is the most common form of communication nowadays. An email has
significantly evolved over the past couple of years. There are now stronger sync and messaging
features along with stronger security and spam-related features.
Components of an Email:
1. Sender: The sender creates an email in which he records the information that
needs to be transferred to the receiver.
2. Receiver: The receiver gets the information sent by the sender via email.
3. Email address: An email address is just like a house address where the
communication arrives for the sender and receiver and they communicate with each
other.
4. Mailer: The mailer program contains allows the ability to read, write, manage and
delete the emails like Gmail, Outlook, etc.
5. Mail Server: The mail server is responsible for sending, receiving, managing, and
recording all the data proceeded by their respective mail programs and then
processing them to their respective users.
6. SMTP: SMTP stands for Simple mail transfer protocol. SMTP basically uses the
internet network connection to send and receive email messages over the Internet.
Protocols of Email:
Emails basically use two types of standard protocols for communication over the Internet. They
are-
1. POP3: POP3 stands for post office protocol version3 for email. Similar to a post
office, our approach is just to drop the email over the service mail provider and then
leave it for services to handle the transfer of messages. We can be even disconnected
from the Internet after sending the email via POP. Also, there is no requirement of
leaving a copy of the email over the web server as it uses very little memory. POP
allows using concentrate all the emails from different email addresses to accumulate
on a single mail program. Although, there are some disadvantages of POP
protocol like the communication medium is unidirectional, i.e it will transfer
information from sender to receiver but not vice versa.
2. IMAP: IMAP stands for Internet message access protocol. IMAP has some
special advantages over POP like it supports bidirectional communication over
email and there is no need to store conversations on servers as they are already well-
maintained in a database. It has some advanced features like it tells the sender that
the receiver has read the email sent by him.
Working of Email
1. When the sender sends the email using the mail program, then it gets redirected to
the simple mail transfer protocol which checks whether the receiver’s email address
is of another domain name or it belongs to the same domain name as that of the
sender (Gmail, Outlook, etc.). Then the email gets stored on the server for later
purposes transfer using POP or IMAP protocols.
2. If the receiver has another domain name address then, the SMTP protocol
communicates with the DNS (domain name server) of the other address that the
receiver uses. Then the SMTP of the sender communicates with the SMTP of the
receiver which then carries out the communication and the email gets delivered in
this way to the SMTP of the receiver.
3. If due to certain network traffic issues, both the SMTP of the sender and the receiver
are not able to communicate with each other, the email to be transferred is put in a
queue of the SMTP of the receiver and then it finally gets receiver after the issue
resolves. And if due to very bad circumstances, the message remains in a queue for
a long time, then the message is returned back to the sender as undelivered.
From Sender to Receiver:
The sender first needs the email address of the receiver to send the information to
be communicated via email. When the sender writes all the information in the email
along with the email address of the receiver and clicks on the send button, the mail program
transfers the message to the MTA (Mail Transfer Agent) which is transferred from the local
computer of the sender to the mail server via the SMTP protocol.
Then the webmail server looks out for the similar mail transfer agent of the receiver and locates
it whether it is using the same DNS (domain name server) or a different service. The DNS
looks for the mail exchanger service of the receiver. Now, the SMTP protocol transfers the
message between both mail servers through their mailing agents. Then the receiver’s MTA
finally transfers this message to the receiver’s local computer.
In case, the receiver uses POP protocol then when he receives the email, then the copy of the
email at the webserver will get deleted. And if he uses IMAP then the copy of the email gets
stored on the webserver and it can be changed at any time by the user.
Today, most systems that utilize SSH support SSH-2. The updates of this version have
strengthened the protocol and made it a reliable cryptographic method of remote
networking. By authenticating and encrypting every session, SSH in networking protects data
against overt/direct forms of cyberattack perpetrated by system hijackers, as well as subtler
forms of information theft like packet sniffing.
Understanding how secure shell protocol facilitates and secures networking operations means
you can configure the remote administration solutions that best suit your customers’ businesses.
SSH works within a network through a client/server architecture. An SSH client is the program
that runs SSH protocol from a specific device in order to access remote machines, automate
data transfers, issue commands, and even manage network infrastructure. The client/server
model means that the network system components being used to establish an SSH secure
connection must be enabled for SSH. This can mean installing the proper software, or simply
utilizing the SSH services program the computer has built in.
Next, it’s crucial to understand the layers within and around SSH referred to as the protocol
stack. SSH has three components: transport layer protocol (TLP), user authentication protocol,
and connection protocol. The three layers do the following:
1. Transport layer protocol: The TLP serves to authenticate the server and establish
confidentiality and integrity. According to the Request for Comments (RFC) memo
4251, TLP should be held to a standard of perfect forward secrecy. In essence, even if
a compromise were to happen during one session, it would not affect the security of
past sessions. Perfect forward secrecy (PFS) represents significant progress in data
transfer protocol, because it means that even if the server’s private key were to fall into
the wrong hands a hacker would not be able to retroactively gain access to previously
transmitted data. With PFS, each new session is independently secure, assuring that the
total confidentiality of past sessions remains intact.
2. User authentication protocol: As indicated by its title, the user authentication protocol
authenticates the user to the server, confirming the identity of the agent operating as the
client.
3. Connection protocol: The connection protocol mutiplexes the SSH tunnel. In other
words, the connection protocol creates distinct data streams, or logical channels, from
a single client/server connection.
The sequential actions of these three protocol layers allow the SSH protocol to successfully
secure connections, encrypt data, and transfer data along different channels.
Working:
If you wanted to go to a certain website you would open up your web browser and type in
domain name of that website. Let us use google.com. Now technically you really do not have
to type in google.com to retrieve Google web page, you can just type in IP address instead if
you already know what google’s IP address is, but since we are not accustomed to memorizing
and dealing with numbers, especially when there are millions of websites on Internet, we can
just type in domain name instead and let DNS convert it to an IP address for us.
So back to our example, when you type google.com on your web browser DNS server will
search through its cache to find a matching IP address for that domain name, and when it finds
it it will resolve that domain name to IP address of Google web site, and once that is done then
your computer is able to communicate with a Google web server and retrieve the webpage.
So DNS basically works like a phone book, when you want to find a number, you do not look
up number first, you look up name first then it will give you the number. So to break this down
into further detail, let us examine the steps that DNS takes. So when you type in google.com
in your web browser and if your web browser or operating system cannot find IP address in its
own cache memory, it will send a query to next level to what is called resolver server. Resolver
server is basically your ISP or Internet service provider, so when resolver receives this query,
it will check its own cache memory to find an IP address for google.com, and if it cannot find
it it will send query to next level which is root server. The root servers are the top most server
in the DNS hierarchy.
There are 13 sets of these root servers from a.root-servers.net to m.root-servers.net and they
are strategically placed around world, and they are operated by 12 different organizations and
each set of these root servers has their own unique IP address. So when root server receives
query for IP address for google.com, root server is not going to know what IP address is, but
root server does know where to send resolver to help it find IP address. So root server will
direct resolver to TLD or top-level domain server for .com domain. So resolver will now ask
TLD server for IP address for google.com.
Full Form POP3 is an abbreviation for Post Office IMAP is an abbreviation for Internet
Protocol 3. Message Access Protocol.
Introduction The POP is an Internet standard protocol on The IMAP is a protocol that allows
the application layer that the local email distant users to access their emails
clients use for retrieving emails from any directly from the server and read them
remote server over the TCP/IP connection. on any device at any location feasible
for them.
Complexity POP3 is a very simplified protocol. It can The IMAP protocol is very complex. It
only download the emails on the local allows all the users to view their email
computer from the inbox. folders easily and read them on the mail
server itself (from any device they
want).
Email A user cannot organize the emails on the IMAP allows its users to organize their
Organization server using POP3. available emails on the server.
Need to POP3 downloads the mail first and then You can partially read your emails
Download allows its users to read them. before downloading them in the case of
IMAP.
Multiaccess POP3 only allows a single device at a time to IMAP allows multiple devices at a time
access the emails. to access and read the available mails.
Updating of A user cannot update or create emails on the You can use the IMAP protocol for
Emails mail server by using the POP3 protocol. updating or creating emails. It is easy to
do so with a web interface or email
software.
Search Emails You cannot search for mail content on any You can easily search for mail content
mail server using the POP3 protocol. The on any mail server using IMAP without
user needs to download the mail first and then downloading them.
search for the required content.
Change and POP3 does not allow its users to alter or IMAP allows its users to use an email
Delete delete any email available on the mail server. software or a web interface to alter or
delete the available emails.
Syncing of It does not allow syncing of a user’s emails. Users can sync their emails using this
Mails protocol.
Storage of It downloads the content on the local device It always stores content on the mail
Content unless someone selects a “Keep a copy on the server.
server” via settings.
Direction Unidirectional – The changes that you make Bi-directional – Whenever you make
on a device have zero effect on the content changes on the device or server, it shows
available on the server. on the other side as well.
Offline Usage You can read the emails offline because The downloaded mails are available for
POP3 downloads them on the device. The the user to read, edit, and delete offline.
device only goes online to download new Any changes that one makes on the
emails. device get synced with the server.