Computer Network Protocols

Network protocols can be classified by the OSI layer where they operate.

Computer Network Protocols by OSI Layer

This section informs lists computer network protocols by their OSI layer.

OSI layer are, in incremental order:

Physical
Data link
Network
Transport
Session
Presentation
Application

Data Link OSI Layer Protocols

Data link OSI layer protocols featured on this post:

Ethernet
ATM
Frame Relay
SLIP
PPP
- PPPoE
HDLC
LAPB
LLDP
ARP

PPP, PPPoE and Ethernet are part of the network layer of the TCP/IP framework.

EAP over LAN (EAPOL) is the name that receives the EAP authentication protocol when is is used in OSI layer 2. Unlike the other protocols in this list, this is an authorization protocol rather than a communication protocol. To read more about EAP, you can read this post.

Ethernet

Ethernet is a data link protocol.

It uses Carrier Sense Multiple Access with Collision Detection (CSMA/CD) technology.

ATM

Asynchronous Transfer Mode (ATM) is OSI model level 2 protocol that was proposed to substitute ethernet.

You can read this post about ATM.

Frame Relay

Frame Relay transfer packets.

The committed information rate (CIR) is the bandwidth for a virtual circuit guaranteed by an internet service provider to work under normal conditions.

The Committed data rate (CDR) is the payload portion of the CIR.

SLIP

Deprecated

Serial Line Internet Protocol (SLIP) had no authentication.

It was superseded by PPP.

PPP

Point-to-Point Protocol (PPP) is a network encapsulation protocol.

It is no longer the default data link protocol, but it was the foundation for many other protocols that appeared later.

It is an internet standard documented in RFC 1661, and replaced Serial Line Internet Protocol (SLIP).

The original authentication options for PPP were PAP, CHAP and EAP. You can read more about these authentication protocols on this post.

PPPoE

Point-to-Point over Ethernet (PPPoE) is a network protocol.

It encapsulates PPP in ethernet.

HDLC

High-Level Data Link Control (HDLC).

LAPB

Link Access Procedure, Balanced (LAPB) derives from HDLC.

LLDP

Link Layer Discovery Protocol (LLDP) is a link-layer protocol used by network devices for advertising their identity, capabilities, and neighbors on a LAN.

It is covered in the standard IEEE 802.1AB with the name Station and Media Access Control Connectivity Discovery.

It was developed as a vendor neutral protocol to minimize the dominant position of Cisco network cards, that used the proprietary Cisco Delivery Protocol, while being compatible with the card of their competitors (such as Alcatel-Lucent, Aruba or IBM).

ARP

Address Resolution Protocol (ARP) makes transation from an IP to a MAC number. Because of this, it can be considered in the edge of OSI models level 2 and 3.

However it can be considered an OSI model level 2 protocol when taking into account RFC 1122.

ARP is a decentralized algorithm and does not require a server.

RARP

Reverse ARP (RARP) makes a translation from a MAC to an IP.

It is considered an OSI model level 2 protocol.

RARP requires a server.

Data Link+Network Protocol

Data link + network protocol:

MPLS

MPLS

Multiprotocol Label Switch (MPLS) can also be considered a converged protocol. You can read more about it on this post.

Network OSI Layer Protocols

The maximum transmission unit (MTU) is the size of the largest protocol data unit (PDU) that can be communicated in a single network layer transaction

An access control list (ACL) permits or denies packets according to rules

Network Routing Protocols

You can read more about network routing protocols on this post.

IP

Internet Protocol (IP) is probably the most extended network protocol.

You can find more information about IPv4 on this post.

You can find more information about IPv6 on this post.

Dual-Stack Lite (DS-Lite) is a transition mechanism that allows IPv4 and IPv6 to coexist.

ICMP

Internet Control Message Protocol (ICMP) is a supporting protocol with the purpose of report about issues on packet delivery. It is used behind the ping command.

ping can be used to make a rough topology, based on these hints:

The time to live (TTL) can provide info about at how many hops the device is.
Some firewalls responds differently to pings than endpoints.

ICMPv6 uses the field “type” to inform about the type of message.

ICMPv6 type meaning:

2 = Packet too big
128 = Echo request

IANA’s ICMPv6 Parameters

You can read more about hping3 command on this post.

You can read more about Windows ping command on this post.

Smurf attack is based on ping command. You can read more about it on this post.

IGMP

Internet Group Message Protocol (IGMP) is a communications protocol used to establish multicast group memberships by hosts and adjacent routers on IPv4 networks .

IGMP could be use for videoconferencing in WAN and LAN.

Multicast is not available on the internet because it may cause flood and denial-of-service (DoS) attack.

Multicast Backbone is a global network that is compatible with IGMP.

Spanning Tree Protocol (STP)

Spanning Tree Protocol (STP) is a network protocol that establishes logical a ethernet network on native Ethernet networks to maintain the topology among the nodes dynamically. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them.

Transport OSI Layer Protocols

Transport layer protocols are mainly:

You can find read more about Transport OSI layer protocol on this post.

Network+Transport Protocol

There are some protocols that do not fit into either network or transport layers, and belong to both of them:

VPN protocols

VPN Protocols

Virtual Private Networks (VPN) do not fit well within the OSI model.

You read more about VPN and their protocols on this post.

Session OSI Layer Protocols

Session OSI Layer Protocol:

SDP

Session Description Protocol (SDP) is used in SIP.

Session+Presentation OSI Layers Protocols

This section enumerates protocols that lay within the session and presentation layers:

RTP

Real time Protocol (RTP)

Real time control protocol (RTCP)

Secure RTP (SRTP) is the secure version of RTP is adds robust encryption and reliable authentication. It minimizes the risk of DoS, on-path attacks and other VoIP attacks.

Both RTP and RTCP for videoconferencing on H.323 and SIP standards.

Presentation OSI Layer Protocols

JPEG, MIDI, etc.

OSI presentation layer is responsible of encryption and compression.

TLS/SSL

Transport Layer Security (TLS) substitutes the now deprecated protocol SSL.

In the TLS handshake, and asymmetric encryption protocol is used to exchange a session-specific shared key with which further communication is encrypted using symmetric encryption.

Application OSI Layer Protocols

Application layer protocols:

HTTP
E-mail
SSH
DNS
SNMP
CMIP
WebSocket
SIP

HTTP

You can read a post about HTTP.

E-mail

You can find a list of e-mail protocols on this post.

SSH

Secure connection protocol (SSH).

DNS

Domain Name System (DNS).

You can read more about it on this post.

SNMP

Simple Network Management Protocol (SNMP) is used to manage devices over a network.

You can read more about it on this post.

CMIP

Common Management Information Protocol (CMIP) is used to manage devices over a network. It is an alternative to SNMP.

WebSocket

WebSocket is a protocol that provides simultaneous two-way communication channels over a single Transmission Control Protocol (TCP) connection.

You can read more about WebSockets on this post.

SIP

Session Initiation Protocol (SIP) is a signaling protocol used for initiating, maintaining, and terminating communication sessions that include voice, video and messaging applications.

You can read more on this post about SIP.

H.323

H.323 is a set of protocols to provide audio-visual communication sessions on any packet network.

You can read a post about H.323.

Multilayer Protocols

Multilayer protocols bring these issues:

They can conceal covert channels (and thus covert channels are allowed)
Filters can be bypassed by traffic concealed in layered protocols
The logical boundaries put in place by network segments can be bypassed under some circumstances.

Multilayered protocols featured on this post:

Converged protocols
- MPLS
- FCoE
- iSCSi
VoIP
DNP3

Converged Protocols

Converged protocols are the merging of specialty or proprietary protocols with standard protocols, such as those from the TCP/IP suite. You can read more on this external link.

Converged protocols according to CISSP certification:

Multiprotocol Label Switch (MPLS)
Fibre Channel over Ethernet (FCoE)
Internet Small Computer System Interface (iSCSI)

Fiber Channel over Ethernet (FCoE)

It is a networking protocol that supports Fibre Channel natively over Ethernet.

Fiber Channel (FC) is traditionally used on SAN.

Each HBA has a unique identifier called World Wide Name.

FC topologies:

End-to-end
Ring
Commuted

iSCSI

iSCSI is an OSI transport layer protocol.

You can read this post about iSCSI.

VoIP

You can read more about VoIP on this post.

DNP3

Distributed Network Protocol 3 (DNP3). You can read more about DNP3 on this post.

Computer Network Security Protocols

Computer network security protocols are aimed on ensuring the CIA (confidentiality, integrity and availability) triad.

Network Confidentiality Protocols

You can read find a list of network access protocols that ensure confidentiality on this post about identify and access management.

Network Availability Protocols

Network Quality of Service (QoS) is a control to ensure the availability of the network. You can read this post about Network QoS.

External References

BMC; “OSI Model: The 7 Layers of Network Architecture“; BMC