ptg 344 HOUR 19: Streaming and Casting Stream Control Transmission Protocol (SCTP), which is described in RFC 2000 and later documents, is a connection-oriented transport protocol (and thus more similar to TCP), but, like UDP, SCTP is more message-oriented. SCTP also offers the capabil- ity to maintain several message streams in parallel through a single connection. Datagram Congestion Control Protocol (DCCP), which is described in RFC 4340, also borrows features from both TCP and UDP. DCCP is connection-oriented (like TCP), with fast but unreliable delivery (like UDP). Both SCTP and DCCP perform something called congestion control. As you can see by the name, DCCP is especially interested in providing a congestion control mecha- nism. Congestion control is a means for reducing the kinds of retransmission issues associated with TCP and providing more efficient use of the bandwidth. Algorithms used by the protocol adjust the characteristics of the data flow to optimize through- put and reduce the number of retransmitted packets. Implementations of SCTP and DCCP are available now. SCTP has been around for a little longer, and is perhaps better known to developers, but DCCP shows promise. Multimedia Links You don’t have to surf far to find video and audio images embedded in web pages. Click a link to hear a sound, watch video, or listen to a vocal track. You might be wondering what is actually happening with you click that link. The answer, of course, depends on where the link goes. Many multimedia links are simply files. As you learned earlier in Hour 17, “HTTP, HTML, and the World Wide Web,” an <a> tag with an HREF attribute is a reference to another resource. In previ- ous examples, that resource was a web page. However, the reference can point to any type of file as long as the browser knows how to interpret the file’s contents. Modern browsers can handle many different types of file formats. On Windows sys- tems, the file extension (the part of the filename after the period, such as .doc, .gif, or .avi) tells the browser (or the operating system) what application to use to open the file. Some other operating systems can determine the file type independ- ently of the file extension. If the browsing computer has the necessary software to open the video or audio file, and if the browser or operating system is configured to recognize the file, the web page can reference the file through an ordinary link, and the browsing computer will execute the file when the link is clicked. Common video file formats include . .AVI (Audio Visual Interleave)—An audio/visual format developed by Microsoft From the Library of Athicom Parinayakosol ptg Multimedia Links 345 . .MPEG (Motion Picture Experts Group)—A popular and high-quality digital video format . .SWF—A format used with screen animations and Flash videos . .MOV (QuickTime)—Apple originally developed the QuickTime format for Macintosh systems, but QuickTime is widely available for other systems YouTube accepts submissions in several different formats but converts most videos to a FLV Flash video formatted file embedded in an .swf file because Flash format is fast, and the Flash player is readily available. Several audio file formats are also available on the Internet, but the proprietary MP3 format is by far the most popular for downloading and playing music files. When you install multimedia software on the client computer (for instance, when you install the QuickTime viewer), the installer application typically registers the file extension(s) that the computer should use to open the application. In some cases, if the correct application or plugin isn’t available to play the file, the user is directed to a download site and the file is installed automatically. Of course, there is much more to the process of recording, encoding, and viewing a multimedia file. However, the details are not actually the business of HTTP or TCP/IP. As far as the network is concerned, the browser simply downloads a file when a user clicks on the link. The fact that the browser sometimes uses other applications to open and execute files demonstrates that the whole HTTP ecosystem (HTTP, HTML, the web server, the web browser) is essentially a delivery method, much like the TCP/IP layers below. Sometime the link offers the option of connecting to an actual multimedia stream, as described earlier in this hour. Streaming servers located on the Internet stream audio and video content on demand to a user who clicks the link. A common means for initiating a stream through a web browser is with the RTSP protocol, which you learned about earlier in this hour. As this hour has already described, RTSP does not actually participate in the streaming, but it provides a con- trol system for starting and stopping the stream. A URL such as rtsp://greatmovies.com/casablanca.mp4 might deliver a Bogart classic to your desktop—if your browser is configured with the correct software to process the connection. By the Way From the Library of Athicom Parinayakosol ptg 346 HOUR 19: Streaming and Casting To complicate matters, streams are sometimes obscured by web scripts or intention- ally hidden from view. Sometimes the URL for a multimedia stream is actually enclosed in a small text file called a metafile. The resource referenced in the address bar might actually be the metafile, which might have an extension such as .pls, .ram, .asx, .wax, .wvx, and so on. If you’re curious where the link leads, you can find several utilities on the Internet that can help you find the location of a hidden multimedia stream. Podcasting Between this duality of a multimedia file made available for download and a con- tinuous stream on demand is an intermediate (or at least conceptually distinct) creature known as the podcast. Podcasting arose around Apple’s famous iPod device, but the term now finds a more general use. A podcast subscription delivers multimedia (usually audio) content through an RSS feed. RSS was originally developed to feed or channel news to the user—kind of like delivering the morning paper through the Internet. The user subscribes to an RSS news service, and stories are automatically delivered to the user’s desktop. The important point is that the user doesn’t have to go out and find the news on a web- site. After the subscription is established, new stories are “pushed” to the reader automatically (see Figure 19.4). RSS Audio File MENU iPod Playlists Browse Extras Settings Backlight FIGURE 19.4 Podcasting delivers multi- media files over an RSS service. From the Library of Athicom Parinayakosol ptg Voice Over IP (VoIP) 347 The goal of the podcast phenomenon is to deliver multimedia files to the viewer directly using the tools of RSS. As it turns out, RSS provides a means of attaching a file to the news message. That attachment feature became the vehicle for podcasting. Podcast client applications manage the podcast files and provide notice of updates. iTunes users can easily receive podcasts, and other music players also offer the fea- ture. iPodder is an open source podcast client that works with Windows, MacOS, Linux, and BSD systems. The whole purpose of the podcast is to receive periodic updates, which means that whoever is producing the podcasts on the server side needs to provide some kind of ongoing programming. Grassroots podcasts have become popular around the world, with regular interviews, how-to sessions, music videos, and comedy acts beaming out to subscribers through the miracle of RSS. Voice Over IP (VoIP) Internet telephony is now quite common in many areas. TCP/IP phone service is often less expensive, and more versatile, than conventional phone service. In many ways, Internet phone calls are just another form of streaming audio, so it should be no surprise that RTP is the most popular protocol for transmitting voice over IP (VoIP) communications. But the act of talking is only one piece of the puzzle. The business of finding a user, placing a call, setting up a session, and gracefully ending the session requires new tools and protocols. If you expect your IP phone service to connect with the conventional phone net- work, you also face the problem of providing a control system that is compatible (or at least interfacable) with equivalent controls used on conventional phone systems. IP telephony can occur through an actual hardware phone device (which is similar to a telephone, but it is designed to work with TCP/IP), or it can happen with what is commonly called a soft phone—a computer program performing the function of a phone that receives audio input from a microphone device, sends audio output to speakers or a headset, and connects with the world through the computer’s TCP/IP networking software. In either case, the phone sends signals over the network that must be received and interpreted by another phone at the end of the call. Several protocols exist for initiating and managing VoIP phone calls. The International Telecommunication Union’s H.323 protocol system is a large family of protocols for managing VoIP, teleconferencing, and other communications tasks. Many VoIP systems are designed for H.323. Another more recent protocol that is simpler (and easy to describe) is known as the Session Initiation Protocol (SIP). From the Library of Athicom Parinayakosol ptg 348 HOUR 19: Streaming and Casting SIP is an Application layer protocol for starting, stopping, and managing a commu- nication session. SIP sends what is called an invitation to a remote user. In the con- text of VoIP, that invitation is equivalent to placing a call. In addition to initiating and terminating calls, SIP provides features such as conferencing, call forwarding, and feature negotiation. When the call is established, the actual streaming voice communication occurs using a protocol such as RTP. The other complication with IP telephony is reaching callers with old-fashioned land lines. A VoIP gateway device serves as an interface from the Internet to the phone network (Figure 19.5). VoIP callers can talk to each other directly over the Internet without the need for a gateway, but when they call a number on the conventional phone network, the call is routed to a VoIP gateway device. Internet telephony users can subscribe to a VoIP gateway service to gain access to a gateway. The option is also typically part of a VoIP phone contract, but the rates for connecting through a gateway are often much higher than calling a user through end-to-end Internet telephony. End-to-end calls across the Internet are often free (or nearly free) to any- where in the world for users who pay the monthly subscription rate. VoIP Gateway FIGURE 19.5 A VoIP gateway services as an interface to the conventional phone network. Summary This hour looked at some of the technologies that provide multimedia streaming on the Internet. You learned about RTP, RTSP, and RTCP. This hour also looked at the SCTP and DCCP transport protocols and discussed how multimedia links play music and video with a mouse click. You also learned about podcasting, and the hour ended with a look at voice over IP. From the Library of Athicom Parinayakosol ptg Key Terms 349 Q&A Q. Why are the primary Transport layer protocols ill-suited for streaming? A. UDP is fast but unreliable, and TCP is reliable, but the controls used to ensure delivery make it slow and prone to retransmission. Q. What is the purpose of RTP’s two sister protocols, RTCP and RTSP? A. While RTP provides the streaming, RTCP monitors and reports on quality of service. RTSP is used for control commands to start or stop the stream. Q. Why does YouTube convert the videos submitted to Flash format? A. Flash is an efficient and reliable video format, and the Flash player is readily available. Key Terms Review the following list of key terms: . Datagram Congestion Control Protocol (DCCP)—An alternative Transport layer protocol for streaming applications. . Feature Negotiation—A negotiation between applications or devices to arrive at a common set of features for the connection. . podcasting—A technique for delivering multimedia files over RSS feeds. . Realtime Control Protocol (RTCP)—A protocol that provides quality of service monitoring for RTP. . Realtime Streaming Protocol (RTSP)—A protocol that provides control commands for RTP. . Realtime Transport Protocol (RTP)—A popular streaming protocol. . Session Initiation Protocol (SIP)—A protocol for managing VoIP communications. . Stream Control Transmission Protocol (SCTP)—An alternative Transport layer protocol for streaming applications. . Voice over IP (VoIP)—Telephony services over TCP/IP networks. From the Library of Athicom Parinayakosol ptg This page intentionally left blank From the Library of Athicom Parinayakosol ptg PART VI Advanced Topics HOUR 20 Web Services 353 HOUR 21 The New Web 363 HOUR 22 Network Intrusion 375 HOUR 23 TCP/IP Security 391 HOUR 24 Implementing a TCP/IP Network—Seven Days 413 in the Life of a Sys Admin From the Library of Athicom Parinayakosol ptg This page intentionally left blank From the Library of Athicom Parinayakosol ptg HOUR 20 Web Services What you’ll learn in this hour: . Web services . XML . SOAP . WSDL . Web transactions The technologies of the Web have led to a new revolution in software development. The web service architecture lets the programmer leverage the tools of the Web for complex tasks never envisioned by the creators of HTML. This hour examines the web services infrastructure. You’ll also get a quick look at how e-commerce websites process web trans- actions. At the completion of this hour, you will be able to . Discuss the web service architecture . Understand the role of XML, SOAP, and WSDL in the web service paradigm . Describe how e-commerce websites process monetary transactions Understanding Web Services Now that almost every computer has a web browser, and web servers are widely under- stood, visionaries and software developers have been hard at work devising new ways to use the tools of the Web. In the old days, a programmer who wanted to write a network application had to create a custom server program, a custom client program, and a cus- tom syntax or format for the two applications to exchange information. The effort of From the Library of Athicom Parinayakosol [...]... According to the W3C’s WSDL specification, “WSDL is an XML format for describing network services as a set of endpoints operating on messages containing either document-oriented or procedure-oriented information.” WSDL is a format for defining the services that exchange information through SOAP messages A WSDL document is primarily a set of definitions The definitions within the document specify information... attacker slips in by finding an open port, unsecured service, or gap in the firewall Other network-level attack techniques exploit nuances of the TCP/ IP protocol system to gain information or reroute connections Application-level attacks—The attacker exploits known flaws in the program code of an application running on the system, such as a web server, tricking the application into executing arbitrary... dictionary scripts and de-encryption programs) to extremely low-tech (digging around in trash cans and peeking in users’ desk drawers) Some common password attack methods include Looking outside the box Trojan horses Guessing Intercepting The following sections discuss these methods for clandestinely obtaining users’ passwords Looking Outside the Box No matter how secure your system is, your network... Attacks The classic way to gain access to a computer system is to find out the password and log in An intruder who gains interactive entry to a system can employ other techniques to build system privileges Therefore, finding a password—any password—is often the first step in cracking a network Methods for getting passwords range from high-tech (password-cracking dictionary scripts and de-encryption programs)... tricks used by intruders to gain access to computer systems This hour is intended as an introduction to some important techniques As you read through the techniques described in this hour, remember the most important rule of computer security: If you think you’ve secured your network, think again Someone out there is spending a lot of time and effort trying to find a new way in What Do Intruders Want?... another line of defense against intrusion that should also be protected Most computer systems come with a well-documented and well-known default administrative account An intruder who is familiar with the operating system has a head start in gaining administrative privileges with knowledge of the username of the administrative account Experts therefore recommend changing the username of the administrative... system for storing and managing data Design elements—Predefined standard elements Layout—A structure for the site Scripting—A means for generating HTML code by injecting data into the predefined structure Web wonders such as blogs, wikis, and social networking sites hide these details, so the user is free to craft a web identity through images, sounds, and written language without ever having to worry... from ordinary networking All I really said in the preceding paragraph is that each peer must be capable of acting as both a client (requesting data) and a server (fulfilling requests) The short answer is that, after the connection is established, peer-to-peer networking is just ordinary networking The long answer is the reason why peer-to-peer networking is considered somewhat revolutionary The Internet... know it today In recent years, however, Internet-based chat has gained popularity with a new generation of users Many users prefer messaging to the other interactive alternative of talking on the telephone One can chat while working at a computer screen, and text is often less intrusive than sound, lending itself more readily to multitasking Some users can even manage multiple messaging sessions simultaneously,... Athicom Parinayakosol 370 HOUR 21: The New Web Several forms of messaging exist today—some proprietary and some open The popular form known as Internet Relay Chat (IRC) is actually described through a series of Internet RFCs (beginning with RFC 14 59 see also RFCs 2810–2813) IRC is actually a protocol operating at TCP/ IP s application layer The IRC protocol was officially assigned TCP port 194 , but servers . session. SIP sends what is called an invitation to a remote user. In the con- text of VoIP, that invitation is equivalent to placing a call. In addition to initiating and terminating calls, SIP provides. the Session Initiation Protocol (SIP). From the Library of Athicom Parinayakosol ptg 348 HOUR 19: Streaming and Casting SIP is an Application layer protocol for starting, stopping, and managing a. Athicom Parinayakosol ptg PART VI Advanced Topics HOUR 20 Web Services 353 HOUR 21 The New Web 363 HOUR 22 Network Intrusion 375 HOUR 23 TCP/ IP Security 391 HOUR 24 Implementing a TCP/ IP Network—Seven