Download TCP/IP: Understanding the Protocol Suite and Its Core Protocols - Prof. William Hammond and more Study notes Information Technology in PDF only on Docsity!
Hi Class: Chapter 4 is about protocols and an introduction to TCPIP. Network Protocols Think of protocols as nothing more than the set of rules by which computers communicate with one and other. Protocols vary according to their speed, transmission efficiency, utilization of resources, ease of setup, compatibility, and ability to travel between different LANs. We will pay special attention to TCP/IP as it is the dominant protocol in the world today and will remain so for the foreseeable future. Give some extra attention to this chapter as it is probably the most important of the entire course. Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP is not simply one protocol, but rather a suite of specialized protocols—including TCP, IP, UDP, ARP, and many others—called subprotocols. TCP/IP’s roots lie with the U.S. Department of Defense, which developed TCP/IP for its Advanced Research Projects Agency network (ARPAnet, the precursor to today’s Internet in the late 1960s. UNIX has always relied on TCP/IP. Now the latest versions of the Netware and Windows network operating systems also use TCP/IP as their default protocol. TCP/IP would not have become so popular if it weren’t routable. Protocols that can span more than one LAN or (LAN segment) are routable, because they carry Network layer addressing information that can be interpreted by a router. TCP/IP Compared to the OSI Model The TCP/IP suite of protocols is divided into four layers that roughly correspond to the seven layers of the OSI Model. Application layer Transport layer Internet layer Network Interface layer The TCP/IP Core Protocols Certain subprotocols of the TCP/IP suite, called TCP/IP core protocols, operate in the Transport or Network layers of the OSI Model and provide basic services to the protocols in other layers of the four-layer model. Transmission Control Protocol (TCP) The Transmission Control Protocol (TCP) operates in the Transport layer of both the OSI and the TCP/IP Models and provides reliable data delivery services. TCP is a connection oriented subprotocol, which means that a connection must be established between communicating nodes before this protocol will transmit data. User Datagram Protocol (UDP)
The User Datagram Protocol (UDP) , like TCP, sits in the Transport layer, between the Internet layer and the Application layer of the TCP/IP Model. Unlike TCP, however, UDP is a connectionless transport service. In contrast to a TCP header’s 10 fields, the UDP header contains only four fields: Source port, Destination port, Length, and Checksum. Internet Protocol (IP) The Internet Protocol (IP) belongs to the Internet layer of the TCP/IP Model and to the Network layer of the OSI Model. It provides information about how and where data should be delivered, including the data’s source and destination addresses. IP is the subprotocol that enables TCP/IP to internetwork. As you known, at the Network layer of the OSI Model, data is formed into packets. In the context of TCP/IP, a packet is also known as an IP datagram. The IP datagram acts as an envelope for data and contains information necessary for routers to transfer data between different LAN segments. Internet Control Message Protocol (ICMP) Whereas IP helps direct data to its correct destination, Internet Control Message Protocol (ICMP) is an Internet layer protocol that reports on the success or failure of data delivery. Address Resolution Protocol (ARP) Address Resolution Protocol (ARP) is an Internet layer protocol that obtains the MAC (physical) address of a host, or node, then creates a database that maps the MAC address to the host’s IP (logical) address. To make ARP more efficient, computers save recognized MAC-to-IP address mappings on their hard disks in a database known as an ARP table (also called an ARP cache ). An ARP table can contain two types of entries: dynamic and static. Dynamic ARP table entries are created when a client makes an ARP request that cannot be satisfied by data already in the ARP table. Static ARP table entries are those that someone has entered manually using the ARP utility. Reverse Address Resolution Protocol (RARP) If a device doesn’t know its own IP address it cannot use ARP. This is because without an IP address, a device cannot issue an ARP request or receive an ARP reply. One solution to this problem is to allow the client to send a broadcast message with its MAC address and receive an IP address in reply. This process, which is the reverse of ARP, is made possible by the Reverse Address Resolution Protocol (RARP). A RARP server maintains a table of MAC addresses and their associated IP addresses. Addressing in TCP/IP Each IP address is a unique 32-bit number, divided into four octets, or sets of 8-bits, that are separated by periods. An IP address contains two types of information: network and host. From the first octet you can determine the network class. First Octet is 1-127: Class A First Octet is 128-191: Class B
through a form of binary arithmetic called ANDING. To help you further understand this very important topic, visit http://www.learntosubnet.com. Also look in the Class Downloads folder for a subnet calculator. Assigning IP Addresses Whether connecting to the Internet or to another computer within a LAN, every node on a network must have a unique IP address. You can assign IP addresses manually, by modifying the client workstation’s TCP/IP properties. A manually assigned IP address is called a static IP address because it does not change automatically. It changes only when you reconfigure the client’s TCP/IP properties. BOOTP To facilitate IP address management, a service called the Bootstrap Protocol was developed in the mid-1980s. The Bootstrap Protocol (BOOTP) , an Application layer protocol, uses a central list of IP addresses and their associated devices’ MAC addresses to assign IP addresses to clients dynamically. An IP address that is assigned to a device upon request and is changeable is known as a dynamic IP address. Dynamic Host Configuration Protocol (DHCP) Dynamic Host Configuration Protocol (DHCP) is an automated means of assigning a unique IP address to every device on a network. DHCP was developed by the IETF as a replacement for BOOTP. DHCP operates in a similar manner to BOOTP, but unlike BOOTP, DHCP does not require the network administrator to maintain a table of IP and MAC addresses on the server. DHCP Leasing Process With DHCP, a device borrows, or leases , an IP address while it is attached to the network. Configuring the DHCP service involves specifying a range of addresses that can be leased to any network device on a particular segment and a list of excluded addresses. Once the DHCP server is running, the client and server take the following steps to negotiate the client’s first lease. Terminating a DHCP Lease A DHCP lease may expire based on the period established for it in the server configuration or it may be manually terminated at any time from either the client’s TCP/IP configuration or the server’s DHCP configuration. Sockets and Ports Just as a device requires a unique address to send and receive information over the network, a process also requires a unique address. Every process on a machine is assigned a port number. If you compare IP addressing with the addressing system used by the postal service, and you equate a host’s IP address to the address of a building, a port number would be similar to an apartment number within that building. A process’s port number plus its host machine’s IP address equals that process’s socket.. Port numbers range from 0 to 65,539 and are divided by IANA into three types: Well Known Ports, Registered Ports, and Dynamic and/or Private Ports. Well Known Ports are in the range of 0 to 1023 and are assigned to processes that only the operating
system or an Administrator of the system can access. Registered Ports are in the range of 1024 to 49151. These ports are accessible to network users and processes that do not have special administrative privileges. Default assignments of these ports must be registered with IANA. Dynamic and/or Private Ports are those from 49152 through 65535 and are open for use without restriction. Addressing in IPv The most notable difference between IP addresses in IPv4 and IPv6 is their size. While IPv4 addresses are composed of 32-bit, IPv6 addresses are composed of eight 16-bit fields and total 128 bits. A second difference between IPv4 and IPv6 addresses is the way they are represented. While each octet in an IPv4 address contains binary numbers separated by a period (for example, 123.45.67.89), each field in an IPv6 address contains hexadecimal numbers separated by a colon. An example of a valid IPv6 address is F:F:0:0:0:0:3012:0CE3. A third difference between the two types of IP addresses is that IPv6 addressing distinguishes between different types of network interfaces. One type of IPv6 address is a unicast address, or an address that represents a single interface on a device. A unicast address is the type of address that would be assigned, for example, to a workstation’s network adapter. A multicast address represents multiple interfaces (often on multiple devices). An anycast address represents any one interface from a group of interfaces (often on multiple nodes), any one of which (usually the first available) can accept a transmission. A fourth significant difference between IPv4 and IPv6 addressing is that in IPv6, each address contains a Format Prefix, or a variable length field at the beginning of the address that indicates what type of address it is. Host Names and Domain Name System (DNS) Much of TCP/IP addressing involves numbers—often long, complicated numbers. Computers can manage numbers easily. However, most people can remember words better than numbers. Every device on the Internet is technically known as a host. Every host can take a host name, a name that describes the device. Domain Names Every host is a member of a domain, or a group of computers that belong to the same organization and have part of their IP addresses in common. Usually, a domain name is associated with a company or other type of organization, such as a university, government organization, or company. Often, when networking professionals refer to a machine’s host name, they in fact mean its local host name plus its domain name—in other words, its fully qualified host name. A domain name is represented by a series of character strings, called labels, separated by dots. Each label represents a level in the domain naming hierarchy. In the domain name www.novell.com, “com” is the top-level domain (TLD) , “novell” is the second-level domain, and “www” is the third-level domain.
In addition to the core Transport and Internet layer protocols, the TCP/IP suite encompasses several Application layer protocols. These protocols work over TCP or UDP plus IP, translating user requests into a format the network can read. Telnet Telnet is a terminal emulation protocol used to log on to remote hosts using the TCP/IP protocol suite. Using Telnet, a TCP connection is established and keystrokes on the user’s machine act like keystrokes on the remotely connected machine. Often Telnet is used to connect two dissimilar systems. File Transfer Protocol (FTP) The File Transfer Protocol (FTP) is an Application layer protocol used to send and receive files via TCP/IP. In FTP exchanges, a host running the FTP server portion accepts commands from another host running the FTP client portion. FTP commands will work from your operating system’s command prompt; they do not require special client software. Many FTP hosts, especially those whose purpose is to provide software updates, accept anonymous logins. Trivial File Transfer Protocol (TFTP) The Trivial File Transfer Protocol (TFTP) is another TCP/IP Application layer protocol that enables file transfer between computers, but it is simpler (or more trivial) than FTP. A significant difference between FTP and TFTP is that TFTP relies on UDP at the Transport layer. TFTP is useful when you need to load data or programs on a diskless workstation. Network Time Protocol (NTP) The Network Time Protocol (NTP) is a simple Application layer protocol used to synchronize the clocks of computers on a network. NTP depends on UDP for Transport layer services. Packet Internet Groper (PING) The Packet Internet Groper (PING) is a utility that can verify that TCP/IP is installed, bound to the NIC, configured correctly, and communicating with the network. It is often employed simply to determine whether a host is responding (or “up”). PING uses ICMP services to send echo requests and echo reply messages that determine the validity of an IP address. These two types of messages work in much the same way that sonar operates. First, a signal, called an echo request, is sent out to another computer. The other computer then rebroadcasts the signal, in the form of an echo reply, to the sender. The process of sending this signal back and forth is known as pinging. As with other TCP/IP commands, PING can be used with a number of different options, or switches, and the syntax of the command may vary depending on the operating system. But a ping command always begins with the word “ping” followed by a hyphen (-) and a switch, followed by a variable pertaining to that switch. Below are some useful PING switches (based on the ping included with Windows XP):
-n X where X is a number. Specifies the number of requests to send (default is 4) -t This is a continuous Ping. Stop it with a “Control C” /? This will bring up a listing of other obscure parameters. IPX/SPX Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX) is a protocol originally developed by Xerox, then modified and adopted by Novell in the 1980s for its NetWare network operating system. IPX/SPX is required to ensure the interoperability of LANs running NetWare versions 3.2 and lower and can be used with LANs running higher versions of the NetWare operating system. The IPX and SPX Protocols Internetwork Packet Exchange (IPX) operates at the Network layer of the OSI Model and provides logical addressing and internetworking services, similar to IP in the TCP/IP suite. Like IP, IPX also uses datagrams to transport data and its datagrams also contain source and destination addresses. Sequenced Packet Exchange (SPX) belongs to the Transport layer of the OSI Model. It works in tandem with IPX to ensure that data are received whole, in sequence, and error free. SPX, like TCP in the TCP/IP suite, is a connection-oriented protocol. The SPX information is encapsulated by IPX. Addressing in IPX/SPX Just as with TCP/IP-based networks, IPX/SPX-based networks require that each node on a network be assigned a unique address to avoid communication conflicts. Because IPX is the component of the protocol that handles addressing, addresses on an IPX/SPX network are called IPX addresses. IPX addresses contain two parts: the network address (also known as the external network number) and the node address. NetBIOS and NetBEUI NetBIOS (Network Basic Input Output System) is a protocol originally designed for IBM to provide Transport and Session layer services for applications running on small, homogeneous networks. When Microsoft adopted IBM’s NetBIOS as its foundation protocol it added a standard Transport layer component called NetBEUI (the NetBIOS Enhanced User Interface ). Today, NetBEUI might be used in very small Microsoft- based networks to integrate legacy clients. Addressing in NetBEUI In case you do need to integrate older NetBEUI clients, you should understand how this protocol addresses clients. To transmit data between network nodes, NetBIOS needs to reach each workstation. For this reason, network administrators must assign a NetBIOS name to each workstation. The NetBIOS name can consist of any combination of 16 or fewer alphanumeric characters. Once NetBIOS has found a workstation’s NetBIOS
PING [address or name]: Packet Internet Groper: By default the ping command sends out 4 ICMP packets to the address or name that you specify. Ping can be used as a diagnostic as follows: ping 127.0.0.1: a successful reply means that tcp/ip has been installed and bound properly on your computer ping [your IP address]: a successful reply means that your Network card is working properly. ping [your default gateway]: a successful reply means that you can communicate across your LAN. If you get this far, your LAN communications work fine. Now let’s try the WAN. ping www.google.com: a successful replay means that everything is working perfectly. If it fails, note the ip address for google. Try to ping the IP address. A successful reply means that TCP/IP is working properly, your problem is with DNS. Note that I specified Google. If you try this to Microsoft, it won't work. Many companies today have turned off their ping replies as a security measure. As of now, Google has not. If you can ping Google by name there is absolutely nothing wrong with your configuration and you should be able to get to anywhere. TRACERT [address or name]: Trace Route: In the event that your pings fail, try tracert. Tracert shows you the path that a packet takes when going from point A to point B. The output of this command shows you the routers that are forwarding your packets. Sometimes you can figure out where they are located and who they belong to. ARP -G: Address Resolution Protocol: This command shows you the cache of IP addresses (Layer 3) cross referenced to Mac addresses (Layer 2) that your computer has learned. Windows maintains this cache for a period of about 10 minutes. You should be able to identify everything you see in the cache. NETSTAT -N: Network Status. This command shows you who has an active connection to your computer. It shows their IP address, your IP address and the port numbers used on both sides. Handy to run if your computer starts to churn randomly. There are many variants of these commands. Type the command followed by a /? to see all of the switches or arguments that are available. Microsoft has an excellent Technical Note (314067) that goes into much more detail. Get a copy and look it over. Subnetting is a very complex topic. Let’s try to take it a little bit at a time. Also don’t forget www.learntosubnet.com Anyway: With classful routing protocols, IP hosts and routers recognize only the network address designated by the standard address classes. An IP host device or a router using a classful protocol such as RIP v1 cannot recognize subnets. Classless Inter-Domain Routing (CIDR), defined in RFC 1817, introduced starting in 1993, is the latest refinement to the way IP addresses are interpreted. Classless routing protocols extend the standard Class A, B, or C IP addressing scheme by using a subnet mask or mask length to indicate how routers must interpret an IP network ID. Classless routing protocols include the subnet mask along with the IP address when advertising routing information. Subnet masks representing the network ID are not restricted to those defined by the address classes. Such subnet mask
flexibility enables you to group several networks as single entry in a routing table, significantly reducing routing overhead. It allowed increased flexibility when dividing ranges of IP addresses into separate networks. This served two purposes, reducing broadcast domain size and conserving IP addresses. Here is a classful example: Classful networks CANNOT be broken into smaller pieces. 192.168.100.0 subnet mask 255.255.255.0 allows up to 254 devices per network. Let's take the same network with classless/CIDR routing: Classless networks CAN be broken into smaller pieces known as subnets. Let’s start here. There are 32 bits in a tcpip address. That is 4 octets of 8 bits each. Some of these bits represent the network and some represent the host on the network. A class A address uses 8 of the 32 bits to identify the network. A class A network address will be expressed as 10.0.0.0/8 or a mask of 255.0.0. A class B address uses 16 of the 32 bits to identify the network. A class B network address will be expressed as 172.16.0.0/16 or a mask of 255.255.0. A class C address uses 24 of the 32 bits to identify the network. A class C network address will be expressed as 192.168.1.0/24 or a mask of 255.255.255. In classful addressing and routing, the remaining bits (not used to identify the network) will be assigned to the hosts/devices on the network. So: In a Class A network we can use 24 bits to identify the hosts. 32-8=24; 24 bits can represent 2^24 Hosts or 16777216 In a Class B network we can use 16 bits to identify the hosts. 32-16=16; 16 bits can represent 2^16 Hosts or 65536 In a Class C network we can use 8 bits to identify the hosts. 32-24=8; 8 bits can represent 2^8 Hosts or 256 One of those host numbers has to represent the network address and one has to represent the broadcast address, so we will deduct 2 from the final totals. Example: a class C network can support 254 devices plus the network address and the broadcast address for a grand total of 256. OK, next we have to determine the class of OUR network. The simplest way is to look at the first octet in the IP address. 1-126=Class A 127=Reserved for Loopback 128-191=Class B 192-223=Class C 224 & up are not used. They are reserved for experimental networks and multicasting. Let’s also start to take a look at the TYCPIP subnet mask. The sole purpose of the subnet mask is to help TCPIP figure out which part of the address is the network and which part of the address is the host (this is referred to as the ANDING process). TCPIP needs this information to determine which network to send the data to. At that point TCPIP will make a decision. If the network is local, TCPIP will ARP for the host. If the network is remote, it will pass the packet on to the default gateway, saying, in effect: "Here router. Do your stuff."
