Embed Size (px)
Citation preview
Semester 2v2
Chapter 9: TCP/IP
List three components of the TCP/IP protocol stack.
•protocols to support file transfer, e-mail, remote login, and other applications •reliable and unreliable transports •connectionless datagram (packet) delivery at the network layer
ICMP provides control and message functions at the network layer.
The Transmission Control Protocol/Internet Protocol (TCP/IP) suite of protocols was developed by the Defense Advanced Research Projects Agency (DARPA). The suite includes not only Layer 3 and 4 specifications (such as IP and TCP), but also specifications for such common applications as e-mail, remote login, terminal emulation, and file transfer.
Later, TCP/IP was included with the Berkeley Software Distribution of UNIX. You can use the Internet protocols to communicate across any set of interconnected networks. They are equally well-suited for both LAN and WAN communication.
The TCP/IP protocol stack maps closely to the OSI reference model in the lower layers. It supports all standard physical and data link protocols.
TCP/IP information is transferred in a sequence of datagrams. One message may be transmitted as a series of datagrams that are reassembled into the message at the receiving location.
The application layer supports network management. It has protocols for file transfer, e-mail, and remote login.
The transport layer performs two functions – flow control, provided by sliding windows
reliability, provided by sequence numbers and acknowledgments.
•TCP - a connection-oriented, reliable protocol; provides flow control by providing sliding windows, and reliability by providing sequence numbers and acknowledgments. The advantage of TCP is that it provides guaranteed delivery of the segments
•UDP - connectionless and unreliable; although responsible for transmitting messages, no software checking for segment delivery is provided at this layer.
The advantage that UDP provides is speed.
The transport layer also provides two protocols:
•source port - the number of the calling port
•destination port - the number of the called port
•sequence number - the number used to ensure correct sequencing of the arriving data
•acknowledgment number - the next expected TCP octet
•HLEN - the number of 32-bit words in the header
•reserved - set to 0
•code bits - the control functions (e.g. setup and termination of a session)
•window - the number of octets that the sender is willing to accept
•checksum - the calculated checksum of the header and data fields
•urgent pointer - indicates the end of the urgent data
•option - one currently defined: maximum TCP segment size
•data - upper-layer protocol data
Both TCP and UDP use port (or socket) numbers to pass information to the upper layers.
Port numbers are used to keep track of the different conversations that cross the network at the same time.
Application software developers have agreed to use the well-known port numbers that are defined in RFC 1700. For example, any conversation bound for an FTP application uses the standard port number 21.
Conversations that do not involve an application with a well-known port number are, instead, assigned port numbers that are randomly selected from within a specific range. These port numbers are used as source and destination addresses in the TCP segment.
Some ports are reserved in both TCP and UDP, although applications might not be written to support them. Port numbers have the following assigned ranges:
Numbers below 255 are for public applications.
Numbers 255-1023 are assigned to companies for marketable applications.
• Numbers above 1023 are unregulated.
End systems use port numbers to select the proper application.
Originating source port numbers, usually some numbers larger than 1023, are dynamically assigned by the source host
Both ends of a connection are synchronized with a three-way handshake/open connection sequence. Exchanging beginning sequence numbers during the connection sequence ensures that lost data can be recovered if problems occur later
Host A -- seq =n
Host B -- seq= n+1
Window size determines how much data areceiving station can accept at one time. With a window size of 1(byte), each segment that you send must be acknowledged before you can transmit another segment.
This results in inefficient use of bandwidth by the hosts.
After it transmits the window-size number of bytes, it must receive an acknowledgment before it can send more messages.
TCP uses expectational acknowledgments, meaning that the acknowledgment number refers to the octet that is expected next.
The sliding part of sliding window refers to the fact that the window size is negotiated dynamically during the TCP session.
A sliding window provides more efficient use of bandwidth by the hosts.
Window size refers to the number of bytes (or octets) that a host can transmit while awaiting an acknowledgment.
A larger window size allows the host to transmit more data pending acknowledgment.
TCP provides sequencing of segments with a forward reference acknowledgment. Each datagram is numbered before transmission.
At the receiving station, TCP reassembles the segments into a complete message. If a sequence number is missing in the series, that segment is retransmitted.
If segments are not acknowledged within a given time period, retransmission occurs
Application layer protocols must provide for reliability if necessary. UDP uses no windowing or acknowledgments.
It is designed for applications that do not need to put sequences of segments together. Protocols that use UDP include the following:
•TFTP
•SNMP
•Network File System (NFS)
•Domain Name System (DNS)
Several protocols operate at the TCP/IP Internet layer that corresponds to the OSI network layer:
•IP - provides connectionless, best-effort delivery routing of datagrams; is not concerned with the content of the datagrams; looks for a way to move the datagrams to their destination
•ICMP - provides control and messaging capabilities
•ARP - determines the data link layer address for known IP addresses
•RARP - determines network addresses when data link layer addresses are known
The fields in this IP datagram are as follows:
•VER - version number
•HLEN - header length, in 32-bit words
•type of service - how the datagram should be handled
•total length - total length (header + data)
•identification, flags, frag offset - provides fragmentation of datagrams to allow differing MTUs in the internetwork
•TTL - Time-To-Live
•protocol - he upper-layer (Layer 4) protocol sending the datagram
•header checksum - an integrity check on the header
•source IP address and destination IP address - 32-bit IP addresses
•VIP options - network testing, debugging, security, and other options
The protocol field determines the Layer 4 protocol being carried within an IP datagram.
Although most IP traffic uses TCP, other protocols can also use IP.
Each IP header must identify the destination Layer 4 protocol for the datagram.
Transport layer protocols are numbered, similarly to port numbers. IP includes the protocol number in the protocol field.
ICMP is implemented by all TCP/IP hosts.
ICMP messages are carried in IP datagrams and are used to send error and control messages.
•Destination Unreachable
•Time to Live Exceeded
•Parameter Problem
•Source Quench
•Redirect
•Echo
•Echo Reply
•Timestamp
•Timestamp Reply
•Information Request
•Information Reply
•Address Request
•Address Reply
If a router receives a packet that it is unable to deliver to its final destination, the router sends an ICMP unreachable message to the source.
The message might be undeliverable because there is no known route to the destination
An echo reply is a successful reply to a ping command; however, results could include other ICMP messages, such as unreachable and timeout messages
To determine a destination MAC address for a datagram, a table called the ARP cache is checked. If the address is not in the table, ARP sends a broadcast that will be received by every station on the network, looking for the destination station.
The term "local ARP" is used to describe the search for an address when the requesting host and the destination host share the same medium or wire.
Prior to issuing the ARP, the subnet mask must be consulted. The mask determines that the nodes are on the same subnet.
ARP is used to resolve or map a known IP address to a MAC sublayer address in order to allow communication on a multi-access medium such as Ethernet.
RARP relies on the presence of a RARP server with a table entry or other means to respond to requests.
On the local segment, you can use RARP to initiate a remote operating system load sequence.
Internet protocols enable communications between any set of interconnected networks. They are equally well suited for both LAN and WAN communications,
TCP/IP is the de facto standard for internetwork communications and serves as the transport protocol for the Internet, enabling millions of computers to communicate globally.
The function of the TCP/IP protocol stack, or suite, is the transfer of information from one network device to another.The layers most closely affected by TCP/IP are Layer 7 (application), Layer 4 (transport), and Layer 3 (network).
DNS (Domain Name System) is a system used in the Internet for translating names of network nodes into addresses
WINS (Windows Internet Naming Service) is a Microsoft-developed standard for Microsoft Windows NT that automatically associates NT workstations with Internet domain names.
POP3 (Post Office Protocol) is an Internet standard for storing e-mail on a mail server until you can access it and download it to your computer. It allows users to receive mail from their inboxes using various levels of security. SMTP (Simple Mail Transport Protocol) governs the transmission of e-mail over computer networks. It does not provide support for transmission of data other than plain text.
HOSTS is a file created by network administrators and maintained on servers. They are used to provide static mapping between IP addresses and computer names.
SNMP (Simple Network Management Protocol) is a protocol that provides a means to monitor and control network devices, and to manage configurations, statistics collection, performance and security.
FTP (File Transfer Protocol) is a reliable connection-oriented service that uses TCP to transfer files between systems that support FTP. It supports bi-directional binary file and ASCII file transfers
TFTP (Trivial File Transfer Protocol) is a connectionless unreliable service that uses UDP to transfer files between systems that support the TFTP. It useful in some LANs because it operates faster than FTP in a stable environment.
HTTP (Hypertext Transfer Protocol) is the Internet standard that supports the exchange of information on the World Wide Web, as well as on internal networks. It supports many different file types, including: text, graphic, sound , and video.
It defines the process by which Web browsers originate requests for information to send to Web servers.
Telnet is a standard terminal emulation protocol used by clients for the purpose of making remote terminal connections to Telnet server services; enables users to remotely connect to routers to enter configuration commands. PING (Packet Internet Groper) is a diagnostic utility used to determine whether a computer is properly connected to devices/Internet.
Traceroute is a program that is available on many systems, and is similar to PING, except that traceroute provides more information than PING. Traceroute traces the path a packet takes to a destination, and is used to debug routing problems
There are also a few Windows-based protocols that you should be familiar with:
•NBSTAT - a utility used to troubleshoot NetBIOS name resolution; used to view and remove entries from the name cache •NETSTAT - a utility that provides information about TCP/IP statistics; can be used to provide information about the status of TCP/IP connections and summaries of ICMP, TCP, and UDP •ipconfig/winipcfg - utilities used to view current network settings for all adapters on a device; can be used to view the MAC address, IP address, and gateway
The END
