Summary
Summary
Summary
Data Encapsulation
1
TCP/IP Core Protocols
TCP/IP is a suite of protocols, including TCP, IP (IPv4 and IPv6), UDP, ARP, and many
others.
2
TCP (Transmission Control Protocol)
TCP operates in the Transport layer of the OSI model and provides reliable
data delivery services. TCP ensures reliable data delivery through sequencing
and checksums.
3
Fields in a TCP Segment Figure lists the fields or items included in a TCP segment.
A TCP segment
1. Source port—Indicates the port number at the source node. A port number is the
address on a host where an application makes itself available to incoming or
outgoing data. One example is port 80, which is typically used to accept Web page
requests from the HTTP protocol. The Source port field is 16 bits long.
2. Destination port—Indicates the port number at the destination node. The
Destination port field is 16 bits long.
3. Sequence number—Identifies the data segment’s position in the stream of data
segments already sent. The Sequence number field is 32 bits long.
4. Acknowledgment number (ACK)—Confirms receipt of the data via a return
message to the sender. The Acknowledgment number field is 32 bits long.
5. TCP header length—Indicates the length of the TCP header. This field is four
bits long.
6. Sliding-window size (or window)—Indicates how many bytes the sender can
issue to a receiver while acknowledgment for this segment is outstanding. This
field performs flow control, preventing the receiver from being deluged with
bytes. For example, suppose a server indicates a sliding window size of 4000
bytes. Also suppose the client has already issued 1000 bytes, 250 of which have
been received and acknowledged by the server. That means that the server is still
buffering 750 bytes. Therefore, the client can only issue 3250 additional bytes
before it receives acknowledgment from the server for the 750 bytes. This field is
16 bits long.
7. Checksum—Allows the receiving node to determine whether the TCP segment
became corrupted during transmission. The Checksum field is 16 bits long.
4
8. Urgent pointer—Indicates a location in the data field where urgent data resides.
This field is 16 bits long.
9. Options—Specifies special options, such as the maximum segment size a
network can handle. The size of this field can vary between 0 and 32 bits.
10. Padding—Contains filler information to ensure that the size of the TCP header is
a multiple of 32 bits. The size of this field varies; it is often 0.
11. Data—Contains data originally sent by the source node.
TCP Three-Way Handshake The TCP three-way handshake is performed before TCP
transmits the actual data, such as an HTTP request for a Web page. Figure 3-4 shows
the three transmissions in the handshake.
This would be like talking on a radio show where you can send out your signal
whether anyone is listening or not. It can be useful in situations in which a great
volume of data must be transferred quickly, such as live audio or video transmissions
over the Internet.
UDP header contains only four fields: Source port, Destination port, Length, and
Checksum. Use of the Checksum field in UDP is optional in IPv4, but required for
IPv6 transmissions.
A UDP datagram
5
IP (Internet Protocol)
IP (Internet Protocol) belongs to the Network layer of the OSI model. It specifies how
and where data should be delivered, including the data’s source and destination
addresses. IP is the protocol that enables TCP/IP to internetwork—that is, to traverse
more than one LAN segment and more than one type of network through a router.
IP is an unreliable, connectionless protocol. The term unreliable does not mean that IP
can’t be used reliably. Instead, it means that IP does not guarantee delivery of data
and no connection is established before data is transmitted. IP depends on TCP to
ensure that data packets are delivered to the right addresses.
IPv6 was released in 1998 and offers better security, better prioritization
provisions, more automatic IP address configurations, and additional IP addresses.
(IPv6) addresses have 128 bits and are written as eight blocks of hexadecimal
numbers, for example 2001:0DB8:0B80:0000:0000:00D3:9C5A:00CC.
An IPv4 packet
6
5. Identification—Identifies the message to which a packet belongs and enables the
receiving host to reassemble fragmented messages.
6. Flags—Indicates whether a message is fragmented and, if it is fragmented,
whether this datagram is the last in the fragment
7. Fragment offset—Identifies where the datagram fragment belongs in the
incoming set of fragments. This field is 13 bits long
8. Time to Live (TTL)— Indicates the maximum duration that the packet can
remain on the network before it is discarded.
9. Protocol—Identifies the type of protocol that will receive the packet (for
example, TCP, UDP, or ICMP).
10. Header checksum—Allows the receiving node to calculate whether the IP header
has been corrupted during transmission.
11. Source IP address—Identifies the full IP address (or Network layer address) of
the source node. This field is 32 bits long.
12. Destination IP address—Indicates the full IP address (or Network layer address)
of the destination node. This field is 32 bits long.
13. Options—May contain optional routing and timing information. The Options
field varies in length.
14. Padding—Contains filler bits to ensure that the header is a multiple of 32 bits.
The length of this field varies.
15. Data—Includes the data originally sent by the source node, plus information
added by TCP in the Transport layer.
IPv6 Packets Due to the added information it carries, IPv6 uses a different packet format than IPv4.
Source address -128 bits Identifies the full IP address of the transmitting host.
Destination address- 128 bits Identifies the full IP address of the receiving host.
Whereas IP helps direct data to its correct destination, ICMP (Internet Control
Message Protocol) is a Network layer core protocol that reports on the success or
failure of data delivery. It can indicate when part of a network is congested, when data
fails to reach its destination, and when data has been discarded because the allotted
Time to Live has expired. ICMP announces these transmission failures to the sender,
7
but does not correct errors it detects—those functions are left to higher-layer
protocols, such as TCP. However, ICMP’s announcements provide critical
information for troubleshooting network problems.
2 ARP (Address Resolution Protocol) works in conjunction with IPv4 to discover the
MAC (physical) address of a host or node on the local network and to maintain a
database that maps IP addresses to MAC addresses on the local network. ARP is a
Layer 2 protocol that uses IP in Layer 3, and operates only within its local network
bound by routers. ARP relies on broadcasting, which transmits simultaneously to all
nodes on a particular network segment. For example, if one node needs to know the
MAC address of another node on the same network, the first node issues a broadcast
message to the network, using ARP, that essentially says, “Will the computer with the
IP address 1.2.3.4 please send me its MAC address?” The node that has the IP address
1.2.3.4 then transmits a reply that contains the physical address of the destination
host. The database of IP-to-MAC address mappings is called an ARP table (also
called an ARP cache) and is kept on a computer’s hard drive. Each OS can use its
own format for the ARP table. A sample ARP table is shown.
To view a Windows workstation’s ARP table, go to the command line and enter the
command: arp –a.
Data Link layer MAC address—The MAC address, also called the physical address, is
embedded on every NIC on the globe and is assumed to be unique to that NIC.
Traditional MAC addresses contain two parts, are 48 bits long, and are written as
hexadecimal numbers separated by colons—for example, 00:60:8C:00:54:99. The
first 24 bits (six hex characters, such as 00:60:8C in our example) are known as the
OUI (Organizationally Unique Identifier) or block ID or company-ID, and identifies
8
the NIC’s manufacturer. The last 24 bits make up the extension identifier or device
ID and identify the device.
A process’s port number plus its host machine’s IP address equals the process’s socket. For
example, the standard port number for the Telnet service is 23. On a host whose IPv4 address is
10.43.3.87, the socket address for Telnet is 10.43.3.87:23. In other words, the host assumes that any
requests coming into port number 23 are Telnet requests (that is, unless you reconfigure the host to
change the default Telnet port). Notice that a port number is expressed as a number following a colon
after an IP address. In this example, 23 is not considered an additional octet, but simply a pointer to a
port. Sockets form virtual connections between a process on one computer and the same process
running on another computer.
9
Host Names and DNS (Domain Name System)
Every device on the Internet is technically known as a host. Every host can take a host name,
a name that describes the device. For example, someone named Jasmine McDonald might
name her workstation “Jasmine.” If the computer is reserved for a specific purpose, you may want to
name it accordingly. For example, a company that offers free software downloads
through the FTP service might call its host machine “ftpserver.”
Domain Names
Every host is a member of a domain, or a group of computers that belongs to the same organization and
has part of their IP addresses in common. A domain is identified by its domain name. Usually, a
domain name is associated with a company or other type of organization, such as a university,
government organization, or company. For example, IBM’s domain name is ibm.com, and the United
States Library of Congress’s domain name is loc.gov.
Often, when networking professionals refer to a machine’s host name, they in fact mean its
local host name plus its domain name—in other words, its fully qualified host name, also
known as its fully qualified domain name, or FQDN. For example, the fully qualified host
name for the Library of Congress’s blog Web site is blogs.loc.gov. A domain name is represented by a
series of character strings, called labels, separated by dots. Each label represents a level in the domain
naming hierarchy. In the domain name www.google.com, com is the top-level domain (TLD), google is
the second-level domain, and www is the third-level domain. Each second-level domain can contain
multiple third-level domains. For instance, in addition to www.google.com, Google also owns the
following domains: news.google.com, maps.google.com, and mail.google.com.
10
In the mid-1980s, computer scientists responsible for the Internet’s growth devised a hierarchical way
of associating domain names with IP addresses, called the DNS (Domain Name System or Domain
Name Service). DNS refers to both the Application layer service that accomplishes this association and
also to the organized system of computers and databases that makes this association possible. The DNS
service does not rely on one file or even one server, but rather on many computers across the globe.
These computers are related in a hierarchical manner, with 13 computers, known as root servers, acting
as the ultimate authorities.
Because it is distributed, DNS will not fail catastrophically if one or a handful of servers
experience errors.
To direct traffic efficiently, the DNS service is divided into three components: resolvers, name
servers, and namespace. Resolvers are any hosts on the Internet that need to look up domain name
information. The resolver client is built into TCP/IP applications such as HTTP. If you point your Web
browser to http://www.loc.gov, your HTTP client software initiates the
resolver service to find the IP address for www.loc.gov. If you have visited the site before,
the information may exist in a local DNS cache, a database stored on your computer that
indicates what IP address is associated with the www.loc.gov host name. If the information
is not stored locally, the resolver service queries your machine’s designated name server to
find the IP address for www.loc.gov.
Name servers, or DNS servers, are servers that contain databases of associated names and IP addresses
and provide this information to resolvers on request. If one name server cannot resolve the domain
name to its IP address, it passes the query to a higher-authority name server. For example, suppose you
are trying to open the www.loc.gov Web page from a workstation on your company’s network. Further,
suppose this is the first time you’ve visited the Library of Congress online. Upon discovering it does
not have the information saved locally, your client’s resolver service queries the closest name server
for the IP address associated with www.loc.gov.
That name server is probably connected to your LAN. If your LAN’s name server cannot supply the IP
address for www.loc.gov, it queries a higher-level name server. In other words, your company’s name
server sends a request to the name server at the company’s Internet service provider (ISP). If that name
server does not have the information in its database, it queries a name server elsewhere on the Internet
that acts as the ISP’s naming authority. This process, depicted in Figure 4-17, continues until the
request is granted.
The term namespace refers to the database of Internet IP addresses and their associated
names. Namespace is not a single file that you can open and view like a store’s inventory
database. Rather, it is an abstract concept that describes how the name servers of the world
share DNS information. You can think of DNS namespace as a giant, distributed address
book for every computer in the world. Just as you might keep an address book of close
friends and family on your computer, but rely on a different source, such as an Internet
lookup service, to find contact information for people you don’t know, the DNS namespace
does not store every piece of information in one place. Instead, it relies on multiple sources to
11
resolve host names and IP addresses.
Telnet
Telnet is a terminal emulation protocol used to log on to remote hosts using the TCP/IP protocol suite.
Using Telnet, a TCP connection is established via port 23 and keystrokes on the user’s machine act like
keystrokes on the remotely connected machine. Often, Telnet is used to connect two dissimilar
systems, such as PCs and UNIX machines. Through Telnet, you can control a remote host over a
network. For example, network managers can use Telnet to log on to a router from a computer
elsewhere on their LAN and modify the router’s configuration. Telnet, however, is notoriously insecure
(meaning that someone with malicious
intent could easily falsify the credentials Telnet requires to log on to a device successfully),
so telnetting to a router across a public network would not be wise. Other, more secure
methods of remotely connecting to a host have replaced Telnet for that reason.
12
accepts commands from another host running the FTP client portion. FTP clients come with
a set of simple commands that make up their user interfaces. To exchange data, the client
depends on an FTP server that is always waiting for requests. After a client connects to the
FTP server, FTP data are exchanged via TCP, which means that FTP provides some assurance
of delivery.
13
14