institute of technology sligo - dept of computing semester 2 chapter 9 the tcp/ip protocol suite...

Institute of Technology Sligo - Dept of Computing

Semester 2 Semester 2 Chapter 9 Chapter 9

The TCP/IP Protocol SuiteThe TCP/IP Protocol Suite

Paul FlynnPaul Flynn

Jack PolJack Pol 22


Lesson OverviewLesson Overview How TCP/IP operates to ensure communication How TCP/IP operates to ensure communication

across any set of interconnected networks.across any set of interconnected networks. Learn about parts of the TCP/IP protocol stack that Learn about parts of the TCP/IP protocol stack that

support: support:

File transfer (FTP, TFTP), File transfer (FTP, TFTP),

e-mail, e-mail,

Reliable (TCP) and unreliable (UDP) transport layer Reliable (TCP) and unreliable (UDP) transport layer protocols,protocols,

Connectionless datagram (packet) delivery at the Connectionless datagram (packet) delivery at the network layer,network layer,

ICMP provides control and message functions at ICMP provides control and message functions at the network layer, the network layer,

ARP and RARP.ARP and RARP.

Jack PolJack Pol 33


TCP/IPTCP/IP

Developed by the Defence Advanced Research Projects Developed by the Defence Advanced Research Projects Agency (DARPA).Agency (DARPA).

Later included with the Berkeley Software Distribution of Later included with the Berkeley Software Distribution of UNIX. UNIX.

Now the de facto standard for internetwork communications.Now the de facto standard for internetwork communications. Serves as the transport protocol for the Internet.Serves as the transport protocol for the Internet.

Jack PolJack Pol 44


9.1.1 The Internet TCP/IP protocols and the OSI model

OSI Layers 7,6 & 5 are rolled into 1 application layerOSI Layers 7,6 & 5 are rolled into 1 application layer The Transport layer in both models perform basically the same functionThe Transport layer in both models perform basically the same function OSI layers 2 & 1 are combined into 1 Network Access layerOSI layers 2 & 1 are combined into 1 Network Access layer

Jack PolJack Pol 55


9.1.2 TCP/IP protocol stack and the application layer

DNS - Domain Name SystemDNS - Domain Name System WINS - Windows Internet Naming SystemWINS - Windows Internet Naming System NFS - Network File System (The standard UNIX file system)NFS - Network File System (The standard UNIX file system) POP3 - Post Office Protocol (An e-mail standard)POP3 - Post Office Protocol (An e-mail standard) SMTP - Simple Mail Transfer ProtocolSMTP - Simple Mail Transfer Protocol SNMP - Simple Network Management ProtocolSNMP - Simple Network Management Protocol FTP - File Transfer Protocol (Upload/Download files from the ‘net)FTP - File Transfer Protocol (Upload/Download files from the ‘net) TFTP - Trivial File Transfer ProtocolTFTP - Trivial File Transfer Protocol HTTP - The Internet standard for web browsingHTTP - The Internet standard for web browsing

Jack PolJack Pol 66


Other Application Layer protocols used for Other Application Layer protocols used for troubleshooting a network include:troubleshooting a network include: Telnet -Telnet - A standard terminal emulation protocol A standard terminal emulation protocol

PING - PING - Packet InterNet GroperPacket InterNet Groper

Traceroute -Traceroute - Traces the path of a packet from the source to Traces the path of a packet from the source to the receiver.the receiver.

9.1.2 TCP/IP protocol stack and the application layer

Jack PolJack Pol 77


9.1.3 TCP/IP protocol stack and the transport layer

The transport layer provides two protocols: The transport layer provides two protocols: TCP (Transport Control Protocol)TCP (Transport Control Protocol)

Provides reliable, connection-oriented communications Provides reliable, connection-oriented communications between 2 hosts.between 2 hosts.

TCP requires more network overhead because data is TCP requires more network overhead because data is acknowledged as it is received.acknowledged as it is received.

UDP (User Datagram Protocol)UDP (User Datagram Protocol) UDP is faster but less reliable, because the recipient does not UDP is faster but less reliable, because the recipient does not

acknowledge the data as it is received.acknowledge the data as it is received.

Communication reliability is left to the Application LayerCommunication reliability is left to the Application Layer

Jack PolJack Pol 88


9.1.4 TCP segment format source portsource port -- the number of the calling port -- the number of the calling port

destination portdestination port -- the number of the called -- the number of the called port port

sequence numbersequence number -- the number used to -- the number used to ensure correct sequencing of the arriving data ensure correct sequencing of the arriving data

acknowledgment numberacknowledgment number -- the next expected -- the next expected TCP octet TCP octet

HLENHLEN -- the number of 32-bit words in the -- the number of 32-bit words in the header header

reservedreserved -- set to 0 -- set to 0

code bitscode bits -- the control functions (e.g. setup -- the control functions (e.g. setup and termination of a session) and termination of a session)

windowwindow -- the number of octets that the -- the number of octets that the sender is willing to accept sender is willing to accept

checksumchecksum -- the calculated checksum of the -- the calculated checksum of the header and data fields header and data fields

urgent pointerurgent pointer -- indicates the end of the -- indicates the end of the urgent data urgent data

optionoption -- one currently defined: maximum TCP -- one currently defined: maximum TCP segment size segment size

datadata -- upper-layer protocol data -- upper-layer protocol data

Jack PolJack Pol 99


9.1.4 UDP segment format Application layer Application layer protocols provide for protocols provide for reliability.reliability.

UDP uses no windowing UDP uses no windowing or acknowledgments. or acknowledgments.

Designed for applications Designed for applications that do not need to put that do not need to put sequences of segments sequences of segments together. together.

Protocols that use UDP Protocols that use UDP are:are:

TFTP TFTP

SNMP SNMP

Network File System Network File System (NFS) (NFS)

Domain Name System Domain Name System (DNS)(DNS)

Jack PolJack Pol 1010


Both TCP and UDP use port numbers for communication between Both TCP and UDP use port numbers for communication between hosts.hosts. Port numbers are similar to phone numbersPort numbers are similar to phone numbers Transport layer services can be “called” by their port number.Transport layer services can be “called” by their port number.

EG When a Host wants to transfer a file using FTPEG When a Host wants to transfer a file using FTP Uses TCP port 21 to establish and control the connectionUses TCP port 21 to establish and control the connection Uses TCP port 20 to transfer the dataUses TCP port 20 to transfer the data TCP ports 20 & 21 are called “Well Known Port Numbers” because applications TCP ports 20 & 21 are called “Well Known Port Numbers” because applications

expect to find FTP services on these ports.expect to find FTP services on these ports. Other “Well Known” Port numbers are:Other “Well Known” Port numbers are:

TCP Port 23 TCP Port 23 - Telnet- Telnet TCP Port 25 TCP Port 25 - SMTP (email)- SMTP (email) TCP Port 53 TCP Port 53 - DNS- DNS TCP Port 80 TCP Port 80 - HTTP web services- HTTP web services UDP Port 53 UDP Port 53 - DNS- DNS UDP Port 69 UDP Port 69 - TFTP- TFTP UDP Port 161 UDP Port 161 - SNMP- SNMP

9.1.5 TCP and UDP port numbers

Request For Comment 1700 defines “Well Known Port Numbers”



9.1.6 TCP three-way handshake/open connection

For TCP to establish a reliable connection between 2 hosts.For TCP to establish a reliable connection between 2 hosts. Uses a “Three Way Handshake”Uses a “Three Way Handshake” Transmits 3 packets before the actual dataTransmits 3 packets before the actual data The 2 Hosts synchronise their “Initial Sequence Number” (ISN) The 2 Hosts synchronise their “Initial Sequence Number” (ISN) Ensures that the communications are assembled in the correct order and no Ensures that the communications are assembled in the correct order and no

missing packets exist.missing packets exist. The process occurs byThe process occurs by

Host 1 sends a SYN packet to Host 2 (1st data packet)Host 1 sends a SYN packet to Host 2 (1st data packet) Host 2 ACK the packet from Host 1 (2nd data packet)Host 2 ACK the packet from Host 1 (2nd data packet) Host 2 includes its’ own SYN data for Host 1 (2nd data packet)Host 2 includes its’ own SYN data for Host 1 (2nd data packet) Host 1 ACK packet from Host 2 (3rd data packet)Host 1 ACK packet from Host 2 (3rd data packet)

It is call the 3 way handshake because only 3 packets are exchanged It is call the 3 way handshake because only 3 packets are exchanged The SYN packet from Host 2 also serves as the acknowledgment to the SYN packet The SYN packet from Host 2 also serves as the acknowledgment to the SYN packet

from Host 1from Host 1



9.1.7 TCP simple acknowledgment and

windowing TCP “Sliding Windows” control the flow TCP “Sliding Windows” control the flow

and efficiency of communicationand efficiency of communication Quite simply, once the window fills with Quite simply, once the window fills with

data, the destination host sends an ACK for data, the destination host sends an ACK for packets received in that windowpackets received in that window

The window slides over in order to select The window slides over in order to select new packets.new packets.

TCP window sizes can change during the TCP window sizes can change during the life of the connection so that the window life of the connection so that the window can be can be



9.2.1 TCP/IP and the Internet Layer The Internet layer of the TCP/IP stack corresponds The Internet layer of the TCP/IP stack corresponds

to the network layer of the OSI model. to the network layer of the OSI model. Several protocols operate at the TCP/IP Internet Several protocols operate at the TCP/IP Internet

layer that corresponds to the OSI network layer: layer that corresponds to the OSI network layer: IPIP -- provides connectionless, best-effort delivery routing -- provides connectionless, best-effort delivery routing

of datagrams; is not concerned with the content of the of datagrams; is not concerned with the content of the datagrams; looks for a way to move the datagrams to datagrams; looks for a way to move the datagrams to their destination their destination

ICMPICMP -- provides control and messaging capabilities -- provides control and messaging capabilities ARPARP -- determines the data link layer address for known -- determines the data link layer address for known

IP addresses IP addresses RARPRARP -- determines network addresses when data link -- determines network addresses when data link

layer addresses are known layer addresses are known



9.2.2 The IP datagram An IP datagram contains an IP header and data, and is An IP datagram contains an IP header and data, and is

surrounded by the Media Access Control (MAC) layer header and surrounded by the Media Access Control (MAC) layer header and MAC layer trailer. One message may be transmitted as a series of MAC layer trailer. One message may be transmitted as a series of datagrams that are reassembled into the message at the receiving datagrams that are reassembled into the message at the receiving location.location.

VERS -- version number

HLEN -- header length, in 32-bit words

type of service -- how the datagram should be handled

total length -- total length (header + data)

identification, flags, flag offset -- provides fragmentation of datagrams to allow differing MTUs in the internetwork

TTL -- Time-To-Live

protocol -- the upper-layer (Layer 4) protocol sending the datagram

header checksum -- an integrity check on the header

source IP address and destination IP address -- 32-bit IP addresses

IP options -- network testing, debugging, security, and other options



9.2.2 The IP datagram

The protocol field The protocol field determines the Layer 4 determines the Layer 4 protocol being carried protocol being carried within an IP datagram. within an IP datagram. Although most IP traffic Although most IP traffic uses TCP, other protocols uses TCP, other protocols can also use IP. can also use IP.

Each IP header must Each IP header must identify the destination identify the destination Layer 4 protocol for the Layer 4 protocol for the datagram.datagram.

Transport layer protocols Transport layer protocols are numbered, similarly to are numbered, similarly to port numbers. port numbers.

IP includes the protocol IP includes the protocol number in the protocol fieldnumber in the protocol field


Institute of Technology Sligo - Dept of Computing9.2.3 Internet Control Message Protocol (ICMP)

Provides message control and error reporting services Provides message control and error reporting services between 2 TCP/IP hosts or between a host server and a between 2 TCP/IP hosts or between a host server and a gateway to the Internet.gateway to the Internet. The PING utility uses ICMP messages to check connections The PING utility uses ICMP messages to check connections

between 2 points.between 2 points. EG: A router receives a packet that it is unable to deliver EG: A router receives a packet that it is unable to deliver

to its final destination.to its final destination. The router sends an ICMP unreachable message to the The router sends an ICMP unreachable message to the

source. source. The message might be undeliverable because there is no The message might be undeliverable because there is no

known route to the destination. known route to the destination. An echo reply is a successful reply to a An echo reply is a successful reply to a pingping command. command. Results could include other ICMP messages, such as Results could include other ICMP messages, such as

host unreachable and timeouts.host unreachable and timeouts. How many of you have sent an email with the wrong How many of you have sent an email with the wrong

address and it comes back to you with the message address and it comes back to you with the message “host unknown”?“host unknown”?



9.2.4 How ARP works ARP maps IP addresses to MAC addresses.ARP maps IP addresses to MAC addresses.

The source of the network packet sends the The source of the network packet sends the information to the destination.information to the destination.

Unique MAC addresses reference the end points in Unique MAC addresses reference the end points in the exchange.the exchange.

Networked devices maintain details of MAC and IP Networked devices maintain details of MAC and IP addresses of other devices on the network.addresses of other devices on the network.

This is called an ARP table or cacheThis is called an ARP table or cache Maintained in RAMMaintained in RAM



9.2.4 How ARP works A computer transmits a packet on the network.A computer transmits a packet on the network. It checks its’ ARP cache for an IP to MAC address It checks its’ ARP cache for an IP to MAC address

mappingmapping If source finds an appropriate IP to MAC mapping, the If source finds an appropriate IP to MAC mapping, the

source uses the IP and MAC address to encapsulate the source uses the IP and MAC address to encapsulate the data that it is ready to transmit.data that it is ready to transmit.

Source computer sends the packet directly to the Source computer sends the packet directly to the destination.destination.



9.2.4 How ARP works The IP address is listed first, the MAC address The IP address is listed first, the MAC address

next, followed by information about whether next, followed by information about whether the entry is static or dynamic.the entry is static or dynamic.



9.2.4 How ARP works If a source computer cannot If a source computer cannot

locate an IP to MAC address locate an IP to MAC address mapping in its’ ARP table, it mapping in its’ ARP table, it must obtain the correct must obtain the correct mapping.mapping.

Source initiates an ARP request Source initiates an ARP request to all hosts to gain the to all hosts to gain the destinations’ MAC address.destinations’ MAC address.

The one host that sees that the The one host that sees that the ARP packet is meant for its’ IP ARP packet is meant for its’ IP address responds to the ARP address responds to the ARP request.request.



How RARP works RARP is similar to ARP in that computers use it RARP is similar to ARP in that computers use it

to bind MAC addresses to IP addresses.to bind MAC addresses to IP addresses. RARP is used by Diskless Workstations which RARP is used by Diskless Workstations which

have a MAC address burned into their network have a MAC address burned into their network cards but no IP address.cards but no IP address.

A clients IP configuration is stored on a RARP A clients IP configuration is stored on a RARP serverserver

RARP servers maintain a table of MAC and IP RARP servers maintain a table of MAC and IP address mapping for RARP clients.address mapping for RARP clients.

During the boot process, a RARP client will call During the boot process, a RARP client will call the RARP server to obtain their IP configuration.the RARP server to obtain their IP configuration.



The preceding presentation The preceding presentation was put together using the was put together using the Cisco curriculum and the Cisco curriculum and the

CCNA Guide to Cisco CCNA Guide to Cisco Networking Fundamentals by Networking Fundamentals by

Kurt Hudson and Kelly Kurt Hudson and Kelly Cannon.Cannon.

institute of technology sligo - dept of computing semester 2 chapter 9 the tcp/ip protocol suite...

Documents