You are on page 1of 55

Guide To TCP/IP, Second Edition

Chapter 1
Introducing TCP/IP

Guide To TCP/IP, Second Edition

Understand TCP/IPs origins and history Explain the process by which TCP/IP standards and other documents, called Requests for Comments (RFCs), are created, debated, and formalized (where appropriate) Understand the Open Systems Interconnection network reference model, often used to characterize network protocols and services, and how it relates to TCP/IPs own internal networking model

Guide To TCP/IP, Second Edition

Objectives (cont.)
Define the terms involved and explain how TCP/IP protocols, sockets, and ports are identified Understand data encapsulation and how it relates to the four layers of the TCP/IP protocol stack Understand and apply the basic practices and principles that underlie network protocol analysis

Guide To TCP/IP, Second Edition

What is TCP/IP?
Large collection of networking protocols and services Two key protocols
Transmission Control Protocol (TCP)
Reliable delivery for messages

Internet Protocol (IP)

Manages the routing of network transmissions

Guide To TCP/IP, Second Edition

Origins and History

1969, Department of Defense (DoD) and Advanced Research Projects Agency (ARPA) funded research for packet-switched networking The sender and receiver are identified by unique network addresses Do not require all packets to follow the same path in transit The network built as a result of this project is known as the ARPANET
Guide To TCP/IP, Second Edition 5

TCP/IPs Design Goals

Withstand a potential nuclear strike
Need for packet switching

Permit different kinds of computer systems to easily communicate Need to interconnect systems across long distances

Guide To TCP/IP, Second Edition

A TCP/IP Chronology
1978: Internet Protocol version 4 (IPv4) came into existence 1983: Defense Communications Agency took over operation of the ARPANET 1986: National Science Foundation (NSF) launches a long-haul, high-speed network, known as NSFNET 1987: Number of hosts on the Internet breaks 10,000
Guide To TCP/IP, Second Edition 7

A TCP/IP Chronology (cont.)

Number of hosts on the Internet breaks 100,000 NSFNET backbone upgraded to 1.544 megabits per second (Mbps)

McGill University releases the Archie protocol and service Work begins on the Hypertext Transfer Protocol Worldwide Web is born at Centre European Researche Nucleaire (CERN)
Guide To TCP/IP, Second Edition 8

A TCP/IP Chronology (cont.)

Commercial Internet Exchange (CIX) is formed Wide Area Information Service (WAIS) protocol and service allowing Internet searches of multimegabyte databases Gopher allows searching of text-based archives

Internet Society (ISOC) is chartered Number of hosts on the Internet breaks one million
Guide To TCP/IP, Second Edition 9

A TCP/IP Chronology (cont.)

NSFNET backbone upgraded to 44.736 Mbps CERN releases HTTP and Web server technology to the public

Internet Network Information Center (InterNIC) is chartered Mosaic, the first high-powered graphical browser The U.S.White House goes online at
Guide To TCP/IP, Second Edition 10

A TCP/IP Chronology (cont.)

U.S. Senate and House of Representatives establish information servers on the Internet Online junk mail and shopping malls begin to proliferate

Netscape launches Netscape Navigator Number of hosts on the Internet breaks five million

1996: Microsoft launches Internet Explorer Web browser

Guide To TCP/IP, Second Edition 11

A TCP/IP Chronology (cont.)

1997: Number of registered domain names reaches 31 million 2000: Love Letter worm infects over one million personal computers 2001:
Number of hosts on the Internet breaks 150 million Sircam virus and Code Red worm infect thousands of Web servers and e-mail accounts

Guide To TCP/IP, Second Edition


A TCP/IP Chronology (cont.)

Number of hosts on the Internet breaks 204 million The Internet2 backbone utilizes native IP version 6

2003: Public Interest Registry (PIR) assumes responsibility as .org registry operator
Guide To TCP/IP, Second Edition 13

Who Owns TCP/IP?

TCP/IP falls squarely into the public domain Funded with public monies since its inception Both everybody and nobody own TCP/IP

Guide To TCP/IP, Second Edition


Meet the Standards Groups that Manage TCP/IP

Internet Society (ISOC) Internet Architecture Board (IAB) Internet Engineering Task Force (IETF) Internet Research Task Force (IRTF) Internet Societal Discussion Forum (ISDF) Internet Corporation for Assigned Names and Numbers (ICANN)
Guide To TCP/IP, Second Edition 15

TCP/IP Standards and RFCs

Request For Comments (RFC) RFC 2026 describes how a RFC is created RFC status designations
Proposed Standard, Draft Standard, Internet Standard, Retired Standard, and Historic Standard

Best Current Practice (BCP)

Guide To TCP/IP, Second Edition 16

OSI Reference Model Overview

Network reference model Formally (ISO/OSI ) Designed to replace TCP/IP OSI model is the standard way to explain how networks operate TCP/IP remains the open standard protocol suite of choice
Guide To TCP/IP, Second Edition 17

OSI Network Reference Model

Models break networking into layers The OSI network reference model How protocol layers behave
Physical Layer Data Link Layer Network Layer Transport Layer Session Layer Presentation Layer Application Layer
Guide To TCP/IP, Second Edition 18

OSI Network Reference Model (cont.)

The reference model described in ISO Standard 7498 breaks network communication into seven layers

Guide To TCP/IP, Second Edition


Models Break Networking into Layers

Divide and conquer approach
Separate networking hardware concerns from those related to networking software

Key points about networking

Easier to solve problems when broken into layers Layers operate independently of one another Changes to one layer need not affect other layers

Guide To TCP/IP, Second Edition


Models Break Networking into Layers (cont.)

Key points about networking (cont.)
Individual layers work together on pairs of computers Different expertise is needed at each layer Layers working together is known as networking Network protocols usually map into one or more layers TCP/IP is designed around a layered model

Guide To TCP/IP, Second Edition


Seven Layers Of The OSI Model

Guide To TCP/IP, Second Edition


How Protocol Layers Behave

Layers exist to encapsulate or isolate specific types of functionality Layers provide services to the layer above Layers deliver data to or accept data from the layer below Protocol Data Units (PDUs) PDUs include envelope information in the form of specific headers and trailers
Guide To TCP/IP, Second Edition 23

Physical and Data Link Layers

Physical Layer
Includes the physical transmission medium Physical and electrical characteristics of the interfaces PDUs consist of specific serial patterns of signals

Data Link Layer

Manages point-to-point transmission Handles sequencing of data from sender to receiver Data transmission control: called media flow control PDUs are specific bit patterns and are called frames or data frames
Guide To TCP/IP, Second Edition 24

Network and Transport Layers

Network Layer
Logical addresses associated with individual machines Uses logical addressing to determine how to send PDU traffic to other physical segments PDUs are structured data called a packet

Transport Layer
Ensure reliable end-to-end transmission of PDUs Includes end-to-end error-detection and error-recovery PDUs are structured numbered sequence data called segments or data segments
Guide To TCP/IP, Second Edition 25

Sessions and Presentation Layers

Conversations are set up, maintained, and then terminated Includes mechanisms to maintain reliable ongoing conversations called checkpoints PDUs at this level are Session PDUs, or SPDUs

Manages how data is presented to the network and to a specific machine/application PDUs are generically called Presentation PDUs
Guide To TCP/IP, Second Edition 26

Application Layer
Defines an interface that applications can use to request network services Defines a set of access controls over the network PDUs are generically called Application PDUs

Guide To TCP/IP, Second Edition


OSI and TCP/IP Models

Guide To TCP/IP, Second Edition


TCP/IP Network Access Layer

Includes Ethernet, token ring, and wireless media Includes WAN and connection-management protocols Include the IEEE 802 family of standards
802.1 Internetworking 802.2 Media Access Control 802.3 CSMA/CD 802.5 Token Ring
Guide To TCP/IP, Second Edition 29

TCP/IP Network Access Layer Protocols

High-level Data Link Control (HDLC) Frame Relay Asynchronous Transfer Mode (ATM) PPP and SLIP

Guide To TCP/IP, Second Edition


TCP/IP Internet Layer Functions

Handle routing between machines across multiple networks MTU fragmentation Addressing Routing

Guide To TCP/IP, Second Edition


TCP/IP Internet Layer Protocols

Internet Protocol (IP) Internet Control Message Protocol (ICMP) Packet Internetwork Groper (PING) Address Resolution Protocol (ARP) Routing Information Protocol (RIP)

Guide To TCP/IP, Second Edition


TCP/IP Transport Layer Functions

Reliable delivery of data from sender to receiver Fragmentation of outgoing messages and their reassembly prior to delivery to the Application layer

Transmission Control Protocol (TCP)
Connection oriented

User Datagram Protocol (UDP)

Guide To TCP/IP, Second Edition 33

TCP/IP Application Layer

Interfaces with applications or processes on a host machine

Protocol and Services

File Transfer Protocol (FTP) Telnet

Guide To TCP/IP, Second Edition


TCP/IP Protocols, Services, Sockets, And Ports

TCP/IP protocol numbers
Protocol numbers are used to identify distinct protocols, and those protocols use port numbers

TCP/IP port numbers

TCP/IP application are identified by port numbers The source or destination port number identifies the process that sent or receives, respectively, the data

TCP/IP sockets
Dynamically assigned port address is called a socket
Guide To TCP/IP, Second Edition 35

TCP/IP Protocol Numbers

Guide To TCP/IP, Second Edition


Data Encapsulation In TCP/IP

Outgoing data is packaged and identified for delivery to the layer underneath Incoming data has its encapsulating information from the underlying layer stripped off before its delivered to its upper-layer Each PDU has an opening component, called a header, and closing component called a trailer Data portion of the PDU is known as the payload
Guide To TCP/IP, Second Edition 37

About Protocol Analysis

Protocol analysis is the process of
Tapping into the network communications system Capturing packets Gathering network statistics Decoding packets

Protocol analyzers can also transmit packets

A task for testing a network or device
Guide To TCP/IP, Second Edition 38

Roles for Protocol Analysis

Used to troubleshoot network communications Used to test networks
Passive Active

Gather trends on network performance

Guide To TCP/IP, Second Edition


Protocol Analyzer Elements

Promiscuous mode card and driver Packet filters Trace buffer Decodes Alarms Statistics
Guide To TCP/IP, Second Edition 40

Network Analyzer Process

Guide To TCP/IP, Second Edition



Guide To TCP/IP, Second Edition



Guide To TCP/IP, Second Edition


Placing a Protocol Analyzer on a Network

Hubbing out
Placing a hub between a device of interest and the switch, and connecting the analyzer to the hub

Port redirection
Switches can be configured to redirect (to copy) the packets traveling through one port to another port

Remote monitoring (RMON)

Collect traffic data at a remote switch and send the data to a management device
Guide To TCP/IP, Second Edition 44

Analyzer Placement Example

Guide To TCP/IP, Second Edition


Chapter Summary
TCP/IP was designed with the following goals in mind
(1) To support multiple, packet-switched pathways through the network so that transmissions can survive all conceivable failures (2) To permit dissimilar computer systems to easily exchange data (3) To offer robust, reliable delivery services for both short- and long-haul communications (4) To provide comprehensive network access with global scope
Guide To TCP/IP, Second Edition 46

Chapter Summary (cont.)

Initial implementations of TCP/IP were funded under the auspices of the ARPA and Department of Defense Until the late 1980s, the ARPANET remained largely in government hands and supported by government funding TCP/IP remains in the public domain as an open and collaborative set of standards and best practices The documents that govern TCP/IP standards and practices are called RFCs, and the process of their creation, development, and approval involves representatives from government, industry, research, and academia
Guide To TCP/IP, Second Edition 47

Chapter Summary (cont.)

The standards creation and management processes fall within the IETF, and final approval of Internet standards rests in its parent organization, the IAB Although the process of creating such standards is rightfully called rough consensus , this process works well enough to define literally hundreds of protocols and services used every day on the Internet
Guide To TCP/IP, Second Edition 48

Chapter Summary (cont.)

As Standard RFCs go through the approval process, they begin life as Proposed Standard documents After discussion and debate, and demonstration that two or more separate reference implementations can successfully interoperate, RFCs can become Draft Standards After further discussion and revisions, and approval from the parent working group within the IETF, the Draft is turned over to the IAB for final approval When the Draft is approved, it becomes a Standard RFC (sometimes called an Internet Standard)
Guide To TCP/IP, Second Edition 49

Chapter Summary (cont.)

Another popular type of RFC is an informational (nonstandard) RFC called a Best Current Practice, or BCP Although these documents do not have the force of a Standard RFC, they do provide useful information that represents best approaches to designing, configuring, implementing, or maintaining TCP/IP-based networks and related services For those reasons, BCPs are highly regarded and can be useful tools for network administrators seeking to make the most out of their TCP/IP networks
Guide To TCP/IP, Second Edition 50

Chapter Summary (cont.)

In general, networking is a big, complex problem that is most easily solved if broken up into a series of smaller, less-complex, and interrelated problems The ISO/OSI network reference model breaks networking into seven distinct layers that allow issues related to hardware, media, and signaling to be separated from issues related to software and services Likewise, this model permits activities in software to be distinguished on the basis of machine-to-machine communications
Guide To TCP/IP, Second Edition 51

Chapter Summary (cont.)

This communication involves handling information delivery from any sender to any receiver, moving large amounts of data across the network, and handling various issues related to ongoing communications, data formats, and application interfaces for network access TCP/IP uses an older, simpler, four-layer model that lumps the latter three issues into a single application/services layer, but is otherwise very much like the ISO/OSI reference model TCP/IP uses a variety of encapsulation techniques at its various layers to label the type of data contained in the contents, or payloads, of its PDUs
Guide To TCP/IP, Second Edition 52

Chapter Summary (cont.)

TCP/IP also uses numbering techniques to identify wellknown protocols at the lower layers (protocol numbers) and to support ready access to well-known applications and services at upper layers (well-known ports) When a client makes a request to a server that requires an ongoing exchange of information, a listening process on the server creates a temporary connection that combines a computers numeric IP address with a specific port address for the process involved (called a socket address) This ensures that the right process on the right computer may be accessed on both sending and receiving machines
Guide To TCP/IP, Second Edition 53

Chapter Summary (cont.)

Protocol analysis is a process whereby a network interface is used to inspect all traffic moving across a segment of network medium Protocol analyzers are software programs that can manage this task and can capture not only healthy (properly formed) traffic, but also erroneous or ill-formed traffic This lets protocol analyzers characterize network traffic on a descriptive basis (the protocols used, the active station addresses, the conversations, and the parties involved), and on a statistical basis (percentage of errors, percentage of traffic per protocol, peak loads, low loads, average loads, and so forth)
Guide To TCP/IP, Second Edition 54

Chapter Summary (cont.)

Much of the remaining text depends on putting the topical and theoretical discussions about TCP/IP protocols together with the traces and decodes (formatted contents of packets) to see how theory and practice fit together

Guide To TCP/IP, Second Edition