Network
Fundamentals – TCP/IP
The TCP/IP
protocol suite (Figure 1.10) is a modern adaptation of the OSI model and
contains the following five layers:
- Application Layer
- Transport Layer
- Internet Layer
- Data Link Layer
- Physical Layer
In some
documentation, the Data Link and Physical Layers are grouped together as the
Network Access Layer or the Network Interface Layer.
TCP/IP
Application Layer
The
Application Layer in the TCP/IP model covers the functionality of the Session,
Presentation, and Application Layers in the OSI reference model. Various
protocols can be used in this layer, among which include the following:
- SMTP and POP3, used to provide
e-mail services
- HTTP, a World Wide Web browser
content delivery protocol
- FTP, used in file transfers
- DNS, used in domain name
translation
- SNMP, a network management
protocol
- DHCP, used to assign IP
addresses to network devices automatically
- Telnet, used to manage and
control network devices
TCP/IP
Transport Layer
Both the
TCP/IP Transport Layer and the Internet Layer are considerably different
compared to the corresponding OSI layers. The Transport Layer is based on the
following two protocols:
- Transmission Control Protocol
(TCP): This provides a connected-oriented transmission, meaning the path
that the data travels on in the network is reliable, as the endpoints
establish a synchronized connection before sending the data. Every data
packet is acknowledged by the receiving host. File Transfer Protocol (FTP)
is an example of a protocol that uses TCP.
- User Datagram Protocol (UDP):
This provides an unreliable, connectionless transmission between hosts.
Unlike TCP, UDP does not ensure that the segments arriving at a
destination are valid and in the proper order, resulting in integrity
verifications and error connection processes in the Application Layer. On
the other hand, UDP has a smaller overhead than TCP because the UDP header
is much smaller. Trivial File Transfer Protocol (TFTP) is an example of a
protocol that uses UDP.
The TCP and
UDP protocol data units are segments. Each segment contains a number of fields
that carry different information about the data, as shown below in Figure 1.11.
Figure 1.11 – TCP and UDP Segment Fields
The UDP
fields are as follows:
Field |
Size |
Description |
Source
Port Number |
16 bits |
Identifies
the application used by the sender |
Destination
Port Number |
16 bits |
Identifies
the application used by the receiver |
Length |
16 bits |
The size
of the header and the data |
Checksum |
16 bits |
The
checksum of the header and the data, used to verify integrity of the segment |
Data |
Variable |
Application
Layer data |
The TCP
fields are as follows:
Field |
Size |
Description |
Source
Port Number |
16 bits |
Identifies
the application used by the sender |
Destination
Port Number |
16 bits |
Identifies
the application used by the receiver |
Sequence
Number |
32 bits |
Verifies
the correct order of received segments |
Acknowledgement
Number |
32 bits |
Verifies
the correct order of received segments |
Header
Length |
4 bits |
The size
of the header |
Reserved |
6 bits |
Unused
field |
Code Bits |
6 bits |
Indicates
the segment type |
Window
Size |
16 bits |
The number
of bytes received before sending an acknowledgement |
Checksum |
16 bits |
The
checksum of the header and the data, used to verify integrity of the segment |
Urgent |
16 bits |
Marks the
end of urgent data |
Option |
0 to 32
bits |
Defines
the maximum TCP segment size |
Data |
Variable |
Application
Layer data |
The TCP
header is larger than the UDP header because of all the extra fields needed to
ensure a reliable connection.
Port numbers
can take values up to 65535. Most of the common applications are assigned
well-known port numbers between 1 and 1023 (port number 0 is reserved). Port
numbers 1024 through 49151 are registered port numbers, while port numbers
49152 through 65535 define dynamic port numbers (automatically assigned by
network devices). Port numbers are used to distinguish between applications
running on the same device. Examples of well-known port numbers include the
following:
- HTTP: TCP port 80
- FTP: TCP port 20 (data) and 21
(control)
- TFPT: UDP port 69
- POP3: TCP port 110
- SMTP: TCP port 25
- DNS: TCP and UDP port 53
- SNMP: UDP port 161
- Telnet: TCP port 23
When a TCP
connection is established, it follows a process called a three-way handshake.
This process uses SYN and ACK bits in the code bits of the TCP’s Segment,
Sequence, and Acknowledgement Number fields. Figure 1.12 below illustrates the
three-way handshake process:
Figure 1.12 – TCP Operation (Three-way Handshake)
Referring to
the figure above, Host A tries to establish a TCP connection with Host B. Host
A sends a segment with the SYN bit set, letting the other device know it wants
to synchronize. The segment includes the initial sequence number of 5 that Host
A is using. Host B accepts the segment to establish a session and sends back a
segment with the SYN bit set. Host B also sends the ACK bit to acknowledge that
it has received the initial segment sent by Host A. The acknowledgement number
represents the next segment it expects to receive, which is 6 (this is also
called an expectational acknowledgment). The new segment includes the initial
sequence number of Host B, which is 14. Host A replies with an ACK segment that
contains a sequence of 6, because this is what Host B is expecting, and
acknowledgement number 15, informing Host B that it can send the next segment.
This concludes the TCP session’s establishment phase.
The window
size informs the remote host about the number of bytes a device will accept
before it must send an acknowledgement. However, the window sizes may not match
on the two endpoints. Host A has a window size of 2 and Host B has a window
size of 3. When Host A sends data, it can send 3 bytes before waiting for an
acknowledgement, whereas Host B can send only 2 bytes before receiving an ACK.
Note: The window size
specifies the number of bytes (octets) a device will accept, not the number of
segments.
After all
the data is sent between the two hosts, the session can be closed. To
accomplish this, Host A sends a segment with the FIN bit set, letting Host B
know it wants to end the TCP session. The segment includes the sequence number
Host B is using at that specific moment, which is 341. Host B acknowledges the
request and sends the ACK bit with the acknowledgement number 342 to confirm it
has received number 341. The segment also includes the current sequence number
of Host B, which is 125. Host B sends a new segment with the FIN bit set,
announcing the application it is running also requests closing the session. In
the last step before the session is closed, Host A sends an ACK segment with
number 126 to confirm it received number 125 from Host B.
TCP/IP
Internet Layer
The Internet
Layer in the TCP/IP model corresponds to OSI Layer 3 (Network Layer) and
includes the following protocols:
· Internet Protocol (IP): This
connectionless protocol offers best-effort delivery of packets in the network,
relying on Transport Layer protocols such as TCP to ensure a reliable
connection. IP addresses are assigned to each network device or interface in
the network. In addition, the IP protocol comes in two flavors: IPv4 and IPv6
(which will be covered later in this manual).
· Internet Control Message Protocol
(ICMP): This protocol sends messages and error reports through the network. The
most common application that relies on ICMP is Ping, which sends an ICMP echo
message to the destination and expects an ICMP echo reply back to ensure that
the destination can be reached and to give information about the delay between
the two endpoints.
Referring back to IP, an IPv4 packet contains the following fields, as depicted below in Figure 1.13:
Figure 1.13 – IPv4 Packet Fields
Field |
Size |
Description |
Version |
4 bits |
Identifies the IP version (IPv4 in this case) |
Header Length |
4 bits |
Size of the header |
Type of Service (ToS) |
8 bits |
QoS marking, specifies how the packet should be handled
within the network |
Total Length |
16 bits |
The size (in octets) of the header and data |
Identification |
16 bits |
Used when the packet is fragmented |
Flags |
3 bits |
Used when the packet is fragmented |
Fragment Offset |
13 bits |
Used when the packet is fragmented |
Time to Live (TTL) |
8 bits |
Protection against endless loops, decremented by 1 on
every router the packet passes through |
Protocol |
8 bits |
Identifies the Layer 4 protocol (TCP, UDP) |
Header Checksum |
16 bits |
The checksum of the header, used to verify its integrity |
Source IP Address |
32 bits |
Source logical IP address |
Destination IP Address |
32 bits |
Destination logical IP address |
IP Options and Padding |
Variable |
Used for debugging |
Data |
Variable |
Transport Layer data |
An IPv6 packet contains the following fields, as depicted
below Figure 1.14:
Figure 1.14 – IPv6 Packet Fields
Field |
Size |
Description |
Version |
4 bits |
Identifies
the IP version (IPv6 in this case) |
Traffic
Class |
8 bits |
Similar to
the ToS byte in the IPv4 header (QoS marking functionality) |
Flow Label |
20 bits |
Used to
identify and classify packet flows |
Payload
Length |
16 bits |
The size
of the packet payload |
Next
Header |
8 bits |
Similar to
the Protocol field in the IPv4 header, defines the type of traffic contained
within the payload and which header to expect |
Hop Limit |
8 bits |
Similar to
the TTL field in the IPv4 header, prevents against endless loops |
Source IP
Address |
128 bits |
Source
logical IPv6 address |
Destination
IP Address |
128 bits |
Destination
logical IPv6 address |
Data |
Variable |
Transport
Layer data |
TCP/IP
Network Access Layer
The Network
Access Layer is comprised of the Data Link Layer and the Physical Layer, and it
has the same functionality as in the OSI reference model. A common protocol
used at the Data Link Layer is Address Resolution Protocol (ARP), which
requests the MAC addresses of a host with a known IP address. Once the MAC
address is known, it is used as a destination address in the frames sent in
that specific direction.
No comments:
Post a Comment