TCP/IP Fundamentals - Layer 1 Technology

Network Fundamentals – TCP/IP

The TCP/IP protocol suite (Figure 1.10) is a modern adaptation of the OSI model and contains the following five layers:

• Application Layer
• Transport Layer
• Internet Layer
• Data Link Layer
• Physical Layer

In some documentation, the Data Link and Physical Layers are grouped together as the Network Access Layer or the Network Interface Layer.

Figure 1.10 – TCP/IP Model

TCP/IP Application Layer

The Application Layer in the TCP/IP model covers the functionality of the Session, Presentation, and Application Layers in the OSI reference model. Various protocols can be used in this layer, among which include the following:

• SMTP and POP3, used to provide e-mail services
• HTTP, a World Wide Web browser content delivery protocol
• FTP, used in file transfers
• DNS, used in domain name translation
• SNMP, a network management protocol
• DHCP, used to assign IP addresses to network devices automatically
• Telnet, used to manage and control network devices

 

TCP/IP Transport Layer

Both the TCP/IP Transport Layer and the Internet Layer are considerably different compared to the corresponding OSI layers. The Transport Layer is based on the following two protocols:

• Transmission Control Protocol (TCP): This provides a connected-oriented transmission, meaning the path that the data travels on in the network is reliable, as the endpoints establish a synchronized connection before sending the data. Every data packet is acknowledged by the receiving host. File Transfer Protocol (FTP) is an example of a protocol that uses TCP.

• User Datagram Protocol (UDP): This provides an unreliable, connectionless transmission between hosts. Unlike TCP, UDP does not ensure that the segments arriving at a destination are valid and in the proper order, resulting in integrity verifications and error connection processes in the Application Layer. On the other hand, UDP has a smaller overhead than TCP because the UDP header is much smaller. Trivial File Transfer Protocol (TFTP) is an example of a protocol that uses UDP.

 

The TCP and UDP protocol data units are segments. Each segment contains a number of fields that carry different information about the data, as shown below in Figure 1.11.

Figure 1.11 – TCP and UDP Segment Fields

The UDP fields are as follows:

Field	Size	Description
Source Port Number	16 bits	Identifies the application used by the sender
Destination Port Number	16 bits	Identifies the application used by the receiver
Length	16 bits	The size of the header and the data
Checksum	16 bits	The checksum of the header and the data, used to verify integrity of the segment
Data	Variable	Application Layer data

The TCP fields are as follows:

Field	Size	Description
Source Port Number	16 bits	Identifies the application used by the sender
Destination Port Number	16 bits	Identifies the application used by the receiver
Sequence Number	32 bits	Verifies the correct order of received segments
Acknowledgement Number	32 bits	Verifies the correct order of received segments
Header Length	4 bits	The size of the header
Reserved	6 bits	Unused field
Code Bits	6 bits	Indicates the segment type
Window Size	16 bits	The number of bytes received before sending an acknowledgement
Checksum	16 bits	The checksum of the header and the data, used to verify integrity of the segment
Urgent	16 bits	Marks the end of urgent data
Option	0 to 32 bits	Defines the maximum TCP segment size
Data	Variable	Application Layer data

 

The TCP header is larger than the UDP header because of all the extra fields needed to ensure a reliable connection.

Port numbers can take values up to 65535. Most of the common applications are assigned well-known port numbers between 1 and 1023 (port number 0 is reserved). Port numbers 1024 through 49151 are registered port numbers, while port numbers 49152 through 65535 define dynamic port numbers (automatically assigned by network devices). Port numbers are used to distinguish between applications running on the same device. Examples of well-known port numbers include the following:

• HTTP: TCP port 80
• FTP: TCP port 20 (data) and 21 (control)
• TFPT: UDP port 69
• POP3: TCP port 110
• SMTP: TCP port 25
• DNS: TCP and UDP port 53
• SNMP: UDP port 161
• Telnet: TCP port 23

 

When a TCP connection is established, it follows a process called a three-way handshake. This process uses SYN and ACK bits in the code bits of the TCP’s Segment, Sequence, and Acknowledgement Number fields. Figure 1.12 below illustrates the three-way handshake process:

Figure 1.12 – TCP Operation (Three-way Handshake)

Referring to the figure above, Host A tries to establish a TCP connection with Host B. Host A sends a segment with the SYN bit set, letting the other device know it wants to synchronize. The segment includes the initial sequence number of 5 that Host A is using. Host B accepts the segment to establish a session and sends back a segment with the SYN bit set. Host B also sends the ACK bit to acknowledge that it has received the initial segment sent by Host A. The acknowledgement number represents the next segment it expects to receive, which is 6 (this is also called an expectational acknowledgment). The new segment includes the initial sequence number of Host B, which is 14. Host A replies with an ACK segment that contains a sequence of 6, because this is what Host B is expecting, and acknowledgement number 15, informing Host B that it can send the next segment. This concludes the TCP session’s establishment phase.

The window size informs the remote host about the number of bytes a device will accept before it must send an acknowledgement. However, the window sizes may not match on the two endpoints. Host A has a window size of 2 and Host B has a window size of 3. When Host A sends data, it can send 3 bytes before waiting for an acknowledgement, whereas Host B can send only 2 bytes before receiving an ACK.

 

Note:    The window size specifies the number of bytes (octets) a device will accept, not the number of segments.

 

After all the data is sent between the two hosts, the session can be closed. To accomplish this, Host A sends a segment with the FIN bit set, letting Host B know it wants to end the TCP session. The segment includes the sequence number Host B is using at that specific moment, which is 341. Host B acknowledges the request and sends the ACK bit with the acknowledgement number 342 to confirm it has received number 341. The segment also includes the current sequence number of Host B, which is 125. Host B sends a new segment with the FIN bit set, announcing the application it is running also requests closing the session. In the last step before the session is closed, Host A sends an ACK segment with number 126 to confirm it received number 125 from Host B.

 

TCP/IP Internet Layer

The Internet Layer in the TCP/IP model corresponds to OSI Layer 3 (Network Layer) and includes the following protocols:

·       Internet Protocol (IP): This connectionless protocol offers best-effort delivery of packets in the network, relying on Transport Layer protocols such as TCP to ensure a reliable connection. IP addresses are assigned to each network device or interface in the network. In addition, the IP protocol comes in two flavors: IPv4 and IPv6 (which will be covered later in this manual).

·       Internet Control Message Protocol (ICMP): This protocol sends messages and error reports through the network. The most common application that relies on ICMP is Ping, which sends an ICMP echo message to the destination and expects an ICMP echo reply back to ensure that the destination can be reached and to give information about the delay between the two endpoints.

Referring back to IP, an IPv4 packet contains the following fields, as depicted below in Figure 1.13:

Figure 1.13 – IPv4 Packet Fields

Field	Size	Description
Version	4 bits	Identifies the IP version (IPv4 in this case)
Header Length	4 bits	Size of the header
Type of Service (ToS)	8 bits	QoS marking, specifies how the packet should be handled within the network
Total Length	16 bits	The size (in octets) of the header and data
Identification	16 bits	Used when the packet is fragmented
Flags	3 bits	Used when the packet is fragmented
Fragment Offset	13 bits	Used when the packet is fragmented
Time to Live (TTL)	8 bits	Protection against endless loops, decremented by 1 on every router the packet passes through
Protocol	8 bits	Identifies the Layer 4 protocol (TCP, UDP)
Header Checksum	16 bits	The checksum of the header, used to verify its integrity
Source IP Address	32 bits	Source logical IP address
Destination IP Address	32 bits	Destination logical IP address
IP Options and Padding	Variable	Used for debugging
Data	Variable	Transport Layer data

 

An IPv6 packet contains the following fields, as depicted below Figure 1.14:

Figure 1.14 – IPv6 Packet Fields

Field	Size	Description
Version	4 bits	Identifies the IP version (IPv6 in this case)
Traffic Class	8 bits	Similar to the ToS byte in the IPv4 header (QoS marking functionality)
Flow Label	20 bits	Used to identify and classify packet flows
Payload Length	16 bits	The size of the packet payload
Next Header	8 bits	Similar to the Protocol field in the IPv4 header, defines the type of traffic contained within the payload and which header to expect
Hop Limit	8 bits	Similar to the TTL field in the IPv4 header, prevents against endless loops
Source IP Address	128 bits	Source logical IPv6 address
Destination IP Address	128 bits	Destination logical IPv6 address
Data	Variable	Transport Layer data

 

TCP/IP Network Access Layer

The Network Access Layer is comprised of the Data Link Layer and the Physical Layer, and it has the same functionality as in the OSI reference model. A common protocol used at the Data Link Layer is Address Resolution Protocol (ARP), which requests the MAC addresses of a host with a known IP address. Once the MAC address is known, it is used as a destination address in the frames sent in that specific direction.

 

Layer 2 -Technology