Chapter 6-2 the TCP/IP Layers. The four layers of the TCP/IP model are listed in Table 6-2. The...

Chapter 6-2Chapter 6-2

the TCP/IP Layersthe TCP/IP Layers

The four layers of the TCP/IP model are listed in Table The four layers of the TCP/IP model are listed in Table 6-2. The layers are6-2. The layers are

ApplicationApplication Internet Internet TransportTransport Network Interface Network Interface

the TCP/IP Layersthe TCP/IP Layers

The Application layer of the TCP/IP stack is The Application layer of the TCP/IP stack is responsible for making sure a connection is made to responsible for making sure a connection is made to an appropriate network port. an appropriate network port. These ports are These ports are reserved by reserved by ICANNICANN (Internet Corporation for (Internet Corporation for Assigned Names and Numbers).Assigned Names and Numbers).

Transport LayerTransport Layer The The transport layer protocolstransport layer protocols in TCP/IP are very important in TCP/IP are very important

in establishing a network connection, managing the delivery in establishing a network connection, managing the delivery of data between a source and destination host, and of data between a source and destination host, and terminating the data connection. terminating the data connection.

There are two transport protocols within the TCP/IP transport There are two transport protocols within the TCP/IP transport layer. These are TCP and UDP. The first protocol examined layer. These are TCP and UDP. The first protocol examined is TCP. is TCP.

TCPTCP, the Transport Control Protocol is a , the Transport Control Protocol is a connection connection oriented protocoloriented protocol. A connection oriented protocol . A connection oriented protocol establishes the network connection, manages the data establishes the network connection, manages the data transfer, and terminates the connection. transfer, and terminates the connection.

The TCP protocol establishes a set of rules or guidelines for The TCP protocol establishes a set of rules or guidelines for establishing the connection. TCP verifies the delivery of the establishing the connection. TCP verifies the delivery of the data packets through the network and includes support for data packets through the network and includes support for error checking and recovering lost data. TCP then specifies a error checking and recovering lost data. TCP then specifies a procedure for terminating the network connection. procedure for terminating the network connection.

There is a unique sequence of three data packets exchanged There is a unique sequence of three data packets exchanged at the beginning of a TCP connection between two hosts. A at the beginning of a TCP connection between two hosts. A connection between two hosts is shown. This is a virtual connection between two hosts is shown. This is a virtual connection that is made over the network. The first three connection that is made over the network. The first three packets always exchanged between two hosts when packets always exchanged between two hosts when establishing a TCP connection are:establishing a TCP connection are:

the the SYNSYN (Synchronizing) packet (Synchronizing) packetthe the SYN + ACKSYN + ACK (Synchronizing + Acknowledgement) (Synchronizing + Acknowledgement) packetpacketthe the ACKACK (Acknowledgement) packet (Acknowledgement) packet

The three-packet initial TCP The three-packet initial TCP handshakehandshake

The following is a example of a TCP packet transmission The following is a example of a TCP packet transmission captured using a protocol analyzer. captured using a protocol analyzer.

The network is set-up as shown. Host A (the client) is The network is set-up as shown. Host A (the client) is establishing an FTP connection with Host B. The captured file establishing an FTP connection with Host B. The captured file is 6-a.cap and is provided on the CD-ROM in the capture folder. is 6-a.cap and is provided on the CD-ROM in the capture folder. Portions of the captured data packets are next shown. Portions of the captured data packets are next shown.

the three packets exchanged in the three packets exchanged in the initial TCP handshake.the initial TCP handshake.

Packet 1 (ID 000001) is called the “SYN” or synchronizing packet. Packet 1 (ID 000001) is called the “SYN” or synchronizing packet. This packet is sent from the host computer on the network that wants This packet is sent from the host computer on the network that wants to establish a TCP network connection. In this example, host A is to establish a TCP network connection. In this example, host A is making a TCP connection for an FTP file transfer. The summary making a TCP connection for an FTP file transfer. The summary information for packet 1 specifies that this is a TCP packet, the information for packet 1 specifies that this is a TCP packet, the source port is 1054 (SP=1054), and the destination port is 21 source port is 1054 (SP=1054), and the destination port is 21 (DP=21).(DP=21).

Port 1054 is an arbitrary port number that the FTP client picks or is Port 1054 is an arbitrary port number that the FTP client picks or is assigned by the operating system. The destination port 21 is the assigned by the operating system. The destination port 21 is the well-known FTP (see. Table 6-4). The packet has a starting sequence well-known FTP (see. Table 6-4). The packet has a starting sequence number SEQ=997462768, and there is no acknowledgement number SEQ=997462768, and there is no acknowledgement (ACK=0). The length of the data packet is 0 (LEN=0). This indicates (ACK=0). The length of the data packet is 0 (LEN=0). This indicates that the packet does not contain any data. The window size = 16384 that the packet does not contain any data. The window size = 16384 (WS=16384). The window size indicates how many data packets can (WS=16384). The window size indicates how many data packets can be transferred without an acknowledgement. be transferred without an acknowledgement.

Packet 2 is the “SYN-ACK” packet from the FTP server. The sequence Packet 2 is the “SYN-ACK” packet from the FTP server. The sequence number SEQ = 3909625466 is the start of a new sequence number number SEQ = 3909625466 is the start of a new sequence number for the data packet transfers from host B. The source port is 21 for the data packet transfers from host B. The source port is 21 (SP=21) and the destination port for packet 2 is 1054 (DP=1054). (SP=21) and the destination port for packet 2 is 1054 (DP=1054). ACK=997462769 is an acknowledge by host B (the FTP server) that ACK=997462769 is an acknowledge by host B (the FTP server) that the first TCP transmission was received. Note that this the first TCP transmission was received. Note that this acknowledgement shows an increment of one from the starting acknowledgement shows an increment of one from the starting sequence number provided by host A in packet 1. sequence number provided by host A in packet 1.

Packet 3 is an acknowledgement from the client (host A) back to the Packet 3 is an acknowledgement from the client (host A) back to the FTP server (host B) that packet 2 was received. Note the FTP server (host B) that packet 2 was received. Note the acknowledgement is ACK= 3909625467 which is an increment of acknowledgement is ACK= 3909625467 which is an increment of one from the SEQ number transmitted is packet 2. This completes one from the SEQ number transmitted is packet 2. This completes the initial handshake establishing the TCP connection. The next the initial handshake establishing the TCP connection. The next part is the data packet transfer. At this point, the two hosts can part is the data packet transfer. At this point, the two hosts can begin transferring data packets. begin transferring data packets.

The last part of the TCP The last part of the TCP connection is terminating the connection is terminating the session for each host. session for each host.

The first thing that happens is a The first thing that happens is a host sends a FIN (finish) packet host sends a FIN (finish) packet to the other connected host. to the other connected host.

Host B sends a FIN packet to Host B sends a FIN packet to Host A indicating the data Host A indicating the data transmission is complete. transmission is complete.

Host A responds with an ACK Host A responds with an ACK packet acknowledging the packet acknowledging the reception of the FIN packet. reception of the FIN packet.

Host A then sends Host B a FIN Host A then sends Host B a FIN packet indicating that the packet indicating that the connection is being terminated. connection is being terminated.

Host B replies with an ACK Host B replies with an ACK packet.packet.

Terminating the TCP SessionTerminating the TCP Session

An example of the four-packet An example of the four-packet TCP connection termination.TCP connection termination.

Packet 48 is a TCP packet with a source port of 21 Packet 48 is a TCP packet with a source port of 21 (SP=21) and a destination port of 1054 (DP= (SP=21) and a destination port of 1054 (DP= 1054). The FIN statement is shown followed by a 1054). The FIN statement is shown followed by a SEQ# and an ACK#. Remember, the SEQ and ACK SEQ# and an ACK#. Remember, the SEQ and ACK numbers are used to keep track of the number of numbers are used to keep track of the number of packets transmitted and an acknowledgement of packets transmitted and an acknowledgement of the number received. The LEN of packet 48 is 0 the number received. The LEN of packet 48 is 0 which means the packet does not contain any data.which means the packet does not contain any data.

Packet 48 (Figure 6-7) is a TCP packet with a Packet 48 (Figure 6-7) is a TCP packet with a source port of 21 (SP=21) and a destination port of source port of 21 (SP=21) and a destination port of 1054 (DP= 1054). The FIN statement is shown 1054 (DP= 1054). The FIN statement is shown followed by a SEQ# and an ACK#. Remember, the followed by a SEQ# and an ACK#. Remember, the SEQ and ACK numbers are used to keep track of SEQ and ACK numbers are used to keep track of the number of packets transmitted and an the number of packets transmitted and an acknowledgement of the number received. The acknowledgement of the number received. The LEN of packet 48 is 0 which means the packet does LEN of packet 48 is 0 which means the packet does not contain any data.not contain any data.

Packet 49 is an acknowledgement from the host, at Packet 49 is an acknowledgement from the host, at port 1054, of the FIN packet. Remember the FIN port 1054, of the FIN packet. Remember the FIN packet was sent by the Host at the source port 21. packet was sent by the Host at the source port 21. In packet 50 the Host at port 1054 sends a FIN In packet 50 the Host at port 1054 sends a FIN packet to the host at the destination port of 21. In packet to the host at the destination port of 21. In packet 51, the host at port 21 acknowledges the packet 51, the host at port 21 acknowledges the reception of the FIN packet and the four packet reception of the FIN packet and the four packet sequence closes the TCP connection. sequence closes the TCP connection.

UDPUDP

UDPUDP, the User Datagram Protocol is a , the User Datagram Protocol is a connectionless protocol. This means that UDP connectionless protocol. This means that UDP packets are transported over the network without packets are transported over the network without a connection being established and without any a connection being established and without any acknowledgement that the data packets arrived acknowledgement that the data packets arrived at the destination. UDP is useful in applications at the destination. UDP is useful in applications such as videoconferencing and audio feeds where such as videoconferencing and audio feeds where acknowledgements that the data packet arrived acknowledgements that the data packet arrived are not necessary. are not necessary.

A UDP packet transferA UDP packet transfer

Packet 136 is the start of a UDP packet transfer Packet 136 is the start of a UDP packet transfer of an Internet audio feed. A TCP connection to of an Internet audio feed. A TCP connection to the Internet was first made and then the music the Internet was first made and then the music feed was started. At that time, the UDP feed was started. At that time, the UDP connectionless packets started. connectionless packets started.

Packets 138, 139, and 140 are the same type of Packets 138, 139, and 140 are the same type of packets with a length of 789. There are no packets with a length of 789. There are no acknowledgements sent back from the client. All acknowledgements sent back from the client. All of the packets are coming from the Internet of the packets are coming from the Internet source. UDP does not have a procedure for source. UDP does not have a procedure for terminating the data transfer, the source either terminating the data transfer, the source either stops delivery of the data packets or the client stops delivery of the data packets or the client terminates the connection.terminates the connection.

The Internet LayerThe Internet Layer

The TCP/IP The TCP/IP Internet LayerInternet Layer defines the defines the protocols used for address and routing the protocols used for address and routing the data packets. Protocols that are part of data packets. Protocols that are part of the TCP/IP Internet layer include IP, ARP, the TCP/IP Internet layer include IP, ARP, ICMP, and IGMP.ICMP, and IGMP.

IP (Internet Protocol)IP (Internet Protocol)

IP, the Internet Protocol, defines the addressing used IP, the Internet Protocol, defines the addressing used for identifying the source and destination addresses for identifying the source and destination addresses of data packets being delivered over an IP network. of data packets being delivered over an IP network.

The IP address is a logical address that consists of a The IP address is a logical address that consists of a network and a host address portion. The network network and a host address portion. The network portion is used to direct the data to the proper portion is used to direct the data to the proper network. network.

The host address identifies the address locally The host address identifies the address locally assigned to the host. The network portion of the assigned to the host. The network portion of the address is similar to the area code for a telephone address is similar to the area code for a telephone number. The host address in similar to the local number. The host address in similar to the local exchange number. The network and host portions of exchange number. The network and host portions of the IP address are then used to route the data the IP address are then used to route the data packets to the destination. packets to the destination.

ARP (Address Resolution ARP (Address Resolution Protocol)Protocol)

ARPARP, the Address Resolution Protocol, is used , the Address Resolution Protocol, is used to resolve an IP address to a hardware address to resolve an IP address to a hardware address for final delivery of data packets to the for final delivery of data packets to the destination. destination.

ARP issues a query in a network called an ARP ARP issues a query in a network called an ARP request, asking which network interface has request, asking which network interface has this IP address. The host assigned the IP this IP address. The host assigned the IP address replies with an ARP reply that contains address replies with an ARP reply that contains the hardware address for the destination host. the hardware address for the destination host.

As shown highlighted in blue, an As shown highlighted in blue, an ARP requestARP request is is issued on the LAN. The source MAC address of the issued on the LAN. The source MAC address of the packet is packet is 00-10-A4-13-99-2E. The destination address on the 00-10-A4-13-99-2E. The destination address on the local area network shown is BROADCAST which local area network shown is BROADCAST which means that this message is being sent to all means that this message is being sent to all computers in the local area network. A query (Q) is computers in the local area network. A query (Q) is being asked who has the IP address 10.10.10.1 (PA= being asked who has the IP address 10.10.10.1 (PA= ). PA is an abbreviation for Protocol Address. ). PA is an abbreviation for Protocol Address.

The highlighted blue area now shows the destination computer The highlighted blue area now shows the destination computer replying with its MAC address back to the source that issued replying with its MAC address back to the source that issued the ARP request. This is called an the ARP request. This is called an ARP replyARP reply which is a protocol which is a protocol where the MAC address is returnedwhere the MAC address is returned. . The R after the ARP The R after the ARP indicates this is an ARP reply.indicates this is an ARP reply. The source of the ARP reply is The source of the ARP reply is from 00-10-A4-13-6C-6E which is replying that the MAC from 00-10-A4-13-6C-6E which is replying that the MAC address for 10.10.10.1 is 00-10-A4-13-6C-6E (HA=). In this address for 10.10.10.1 is 00-10-A4-13-6C-6E (HA=). In this case, the owner of the IP address replied to the message but case, the owner of the IP address replied to the message but this is not always the case. In some cases another networking this is not always the case. In some cases another networking device such as a router can provide the MAC address device such as a router can provide the MAC address information. In that case, the MAC address being returned is information. In that case, the MAC address being returned is for the next networking device in the route to the destination.for the next networking device in the route to the destination.

the packet details of the ARP the packet details of the ARP requestrequest

ICMP ProtocolICMP Protocol

ICMPICMP, the Internet Control Message Protocol , the Internet Control Message Protocol is used to control the flow of data in the network , is used to control the flow of data in the network , reporting errors, and for performing diagnostics. reporting errors, and for performing diagnostics. A networking device, such as a router, sends an A networking device, such as a router, sends an ICMP source-quench packet to a host that ICMP source-quench packet to a host that requests a slowdown in the data transfer. requests a slowdown in the data transfer.

A very important troubleshooting tool within the A very important troubleshooting tool within the ICMP protocol is PING, the Packet InterNet Groper. ICMP protocol is PING, the Packet InterNet Groper. The ping command is used to verify connectivity The ping command is used to verify connectivity with another host in the network. The destination with another host in the network. The destination host could be in a LAN, a campus LAN, or on the host could be in a LAN, a campus LAN, or on the Internet.Internet.

IGMP ProtocolIGMP Protocol

IGMPIGMP is the Internet Group Message Protocol. IGMP is the Internet Group Message Protocol. IGMP is used when one host needs to send data to many is used when one host needs to send data to many destination hosts. This is called destination hosts. This is called multicastingmulticasting. .

The addresses used to send a multicast data The addresses used to send a multicast data packet are called packet are called multicast addressesmulticast addresses. These . These are reserved addresses that are not assigned to are reserved addresses that are not assigned to hosts in a network. hosts in a network.

An example of an application that uses IGMP An example of an application that uses IGMP packets is when a router uses multicasting to share packets is when a router uses multicasting to share routing tables. This is explained in Chapter 7 when routing tables. This is explained in Chapter 7 when routing protocols are examined. routing protocols are examined.

IGMP ProtocolIGMP Protocol

Another application to use IGMP packets is when Another application to use IGMP packets is when a hosts wants to stream data to multiple hosts. a hosts wants to stream data to multiple hosts.

Streaming means the data are sent without Streaming means the data are sent without waiting for any acknowledgement that the data waiting for any acknowledgement that the data packets were delivered. In fact, in the IGMP packets were delivered. In fact, in the IGMP protocol, the source doesn’t care if the protocol, the source doesn’t care if the destination receives a packet. destination receives a packet.

Streaming is an important application in the Streaming is an important application in the transfer of audio and video files over the Internet. transfer of audio and video files over the Internet. Another feature of IGMP is the data is handed off Another feature of IGMP is the data is handed off to the application layer as it arrives. This enables to the application layer as it arrives. This enables to begin processing the data for playback.to begin processing the data for playback.

The Network Interface LayerThe Network Interface Layer

The The Network Interface LayerNetwork Interface Layer of the TCP/IP model of the TCP/IP model defines how the host connects to the network. defines how the host connects to the network. The host could be a computer connected to an The host could be a computer connected to an Ethernet or Token-Ring network or a router Ethernet or Token-Ring network or a router connected to a frame-relay wide area network. connected to a frame-relay wide area network.

TCP/IP is not dependent on a specific networking TCP/IP is not dependent on a specific networking technology therefore, TCP/IP can be adapted to technology therefore, TCP/IP can be adapted to run on newer networking technologies such as run on newer networking technologies such as ATM (Asynchronous Transfer Mode).ATM (Asynchronous Transfer Mode).

Section 6-2 Key TermsSection 6-2 Key Terms

Well-known portsWell-known ports ICANNICANN Transport Layer ProtocolsTransport Layer Protocols TCPTCP Connection Oriented ProtocolConnection Oriented Protocol SYNSYN

SYN + ACKSYN + ACK

ACKACK

Section 6-2 Key TermsSection 6-2 Key Terms

UDPUDP Internet LayerInternet Layer IP (internet protocol)IP (internet protocol) ARPARP IGMPIGMP MulticastingMulticasting Multicast AddressMulticast Address Network Interface LayerNetwork Interface Layer

Chapter 6-2 the TCP/IP Layers. The four layers of the TCP/IP model are listed in Table 6-2. The...

Documents

Transcript of Chapter 6-2 the TCP/IP Layers. The four layers of the TCP/IP model are listed in Table 6-2. The...