Introduction To Networking
Introduction To Networking
Introduction To Networking
Charles Severance
Credits
Printing History
Copyright Details
1 Introduction 1
1.1 Communicating at a Distance . . . . . . . . . . . . . . . . 1
1.2 Computers Communicate Differently . . . . . . . . . . . 4
1.3 Early Wide Area Store-and-Forward Networks . . . . . . 5
1.4 Packets and Routers . . . . . . . . . . . . . . . . . . . . . . 6
1.5 Addressing and Packets . . . . . . . . . . . . . . . . . . . . 7
1.6 Putting It All Together . . . . . . . . . . . . . . . . . . . . . 8
1.7 Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.8 Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2 Network Architecture 13
2.1 The Link Layer . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2.2 The Internetwork Layer (IP) . . . . . . . . . . . . . . . . . 16
2.3 The Transport Layer (TCP) . . . . . . . . . . . . . . . . . . 18
2.4 The Application Layer . . . . . . . . . . . . . . . . . . . . . 20
2.5 Stacking the Layers . . . . . . . . . . . . . . . . . . . . . . 21
2.6 Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
2.7 Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
3 Link Layer 25
3.1 Sharing the Air . . . . . . . . . . . . . . . . . . . . . . . . . . 26
3.2 Courtesy and Coordination . . . . . . . . . . . . . . . . . . 28
3.3 Coordination in Other Link Layers . . . . . . . . . . . . . 29
3.4 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
v
vi CONTENTS
3.5 Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
3.6 Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
6 Transport Layer 63
6.1 Packet Headers . . . . . . . . . . . . . . . . . . . . . . . . . 64
6.2 Packet Reassembly and Retransmission . . . . . . . . . 65
6.3 The Transport Layer In Operation . . . . . . . . . . . . . . 67
6.4 Application Clients and Servers . . . . . . . . . . . . . . . 68
6.5 Server Applications and Ports . . . . . . . . . . . . . . . . 68
6.6 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
6.7 Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
6.8 Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
CONTENTS vii
7 Application Layer 73
7.1 Client and Server Applications . . . . . . . . . . . . . . . 73
7.2 Application Layer Protocols . . . . . . . . . . . . . . . . . . 75
7.3 Exploring the HTTP Protocol . . . . . . . . . . . . . . . . . 76
7.4 The IMAP Protocol for Retrieving Mail . . . . . . . . . . . 80
7.5 Flow Control . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
7.6 Writing Networked Applications . . . . . . . . . . . . . . . 83
7.7 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
7.8 Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
7.9 Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
10 Wrap Up 109
Chapter 1
Introduction
1
2 CHAPTER 1. INTRODUCTION
Since the cost of the wires went up as the length of the wire
increased, these longer connections between offices were quite
expensive to install and maintain, and they were scarce. So in the
early days of telephones, local calls were generally quite inexpen-
sive. But long-distance calls were more expensive and they were
charged by the minute. This made sense because each minute
you talked on a long-distance call, your use of the long-distance
wires meant no one else could use them. The telephone compa-
nies wanted you to keep your calls short so their long-distance
lines would be available for other customers.
When telephone companies started using fiber optic, more ad-
vanced techniques were used to carry many simultaneous long-
distance conversations on a single fiber. When you look at an old
4 CHAPTER 1. INTRODUCTION
When humans talk on the phone, they make a call, talk for a
while, and then hang up. Statistically, most of the time, humans
are not talking on the phone. At least they weren’t before ev-
eryone had smartphones. But computers, including the applica-
tions on your smartphone, communicate differently than humans
do. Sometimes computers send short messages to check if an-
other computer is available. Computers sometimes send medium-
sized information like a single picture or a long email message.
And sometimes computers send a lot of information like a whole
movie or a piece of software to install that might take minutes or
even hours to download. So messages between computers can
be short, medium, or long.
In the earliest days of connecting computers to one another, pairs
of computers were connected with wires. The simplest way to
send data from one computer to another was to line up the out-
going messages in a queue and send the messages one after
another as fast as the computers and the wires could carry the
data. Each message would wait for its turn until the messages
ahead of it were sent, and then it would get its chance to be sent
across the connection.
When the computers were in the same building, the building
owner could run wires to connect them. If the computers were
in the same town, the owners of the computers generally had
to lease wires from the telephone companies to connect their
computers. They often would have the phone company connect
the wires together in their central office so that it was not
necessary for one computer to “dial” the other computer to
send data. These leased lines were convenient for computer
communications because they were “always on”, but they were
also quite expensive because they were used 24 hours a day.
When the computers were even farther away, in different cities,
the leased lines were extended using the longer wires connect-
ing the central offices. Since there were so few wires between
central offices, these long-distance leased lines were quite ex-
pensive and their cost increased dramatically as the length of the
leased line increased. But if you had enough money, you could
lease direct connections between your computers so they could
1.3. EARLY WIDE AREA STORE-AND-FORWARD NETWORKS 5
exchange data. This worked pretty well as long as you were only
using one brand of computers, because each computer company
had their own way of using telephone wires to connect their com-
puters together and send data.
Over time, with relatively few connections you could send data
long distances across a patchwork of network connections as long
as you were patient. Along the way, after your message reached
one computer, it would have to wait until its turn came to be
sent to the next computer along the route. A message would
arrive at an intermediate computer, be stored for a while (perhaps
hours, depending on traffic), and then be forwarded one more
connection (or “hop”).
6 CHAPTER 1. INTRODUCTION
available.
When a long message was split into much smaller packets and
each packet was sent individually, the source and destination ad-
dresses had to be added to each packet, so that routers could
choose the best path to forward each packet of the message. In
addition to the source and destination addresses, it was also nec-
essary to add data to each packet indicating the “offset” or po-
sition of the packet in the overall message so that the receiving
computer could put the packets back together in the right order
to reconstruct the original message.
1.7 Glossary
1.8 Questions
4. What is a packet?
Network Architecture
Application
Transport
Internetwork
Link
13
14 CHAPTER 2. NETWORK ARCHITECTURE
The idea of breaking a large message into packets and then send-
ing each packet separately makes this sharing easier. If only one
computer wants to send data, it will send its packets one right
after another and move its data across the network as quickly as
it can. But if three computers want to send data at the same time,
each computer will send one packet and then wait while the other
two computers send packets. After each of the other computers
sends a packet, the first computer will send its next packet. This
way the computers are sharing access to the network in a fair
way.
But how does a computer know if other computers want to send
data at the same time? Engineers designed an ingenious method
to solve this problem called “Carrier Sense Multiple Access with
Collision Detection”, or CSMA/CD. It is a long name for a simple
and elegant concept. When your computer wants to send data,
it first listens to see if another computer is already sending data
on the network (Carrier Sense). If no other computer is sending
data, your computer starts sending its data. As your computer is
sending data it also listens to see if it can receive its own data. If
your computer receives its own data, it knows that the channel
is still clear and continues transmitting. But if two computers
started sending at about the same time, the data collides, and
your computer does not receive its own data. When a collision is
detected, both computers stop transmitting, wait a bit, and retry
the transmission. The two computers that collided wait different
lengths of time to retry their transmissions to reduce the chances
of a second collision.
When your computer finishes sending a packet of data, it pauses
to give other computers that have been waiting a chance to send
data. If another computer senses that your computer has stopped
sending data (Carrier Sense) and starts sending its own packet,
your computer will detect the other computer’s use of the net-
work and wait until that computer’s packet is complete before
attempting to send its next packet.
This simple mechanism works well when only one computer
wants to send data. It also works well when many computers
want to send data at the same time. When only one computer is
sending data, that computer can make good use of the shared
network by sending packets one after another, and when many
computers want to use the shared network at the same time,
each computer gets a fair share of the link.
Some link layers, like a cellular connection for a smartphone, a
WiFi connection, or a satellite or cable modem, are shared con-
16 CHAPTER 2. NETWORK ARCHITECTURE
Once your packet destined for the Internet makes it across the
first link, it will be in a router. Your packet has a source address
2.2. THE INTERNETWORK LAYER (IP) 17
and destination address and the router needs to look at the des-
tination address to figure out how to best move your packet to-
wards its destination. With each router handling packets destined
for any of many billions of destination computers, it’s not possible
for every router to know the exact location and best route to ev-
ery possible destination computer. So the router makes its best
guess as to how to get your packet closer to its destination.
Each of the other routers along the way also does its best to get
your packet closer to the destination computer. As your packet
gets closer to its final destination, the routers have a better idea
of exactly where your packet needs to go. When the packet
reaches the last link in its journey, the link layer knows exactly
where to send your packet.
We use a similar approach to route ourselves when going on hol-
iday. A holiday trip also has many hops. Perhaps the first hop is
driving your car or taking a cab or bus to a train station. Then
you take a local train from your small town to a larger city. In the
larger city you take a long-distance train to a large city in another
country. Then you take another local train to the small village
where you will stay for your holiday. When you get off the train,
you take a bus, and when you get off the bus, you walk to your
hotel.
If you were on the train between the two large cities and you
asked the conductor the exact location of your hotel in the small
village, the conductor would not know. The conductor only knows
how to get you closer to your destination, and while you are on
the long-distance train that is all that matters. When you get on
the bus at your destination village, you can ask the bus driver
which stop is closest to your hotel. And when you get off the bus
at the right bus stop, you can probably ask a person on the street
where to find the hotel and get an exact answer.
The further you are from your destination, the less you need to
know the exact details of how to get there. When you are far
away, all you need to know is how to get “closer” to your destina-
tion. Routers on the Internet work the same way. Only the routers
that are closest to the destination computer know the exact path
to that computer. All of the routers in the middle of the journey
work to get your message closer to its destination.
But just like when you are traveling, unexpected problems or de-
lays can come up that require a change in plans as your packets
are sent across the network.
Routers exchange special messages to inform each other about
18 CHAPTER 2. NETWORK ARCHITECTURE
2.6 Glossary
glass or plastic. Fiber optic connections are fast and can cover
very long distances.
offset: The relative position of a packet within an overall mes-
sage or stream of data.
server: In a networked application, the server application is the
one that responds to requests for services or waits for incoming
connections.
window size: The amount of data that the sending computer is
allowed to send before waiting for an acknowledgement.
2.7 Questions
a) Application
b) Transport
c) Internetwork
d) Link
a) Application
b) Transport
c) Internetwork
d) Link
2.7. QUESTIONS 23
Link Layer
Application
Transport
Internetwork
Link
25
26 CHAPTER 3. LINK LAYER
0f:2a:b3:1f:b3:1a
From: 0f:2a:b3:1f:b3:1a
To: ff:ff:ff:ff:ff:ff
Data: Who is the MAC-Gateway
for this network?
From: 98:2f:4e:78:c1:b4
To: 0f:2a:b3:1f:b3:1a
Data: I am the gateway
Welcome to my network
The “try then retry” CSMA/CD approach works very well when
there is no data or when low or moderate levels of data are being
sent. But on a token-style network, if there is no data being sent
and you want to send a packet, you still have to wait for a while
before you receive the token and can start transmitting. When
you finish your packet you have to wait until the token comes
back before you can send the next packet. If you are the only
station that wants to send data, you spend a good bit of time
waiting for the token to come back to you after passing through
all of the other stations.
The token approach is best suited when using a link medium
such as as a satellite link or a undersea fiber optic link where
it might take too long or be too costly to detect a collision. The
CSMA/CD (listen-try) is best suited when the medium is inexpen-
sive, shorter distance, and there are a lot of stations sharing the
medium that only send data in short bursts. So that is why WiFi
(and CSMA/CD) is so effective for providing network access in a
coffee shop, home, or room in a school.
3.4 Summary
Link layer works. There are many other details that must be
designed into a link layer like connection distance, voltage, fre-
quency, speed, and many others.
A key benefit of the layered architecture is that engineers who de-
sign and build Link layer technologies can ignore all of the issues
that are handled by the layers above the Link layer. This allows
them to focus on building the best possible solution to moving
data across a single “hop”. Modern-day link layers like WiFi, satel-
lite, cable modems, Ethernet, and cellular technology are very
well developed. Data moves so quickly and seamlessly that once
we get our connection we rarely have to worry about the Link
layer. It just works.
3.5 Glossary
base station: Another word for the first router that handles your
packets as they are forwarded to the Internet.
broadcast: Sending a packet in a way that all the stations con-
nected to a local area network will receive the packet.
gateway: A router that connects a local area network to a wider
area network such as the Internet. Computers that want to send
data outside the local network must send their packets to the
gateway for forwarding.
MAC Address: An address that is assigned to a piece of network
hardware when the device is manufactured.
token: A technique to allow many computers to share the same
physical media without collisions. Each computer must wait until
it has received the token before it can send data.
3.6 Questions
a) A gateway
b) A satellite
c) A cell phone tower
32 CHAPTER 3. LINK LAYER
a) 0f:2a:b3:1f:b3:1a
b) 192.168.3.14
c) www.khanacademy.com
d) @drchuck
Internetworking Layer
(IP)
Now that we can move data across a single link, it’s time to fig-
ure out how to move it across the country or around the world.
To send data from your computer to any of a billion destinations,
the data needs to move across multiple hops and across multiple
networks. When you travel from your home to a distant destina-
tion, you might walk from your home to a bus stop, take a train to
the city, take another train to the airport, take a plane to a differ-
ent airport, take a taxi into the city, then take a train to a smaller
town, a bus to an even smaller town, and finally walk from the bus
stop to your hotel. A packet also needs to take multiple forms of
transportation to reach its destination. For a packet taking its
“trip” to another country, the “walk”, “bus”, “train”, and “plane”
can be thought of as different link layers like WiFi, Ethernet, fiber
optic, and satellite.
At each point during the trip, you (or your packet) are being trans-
ported using a shared medium. There might be hundreds of other
people on the same bus, train, or plane, but your trip is different
from that of every other traveller because of the decisions that
you make at the end of each of your “hops”. For instance, when
you arrive at a train station, you might get off one train, then walk
through the station and select a particular outbound train to con-
tinue your journey. Travellers with different starting points and
destinations make a different series of choices. All of the choices
you make during your trip result in you following a series of links
(or hops) along a route that takes you from your starting point to
your destination.
As your packet travels from its starting point to its destination,
35
36 CHAPTER 4. INTERNETWORKING LAYER (IP)
The router is able to quickly determine the outbound link for your
packet because every single packet is marked with its ultimate
destination address. This is called the Internet Protocol Address,
or IP Address for short. We carefully construct IP addresses to
4.1. INTERNET PROTOCOL (IP) ADDRESSES 37
Application
Transport
Internetwork
Link
212.78.1.25
38 CHAPTER 4. INTERNETWORKING LAYER (IP)
2001:0db8:85a3:0042:1000:8a2e:0370:7334
For this section we will focus on the classic IPv4 addresses, but all
of the ideas apply equally to IPv4 and IPv6 addresses.
The most important thing about IP addresses is that they can be
broken into two parts.1 The first part of the two-piece address is
called the “Network Number”. If we break out an IPv4 address
into two parts, we might find the following:
212.78.*.*
of the entries in its routing table that were being routed on that
link. Then as more packets arrive for those network numbers, the
router goes through the route discovery process again, this time
asking all the neighboring routers except the ones that can no
longer be contacted due to the broken link.
Packets are routed more slowly for a while as routing tables are re-
built that reflect the new network configuration, but after a while
things are humming along nicely.
This is why it is important for there to always be at least two inde-
pendent paths from a source network to a destination network in
the core of the network. If there are always at least two possible
independent routes, we say that a network is a “two-connected
network”. A two-connected network can recover from any single
link outage. In places where there are a lot of network connec-
tions, like the east coast of the United States, the network could
lose many links without ever becoming completely disconnected.
But when you are at your home or school and have only one con-
nection, if that connection goes down you are disconnected com-
pletely.
At some point the broken link is repaired or a new link is brought
up, and the router wants to make best use of the new links. The
4.4. DETERMINING YOUR ROUTE 41
system) that allows you to trace the route between your com-
puter and a destination computer. Given that the route between
any two computers can change from one packet to another, when
we “trace” a route, it is only a “pretty good guess” as to the actual
route packets will take.
The traceroute command does not actually “trace” your packet
at all. It takes advantage of a feature in the IP network protocol
that was designed to avoid packets becoming “trapped” in the
network and never reaching their destination. Before we take a
look at traceroute, let’s take a quick look at how a packet might
get trapped in the network forever and how the IP protocol solves
that problem.
Remember that the information in any single router is imperfect
and is only an approximation of the best outbound link for a par-
ticular network number, and each router has no way of knowing
what any other router will do. But what if we had three routers
with routing table entries that formed an endless loop?
141.21.*.*
141.21.*.*
141.21.*.*
141.21.*.*
141.21.*.*
141.21.*.*
141.21.*.*
141.21.*.*
Each of the routers thinks it knows the best outbound link for IP
addresses that start with “212.78”. But somehow the routers are
a little confused and their routing tables form a loop. If a packet
with a prefix of “212.78” found its way into one of these routers,
it would be routed around a circle of three links forever. There
is no way out. As more packets arrived with the same prefix,
they would just be added to the “infinite packet vortex”. Pretty
soon the links would be full of traffic going round and round, the
routers would fill up with packets waiting to be sent, and all three
routers would crash. This problem is worse than having someone
4.4. DETERMINING YOUR ROUTE 43
trip over a fiber optic cable, since it can cause several routers to
crash.
To solve this problem, the Internet Protocol designers added a
number to each packet that is called the Time To Live (TTL). This
number starts out with a value of about 30. Each time an IP
packet is forwarded down a link, the router subtracts 1 from the
TTL value. So if the packet takes 15 hops to cross the Internet, it
will emerge on the far end with a TTL of 15.
But now let’s look at how the TTL functions when there is a routing
loop (or “packet vortex”) for a particular network number. Since
the packet keeps getting forwarded around the loop, eventually
the TTL reaches zero. And when the TTL reaches zero, the router
assumes that something is wrong and throws the packet away.
This approach ensures that routing loops do not bring whole areas
of the network down.
So that is a pretty cool bit of network protocol engineering. To
detect and recover from routing loops, we just put a number in,
subtract 1 from that number on each link, and when the number
goes to zero throw the packet away.
It also turns out that when the router throws a packet away, it
usually sends back a courtesy notification, something like, “Sorry
I had to throw your packet away.” The message includes the IP
address of the router that threw the packet away.
Network loops are actually pretty rare, but we can use this notifi-
cation that a packet was dropped to map the approximate route a
packet takes through the network. The traceroute program sends
packets in a tricky manner to get the routers that your packets
pass through to send it back notifications. First, traceroute sends
a packet with a TTL of 1. That packet gets to the first router and
is discarded and your computer gets a notification from the first
router. Then traceroute sends a packet with a TTL of 2. That
packet makes it through the first router and is dropped by the
second router, which sends you back a note about the discarded
packet. Then traceroute sends a packet with a TTL of 3, and con-
tinues to increase the TTL until the packet makes it all the way to
its destination.
With this approach, traceroute builds up an approximate path that
your packets are taking across the network.
It took 14 hops to get from Ann Arbor, Michigan to Palo Alto, Cal-
ifornia. The packets passed through Kansas, Texas, Los Angeles,
and Oakland. This might not be the best route between the two
cities if you were driving a car or taking a train, but on that day
44 CHAPTER 4. INTERNETWORKING LAYER (IP)
traceroute www.stanford.edu
traceroute to www5.stanford.edu (171.67.20.37), 64 hops max, 40 byte packets
1 141.211.203.252 (141.211.203.252) 1.390 ms 0.534 ms 0.490 ms
2 v-bin-seb.r-bin-seb.umnet.umich.edu (192.122.183.61) 0.591 ms 0.558 ms 0.570 ms
3 v-bin-seb-i2-aa.merit-aa2.umnet.umich.edu (192.12.80.33) 6.610 ms 6.545 ms 6.654 ms
4 192.122.183.30 (192.122.183.30) 7.919 ms 7.209 ms 7.122 ms
5 so-4-3-0.0.rtr.kans.net.internet2.edu (64.57.28.36) 17.672 ms 17.836 ms 17.673 ms
6 so-0-1-0.0.rtr.hous.net.internet2.edu (64.57.28.57) 31.800 ms 41.967 ms 31.787 ms
7 so-3-0-0.0.rtr.losa.net.internet2.edu (64.57.28.44) 63.478 ms 63.704 ms 63.710 ms
8 hpr-lax-hpr--i2-newnet.cenic.net (137.164.26.132) 63.093 ms 63.026 ms 63.384 ms
9 svl-hpr--lax-hpr-10ge.cenic.net (137.164.25.13) 71.242 ms 71.542 ms 76.282 ms
10 oak-hpr--svl-hpr-10ge.cenic.net (137.164.25.9) 72.744 ms 72.243 ms 72.556 ms
11 hpr-stan-ge--oak-hpr.cenic.net (137.164.27.158) 73.763 ms 73.396 ms 73.665 ms
12 bbra-rtr.Stanford.EDU (171.64.1.134) 73.577 ms 73.682 ms 73.492 ms
13 * * *
14 www5.Stanford.EDU (171.67.20.37) 77.317 ms 77.128 ms 77.648 ms
for packets between the two cities this was the best route on the
Internet.
You can also see how long it took the packets to make it from the
source to each router, and then from the source to the destination.
A millisecond (ms) is a 1/1000 of a second. So 77.317 ms is just
under a tenth of a second. This network is pretty fast.
Sometimes a traceroute can take a little while, up to a minute or
two. Not all routers will give you the “I discarded your packet”
4.5. GETTING AN IP ADDRESS 45
$ traceroute www.pku.edu.cn
traceroute to www.pku.edu.cn (162.105.129.104), 64 hops max, 40 byte packets
1 141.211.203.252 (141.211.203.252) 1.228 ms 0.584 ms 0.592 ms
2 v-bin-seb.r-bin-seb.umnet.umich.edu (192.122.183.61) 0.604 ms 0.565 ms 0.466 ms
3 v-bin-seb-i2-aa.merit-aa2.umnet.umich.edu (192.12.80.33) 7.511 ms 6.641 ms 6.588 ms
4 192.122.183.30 (192.122.183.30) 12.078 ms 6.989 ms 7.619 ms
5 192.31.99.133 (192.31.99.133) 7.666 ms 8.953 ms 17.861 ms
6 192.31.99.170 (192.31.99.170) 59.275 ms 59.273 ms 59.108 ms
7 134.75.108.209 (134.75.108.209) 173.614 ms 173.552 ms 173.333 ms
8 134.75.107.10 (134.75.107.10) 256.760 ms 134.75.107.18 (134.75.107.18) 256.574 ms
9 202.112.53.17 (202.112.53.17) 256.761 ms 256.801 ms 256.688 ms
10 202.112.61.157 (202.112.61.157) 257.416 ms 257.960 ms 257.747 ms
11 202.112.53.194 (202.112.53.194) 256.827 ms 257.068 ms 256.962 ms
12 202.112.41.202 (202.112.41.202) 256.800 ms 257.053 ms 256.933 ms
a networked game. There is not much else that can be done with
these self-assigned IP addresses.
If you know how to find the IP address on your laptop, you can do
a little experiment and look at the different IP addresses you get
at different locations. If you made a list of the different addresses
you received at the different locations, you might find that many
of the locations give out addresses with a prefix of “192.168.”.
This seems to be a violation of the rule that the network number
(IP address prefix) is tied to the place where the computer is con-
nected to the Internet, but a different rule applies to addresses
that start with “192.168.” (The prefix “10.” is also special).
Addresses that start with “192.168.” are called “non-routable”
addresses. This means that they will never be used as real ad-
dresses that will route data across the core of the network. They
can be used within a single local network, but not used on the
global network.
So then how is it that your computer gets an address like
“192.168.0.5” on your home network and it works perfectly
well on the overall Internet? This is because your home
48 CHAPTER 4. INTERNETWORKING LAYER (IP)
4.8 Summary
4.9 Glossary
4.10 Questions
a) 1
b) 4
c) 15
d) 255
a) 0f:2a:b3:1f:b3:1a
b) 192.168.3.14
c) www.khanacademy.com
d) @drchuck
a) 650
b) 6500
c) 65000
d) 650000
a) Throws away all of the routing table entries for that link
b) Consults the Internet Map (IMAP) service
c) Does a Domain Name (DNS) looking for the IP address
d) Sends all the packets for that link back to the source com-
puter
12. Do all packets from a message take the same route across
the Internet?
a) Yes
b) No
13. How do routers discover new routes and improve their rout-
ing tables?
16. About how long does it take for a packet to cross the Pacific
Ocean via an undersea fiber optic cable?
a) 0.0025 Seconds
b) 0.025 Seconds
c) 0.250 Seconds
d) 2.5 Seconds
20. How much larger are IPv6 addresses than IPv4 addresses?
a) ARIN
b) LACNIC
c) RIPE NCC
d) APNIC
e) AFRNIC
f) United Nations
56 CHAPTER 4. INTERNETWORKING LAYER (IP)
Chapter 5
57
58 CHAPTER 5. THE DOMAIN NAME SYSTEM
212.78.1.25
Broad ----> Narrow
drchuck.personal.si.umich.edu
Narrow <--- Broad
5.3 Summary
While the Domain Name System is not one of our four layers in
the model, it is an important part of making the Internet easier to
use. Domain names allow end users to use symbolic names for
servers instead of numeric Internet Protocol addresses. By adding
a service that maps domain names to IP addresses, we can move
servers from one Internet connection to another connection with-
out requiring users to manually change their configurations to
connect to a server.
If you would like to purchase a domain name for yourself or your
company, you can choose from any number of domain name reg-
istrars.
60 CHAPTER 5. THE DOMAIN NAME SYSTEM
5.4 Glossary
5.5 Questions
a) 0f:2a:b3:1f:b3:1a
b) 192.168.3.14
c) www.khanacademy.org
d) @drchuck
a) Create subdomains
b) Sell subdomains
c) Create new top-level domains
d) Assign an IP address to the domain or subdomain
62 CHAPTER 5. THE DOMAIN NAME SYSTEM
Chapter 6
Transport Layer
Application
Transport
Internetwork
Link
But users of the network want to reliably send entire files or mes-
sages across the Internet. A network is not much good to us if
all it can do is send packets that are received most of the time.
For the network to be useful, all of the packets need to be re-
assembled into the right order to reconstruct the message on the
receiving system. The network must also deal with packets that
arrive out of order or never arrive at all. The Transport layer is
where we handle reliability and message reconstruction on the
63
64 CHAPTER 6. TRANSPORT LAYER
destination computer.
Just like the IP layer, the Transport layer adds a small amount of
data to each packet to help solve the problems of packet reassem-
bly and retransmission.
The TCP headers indicate where the data in each packet belongs.
As the source computer breaks the message or file into packets,
it keeps track of the position of each packet relative to the begin-
ning of the message or file and places the offset in each packet
that is created and sent.
6.2. PACKET REASSEMBLY AND RETRANSMISSION 65
receiving computer decides too much time has passed and sends
a packet to the sending computer indicating where in the stream
the receiving computer has last received data. When the sending
computer receives this message, it “backs up” and resends data
from the last position that the receiving computer had success-
fully received.
One of the key elements of the Transport layer is that the sending
computer must hold on to all of the data it is sending until the
data has been acknowledged. Once the receiving computer ac-
knowledges the data, the sending computer can discard the sent
data. We can look at this graphically when a message is broken
into many packets. Here, the first ten packets of the message
have been sent and acknowledged by the destination computer
(‘a’). The sending computer has sent six more packets (‘S’), and
then stopped because it reached its window size.
Source
PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
Message
Transport
aaaaaaaaSSSSSS
Layer
S S S
Destination
Transport aaaaaaaaRR R
Layer
There are three packets that have been sent but not yet received
(“S”). Since there are many hops in the network, it is very com-
mon for more than one packet to be enroute in the network at the
same time.
• Web Server
• Video Server
• Mail Server
http://testing.example.com:8080/login
70 CHAPTER 6. TRANSPORT LAYER
the “8080” indicates that your browser is going to use the web
protocols to interact with the server, but connect to port 8080
instead of the default port 80.
6.6 Summary
6.7 Glossary
6.8 Questions
a) Physical address
b) IP Address and Time to Live
c) Port number and offset
d) Which document is being requested
a) Because packets that are too large will clog fiber optic con-
nections
b) It prevents a fast computer from sending too much data on
a slow connection
c) It limits the number of hops a packet can take before it is
dropped
d) It determines what part of an IP address is the network num-
ber
a) Sending computer
b) Network gateway
c) Core Internet routers
72 CHAPTER 6. TRANSPORT LAYER
d) Receiving computer
a) Sending computer
b) Network gateway
c) Core Internet routers
d) Receiving computer
a) Train station
b) Undersea network cable
c) Apartment number
d) Sculpture garden
a) Client
b) Server
a) 22
b) 80
c) 53
d) 143
10. What is the port number for the IMAP mail retrieval protocol?
a) 22
b) 80
c) 53
d) 143
Chapter 7
Application Layer
We have been working from the bottom to the top of our four-
layer TCP/IP network model and we are finally at the top. The Ap-
plication layer is where the networked software like web browsers,
mail programs, video players, or networked video players operate.
We as users interact with these applications and the applications
interact with the network on our behalf.
Application
Transport
Internetwork
Link
73
74 CHAPTER 7. APPLICATION LAYER
with the Domain Name System, are like a telephone network for
networked applications. They “dial up” different server applica-
tions on the network and have “conversations” with those appli-
cations to exchange data.
telnet www.dr-chuck.com 80
telnet www.dr-chuck.com 80
Trying 198.251.66.43...
Connected to www.dr-chuck.com.
Escape character is '^]'.
HELP
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
78 CHAPTER 7. APPLICATION LAYER
<html><head>
<title>501 Method Not Implemented</title>
...
</body></html>
Connection closed by foreign host.
telnet www.dr-chuck.com 80
Trying 198.251.66.43...
Connected to www.dr-chuck.com.
Escape character is '^]'.
GET http://www.dr-chuck.com/page1.htm HTTP/1.0
HTTP/1.1 200 OK
Last-Modified: Sun, 19 Jan 2014 14:25:43 GMT
Content-Length: 131
Content-Type: text/html
Since we have sent the proper request, the host responds with a
series of headers describing the document, followed by a blank
line, then it sends the actual document.
In this example, the status code of “200” means that things went
well. A status code of “404” in the first line of the headers in-
dicates that the requested document was not found. A status
code of “301” indicates that the document has moved to a new
location.
The status codes for HTTP are grouped into ranges: 2XX codes in-
dicate success, 3XX codes are for redirecting, 4XX codes indicate
that the client application did something wrong, and 5xx codes
indicate that the server did something wrong.
https://tools.ietf.org/html/rfc3501
The messages that are sent by the client and server are not de-
signed to be viewed by an end user so they are not particularly
descriptive. These messages are precisely formatted and are sent
in a precise order so that they can be generated and read by net-
worked computer applications on each end of the connection.
7.5. FLOW CONTROL 81
Source PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP
Message
Transport
aaaaaaaaSSSSSS
Layer
S S S
Destination
Transport aaaaaaaaRR R
Layer
Internetwork
Web Server Web Browser
Transport and Link Transport
Application Application
Layers
The web server is reading the image file (‘F’) and sending it as
a stream to the web browser as quickly as it can send the data.
The source Transport layer has broken the stream into packets
and used IP to send the packets to the destination computer.
The Transport layer has sent six packets (‘S’) and has stopped
sending because it has reached its window size and paused the
web server. Three of those six packets have made it to the Trans-
port layer on the destination computer (‘R’) and three of the pack-
ets are still making their way across the Internet (‘S’).
As the destination Transport layer pieces the stream back to-
gether, it both sends an acknowledgement (ACK) and delivers
the data to the receiving application (the web browser). The web
browser reconstructs the image (‘A’) and displays it to the user
as the data is received.
A key thing to notice in this picture is that the transport layers do
not keep the packets for the entire file. They only retain packets
that are “in transit” and unacknowledged. Once packets are ac-
knowledged and delivered to the destination application, there is
no reason for either the source or destination Transport layer to
hold on to the packets.
When the acknowledgment flows back from the destination
computer to the source computer, the Transport layer on the
7.6. WRITING NETWORKED APPLICATIONS 83
The applications which send and receive data over the network
are written in one or more programming languages. Many pro-
gramming languages have libraries of code that make it quite
simple to write application code to send and receive data across
the network. With a good programming library, making a connec-
tion to an application running on a server, sending data to the
server, and receiving data from the server is generally as easy as
reading and writing a file.
As an example, the code below is all it takes in the Python pro-
gramming language to make a connection to a web server and
retrieve a document:
import socket
while True:
data = mysock.recv(512)
if ( len(data) < 1 ) :
break
print data
mysock.close()
mysock.connect(('www.py4inf.com', 80))
7.7 Summary
7.8 Glossary
7.9 Questions
a) Transport
b) Internetworking
c) Link Layer
d) Obtuse layer
a) DHCP
b) RFC
c) APPDOC
d) ISO 9000
a) 0f:2a:b3:1f:b3:1a
b) 192.168.3.14
c) www.khanacademy.com
d) http://www.dr-chuck.com/
a) HTTP
b) TCP
c) DHCP
d) Ethernet
a) 23
b) 80
c) 103
d) 143
a) RETR
b) DOCUMENT
7.9. QUESTIONS 87
c) 404
d) GET
a) ftp
b) ping
c) traceroute
d) telnet
a) RFC
b) HTML
c) ICANN
d) IMAP
88 CHAPTER 7. APPLICATION LAYER
a) telnet
b) ping
c) traceroute
d) www
a) The address of the server and the port number on the server
b) The route between the source and destination computers
c) Which part of the IP address is the network number
d) The initial size of the TCP window during transmission
Chapter 8
In the early days of the Internet, networks were small and all of
the routers were in secure locations. As long as each computer
connected to the Internet protected itself from unwanted incom-
ing connections, it was felt that there was no need to protect data
from prying eyes while it was crossing the network.
So the Link, Internetwork, and Transport layers were focused on
the efficient movement of data and solving the problems of a
large-scale shared distributed network without worrying about
the privacy of that data.
But as the use of the Internet grew rapidly in the late 1980s and
literally exploded when the Web became mainstream in 1994, se-
curity and privacy of network traffic became very important prob-
lems to solve. When we began using the Internet to conduct com-
merce and credit cards and bank account numbers were being
routinely sent across the network, securing data became essen-
tial. And when we started using wireless technologies like WiFi,
security became necessary for even the simplest uses of the In-
ternet.
There are two general approaches to securing network activity.
The first makes sure that all of the network hardware (routers
and links) is in physically secure locations so it is not possible for
someone to sneak in and monitor traffic while it is crossing the
Internet. This approach is not practical for hundreds of thousands
of network routers owned and operated by many different orga-
nizations. While you might be able to ensure that some of the
router operators adhered to strict security procedures and poli-
cies, sooner or later a mistake will be made. And once WiFi was
added to the mix and your packets went over radio waves, a net-
work attacker could just sit in a coffee shop and intercept packets
89
90 CHAPTER 8. SECURE TRANSPORT LAYER
In the early days of the Internet, two people could send encrypted
email to each other by one person first calling the other person
on the phone and giving them the decryption secret. This worked
well when there were only a few users on the network, but could
not scale to situations where a company might have millions of
customers and could not afford to make a phone call to each cus-
tomer to establish a shared secret before they could make a pur-
chase.
It might seem like a good idea to distribute the shared secrets
over the Internet, but if we assume that the attackers are monitor-
ing and capturing all network traffic, they could also capture the
unencrypted message that contained the shared secret. At that
point it would be trivial for the attacker to use the shared secret
to decrypt a message. And even worse, the attacker could inter-
cept a message, delay it, then decrypt it, change and re-encrypt
it, and send the modified message back on its way. The receiving
92 CHAPTER 8. SECURE TRANSPORT LAYER
computer would decrypt the message and never know that it had
been modified by an attacker while in transit.
So shared secrets clearly would not work to solve the problem of
securing network traffic between trillions of pairs of networked
computers.
The solution to this problem came in the 1970s when the con-
cept of asymmetric key encryption was developed. The idea of
asymmetric key encryption is that one key is used to encrypt the
message and another key is used to decrypt it. The computer that
will be receiving the encrypted data chooses both the encryption
key and decryption key. Then the encryption key is sent to the
computer that will be sending the data. The sending computer
encrypts the data and sends it across the network. The receiving
computer uses the decryption key to decrypt the data.
We call the encryption key the “public” key because it can be
widely shared. We call the decryption key the “private” key be-
cause it never leaves the computer where it was created. Another
name for asymmetric keys is public/private keys.
The whole process is designed so that if an attacker has the public
key (which was sent unencrypted) and the encrypted text, it is
virtually impossible to decrypt the encrypted data. There is a lot
of math with large prime numbers that makes it hard to guess the
private key from the public key and encrypted data.
So with the advent of public/private key technology, the only
question left was how to apply it in our network model.
8.6 Summary
8.7 Glossary
8.8 Questions
a) Continuous functions
b) Taylor series
c) Karnaugh Maps
d) Prime numbers
a) Encryption key
98 CHAPTER 8. SECURE TRANSPORT LAYER
b) Decryption Key
c) Shared Secret
d) Univerally Safe Key (USK)
5. Where does the Secure Sockets Layer (SSL) fit in the four-
layer Internet architecture?
a) Ptsjduao rt dii
b) Wentudhs di dju
c) Tfdvsjuz jt gvo
d) Asdfghjk qw zxc
13. What Caesar Cipher shift was used to encrypt “V yvxr fr-
phevgl”?
100 CHAPTER 8. SECURE TRANSPORT LAYER
a) 1
b) 6
c) 13
d) 24
Chapter 9
101
102 CHAPTER 9. THE OSI MODEL
(7) Application. We will look at each layer in the OSI model in turn,
starting with the Physical layer.
The OSI Physical layer deals with the physical attributes of the
actual wired, wireless, fiber optic, or other connection that is used
to transport data across a single link. The Physical layer also
defines the shapes of the connectors and type of media which can
be used. Another problem solved at this layer is how to encode
the bits (0’s and 1’s) that make up the data being sent across the
medium.2 The “bit encoding” (or modulation) determines how
fast data can be sent across the link.
The OSI Data Link layer is concerned with how the systems using
a physical link cooperate with one another. When data is broken
into packets, the Data Link layer defines special sequences to indi-
cate the beginning and end of each packet. The stations commu-
nicating using the physical connection are assigned addresses to
allow for effective use of the media. Sometimes multiple stations
are sharing the same media (as on a wireless network) and the
Data Link layer defines how those stations will share the connec-
tions with the other systems connected to the network. Most Data
Link layers also have some form of checksum to detect and/or cor-
rect for errors in the transmitted data.
The design problems solved in the Physical and Data Link layers
of the OSI model are addressed by the Link layer of the TCP/IP
model.
Like the Internetwork Layer (IP) in the TCP/IP model, the OSI Net-
work layer deals with the global assignment of “routable” ad-
dresses to the various systems connected to the network. The
2 “Manchester Encoding” is a common technique for encoding bits for trans-
mission across a wire.
9.4. TRANSPORT (LAYER 4) 103
The Transport layer in the OSI model manages packet loss and
retransmission as well as flow control and window size. The rest
of the functionality of the TCP/IP Transport layer is handled in the
Session layer in the OSI model.
Application Application
Protocols
Encoding formats
2
Transport
Encryption/SSL
3
Ports
Transport
Reliability
Internetwork 4
Addressing / Routing
The TCP/IP Link layer combines the Physical and Data Link layers
from the OSI model. The Physical and Data Link layers are usually
implemented in hardware. Products like Ethernet, WiFi, satellite,
or fiber optic often are implemented in a network driver card that
plugs into the back of a computer or router. The network driver
card generally implements both the physical and the data link
9.10. INTERNETWORK LAYER (TCP/IP) 105
One place that maps pretty cleanly between the two models is
the OSI Network and TCP/IP Internetwork layers. They perform
the same functions of creating a globally routable address space
and building routers to insure that packets properly find their way
from the source to the destination across multiple hops.
The features of the Transport layer in TCP/IP are spread across the
Transport and Session layers of the OSI model. The OSI Transport
layer deals with flow control and packet retransmission, while the
OSI Presentation layer deals with multiple applications running on
multiple ports as well as session establishment and teardown.
The Secure Sockets Layer (SSL) in the TCP/IP model corresponds
to parts of the Session and Presentation layers in the OSI model.
9.13 Conclusion
9.14 Glossary
9.15 Questions
a) Four
9.15. QUESTIONS 107
b) Six
c) Seven
d) Nine
a) Physical
b) Data Link
c) Network
d) Transport
4. Which of the layers is most similar between the OSI and TCP
network models?
6. Why does the TCP model combine the OSI Data Link and
Physical layers into a single Link layer?
a) Because the TCP model does not worry about the Physical
layer
b) Because the TCP model designers were ignored at the 1981
OSI meeting in Utrect, Netherlands
c) Because quite often the design of Data Link and Physical
layers are tightly connected for a particular technology
d) To make the TCP model easier to understand by end users
108 CHAPTER 9. THE OSI MODEL
Chapter 10
Wrap Up
It has been said that building the Internet solved the world’s most
complex engineering problem to date. The design and engineer-
ing of the Internet started well over 50 years ago. It has been
continuously improving and evolving over the past 50 years and
will continue to evolve in the future.
The Internet now connects billions of computers using many thou-
sands of routers and link-level connections. The Internet is so
complex that it is never fully operational, The Internet is less
about being “perfect” and more about adapting to problems, out-
ages, errors, lost data, and many other unforeseen problems. The
Internet is designed to be flexible and adapt to whatever prob-
lems are encountered.
Application
Transport
Internetwork
Link
109
110 CHAPTER 10. WRAP UP
• The other three layers make the use of the network very
simple for the Application Layer. An application can make a
network connection and send/receive data on that connec-
tion with just a few lines of code. By making the use of the
network simple, applications can focus on solving the end-
user problems they need to solve. Because it is so easy for
applications to use the network in new and different ways,
we have seen the emergence of a wide range of highly inno-
vative applications that work without any changes required
to the Internet protocols.