N Tcpip
N Tcpip
N Tcpip
Understanding TCP/IP
TCP/IP, the ubiquitous network protocol, is actually a four-layer suite of protocols and is
well worth gaining an understanding of, if only to ensure that you set it up in the most
efficient way on your network.
By Julian Moss
veryone knows that TCP/IP is a things like routing and reliability. some control fields. There follows the
network protocol used on The benefit that the layered proto- data, and then a trailer which is simply
E LANs, WANs and the Internet,
but not everyone who uses it under-
col stack gives you is that, if you invent
a new network application or a new
a 32-bit cyclic redundancy check
(CRC) field. The data portion of an
standshow itworks. It’spossibletouse type of hardware, you only need to Ethernet frame must be at least 38
TCP/IP with little more than a knowl- create a protocol for that application or bytes long, so filler bytes are inserted if
edge of how to configure the protocol that hardware: you don’t have to re- necessary.
stack, but a better understanding will write the whole stack. All this means that frames are at
give you a clearer picture of what is least 64 bytes long, even if they carry
going on in your network and why the Link Layer only one byte of user data: a significant
protocol needs to be set up in a particu- overhead in some types of application.
lar way. TCP/IP is a four-layer protocol, as Frames also have a maximum size.
The aim of this multi-part article is illustrated inFigure1.Thelowestlevel, Less headers, the maximum size for an
to explain the key concepts behind the link layer, is implemented within Ethernet frame is 1492 bytes, which is
TCP/IP. the network adapter and its device the maximum transmission unit
TCP/IP stands for Transmission driver. Like all the TCP/IP protocols, (MTU) for Ethernet. All link layer pro-
Control Protocol/Internet Protocol. If it is defined by standards. The stand- tocols have an MTU. It is one hardware
this leads you to think that it is not just ards for generic Ethernet-type net- characteristic that the higher-level pro-
one protocol, you’re right. In fact, it is works are defined by the IEEE 802 tocol needs to be aware of, because
not just two protocols, either. TCP/IP Committee: for example, IEEE 802.3 larger blocks of data must be frag-
is a suite of protocols. We’ll cover the for Ethernet networks, or IEEE 802.5 mented into chunks that fit within the
most important ones in the course of for Token Ring networks. MTU and then reassembled on arrival
this article. Other link layer protocols that at their destination.
could be used include Serial Line IP
Layered Protocol (SLIP) or Point-to-Point Protocol
(PPP), which are used when connect- Network Layer
Like most network protocols, ing to a network over an asynchronous Thenextlayer upfromthelink layer
TCP/IP is a layered protocol. Each dial-up link. is called the network layer. The most
layer builds upon the layer below it, Since Ethernet is the most common important protocol at this level is IP,
adding new functionality. The lowest- type of network, we will look at it in a the Internet Protocol. Its job is to send
level protocol is concerned purely with bit more detail. The Ethernet protocol packets or datagrams - a term which
the business of sending and receiving is designed for carrying blocks of data basically means “blocks of data” - from
data - any data - using specific network called frames. A frame consists of a one point to another. It uses the link
hardware. At the top are protocols de- header containing 48-bit hardware layer protocol to achieve this.
signed specifically for tasks like trans- destination and source addresses Both the network layer and the link
ferring files or delivering email. In (which identify specific network layer are concerned with getting data
between are levels concerned with adapters), a 2-byte length field, and from point A to point B. However,
whilst the network layer works in the
world of TCP/IP, the link layer has to
deal with the real world. Everything it
“A router examines every packet, and does is geared towards the network
hardware it uses.
compares the destination address with a An IP address is a “soft” address. It
is a bit like calling your office block
table of addresses that it holds in memory.” “Pan-Galactic House” instead of its
real address, 2326 Western Boulevard.
The former is no use to the postman
TCP/IP
Understanding TCP/IP
TCP/IP, the ubiquitous network protocol, is actually a four-layer suite of protocols and is well
worth gaining an understanding of. This month we explain UDP and TCP, the two protocols
used by applications. Continuing our four-part article.
By Julian Moss
he link layer and network layer other to some extent, though the pro- address will not be passed by a router
protocols of the TCP/IP suite, tocol field is notavailableto thehigher- on to the Internet.
T which are concerned with the
basic mechanics of transferring blocks
level protocols. IP uses the protocol
field todeterminewhether data should
Broadcasts can be targeted at spe-
cific networks. A UDP datagram with
of data across and between networks, be passed to the UDP or TCP module. the host and subnet part of the IP ad-
are the foundations of TCP/IP. They UDP or TCP use the port number to dress set to all binary ones is broadcast
areused by the protocolstack itself,but determine which application-layer to all the hosts on all the subnets of the
they are not used directly by applica- protocol should receive the data. network which matches the net part of
tions that run over TCP/IP. Although UDP isn’t reliable, it is the IP address. If only the host part (in
Now we’ll look at the two protocols still an appropriate choice for many other words, all the bits that are zero in
that are used by applications: User applications. It is used in real-time ap- the subnet mask) is set to binary ones,
Datagram Protocol (UDP) and Trans- plications like Net audio and video then the broadcast is restricted to all
mission Control Protocol (TCP). where, if data is lost, it’s better to do the hosts on the subnet that matches
without it than send it again out of the rest of the address.
User Datagram Protocol sequence. It is also used by protocols Multicasting is used to send data to
like the Simple Network Management a group of hosts that choose to receive
The User Datagram Protocol is a Protocol (SNMP). it. A multicast UDP datagram has a
very simple protocol. It adds little to destination IP address in which the
the basic functionality of IP. Like IP, it Broadcasting first four bits are 1110, giving ad-
is an unreliable, connectionless proto- dresses in the range 224.x.x.x to
col. You do not need to establish a UDP is suitable for broadcasting in- 239.x.x.x. The remaining bits of the ad-
connection with a host before exchang- formation, since it doesn’t require a dress are used to designate a multicast
ing data with it using UDP, and there connection to be open before commu- group. This is rather like a radio or
is no mechanism for ensuring that data nication can take place. On a network, television channel. For example,
sent is received. receiving a broadcast is something 224.0.1.1 is used for the Network Time
A unit of data sent using UDP is over which you have no choice. The Protocol. If a TCP/IP application
called a datagram. UDP adds four 16- targets of a broadcast message are de- wants to receive multicast messages, it
bit header fields (8 bytes) to whatever termined by the sender, and specified must join the appropriate multicast
data is sent. These fields are: a length in the destination IP address. A UDP group, which it does by passing the
field, a checksum field, and source and datagram with a destination IP ad- address of the group to the protocol
destination port numbers. “Port dress of all binary ones stack.
number”, in this context, represents a (255.255.255.255) will be received by Multicasts are, in effect, filtered
software port, not a hardware port. every host on the local network. Note broadcasts. The multicaster does not
The concept of port numbers is the word local: a datagram with this address individual messages to each
common to both UDP and TCP. The
port numbers identify which protocol
module sent (or is to receive) the data.
Most protocols have standard ports “Once a connection has been made,
that are generally used for this. For
example, the Telnet protocol generally data can be sent. TCP is a sliding window
uses port 23. The Simple Mail Transfer
Protocol (SMTP) uses port 25. The use protocol, so there is no need to wait for
of standard port numbers makes it
possible for clients to communicate one segment to be acknowledged before
with a server without first having to
establish which port to use.
The port number and the protocol
another can be sent.”
field in the IP header duplicate each
TCP/IP
wants to connect to. The SYN (syn- To complete the connection estab- failure until data needs to be sent.
chronise sequence numbers) flag is set, lishment protocol, the client acknow- In practice, an application timeout
and the client’s initial data sequence ledges the server’s data sequence would usually terminate the connec-
number is specified. number by sending back a segment tion if a certain interval elapsed with-
To grant the connection, the server with the ACK flag set and the acknow- out any activity occurring. However,
responds with a segment in which the ledgement field containing the server’s as many dial-up Internet users have
header contains its own initial data se- data sequence number plus one. found, it is possible to continue a failed
quence number. The SYN and ACK Using TCP, segments are only sent session as if nothing has happened if
flags are set. To acknowledge receiptof between client and server if there is you can bring the connection up again.
the client’s data sequence number the data to flow. No status polling takes Note that this is only true if your ISP
acknowledgement field contains that place. If the communication line goes gives you a fixed IP address. If IP ad-
value plus one. down, neither end will be aware of the dresses are allocated dynamically
when you log on, you won’t be able to
resume the connection because your
How The Domain Name System Works socket (which, as we mentioned ear-
lier, is comprised of your IP address
IP addresses are easy for computers to work with, but hard for humans to and port number) would be different.
remember. The Domain Name System (DNS) solves that problem by allow-
ing us to refer to hosts by names like “mail.compulink.co.uk” instead of Data Transmission
“153.158.14.1". A computer called a name server lets Internet applications
look up the IP address of any known host, and conversely get the hostname Once a connection has been made,
associated with a given IP address. data can be sent. TCP is a sliding win-
Domain names are organised hierarchically. At the right is the top-level dow protocol, so there is no need to
domain, which may indicate a class of organisation such as .com or .gov, or wait for one segment to be acknow-
a country, such as .au or .uk. The top-level domains are divided into ledged before another can be sent. Ac-
second-level domains, such as .co.uk. Second-level domains can be further knowledgements are sent only if
subdivided, and so on. required immediately, or after a cer-
tain interval has elapsed. This makes
The organisations which manage the top-level domains maintain name TCP an efficient protocol for bulk data
servers, called the root name servers, which know the IP addresses of the transfers.
name servers for the second-level domains. The managers of the second- One example of when an acknow-
level domains must maintain servers which know the addresses of the ledgement is sent immediately is when
third-level name servers, and so on. A lower-level domain such as the sender has filled the receiver’s in-
“ibm.com” or “compulink.co.uk” can represent an entire network. Thename put buffer. Flow control is imple-
servers at that level must supply the IP addresses of all the hosts within it. mented using the window size field in
In a fully-qualified domain name, the host name is thenameontheleft. Thus, the TCP header. In the segment con-
in order for “www.ibm.com” to take you to IBM’s Web site, IBM must name taining the acknowledgement the win-
its Web server “www” and have an entry on its name servers linking this dow size would be set to zero. When
name with the server’s IP address. the receiver is once more able to accept
data, a second acknowledgement is
When an application tries to contact a host by name, the TCP/IP stack runs sent, specifying the new window size.
a module called the resolver. First, this tries to look up the IP address locally. Such an acknowledgement is called a
On a Windows PC, it looks in the file C:\WINDOWS\HOSTS, which is a window update.
text file containing a list of entries in the format <IP address> <host name>. When an interactive Telnet session
This is the way all look-ups were done in the days before name servers were is taking place, a single character typed
invented. in at the keyboard could be sent in its
own TCP segment. Each character
If the name isn’t found in the HOSTS file, the software contacts one of the could then be acknowledged by a seg-
local name servers whose IP address is in the TCP/IP configuration, to see ment coming theother way. If the char-
if it knows the address. If the host you are after isn’t in the local zone it acters typed are echoed by the remote
probably won’t, unless that host has been contacted recently and its address host then a further pair of segments
is cached. Name servers cache IP addresses so they don’t have to find out could be generated, the first by the re-
the addresses of popular hosts every time they are contacted. mote host and the second, its acknow-
If the local name server doesn’t know the address for the host you want, it ledgement, by the Telnet client. Thus,
contacts the root name server for that host’s top-level domain, whose ad- a single typed character could result in
dress it does know. The root-level name server gives the local name server four IP packets, each containing 20
the address of the appropriate second-level server. The second-level server bytes of IP header, 20 bytes of TCP
gives it the third-level server’s address and so on, until eventually a server header and just one byte of data being
transmitted over the Internet.
Understanding TCP/IP
TCP/IP, the ubiquitous network protocol, is actually a four-layer suite of protocols and is well
worth gaining an understanding of. The third instalment of our four-part article.
By Julian Moss
n the previous instalment of this pens many time servers do support communicate with each other. Com-
article [PCNA 88, File C04100] we connections using TCP as well. TCP’s munication may be infrequent and
I looked at the transport layer pro-
tocols of the TCP/IP suite: User Data-
built in reliability is of little use in this
application, because by the time the
sporadic, and the amount of informa-
tion exchanged small. Usually a com-
gram Protocol (UDP) and Transmi- protocol decides that the message may mand sent by the manager will
ssion Control Protocol (TCP). We saw have been lost and re-sends it, the in- generate just a single response.
that UDP is an unreliable, connection- formation it contained will be out of SNMP uses UDP. This avoids the
less protocol suitable for transferring date. UDP is the most suitable protocol overhead of having to maintain con-
small amounts of data and for broad- for real-time applications like this, and nections between the SNMP manager
cast and multicast applications, and others like audio, video and network and each agent. Because the communi-
we saw that TCP implements reliabil- gaming. cation protocol consists essentially of a
ity mechanisms and requires clients to request for data and a reply containing
establish a connection with a server SNMP the data requested, UDP’s lack of reli-
before data can be transferred. This ability is not a problem. Reliability is
month we will examine some of the A slightly more complex UDP ap- easily implemented within the SNMP
application-layer protocols, how they plication is Simple Network Manage- manager by re-sending a request if no
work, and how they exploit the char- ment Protocol (SNMP). It allows response is received within a certain
acteristics of UDP and TCP. applications to glean information period.
about how various elements of the net- The main function of SNMP is to al-
Time work are performing, and to control lowthemanagertogetinformationfrom
the network by means of commands tables maintained by the agents. The ta-
A network time service is one of the sent over it rather than by physical bles are known as the Management In-
simplest possible Internet applica- configuration of equipment. formation Base (MIB). The MIB is
tions. It tells you the time as a 32-bit In SNMPtherearetwodistinctcom- divided into groups, each containing in-
value, giving the number of seconds ponents, the SNMP manager and formation about a different aspect of the
that have elapsed since midnight on SNMP agents. A manager can commu- network. Examples of the information
1st January 1900. nicate withmany agents. Typically,the that the MIB may contain include the
Time servers use the well-known SNMP manager would be an applica- name, type and speed of a network in-
port number 37. When your time client tion running on the network man- terface, a component’s physical location
opens UDP port 37 on the server, the ager’s console, and agents will run on and the contact person for it, and statis-
server responds by sending the four user workstations, in hubs, routers and tics such as the number of packets sent
bytes of time information. other pieces of network hardware. andthenumberthatwereundeliverable.
For such a simple transaction UDP All communication is between the
is perfectly adequate, though as it hap- manager and an agent. Agents don’t Object IDs
Data is addressed using object IDs.
These are written as sequences of num-
“A network time service is one of the bers separated by periods, rather like
long IP addresses. Each number going
simplest possible Internet applications. It from left to right represents a node in
a tree structure, with related informa-
tells you the time as a 32-bit value, giving tionbeing groupedinonebranchofthe
tree. There are standardised object IDs
the number of seconds that have elapsed for commonly used items of informa-
tion, and also a section for vendor-spe-
since midnight on 1st January 1900.” cific information. The assignment of
object IDs is controlled by the Internet
Assigned Numbers Authority (IANA).
TCP/IP
a program that supplies information to FTP is unusual compared to other second, LIST, causes the server to open
arequestingclient.Theinformationsup- TCP applications in that it uses two the specified port, send the directory
plied usually relates to the user accounts TCP connections. A control connection list, and close it again.
on a host, though many ISPs use Finger is made to the well-known FTP port The sequence for downloading a
servers to provide status information. number 21, and thisisusedtosendFTP file is very similar to that for obtaining
The well-known Finger port is TCP commands and receive replies. A sepa- a directory list. First, a PORT com-
port 79. A Finger client opens this port rate data connection is established mand is used to specify the data con-
and then sends a request, which is whenever a file or other information is nection port, and then the command
either a null string or a user name. The to be transferred, and closed when the “RETR filename” is sent to specify the
server responds by sending some text data transfer has finished. Keeping file to be retrieved. The server opens
and closing the connection. If a null data and commands separate makes the data port and sends the data, which
string was sent you may receive infor- life easier for the client software, and the client writes to the hard disk. The
mation about all users known to the means that the control connection is server closes the TCP connection to the
system; a user name will return infor- always free to send an ABOR (abort) data port when the file transfer has
mation about that specific user. command to terminate a lengthy data finished, which is the signal to the cli-
For security reasons many organi- transfer. ent to close the newly-created file.
sations do not run Finger servers, or FTP commands are sent in plain 7-
have them reply with a standard mes- bit ASCII, and consist of a command of Conclusion
sage whatever the request. From our up to 4 characters followed by zero or
perspective the point of interest is that more parameters (those familiar with Since you are unlikely to be asked
the protocol is pure ASCII text, as you text mode FTP clients like that sup- to write your own client or server there
can verify by connecting to a Finger plied with Microsoft TCP/IP may find is little to be gained from looking at
server using a Telnet client. it curious that FTP commands are not these application protocols in more de-
the same as the commands given to the tail. However, it is hoped that some
File Transfer Protocol FTP client). The replies consist of a
three digit number followed by an op-
useful insights into the working of In-
ternet applications can be gained from
Telnet allows you to interact with tional text explanation, for example, these brief descriptions of how a few of
an application running on a remote “250 CWD command successful”. The them work.
computer, but it has no facility for ena- numbers are for easy interpretation by Perhaps the most striking thing
bling you to copy a file from that com- FTP client software, the explanations about the protocols that use TCP is
puter’s hard disk to yours, nor for you are for the benefit of the user. how simple they are. Because the
to upload files to the remote system. It is instructive to see what happens lower protocol levels take care of reli-
That function is carried out using File during a simple FTP session. When ability, routing and physical transfer
Transfer Protocol (FTP). you connect to the FTP server (TCP matters, the application protocol need
The FTP specification caters for sev- port 21) it sends its welcome message concern itself only with things relating
eral different file types, structures and prefixed by the numeric code 220. The to the application. This, of course, is the
transfer modes, but in practice FTP im- FTP client prompts you for your user- whole pointof using a layered protocol
plementations recognise either text files name, which it then sends using the stack.
or binary files. Text files are converted FTP command “USER username”. The
from their native format to 7-bit ASCII server may respond with “331 Need Click here for the final part
with each line terminated by a car- password for username”. The client of this article
riage-return, line-feed pair for trans- detects this, prompts you for the pass-
mission. They are converted back to word and sends this to the server using
the native text file format by the FTP the command “PASS password”. If the
client. FTP therefore provides a cross- password is correct the client will re-
platform transfer mechanism for text ceive the response “230 Access
files. Binary files are transmitted ex- granted”. PCNA
actly as-is. The next thing you might do is type
Data is transferred as a continuous DIR, to list the current directory on the
stream of bytes. The TCP transport server. This command to the client re-
protocol provides all the reliability, sults in two FTP commands being is-
making sure that data that is lost is sued to the server. The first, “PORT
re-sent and checking that it is received x,x,x,x,y1,y2” tells the server the IP ad-
correctly. It is worth noting that error dress (x.x.x.x) and port number (y1 * The Author
detection uses a simple 16-bit check- 256 + y2) to use for the data connection. Julian Moss is a freelance writer
sum so the probability of undetected The port number is one in the range and software developer. The URL
errors is high compared to a file trans- 1024 to 4999, a range used for ephem- of his Web site is http://www.jm-
fer protocol like Zmodem which uses eral connections (those that are used tech.com/.
a 32-bit CRC. briefly for some specific purpose). The
Understanding TCP/IP
n this series of articles we have serves a group of users such as all those- messages would make this impractical
looked at the TCP/IP suite of pro- int one domain. The server receives all - so this is about the only way ISPs can
I tocols, beginning with the link
layer and progressing by stages to the
mail intended for its users and then
allows them to collect it using POP3
prevent non-subscribers such as spam-
mers from using their mail servers to
application layer. We have seen how (Post Office Protocol version 3) or some send out messages.
each layer relies upon the layers below other mail protocol. Similarly, most Having received the correct ac-
it, so that network applications can be SMTP clients send messages to a single knowledgement the sender signs on to
written without needing to take ac- server, whose job it is to relay those mes- the server by sending the string
count of considerations such as how sages on to their eventual recipients. “HELO hostname”. HELO is the sign-
the network is constructed or what An SMTP transaction begins when on command and hostname is the
type of hardware or cabling is used. the sender client opens a TCP connec- name of the host. As we will see, the
A striking point about many of the tion with the receiver using the well- hostname is used in the Received:
application layer protocols is how sim- known port number 25. The server header which the server adds to the
ple they are. The protocols based on acknowledges the connection by send- message when it sends it on its way.
TCP mostly use commands and re- ing back a message of the form “220 This information allows the recipient
sponses in plain ASCII text, making SMTP Server Ready”. SMTP uses a to trace the path taken by the message.
them easier for a user to understand similar format of replies to ftp, which
and for a programmer to implement. we looked at previously. The three- Sending
For further illustration we shall look at digit code is all the client software
the two protocols that you may use needs to tell if everything is going OK. Once the sender gets a “250 OK”
every day to send and receive Internet The text is there to help the humans acknowledgement it can start sending
email: SMTP and POP3. who might be troubleshooting a prob- messages. The protocol is extremely
lem by analysing a log of the transac- simple. All the sender has to do is say
SMTP tion. The box “Application Protocol
Reply Codes” provides more informa-
who the message is from, who it is to,
and supply the contents of the mes-
Simple Mail Transfer Protocol tion about message reply codes. sage.
(SMTP) is one of the most venerable of An SMTP relay server might refuse Who a message is from is specified
the Internet protocols. Designed in the a connection by sending back a mes- with the command “MAIL FROM: <ad-
early 1980s, its function is purely and sage with a “421 Service not available” dress>”. This command also tells the re-
simply to transfer electronic mail reply code. For example, an Internet ceiver that it is about to receive a new
across and between networks and Service Provider’s SMTP server pro- message, so it knows to clear out its list
other transport systems. As such, its vided for use by its subscribers to relay of recipients. The address in the angle
use need not be restricted to systems outgoing mail might refuse a connec- brackets (which are required) is the
that useTCP/IP.Any communications tion from a host whose IP address in- return path for themessage. Thereturn
system capable of handling lines of up dicates that it is not a subscriber to that path is the address that any error re-
to 1,000 7-bit ASCII characters could be ISP. SMTP has no form of access con- port - such as would be generated if the
used to carry messages using SMTP. trol - the way it can be used to relay message is undeliverable - is sent to.
On a TCP/IP network, however, TCP
provides the transport mechanism.
In SMTP the sender is the client, but
a client may communicate with many
different servers. Mail can be sent di-
“SMTP uses a similar format of
rectly from the sending host to the re-
ceiving host, requiring a separate TCP
replies to ftp, which we looked at
connection to be made for each copy of
each message. However, few mail re-
previously. The three- digit code is
cipients run their own SMTP servers.
It is more usual for the destination
all the client software needs.”
of an SMTP message to be a server that
TCP/IP
! IPv6 Explained
! The OSI 7 Layer Model Explained
! Understanding Frame Relay
! Understanding DHCP
! Virtual Private Networking Explained
PCNA
PC Network Advisor
www.pcnetworkadvisor.com
Recent Reviews from Tech Support Alert