N Tcpip

Download as pdf or txt
Download as pdf or txt
You are on page 1of 21

Connectivity:Overview

Understanding TCP/IP

TCP/IP, the ubiquitous network protocol, is actually a four-layer suite of protocols and is
well worth gaining an understanding of, if only to ensure that you set it up in the most
efficient way on your network.
By Julian Moss

veryone knows that TCP/IP is a things like routing and reliability. some control fields. There follows the
network protocol used on The benefit that the layered proto- data, and then a trailer which is simply
E LANs, WANs and the Internet,
but not everyone who uses it under-
col stack gives you is that, if you invent
a new network application or a new
a 32-bit cyclic redundancy check
(CRC) field. The data portion of an
standshow itworks. It’spossibletouse type of hardware, you only need to Ethernet frame must be at least 38
TCP/IP with little more than a knowl- create a protocol for that application or bytes long, so filler bytes are inserted if
edge of how to configure the protocol that hardware: you don’t have to re- necessary.
stack, but a better understanding will write the whole stack. All this means that frames are at
give you a clearer picture of what is least 64 bytes long, even if they carry
going on in your network and why the Link Layer only one byte of user data: a significant
protocol needs to be set up in a particu- overhead in some types of application.
lar way. TCP/IP is a four-layer protocol, as Frames also have a maximum size.
The aim of this multi-part article is illustrated inFigure1.Thelowestlevel, Less headers, the maximum size for an
to explain the key concepts behind the link layer, is implemented within Ethernet frame is 1492 bytes, which is
TCP/IP. the network adapter and its device the maximum transmission unit
TCP/IP stands for Transmission driver. Like all the TCP/IP protocols, (MTU) for Ethernet. All link layer pro-
Control Protocol/Internet Protocol. If it is defined by standards. The stand- tocols have an MTU. It is one hardware
this leads you to think that it is not just ards for generic Ethernet-type net- characteristic that the higher-level pro-
one protocol, you’re right. In fact, it is works are defined by the IEEE 802 tocol needs to be aware of, because
not just two protocols, either. TCP/IP Committee: for example, IEEE 802.3 larger blocks of data must be frag-
is a suite of protocols. We’ll cover the for Ethernet networks, or IEEE 802.5 mented into chunks that fit within the
most important ones in the course of for Token Ring networks. MTU and then reassembled on arrival
this article. Other link layer protocols that at their destination.
could be used include Serial Line IP
Layered Protocol (SLIP) or Point-to-Point Protocol
(PPP), which are used when connect- Network Layer
Like most network protocols, ing to a network over an asynchronous Thenextlayer upfromthelink layer
TCP/IP is a layered protocol. Each dial-up link. is called the network layer. The most
layer builds upon the layer below it, Since Ethernet is the most common important protocol at this level is IP,
adding new functionality. The lowest- type of network, we will look at it in a the Internet Protocol. Its job is to send
level protocol is concerned purely with bit more detail. The Ethernet protocol packets or datagrams - a term which
the business of sending and receiving is designed for carrying blocks of data basically means “blocks of data” - from
data - any data - using specific network called frames. A frame consists of a one point to another. It uses the link
hardware. At the top are protocols de- header containing 48-bit hardware layer protocol to achieve this.
signed specifically for tasks like trans- destination and source addresses Both the network layer and the link
ferring files or delivering email. In (which identify specific network layer are concerned with getting data
between are levels concerned with adapters), a 2-byte length field, and from point A to point B. However,
whilst the network layer works in the
world of TCP/IP, the link layer has to
deal with the real world. Everything it
“A router examines every packet, and does is geared towards the network
hardware it uses.
compares the destination address with a An IP address is a “soft” address. It
is a bit like calling your office block
table of addresses that it holds in memory.” “Pan-Galactic House” instead of its
real address, 2326 Western Boulevard.
The former is no use to the postman

Issue 87 (September 1997) Page 3 PC Network Advisor File: C04100.1


Connectivity:Overview

who has to deliver the letters, unless he


can use it to find out the latter. The
link-layer Ethernet protocol needs to
know the unique hardware address of
“The TTL field is a safety mechanism
the specific network adapter it has to
deliver the message to and, in case of
which prevents packets from travelling
an error, the address of the one it came
from.
the Internet forever in routing loops.
To make this possible, the TCP/IP
protocol suite includes link-layer pro-
It is exploited in a novel way by the
tocols which convert between IP and
hardware addresses. The Address
Traceroute diagnostic tool.”
Resolution Protocol (ARP) finds out
the physical address corresponding to
an IP address.Itdoesthisbybroadcast-
ing an ARP request on the network. for a start. It would, in any case, be were received out of order.
When a host recognises an ARP re- undesirable for every computer in the IP is an unreliable protocol. Any
quest containing its own IP address, it world to be connected to one big net- mechanisms for ensuring that data
sends an ARP reply containing its work. Every message sent would have sent arrives correct and intact are pro-
hardware address. There is also a Re- to be heard by every computer, which vided by the higher-level protocols in
verse ARP (RARP) protocol. This is would be bedlam. the suite.
used by a host to find out its own IP Instead, inter-net communications
address if it has no way of doing this
except via the network.
take place using one or more “hops”.
Your Ethernet card will communicate Packets
with another Ethernet device on the An IP packet consists of the IP
Internet Protocol route to the final destination. Routing header and data. The header includes
is the important capability that IP adds a 4-bit protocol version number, a
IP is the bedrock protocol of to a hardware network protocol. Be- header length, a 16-bit total length,
TCP/IP. Every message and every fore we come to it, we will look at some some control fields, aheaderchecksum
piece of data sent over any TCP/IP other features of IP. and the 32-bit source and destination
network is sent as an IP packet. IP addresses. This totals 20 bytes in all.
mitted across and between networks. Features Of IP
IP’s job is to enable data to be trans- We won’t go into the detail of all the
IP control fields. However, the proto-
Hence the name: inter-net protocol. In IP is a connectionless protocol. This col field is important. It identifies
a small LAN, it adds little to what means that it has no concept of a job or which higher-level TCP/IP protocol
could be achieved if the network appli- a session. Each packet is treated as an sent the data. When data arrives at its
cations talked directly to Ethernet. If entity in itself. IP is rather like a postal destination (either the packet’s desti-
every computer is connected to the worker sorting letters. He is not con- nation address equals the host’s own
same Ethernet cable, every message cerned with whether a packet is one of IP address, or it is a broadcast address)
could besent directly tothedestination a batch. He simply routes packets, one this field tells IP which protocol mod-
computer. at a time, to the next location on the ule to pass it on to.
Once you startconnecting networks delivery route. One control field, the time-to-live
together, however, direct Ethernet IP is also unconcerned with (TTL) field, is interesting. It is initial-
communication becomes impractical. whether a packet reaches its eventual ised by the sender to a particular value,
At the application level you may ad- destination, or whether packets arrive usually 64, and decremented by one
dress a message to a computer on the in the original order. There is no infor- (or the number of seconds it is held on
far side of the world, but your Ethernet mation in a packet to identify it as part to) by every router that the packet
card can’t communicate with the Eth- of a sequence or as belonging to a par- passes through. When it reaches zero
ernet card on that computer. Physical ticular job. Consequently, IP cannot the packet is discarded and the sender
Ethernet limitations would prevent it, tell if packets were lost or whether they notified using the Internet Control
Message Protocol (ICMP), a network-
layer protocol for sending network-re-
Application layer: FTP, SMTP, SNMP lated messages.
Transport layer: TCP, UDP The TTL field is a safety mechanism
Network layer: IP which prevents packets from travel-
Link layer: IEEE 802.x, PPP, SLIP ling the Internet forever in routing
loops. It is exploited in a novel way by
Figure 1 - TCP/IP is a four-layer protocol, of which the the Traceroute diagnostic tool (see
link layer is the lowest layer. box).

File: C04100.2 PC Network Advisor Issue 87 (September 1997) Page 4


Connectivity:Overview

TCP/IP

Although the total field length in


the IP protocol header is 16 bits, IP
packets are usually much smaller than
the 64 KB maximum this implies. For
“Like most network protocols, TCP/IP is a
one thing, the link layer will have to
split this into smaller chunks anyway,
layered protocol. Each layer builds upon the
so most of the efficiency advantages of
sending data in large blocks is lost. For
layer below it, adding new functionality.”
another, IP standards did not histori-
cally require a host to accept a packet
of more than 576 bytes in length. Many
TCP/IP applications limit themselves written as four bytes separated by pe- in the range 1 to 126. The remaining
to using 512-byte blocks for this rea- riods (full stops). They can range from three bytes can be used for unique host
son, though today most implementa- 1.0.0.1 to 223.255.255.255. It’s worth addresses. This allows for 126 net-
tions of the protocol aren’t so noting that IP addresses are stored in works each with up to 16m hosts.
restricted. big-endian format, with the most sig- Class B addresses can be distin-
nificant byte first, read left to right. guished by first byte values in the
Internet Addressing This contrasts with the little-endian
format used on Intel-based systems for
range 128.0.x.x to 191.255.x.x. In these
addresses, the first two bytes are used
Internet protocol addresses, or IP storing 32-bit numbers. This minor for the net ID, and the last two for the
addresses, uniquely identify every net- point can cause a lot of trouble for PC host ID, giving addresses for 16,000
work or host on the Internet. To make programmers and others working networks, each with up to 16,000 hosts.
sure they are unique, one body, called with raw IP data if they forget. Class C addresses are in the range
InterNIC, is responsible for issuing IP addresses comprise two parts, 224.0.0.x to 239.255.255.x. Here, the
them. the network ID and the host ID. An IP first three bytes identify the network,
If your network is connected to the address can identify a network (if the leaving just one byte for the individual
Internet and the computers need to be host part is all zero) or an individual hosts. This provides for 2 million net-
addressable from the Internet you host. The dividing line between the works of up to 254 hosts each.
must use IP addresses issued by In- network ID and the host ID is not con- Although these addresses make it
terNIC. If you don’t use InterNIC-is- stant. Instead, IP addresses are split possible to uniquely identify quite a lot
sued addresses, you must set up the into three classes which allow for a of networks and hosts, the number is
gateway between your network and small number of very large networks, not that large in relation to the current
the Internet so that packets containing a medium number of medium-sized rate of expansion of the Internet. Con-
the made-up addresses will never pass networks and a large number of small sequently, a new addressing system
through it in either direction. networks. has been devised which is part of In-
Internet addresses are 32 bits long, Class A addresses have a first byte ternet Protocol version 6 (IPv6). IPv6
won’t come into use for a couple of
years, and understanding it isn’tessen-
Traceroute - How It Works tial to understanding how IP works in
general, so we won’t cover it here. [For
Traceroute, if you haven’t used it before, is a diagnostic tool that lets you a full description of IPv6, see article C0655
find out the route Internet traffic takes between you and any given destina- in PCNA 83 - Ed.]
tion. It exploits the fact that traffic between two points will usually follow IP addresses can be further divided
the same route at any given time, and that a router will notify the sender to obtain a subnet ID. The main net ID
using an ICMP message whenever it receives an IP packet containing a identifies a network of networks. The
time-to-live (TTL) field of one. subnet ID lets you address a specific
Normally, the TTL field of an IP packet is set to the value 64. Traceroute network within that network. This sys-
starts by sending a UDP datagram to the destination you specify, setting the tem of addressing more accurately re-
TTL field to 1. The first router that receives it discards it, and sends an ICMP flects how real-world large networks
“time-to-live equals 0" notification back. In the header of the ICMP message are connected together.
is the router’s IP address, from which its name can be determined. Next, You decide how the subnet ID is
Traceroute sends the datagram with a TTL of 2. This gets as far as the second arrived at by defining a 32-bit value
router before being discarded. Again, an ICMP message comes back. called the subnet mask. This is logi-
This process is repeated with ever-increasing TTLs until the datagram cally ANDed with the IP address to
reaches the destination. To create an error when the destination is reached, obtain the subnet address. For exam-
the UDP datagram is addressed to a non-existent port on the destination ple, if a subnet mask was 255.255.255.0
host. This causes the host to respond with an ICMP “destination port and an IP address was 128.124.14.5,
unreachable” message. Thus, Traceroute knows that the route has been 128.124 would identify the Class B net-
completed. work, 128.124.14 would identify the

Issue 87 (September 1997) Page 5 PC Network Advisor File: C04100.3


Connectivity:Overview

there. If no default address is present,


the router sends an ICMP “host un-
“If you don’t use InterNIC-issued reachable” or “network unreachable”
message back to the sender. If you see
addresses, you must set up the gateway this message, it usually indicates a
router failure at some point in the net-
between your network and the Internet work.
The difficult part of a router’s job is
so that packets containing the made-up not how it routes packets, but how it
builds up its table. In the simplest case,
addresses will never pass through the router table is static: it is read in
from a file at start-up. This is adequate
it in either direction.” for simple networks. You don’t even
need a dedicated piece of kit for this,
because routing functionality is built
into IP.
Dynamic routing is more compli-
subnetwork, and 5 would identify the and 256 class C addresses (192.168.0.x cated. A router builds up its table by
host on that subnetwork. [An article to 192.168.255.x). If you have equip- broadcasting ICMP router solicitation
which covers subnet masks and related top- ment which uses IP addresses that messages, to which other routers re-
ics in more detail is currently in prepara- have not been allocated by InterNIC spond. Routing protocols are used to
tion - Ed.] then the addresses used should be discover the shortest path to a location.
within one of these ranges, as an extra Routes are updated periodically in re-
Special Meanings precaution in case router misconfigu-
ration allows packets to“leak” ontothe
sponse to traffic conditions and avail-
ability of a route. However, the details
A few IP addresses have special Internet. of how this all works is beyond the
meanings. A network ID of 0 in an scope of this article.
address means “this network”, so for IP Routing
local communication only the host ID
need be specified. A host ID of 0 means So how does an IP packet addressed Click here for the second part
“this host”. to a computer on the other side of the of this article
A network ID of 127 denotes the world find its way to its destination?
loopback interface, which is another The basic mechanism is very simple.
way of specifying “this host”. The host On a LAN, every host sees every
ID part of the address can be anything packet that is sent by every other host
in this case, though the address on that LAN. Normally, it will only do
127.0.0.1 is normally used. Packets sent something with that packet if it is ad-
to the loopback address will never ap- dressed to itself, or if the destination is
pear on the network. It can be used by a broadcast address.
TCP/IP applications that run on the A router is different. A router exam-
PCNA
same machine and want to communi- ines every packet, and compares the
cate with one another. destination address with a table of ad-
Addresses in the range 224.x.x.x to dresses that it holds in memory. If it
239.x.x.x are Class D addresses, which finds an exact match, it forwards the
are used for multi-casting. Addresses packet to an address associated with
240.x.x.x to 247.x.x.x are reserved for that entry in the table. This associated
experimental purposes. address may be the address of another
Net, subnet and host IDs of all bi- network in a point-to-point link, or it
nary ones (byte value 255) are used may be the address of the next-hop
when an IP packet is to be broadcast. router.
Mercifully, an address of 255.255.- If the router doesn’t find a match, it
255.255 does not result in a broadcast runs through the table again, this time The Author
to the entire Internet. looking for a match on just the network Julian Moss is a freelance IT writer
Three sets of addresses are reserved ID part of the address. Again, if a and programmer, and developer
for private address space - networks of match is found, the packet is sent on to of Visual DialogScript, a scripting
computers that do not need to be ad- the address associated with that entry. and automation tool for Win-
dressed from the Internet. There is one If a match still isn’tfound, therouter dows. He can be contacted as
class A address (10.x.x.x), sixteen class looks to see if a default next-hop ad- [email protected].
B addresses (172.16.x.x to 172.31.x.x), dress is present. If so, the packet is sent

File: C04100.4 PC Network Advisor Issue 87 (September 1997) Page 6


New Reviews from Tech Support Alert

Anti-Trojan Software Reviews


A detailed review of six of the best anti trojan software programs. Two products
were impressive with a clear gap between these and other contenders in their
ability to detect and remove dangerous modern trojans.

Inkjet Printer Cartridge Suppliers


Everyone gets inundated by hundreds of ads for inkjet printer cartridges, all
claiming to be the cheapest or best. But which vendor do you believe? Our
editors decided to put them to the test by anonymously buying printer cartridges
and testing them in our office inkjet printers. Many suppliers disappointed but we
came up with several web sites that offer good quality cheap inkjet cartridges
with impressive customer service.

Windows Backup Software


In this review we looked at 18 different backup software products for home or
SOHO use. In the end we could only recommend six though only two were good
enough to get our “Editor’s Choice” award

The 46 Best Freeware Programs


There are many free utilities that perform as well or better than expensive
commercial products. Our Editor Ian Richards picks out his selection of the very
best freeware programs and he comes up with some real gems.

Tech Support Alert


http://www.techsupportalert.com
Connectivity:Overview

Understanding TCP/IP

TCP/IP, the ubiquitous network protocol, is actually a four-layer suite of protocols and is well
worth gaining an understanding of. This month we explain UDP and TCP, the two protocols
used by applications. Continuing our four-part article.
By Julian Moss

he link layer and network layer other to some extent, though the pro- address will not be passed by a router
protocols of the TCP/IP suite, tocol field is notavailableto thehigher- on to the Internet.
T which are concerned with the
basic mechanics of transferring blocks
level protocols. IP uses the protocol
field todeterminewhether data should
Broadcasts can be targeted at spe-
cific networks. A UDP datagram with
of data across and between networks, be passed to the UDP or TCP module. the host and subnet part of the IP ad-
are the foundations of TCP/IP. They UDP or TCP use the port number to dress set to all binary ones is broadcast
areused by the protocolstack itself,but determine which application-layer to all the hosts on all the subnets of the
they are not used directly by applica- protocol should receive the data. network which matches the net part of
tions that run over TCP/IP. Although UDP isn’t reliable, it is the IP address. If only the host part (in
Now we’ll look at the two protocols still an appropriate choice for many other words, all the bits that are zero in
that are used by applications: User applications. It is used in real-time ap- the subnet mask) is set to binary ones,
Datagram Protocol (UDP) and Trans- plications like Net audio and video then the broadcast is restricted to all
mission Control Protocol (TCP). where, if data is lost, it’s better to do the hosts on the subnet that matches
without it than send it again out of the rest of the address.
User Datagram Protocol sequence. It is also used by protocols Multicasting is used to send data to
like the Simple Network Management a group of hosts that choose to receive
The User Datagram Protocol is a Protocol (SNMP). it. A multicast UDP datagram has a
very simple protocol. It adds little to destination IP address in which the
the basic functionality of IP. Like IP, it Broadcasting first four bits are 1110, giving ad-
is an unreliable, connectionless proto- dresses in the range 224.x.x.x to
col. You do not need to establish a UDP is suitable for broadcasting in- 239.x.x.x. The remaining bits of the ad-
connection with a host before exchang- formation, since it doesn’t require a dress are used to designate a multicast
ing data with it using UDP, and there connection to be open before commu- group. This is rather like a radio or
is no mechanism for ensuring that data nication can take place. On a network, television channel. For example,
sent is received. receiving a broadcast is something 224.0.1.1 is used for the Network Time
A unit of data sent using UDP is over which you have no choice. The Protocol. If a TCP/IP application
called a datagram. UDP adds four 16- targets of a broadcast message are de- wants to receive multicast messages, it
bit header fields (8 bytes) to whatever termined by the sender, and specified must join the appropriate multicast
data is sent. These fields are: a length in the destination IP address. A UDP group, which it does by passing the
field, a checksum field, and source and datagram with a destination IP ad- address of the group to the protocol
destination port numbers. “Port dress of all binary ones stack.
number”, in this context, represents a (255.255.255.255) will be received by Multicasts are, in effect, filtered
software port, not a hardware port. every host on the local network. Note broadcasts. The multicaster does not
The concept of port numbers is the word local: a datagram with this address individual messages to each
common to both UDP and TCP. The
port numbers identify which protocol
module sent (or is to receive) the data.
Most protocols have standard ports “Once a connection has been made,
that are generally used for this. For
example, the Telnet protocol generally data can be sent. TCP is a sliding window
uses port 23. The Simple Mail Transfer
Protocol (SMTP) uses port 25. The use protocol, so there is no need to wait for
of standard port numbers makes it
possible for clients to communicate one segment to be acknowledged before
with a server without first having to
establish which port to use.
The port number and the protocol
another can be sent.”
field in the IP header duplicate each

Issue 88 (October 1997) Page 13 PC Network Advisor File: C04100.5


Connectivity:Overview

field is interpreted as “all data up to


“TCP includes mechanisms for ensuring this point received OK”. This saves
bandwidth when data is all being sent
that data which arrives out of sequence is one way by reducing the need for ac-
knowledgement segments. If data is
put back into the order it was sent. It also being sent in both directions simulta-
neously, as in a full duplex connection,
implements flow control, so a sender then acknowledgements involve no
overhead, as a segment carrying data
cannot overwhelm a receiver with data.” one way can contain an acknow-
ledgement for data sent the other way.
Next in the header is a 16-bit field
containing a header length and flags.
TCP headers can include optional
host that joins the group. Instead, the which are called segments. The length fields, so the length can vary from 20
messages are broadcast, and the driv- of a segmentis decided by theprotocol. to 60 bytes. The flags are: URG, ACK
ers on each host decide whether to ig- Each segment contains 20 bytes of (which we have already mentioned),
nore them or pass the contents up the header information in addition to the PSH, RST, SYN and FIN. We shall look
protocol stack. IP header. The TCP header starts with at some of the other flags later.
This implies that multicast mes- 16-bit source and destination port The header contains a field called
sages must be broadcast throughout number fields. As with UDP, these the window size, which gives the
the entire Internet, since the multicas- fields specify the application layers number of bytes the receiver can ac-
ter does not know which hosts want to that have sent and are to receive the cept. Then there is a 16-bit checksum,
receive the messages. Fortunately this data. An IP address and a port number covering both header and data. Finally
is unnecessary. IP uses a protocol taken together uniquely identify a (before the optional data) there is a
called Internet Group Management service running on a host, and the pair field called the“urgent pointer”. When
Protocol (IGMP) to inform routers is known as a socket. the URG flag is set, this value is treated
which hosts wish to receive which Next in the header comes a 32-bit as an offset to the sequence number. It
multicast group messages, so that the sequence number. This number identi- identifies the start of data in the stream
messages are only sent where they are fies the position in the data stream that that must be processed urgently. This
needed. the first byte of data in the segment data is often called “out-of-band” data.
should occupy. The sequence number An example of its use is when a user
TCP enables TCP to maintain the data
stream in the correct order even
presses the break key to interrupt the
output from a program during a Telnet
Transmission Control Protocol is though segments may be received out session.
the transport layer protocol used by of sequence.
most Internet applications, like Telnet, The next field is a 32-bit acknow- Connection
FTP and HTTP. It is a connection-ori- ledgement field, which is used to con-
ented protocol. This means that two vey back to the sender that data has Before any data can be sent between
hosts - one a client, the other a server - been received correctly. If theACKflag two hosts using TCP, a connection
must establish a connection before any is set, which it normally is, this field must be established. One host, called
data can be transferred between them. contains the position of the next byte of the server, listens out for connection
TCP provides reliability. An appli- data that the sender of the segment requests. Thehostrequestinga connec-
cation that uses TCP knows that data it expects to receive. tion is called the client.
sends is received at the other end, and In TCP there is no need for every To request a connection, a client
that it is received correctly. TCP uses segment of data to be acknowledged. sends a TCP segment specifying its
checksums on both headers and data. The value in the acknowledgement own port number and the port that it
When data is received, TCP sends an
acknowledgement back to the sender.
If the sender does not receive an ac-
knowledgement within a certain time-
frame the data is re-sent.
“If a name isn’t found in the HOSTS file,
TCP includes mechanisms for en-
suring that data which arrives out of
the software contacts one of the local name
sequence is put back into the order it
was sent. It also implements flow con-
servers whose IP address is in the TCP/IP
trol, so a sender cannot overwhelm a
receiver with data.
configuration, to see if it knows the address.”
TCP sends data using IP, in blocks

File: C04100.6 PC Network Advisor Issue 88 (October 1997) Page 14


Connectivity:Overview

TCP/IP

wants to connect to. The SYN (syn- To complete the connection estab- failure until data needs to be sent.
chronise sequence numbers) flag is set, lishment protocol, the client acknow- In practice, an application timeout
and the client’s initial data sequence ledges the server’s data sequence would usually terminate the connec-
number is specified. number by sending back a segment tion if a certain interval elapsed with-
To grant the connection, the server with the ACK flag set and the acknow- out any activity occurring. However,
responds with a segment in which the ledgement field containing the server’s as many dial-up Internet users have
header contains its own initial data se- data sequence number plus one. found, it is possible to continue a failed
quence number. The SYN and ACK Using TCP, segments are only sent session as if nothing has happened if
flags are set. To acknowledge receiptof between client and server if there is you can bring the connection up again.
the client’s data sequence number the data to flow. No status polling takes Note that this is only true if your ISP
acknowledgement field contains that place. If the communication line goes gives you a fixed IP address. If IP ad-
value plus one. down, neither end will be aware of the dresses are allocated dynamically
when you log on, you won’t be able to
resume the connection because your
How The Domain Name System Works socket (which, as we mentioned ear-
lier, is comprised of your IP address
IP addresses are easy for computers to work with, but hard for humans to and port number) would be different.
remember. The Domain Name System (DNS) solves that problem by allow-
ing us to refer to hosts by names like “mail.compulink.co.uk” instead of Data Transmission
“153.158.14.1". A computer called a name server lets Internet applications
look up the IP address of any known host, and conversely get the hostname Once a connection has been made,
associated with a given IP address. data can be sent. TCP is a sliding win-
Domain names are organised hierarchically. At the right is the top-level dow protocol, so there is no need to
domain, which may indicate a class of organisation such as .com or .gov, or wait for one segment to be acknow-
a country, such as .au or .uk. The top-level domains are divided into ledged before another can be sent. Ac-
second-level domains, such as .co.uk. Second-level domains can be further knowledgements are sent only if
subdivided, and so on. required immediately, or after a cer-
tain interval has elapsed. This makes
The organisations which manage the top-level domains maintain name TCP an efficient protocol for bulk data
servers, called the root name servers, which know the IP addresses of the transfers.
name servers for the second-level domains. The managers of the second- One example of when an acknow-
level domains must maintain servers which know the addresses of the ledgement is sent immediately is when
third-level name servers, and so on. A lower-level domain such as the sender has filled the receiver’s in-
“ibm.com” or “compulink.co.uk” can represent an entire network. Thename put buffer. Flow control is imple-
servers at that level must supply the IP addresses of all the hosts within it. mented using the window size field in
In a fully-qualified domain name, the host name is thenameontheleft. Thus, the TCP header. In the segment con-
in order for “www.ibm.com” to take you to IBM’s Web site, IBM must name taining the acknowledgement the win-
its Web server “www” and have an entry on its name servers linking this dow size would be set to zero. When
name with the server’s IP address. the receiver is once more able to accept
data, a second acknowledgement is
When an application tries to contact a host by name, the TCP/IP stack runs sent, specifying the new window size.
a module called the resolver. First, this tries to look up the IP address locally. Such an acknowledgement is called a
On a Windows PC, it looks in the file C:\WINDOWS\HOSTS, which is a window update.
text file containing a list of entries in the format <IP address> <host name>. When an interactive Telnet session
This is the way all look-ups were done in the days before name servers were is taking place, a single character typed
invented. in at the keyboard could be sent in its
own TCP segment. Each character
If the name isn’t found in the HOSTS file, the software contacts one of the could then be acknowledged by a seg-
local name servers whose IP address is in the TCP/IP configuration, to see ment coming theother way. If the char-
if it knows the address. If the host you are after isn’t in the local zone it acters typed are echoed by the remote
probably won’t, unless that host has been contacted recently and its address host then a further pair of segments
is cached. Name servers cache IP addresses so they don’t have to find out could be generated, the first by the re-
the addresses of popular hosts every time they are contacted. mote host and the second, its acknow-
If the local name server doesn’t know the address for the host you want, it ledgement, by the Telnet client. Thus,
contacts the root name server for that host’s top-level domain, whose ad- a single typed character could result in
dress it does know. The root-level name server gives the local name server four IP packets, each containing 20
the address of the appropriate second-level server. The second-level server bytes of IP header, 20 bytes of TCP
gives it the third-level server’s address and so on, until eventually a server header and just one byte of data being
transmitted over the Internet.

Issue 88 (October 1997) Page 15 PC Network Advisor File: C04100.7


Connectivity:Overview

TCP has some features to try to


make things a bit more efficient. An
acknowledgement delay of anything “The concept of port numbers is common
up to 500 ms can be specified in the
hope that within that time some data to both UDP and TCP. The port
will need to be sent the other way, and
the acknowledgement can piggyback numbers identify which protocol module
along with it.
The inefficiency of sending many sent (or is to receive) the data. Most
very small segments is reduced by
something called the Nagle algorithm. protocols have standard ports that
This states that a TCP segmentcontain-
ing less data than the receiver’s adver-
tised window size can only be sent if
are generally used for this.”
the previous segment has been ac-
knowledged. Small amounts of data
are aggregated until either they equal mined by the protocol, the data is sent strategy would not resolve the prob-
the window size, or the acknow- again. lem in this case. To prevent deadlock
ledgement for the previous segment is The interval that TCP will wait be- from occurring, TCP sends out win-
received. The slower the connection, fore retransmitting data is dependent dow probe messages at regular inter-
the longer will be the period during on the speed of the connection. The vals to query the receiver about its
which data can be aggregated, and protocol monitors the time it normally window size.
thus fewer separate TCP segments will takes to receive an acknowledgement
be sent over the busy link. and uses this information to calculate Closing A Connection
the period for the retransmission
Error Correction timer. If an acknowledgement is not When the time comes to close a TCP
received after re-sending the data connection, each direction of data flow
An important advantage of TCP once, it is sent repeatedly, at ever-in- must be closed down separately. One
over UDP is that it is a reliable data creasing intervals, until either a re- end of the connection sends a segment
transport protocol. It can detect sponse is received or (usually) an in which the FIN (finished sending
whether data has been successfully re- application timeout value is exceeded. data) flag is set. The receipt of this
ceived at the other end and, if it hasn’t As already mentioned, TCP imple- segment is acknowledged, and the re-
been, TCP can take steps to rectify the ments flow control using the window ceiving end notifies its application that
situation. If all else fails, it can inform size field in the header. A potential the other end has closed that half of the
the sending application of the problem deadlock situation arises if a receiver connection.
so that it knows that the transmission stops the data flow by setting its win- The receiver can, if it wishes, con-
failed. dow size to zero and the window up- tinue to send data in the other direc-
The most common problem is that a date segment that is meant to start data tion. Normally, however, the receiving
TCP segment is lost or corrupted. TCP flowing again is lost. Each end of the application would instruct TCP to
deals with this by keeping track of the connection would then be stalled, close the other half of the connection
acknowledgements for the data it waiting for the other to do something. using an identical procedure.
sends. If an acknowledgement is not Acknowledgements are not them-
received within an interval deter- selves ACKed, so the retransmission Click here for the third part
of this article

“An acknowledgement delay of anything


up to 500 ms can be specified in the PCNA
hope that within that time some data
will need to be sent the other way,
and the acknowledgement can The Author
Julian Moss is a freelance IT writer
piggyback along with it.” and software developer. He can be
contacted as [email protected].

File: C04100.8 PC Network Advisor Issue 88 (October 1997) Page 16


Recent Reviews from Tech Support Alert

Reviews of the Best Windows Backup Software


In this detailed comparative review, we checked out eighteen backup software
utilities designed for home or SOHO use. Many of the products reviewed
were disappointing. However 6 products passed our tests with flying colors
and 2 of these were so impressive, they were awarded our “Editor’s Choice.”

Suppliers of Cheap Inkjet Printer Cartridges Reviewed and Rated


With hundreds of companies all claiming to have the “cheapest and best inkjet
printer cartridges,” our editors decided to put their claims to the test. Not
unexpectedly, many suppliers flunked but we did manage to come up with a
number of web sites that sell good quality inkjet printer cartridges at heavily
discounted prices.

The Best Anti Trojan Software


Our editors took a close look at the 6 leading anti-trojan/trojan remover
software utilities. Unfortunately, they found only 2 products that were effective
in their ability to detect and remove dangerous modern polymorphic and
process injecting trojans.

The 46 Best Ever Freeware Utilities


This is our Editor, Ian “Gizmo” Richards, personal selection of the best
freeware utilities. He’s hunted down some real gems, many of which perform
better than expensive commercial products.

Tech Support Alert


http://www.techsupportalert.com
Connectivity:Overview

Understanding TCP/IP

TCP/IP, the ubiquitous network protocol, is actually a four-layer suite of protocols and is well
worth gaining an understanding of. The third instalment of our four-part article.
By Julian Moss

n the previous instalment of this pens many time servers do support communicate with each other. Com-
article [PCNA 88, File C04100] we connections using TCP as well. TCP’s munication may be infrequent and
I looked at the transport layer pro-
tocols of the TCP/IP suite: User Data-
built in reliability is of little use in this
application, because by the time the
sporadic, and the amount of informa-
tion exchanged small. Usually a com-
gram Protocol (UDP) and Transmi- protocol decides that the message may mand sent by the manager will
ssion Control Protocol (TCP). We saw have been lost and re-sends it, the in- generate just a single response.
that UDP is an unreliable, connection- formation it contained will be out of SNMP uses UDP. This avoids the
less protocol suitable for transferring date. UDP is the most suitable protocol overhead of having to maintain con-
small amounts of data and for broad- for real-time applications like this, and nections between the SNMP manager
cast and multicast applications, and others like audio, video and network and each agent. Because the communi-
we saw that TCP implements reliabil- gaming. cation protocol consists essentially of a
ity mechanisms and requires clients to request for data and a reply containing
establish a connection with a server SNMP the data requested, UDP’s lack of reli-
before data can be transferred. This ability is not a problem. Reliability is
month we will examine some of the A slightly more complex UDP ap- easily implemented within the SNMP
application-layer protocols, how they plication is Simple Network Manage- manager by re-sending a request if no
work, and how they exploit the char- ment Protocol (SNMP). It allows response is received within a certain
acteristics of UDP and TCP. applications to glean information period.
about how various elements of the net- The main function of SNMP is to al-
Time work are performing, and to control lowthemanagertogetinformationfrom
the network by means of commands tables maintained by the agents. The ta-
A network time service is one of the sent over it rather than by physical bles are known as the Management In-
simplest possible Internet applica- configuration of equipment. formation Base (MIB). The MIB is
tions. It tells you the time as a 32-bit In SNMPtherearetwodistinctcom- divided into groups, each containing in-
value, giving the number of seconds ponents, the SNMP manager and formation about a different aspect of the
that have elapsed since midnight on SNMP agents. A manager can commu- network. Examples of the information
1st January 1900. nicate withmany agents. Typically,the that the MIB may contain include the
Time servers use the well-known SNMP manager would be an applica- name, type and speed of a network in-
port number 37. When your time client tion running on the network man- terface, a component’s physical location
opens UDP port 37 on the server, the ager’s console, and agents will run on and the contact person for it, and statis-
server responds by sending the four user workstations, in hubs, routers and tics such as the number of packets sent
bytes of time information. other pieces of network hardware. andthenumberthatwereundeliverable.
For such a simple transaction UDP All communication is between the
is perfectly adequate, though as it hap- manager and an agent. Agents don’t Object IDs
Data is addressed using object IDs.
These are written as sequences of num-
“A network time service is one of the bers separated by periods, rather like
long IP addresses. Each number going
simplest possible Internet applications. It from left to right represents a node in
a tree structure, with related informa-
tells you the time as a 32-bit value, giving tionbeing groupedinonebranchofthe
tree. There are standardised object IDs
the number of seconds that have elapsed for commonly used items of informa-
tion, and also a section for vendor-spe-
since midnight on 1st January 1900.” cific information. The assignment of
object IDs is controlled by the Internet
Assigned Numbers Authority (IANA).

Issue 91 (January 1998) Page 13 PC Network Advisor File: C04100.9


Connectivity:Overview

connected terminal. It is a client/serv-


“Most SNMP messages have a fixed er application. The server runs on a
host on which applications are run-
format. In a typical transaction, ning, and passes information between
the applications and the Telnet clients.
an SNMP manager will send a UDP The well-known port number for Tel-
net servers is TCP port 23.
datagram to port 161 on a host running Telnet clients must convert the user
data between the form in which it is
an SNMP agent.” transmitted and the form in which it is
displayed. This is the difficult part of
the application, the terminal emula-
tion, and has little to do with the Telnet
protocol itself. Telnet protocol com-
Most SNMP messages have a fixed
format. In a typical transaction, an
Message Types mands are principally used to allow
the client and server to negotiate the
SNMP manager will send a UDP data- One problem with SNMP version 1 display options, because Telnet clients
gram to port 161 on a host running an is that the maximum size of a message and servers don’t make assumptions
SNMP agent. The datagram has fields is 512 bytes. This limit was chosen so about each other’s capabilities.
for the type of message (in this case a that the UDP datagram in which it is TCP provides the reliability for Tel-
get-request message), the transaction sent falls within the limit (576 bytes) net, so neither the client nor the server
ID (which will be echoed in the re- that all TCP/IP transports are guaran- need be concerned about re-sending
sponse so that the manager can match teed to pass. The error status value will data that is lost, nor about error check-
up requests with the data received), indicate if the information requested is ing. This makes the Telnet protocol
and a list of object ID/value pairs. In too big. Typically, this can occur when very simple. There is no special format
the get-request message the object IDs asking for text-based information, for TCP segments that contain com-
specify the information requested and which is returned as strings of up to mands - they simply form part of the
the value fields are empty. 255 characters in length. data stream.
The agent will respond with a data- SNMP version 2 adds two new mes- Data is sent, usually as 7-bit ASCII,
gram in which the message type field sage types. Get-bulk-request provides in TCP packets (which you may recall
is get-response. An error status field a way to retrieve larger amounts of are called segments). A byte value of
will indicate whether the request has data than version 1 can handle, and 255, “interpret as command” (IAC),
been fulfilled, or whether an error such inform-request allows SNMP manag- means that the bytes which follow are
as a request for a non-existent object ID ers to communicate with one another. to be treated as Telnet commands and
occurred. The same list of object ID / SNMP 2 also adds security features not user data. This is immediately fol-
value pairs as in the get-request mes- which can be used to help ensure that lowed by a byte that identifies the com-
sage will be returned, but with the information is passed only to agents mand itself, and then a value. Many
value fields filled in. authorised to receive it. commands are fixed length, so the byte
There are five types of message in after that, if not another IAC, would be
SNMP version 1. Apart from get-re-
quest and get-response there is set-re-
Telnet treated as user data. To send the byte
255 as data, two consecutive bytes of
quest, used by the SNMP manager to Telnet is a terminal emulation ap- value 255 are used.
initialise a value, and get-next-request. plication that enables a workstation to Some commands, such as those that
The latter is a bit like listing a directory connect to a host using a TCP/IP link include text values, arevariablelength.
with a wildcard file spec, in that it and interactwithitasifitwasadirectly These are implemented using the sub-
returns a list of all the available object
IDs in a particular group.
The fifth message type, trap, is used
by SNMP agents to signal events to the
SNMP manager. These messages are
“Telnet clients must convert the user
sent to UDP port 162. Trap messages
have a format of their own. This in-
data between the form in which it is
cludes a trap type field which indicates
the type of event being signalled: for
transmitted and the form in which it
example, the agent initialising itself or
the network device being turned off.
is displayed. This is the difficult part
There is a vendor-specific trap type
which allows vendors to define traps
of the application.”
for events of their own choosing.

File: C04100.10 PC Network Advisor Issue 91 (January 1998) Page 14


Connectivity:Overview

TCP/IP

responds to single keystrokes rather


than whole lines of input.
“Telnet allows you to interact with an The urgent flag and urgent pointer
in a TCP segment come into use when
application running on a remote a Telnet terminal user presses the
Break key to interrupt a process on the
computer, but it has no facility for host. Break is converted by the Telnet
client into two Telnet commands
enabling you to copy a file from that which are sent to the server: IP (inter-
rupt process) followed by DO <timing
computer’s hard disk to yours.” mark> (again, we use angle brackets to
indicatea byte representing anoption).
The server responds to the latter with
WILL <timing mark> followed by a
option begin (SB) and sub-option end the host application the Telnet server DM (data mark) command. The urgent
(SE) command bytes. These command will send WILL <echo> to the client, pointer is set to point to the DM com-
bytes enclose the variable length data which will agree to this by sending DO mand byte, so even if flow control has
like parentheses. <echo>. This option can be changed halted the transmission of normal data
The principal Telnet commands during a session to suppress the dis- this command will still be received.
used to negotiate the display options play of password characters. Data mark is a synchronisation marker
when a client connects to a server are Another Telnet option to be negoti- which causes any queued data up to
WILL (sender wants to enable this op- ated is the transmission mode. The that point to be discarded.
tion), WONT (sender wants to disable usual mode is character-at-a-time Most of the data that passes be-
this option), DO (sender wants the re- mode, where each character typed at tween client and server during a Telnet
ceiver toenablethisoption)andDONT the terminal is echoed back by theserv- session is user input and application
(sender wants the receiver to disable er unless the host application specifi- data. The important thing to realise is
this option). cally turns echoing off. You can tell that Telnet does not package up this
To see how this works, consider an when character-at-a-time mode is be- data with additional headers or control
example. You start your Telnet client, ing used because there is a delay be- information: it is simply passed di-
which is configured to emulate a VT tween a key being pressed and a rectly to TCP. One side effect of this is
220 terminal, and connectto ahost.The character appearing in the terminal that you can use a Telnet client to talk
client sends WILL <terminal-type> window. to other TCP applications that use AS-
(where <terminal-type> is the byte The main alternative to character- CII-based protocols simply by con-
value representing the terminal type at-a-time mode is line mode. In this necting to the appropriate port.
display option) to say that it wants to mode, the client displays the charac- Though it might not normally be sen-
control what terminal type to use. The ters typed and provides line editing sible to do this, it can be a useful trou-
server will respond with DO <termi- capabilities for the user. Only com- bleshooting tool.
nal-type> to show that it is happy for pleted lines are sent to the server. Line
the client to control this option. mode is used by some mainframe ter- Finger
Next the server will send SB <termi- minal emulations. Again, it is possible
nal-type> <send> SE. This is an invita- to switch modes during a Telnet ses- Finger is a simple example of a
tion to the client to tell the server what sion if it is required to interact with an TCP/IP application that uses an AS-
its terminal type is: <send> is a byte application running on the host that CII-based protocol. A Finger server is
that means “send the information”.
The client responds with SB <terminal-
type> <is> VT 220 SE (<is> is a byte
that indicates that the requested infor-
mation follows) and so the server is
“The well-known Finger port is TCP
informed of the terminal emulation
that the client will be using.
port 79. A Finger client opens this port
Client and server will negotiate
various other options at the start of a
and then sends a request, which is
connection. Certain options may also
be changed during the Telnet session.
either a null string or a user name.
The echo option determines whether
or not characters that are sent by the
The server responds by sending some
clientareechoed onthedisplay, and by
which end. If characters that are typed
text and closing the connection.”
at the terminal are to be echoed back by

Issue 91 (January 1998) Page 15 PC Network Advisor File: C04100.11


Connectivity:Overview

a program that supplies information to FTP is unusual compared to other second, LIST, causes the server to open
arequestingclient.Theinformationsup- TCP applications in that it uses two the specified port, send the directory
plied usually relates to the user accounts TCP connections. A control connection list, and close it again.
on a host, though many ISPs use Finger is made to the well-known FTP port The sequence for downloading a
servers to provide status information. number 21, and thisisusedtosendFTP file is very similar to that for obtaining
The well-known Finger port is TCP commands and receive replies. A sepa- a directory list. First, a PORT com-
port 79. A Finger client opens this port rate data connection is established mand is used to specify the data con-
and then sends a request, which is whenever a file or other information is nection port, and then the command
either a null string or a user name. The to be transferred, and closed when the “RETR filename” is sent to specify the
server responds by sending some text data transfer has finished. Keeping file to be retrieved. The server opens
and closing the connection. If a null data and commands separate makes the data port and sends the data, which
string was sent you may receive infor- life easier for the client software, and the client writes to the hard disk. The
mation about all users known to the means that the control connection is server closes the TCP connection to the
system; a user name will return infor- always free to send an ABOR (abort) data port when the file transfer has
mation about that specific user. command to terminate a lengthy data finished, which is the signal to the cli-
For security reasons many organi- transfer. ent to close the newly-created file.
sations do not run Finger servers, or FTP commands are sent in plain 7-
have them reply with a standard mes- bit ASCII, and consist of a command of Conclusion
sage whatever the request. From our up to 4 characters followed by zero or
perspective the point of interest is that more parameters (those familiar with Since you are unlikely to be asked
the protocol is pure ASCII text, as you text mode FTP clients like that sup- to write your own client or server there
can verify by connecting to a Finger plied with Microsoft TCP/IP may find is little to be gained from looking at
server using a Telnet client. it curious that FTP commands are not these application protocols in more de-
the same as the commands given to the tail. However, it is hoped that some
File Transfer Protocol FTP client). The replies consist of a
three digit number followed by an op-
useful insights into the working of In-
ternet applications can be gained from
Telnet allows you to interact with tional text explanation, for example, these brief descriptions of how a few of
an application running on a remote “250 CWD command successful”. The them work.
computer, but it has no facility for ena- numbers are for easy interpretation by Perhaps the most striking thing
bling you to copy a file from that com- FTP client software, the explanations about the protocols that use TCP is
puter’s hard disk to yours, nor for you are for the benefit of the user. how simple they are. Because the
to upload files to the remote system. It is instructive to see what happens lower protocol levels take care of reli-
That function is carried out using File during a simple FTP session. When ability, routing and physical transfer
Transfer Protocol (FTP). you connect to the FTP server (TCP matters, the application protocol need
The FTP specification caters for sev- port 21) it sends its welcome message concern itself only with things relating
eral different file types, structures and prefixed by the numeric code 220. The to the application. This, of course, is the
transfer modes, but in practice FTP im- FTP client prompts you for your user- whole pointof using a layered protocol
plementations recognise either text files name, which it then sends using the stack.
or binary files. Text files are converted FTP command “USER username”. The
from their native format to 7-bit ASCII server may respond with “331 Need Click here for the final part
with each line terminated by a car- password for username”. The client of this article
riage-return, line-feed pair for trans- detects this, prompts you for the pass-
mission. They are converted back to word and sends this to the server using
the native text file format by the FTP the command “PASS password”. If the
client. FTP therefore provides a cross- password is correct the client will re-
platform transfer mechanism for text ceive the response “230 Access
files. Binary files are transmitted ex- granted”. PCNA
actly as-is. The next thing you might do is type
Data is transferred as a continuous DIR, to list the current directory on the
stream of bytes. The TCP transport server. This command to the client re-
protocol provides all the reliability, sults in two FTP commands being is-
making sure that data that is lost is sued to the server. The first, “PORT
re-sent and checking that it is received x,x,x,x,y1,y2” tells the server the IP ad-
correctly. It is worth noting that error dress (x.x.x.x) and port number (y1 * The Author
detection uses a simple 16-bit check- 256 + y2) to use for the data connection. Julian Moss is a freelance writer
sum so the probability of undetected The port number is one in the range and software developer. The URL
errors is high compared to a file trans- 1024 to 4999, a range used for ephem- of his Web site is http://www.jm-
fer protocol like Zmodem which uses eral connections (those that are used tech.com/.
a 32-bit CRC. briefly for some specific purpose). The

File: C04100.12 PC Network Advisor Issue 91 (January 1998) Page 16


Recent Reviews from Tech Support Alert

Reviews of the Best Windows Backup Software


In this detailed comparative review, we checked out eighteen backup software
utilities designed for home or SOHO use. Many of the products reviewed
were disappointing. However 6 products passed our tests with flying colors
and 2 of these were so impressive, they were awarded our “Editor’s Choice.”

Suppliers of Cheap Inkjet Printer Cartridges Reviewed and Rated


With hundreds of companies all claiming to have the “cheapest and best inkjet
printer cartridges,” our editors decided to put their claims to the test. Not
unexpectedly, many suppliers flunked but we did manage to come up with a
number of web sites that sell good quality inkjet printer cartridges at heavily
discounted prices.

The Best Anti Trojan Software


Our editors took a close look at the 6 leading anti-trojan/trojan remover
software utilities. Unfortunately, they found only 2 products that were effective
in their ability to detect and remove dangerous modern polymorphic and
process injecting trojans.

The 46 Best Ever Freeware Utilities


This is our Editor, Ian “Gizmo” Richards, personal selection of the best
freeware utilities. He’s hunted down some real gems, many of which perform
better than expensive commercial products.

Tech Support Alert


http://www.techsupportalert.com
Connectivity:Overview

Understanding TCP/IP

We conclude our four-part article looking in depth at the TCP/IP protocol.


Here, we examine the difference between the SMTP and POP3 email protocols.
By Julian Moss

n this series of articles we have serves a group of users such as all those- messages would make this impractical
looked at the TCP/IP suite of pro- int one domain. The server receives all - so this is about the only way ISPs can
I tocols, beginning with the link
layer and progressing by stages to the
mail intended for its users and then
allows them to collect it using POP3
prevent non-subscribers such as spam-
mers from using their mail servers to
application layer. We have seen how (Post Office Protocol version 3) or some send out messages.
each layer relies upon the layers below other mail protocol. Similarly, most Having received the correct ac-
it, so that network applications can be SMTP clients send messages to a single knowledgement the sender signs on to
written without needing to take ac- server, whose job it is to relay those mes- the server by sending the string
count of considerations such as how sages on to their eventual recipients. “HELO hostname”. HELO is the sign-
the network is constructed or what An SMTP transaction begins when on command and hostname is the
type of hardware or cabling is used. the sender client opens a TCP connec- name of the host. As we will see, the
A striking point about many of the tion with the receiver using the well- hostname is used in the Received:
application layer protocols is how sim- known port number 25. The server header which the server adds to the
ple they are. The protocols based on acknowledges the connection by send- message when it sends it on its way.
TCP mostly use commands and re- ing back a message of the form “220 This information allows the recipient
sponses in plain ASCII text, making SMTP Server Ready”. SMTP uses a to trace the path taken by the message.
them easier for a user to understand similar format of replies to ftp, which
and for a programmer to implement. we looked at previously. The three- Sending
For further illustration we shall look at digit code is all the client software
the two protocols that you may use needs to tell if everything is going OK. Once the sender gets a “250 OK”
every day to send and receive Internet The text is there to help the humans acknowledgement it can start sending
email: SMTP and POP3. who might be troubleshooting a prob- messages. The protocol is extremely
lem by analysing a log of the transac- simple. All the sender has to do is say
SMTP tion. The box “Application Protocol
Reply Codes” provides more informa-
who the message is from, who it is to,
and supply the contents of the mes-
Simple Mail Transfer Protocol tion about message reply codes. sage.
(SMTP) is one of the most venerable of An SMTP relay server might refuse Who a message is from is specified
the Internet protocols. Designed in the a connection by sending back a mes- with the command “MAIL FROM: <ad-
early 1980s, its function is purely and sage with a “421 Service not available” dress>”. This command also tells the re-
simply to transfer electronic mail reply code. For example, an Internet ceiver that it is about to receive a new
across and between networks and Service Provider’s SMTP server pro- message, so it knows to clear out its list
other transport systems. As such, its vided for use by its subscribers to relay of recipients. The address in the angle
use need not be restricted to systems outgoing mail might refuse a connec- brackets (which are required) is the
that useTCP/IP.Any communications tion from a host whose IP address in- return path for themessage. Thereturn
system capable of handling lines of up dicates that it is not a subscriber to that path is the address that any error re-
to 1,000 7-bit ASCII characters could be ISP. SMTP has no form of access con- port - such as would be generated if the
used to carry messages using SMTP. trol - the way it can be used to relay message is undeliverable - is sent to.
On a TCP/IP network, however, TCP
provides the transport mechanism.
In SMTP the sender is the client, but
a client may communicate with many
different servers. Mail can be sent di-
“SMTP uses a similar format of
rectly from the sending host to the re-
ceiving host, requiring a separate TCP
replies to ftp, which we looked at
connection to be made for each copy of
each message. However, few mail re-
previously. The three- digit code is
cipients run their own SMTP servers.
It is more usual for the destination
all the client software needs.”
of an SMTP message to be a server that

Issue 93 (March 1998) Page 15 PC Network Advisor File: C04100.13


Connectivity:Overview

It is valid for the return path to be


null, as in “MAIL FROM: <>”. This is
typically used when sending an error “The return path is the address that any
report. A null return path means that
no delivery failure report is required. error report - such as would be generated
Its main purpose is to avoid getting
into the situation in which delivery fail-
ure messages continually shuttle back
if the message is undeliverable - is sent to.”
and forth because both sender and re-
cipient addresses are unreachable.
The recipients of a message are de- will not appear in the headers at all. lookup on it. However, a mail server
fined using the command “RCPT TO: Each recipient is acknowledged intended to receive messages for local
<address>”. Each address is enclosed with a “250 OK” reply. A recipientmay users only would reject recipients that
in angle brackets. A message may have also be rejected using a reply with a 550 aren’t at that domain.
many recipients, and an RCPT TO: reply code. This depends on how the Other replies may be received in
command is sent for each one. It is the server has been configured. Dial-up response to RCPT TO: messages as a
RCPT TO: command, not anything in ISP SMTP relay servers may accept result of the SMTP server being help-
the message headers, that results in a every RCPT TO: command, even if the ful. If an address is incorrect but the
message arriving at its destination. In address specified is invalid, because server knows the correct address it
the case of blind carbon copies or list the server doesn’t know that the ad- could respond with “251 User not lo-
server messages the recipient address dress is invalid until it does a DNS cal; will forward to <address>” or “551
User not local; please try <address>”.
Note the different reply codes signify-
Application Protocol Reply Codes ing whether the server has routed the
message or not. These replies aren’t
Many Internet application layer protocols which are based on ASCII text common, and a mail client may simply
commands use a system of replies in which an initial three-digit code treat the 551 response as an error,
provides the essential status information. Each digit has a particular mean- rather than try to parse the alternative
ing, as shown below. address out of the reply text.
First Digit For the sake of completeness it
should be pointed out that RCPT TO:
1xx: Positive Preliminary Reply. Command accepted but held awaiting a commands may specify routes, not
further confirmation command (continue or abort). merely addresses. A route would be
2xx: Positive Completion Reply. Command completed. Awaiting next com- expressed in the form “RCPT TO:
mand. <server1,server2:someone@server3>”.
Today this capability is rarely needed.
3xx: Positive Intermediate Reply. Command accepted but held awaiting
further information (such as a password). Message Text
4xx: Transient Negative Completion Reply. Command not accepted due to Once all the recipients have been
a temporary error condition (such as an HTTP server busy). The command specified, all that remains is for the
may be tried again later. sender to send the message itself. First
5xx: Permanent Negative Completion Reply. Command not accepted due to it sends the command “DATA”, and
a permanent error condition. The command is unlikely to be accepted if then waits for a reply like: “354 Start
repeated later. mail input; end with <CRLF>.-
<CRLF>”. The message is then sent as
Second Digit a succession of lines of text. No ac-
x0x: Syntax Error. For example, command unimplemented or valid but knowledgement is received for each
incorrect in the circumstances. line, though the sender needs to watch
for a reply that indicates an error con-
x1x: Information. The text following the code contains the answer to an dition.
information request. The end of the message is, as indi-
x2x: Connections. Message reply relates to the communications channel.
cated by the reply shown above, a pe-
riod (full stop) on a line of its own.
x5x: Server. Message reply relates to the state of the server. Thus, one of the simplest but most es-
sential things that a mail client must do
Third Digit is ensure that a line containing a single
Used to distinguish individual messages. period does not appear in the actual
text.

File: C04100.14 PC Network Advisor Issue 93 (March 1998) Page 16


Connectivity:Overview

TCP/IP

The end of the message is acknow-


ledged with “250 OK”.
It’s worth noting that SMTP isn’t in “As with the other text-based application
the least bit interested in the content of
the message. It could be absolutely protocols you can connect with a
anything, though strictly speaking it
should not contain any characters with POP3 server using a Telnet terminal
ASCII values in the range 128 to 255,
and lines of text may not exceed 1,000 emulator and interact with it using
characters. There is no requirement for
the headers to show the same sender
and recipient addresses that were used
POP3 commands.”
in the SMTP commands, which makes
it easy to make a message appear to
have come from someone other than
the true sender. liver a message to the next (or final) tion of commands. This is simpler than
host in the chain, it will try at ever- the numeric codes used by SMTP and
Tracking lengthening intervals over a period of other protocols: software need only
a few days before giving up and send- check the first character for a plus or a
When a message is relayed by the ing a delivery failure notification to the minus. The text that may appear after
server it inserts a “Received:” header return path address. a “+OK” is a prompt for what to do
at the start of the message showing the SMTP offers no way for the recipi- next. After “-ERR” it is an error de-
identity of the host that sent the mes- ent to prompt a server into sending scription. The exact content of the text
sage, its own host name, and a time mail that it is trying to deliver. If a may vary between server implementa-
stamp. Each SMTP server that a mes- recipient connects to the Internet infre- tions.
sage passes through adds its own “Re- quently their server may never be ac-
ceived:” header. Thus it is possible to tive at the right time. In this case the
track the path taken by a message. Al- mail will eventually bounce. To Access The Server
though this won’t identify the sender SMTP is rather like a courier deliv- A POP3 server holds people’s per-
it may shed some light on whether or ery service. If you aren’tinwhen itcalls sonal mail, so unsurprisingly you need
not the address the message is appar- then, after a couple of re-delivery at- to enter a user name and a matching
ently from is in fact the true one. tempts, the message is returned to the password before you can gain access to
After the “250 OK” that acknow- sender. Post Office Protocol version 3 it. To log in you must send “USER
ledges the end of the message, the (POP3) - as the namesuggests- lets you username”. A “+OK” response shows
sender can start again with a new mes- have your mail held at the post office that the user name is valid. You must
sage by sending a new “MAIL FROM:” so you can collect it at a time of your then send “PASS password”. If the
command or it can sign off from the own choosing. password is correct you will receive
server using “QUIT”. A 221 reply will POP3 is another TCP application, another positive acknowledgement in
be received in response to the QUIT and uses the well-known port number a reply like “+OK username has two
command. 110. As with the other text-based appli- message(s) (914 octets)”. “-ERR” re-
SMTP servers should support two cation protocols you can connect with plies may be received if the user name
further commands for a minimum im- a POP3 server using a Telnet terminal is not known, the password is incorrect
plementation. NOOP does nothing, emulator and interact with it using or the server is for some reason unable
but should provoke a “250 OK” reply. POP3 commands. This can sometimes to open a user’s mailbox.
RSETaborts thecurrentmessagetrans- be useful, as for example to manually Once a client is successfully logged
action. There are other commands delete a corrupt message that crashes a in it can issue several different com-
such as HELP which are really only of mail client whenever it is downloaded. mands which allow it to find out how
interest tothosetrying to communicate (However, don’t try connecting to many messages are waiting and how
with SMTP servers interactively and your ISP’s port 110 and sending ran- big they are, and to download the mes-
are therefore not really relevant to un- dom commands without permission. sages and delete them from the server.
derstanding how the protocol works in Their automatic hacker detection sys- The “STAT” command returns the
day-to-day use. tems might spring into operation and number of messages waiting (mw) and
you may well be asked to explain what their total size in bytes (sb), as a re-
POP3 you’re doing.)
On connecting to the server, the
sponse in the form “+OK mw sb”. Note
that this is the same information given
SMTP is capable of delivering mail server should respond with the mes- in the login acknowledgement, but in
direct to the recipient’s desktop, but in sage “+OK POP3 server ready”. POP3 a form (two numbers separated by a
practice it isn’t the ideal protocol for uses “+OK” and “-ERR” at the start of single space) that is easier for the client
this. If an SMTP relay is unable to de- replies to indicate acceptance or rejec- software to process.

Issue 93 (March 1998) Page 17 PC Network Advisor File: C04100.15


Connectivity:Overview

net client, also makes it easy to write


“SMTP is rather like a courier delivery client software using just about any
programming language that can send
service. If you aren’t in when it calls then, and receive text using TCP.
This simplicity is in stark contrast to
after a couple of re-delivery attempts, the many other network architectures
which require the use of proprietary
message is returned to the sender.” APIs and languages that support com-
plex data structures.
Conclusion
The command “LIST” can be used The command must include a message In this article it has only been possi-
to determine the size of each message. number (mn). After an “+OK” ac- ble to give an overview of the most
After the “+OK” the server sends, on knowledgement the server sends the important protocols used on the In-
separate lines, the message numbers whole message. Again, the end of the ternet. The full specifications of these
(mn) and the message sizes (ms) sepa- message is indicated by a line contain- and other Internet protocols can be
rated by a space. Waiting messages are ing just a period. found in Requests For Comments
numbered sequentially, starting from (RFCs) published by the Network
1. The command “LIST mn” can be Wiping Working Group. RFCs are freely avail-
used to find out the size of a specific able for download from the Internet.
message. The LIST command is typi- The command “DELE mn” is used Anyone interested in finding out more
cally used by mail clients that imple- to delete a message. In fact, the DELE about TCP/IP, and particularly in im-
ment a user-defined restriction on the command only marks messagesfor de- plementing their own TCP/IP applica-
size of messages that will be down- letion. Any messages marked for dele- tions, should obtain and study the
loaded, or those that want to display a tion during a session may be undeleted RFCs for the protocols concerned.
progress indicator that shows how by issuing an “RSET” command. The However, even if you never have to
much of each message has been down- messages are only deleted once the cli- write your own Internet software it is
loaded. ent has closed the POP3 session by hoped that this article has piqued your
POP3 provides no commands that issuing a “QUIT” command. If a client interest, and contributed to a better un-
enable a client to find out the subject of never gets to close a session properly derstanding of how TCP/IP and the
a message or who it is from. However, because the connection is lost or timed Internet really work.
the TOP command lets the client out then you may find some messages
download a message’s headers and a being downloaded again the next time
specified number of lines from the you connect to the server.
message body, from which this infor- In order toavoid downloadingmes-
mation may be obtained. TOP is an sages twice, a POP3 client can use the
optional POP3 command but its imple- command “UIDL” or “UIDL mn” to
mentation is strongly recommended. obtain unique, server-generated IDs
The format of the command is “TOP for each message. By storing the UIDLs
mn nl” where mn is the message
number and nl the number of lines
of downloaded messages in a file, a
client can easily determine whether a PCNA
required. Theresponseis“+OK”(if mn message on the server has been pre-
is valid) followed by a partial down- viously retrieved or not.
load of the message. The end of the Implementation of the UIDL com-
download is indicated by a line con- mand is optional, but most POP3 serv-
taining a single period (full stop). ers seem to support it and most mail
Some spam filtering software - clients use it.
which kills unwanted messages with-
out downloading them - uses the TOP Benefits
command to determine whether a
message meets the criteria for being SMTP and POP3 are two of the most
killed or not. However, the time taken commonly-used Internet protocols, The Author
to get this information for every mes- which is why we have devoted this Julian Moss is a freelance writer
sage may exceed the time it would article to looking at them in some de- and software developer with ex-
have taken simply to download the tail. Their text-based nature, which perience of developing TCP/IP
spam and delete it later. makes it possible to send and receive client software. He can be con-
The command “RETR mn” is used messages by communicating with a tacted as [email protected].
to retrieve messages from the server. server interactively using a simple Tel-

File: C04100.16 PC Network Advisor Issue 93 (March 1998) Page 18


Additional Resources

! IPv6 Explained
! The OSI 7 Layer Model Explained
! Understanding Frame Relay
! Understanding DHCP
! Virtual Private Networking Explained

All these articles are available free online now at


www.pcnetworkadvisor.com

PCNA

Copyright ITP, 2002

PC Network Advisor
www.pcnetworkadvisor.com
Recent Reviews from Tech Support Alert

Reviews of the Best Windows Backup Software


In this detailed comparative review, we checked out eighteen backup software
utilities designed for home or SOHO use. Many of the products reviewed
were disappointing. However 6 products passed our tests with flying colors
and 2 of these were so impressive, they were awarded our “Editor’s Choice.”

Suppliers of Cheap Inkjet Printer Cartridges Reviewed and Rated


With hundreds of companies all claiming to have the “cheapest and best inkjet
printer cartridges,” our editors decided to put their claims to the test. Not
unexpectedly, many suppliers flunked but we did manage to come up with a
number of web sites that sell good quality inkjet printer cartridges at heavily
discounted prices.

The Best Anti Trojan Software


Our editors took a close look at the 6 leading anti-trojan/trojan remover
software utilities. Unfortunately, they found only 2 products that were effective
in their ability to detect and remove dangerous modern polymorphic and
process injecting trojans.

The 46 Best Ever Freeware Utilities


This is our Editor, Ian “Gizmo” Richards, personal selection of the best
freeware utilities. He’s hunted down some real gems, many of which perform
better than expensive commercial products.

Tech Support Alert


http://www.techsupportalert.com

You might also like