Unit 4- TCP/IP Protocol Suite

Transmission Control Protocol (TCP)

Internet Protocol (IP)
The entire IP suite -- a set of rules and procedures -- is
commonly referred to as TCP/IP. TCP and IP are the two
main protocols, though others are included in the suite.
Transmission Control Protocol (TCP) is a standard that defines
how to establish and maintain a network conversation by which
applications can exchange data. TCP works with the Internet
Protocol (IP), which defines how computers send packets of data
to each other.
4.1 Host to Network layer protocol
The host-to-network layer is the lowest layer of the TCP/IP
model and is concerned with the physical transmission of data. It
is also called a network interface layer or link layer. It can be
considered as the combination of physical layer and data link
layer of the OSI model.
The functions of this layer are −
It defines how bits are to be encoded into optical or electrical pulses.
It accepts IP packets from the network layer and encapsulates them into
frames. It synchronizes the transmission of the frames as well as the bits
making up the frames, between the sender and the receiver.
It states the transmission mode, i.e. simplex, half duplex or full duplex
It states the topology of the network, i.e. bus, star, ring etc.

The protocols that this layer supports are −

Ethernet
Frame Relay
Token Ring
ATM
The following diagram depicts the host-to-network layer in the TCP/IP protocol suite −

The following diagram depicts the host-to-network layer in the TCP/IP protocol suite −
SLIP-
The Serial Line Internet Protocol (SLIP) is an encapsulation of
the Internet Protocol designed to work over serial ports and
modem connections. SLIP has been largely replaced by the
Point-to-Point Protocol (PPP), which has more features and does
not require a predefined IP address configuration. SLIP stands for
Serial Line Internet Protocol.
SLIP is an Internet protocol that allows users to gain Internet
access using a computer modem.
SLIP defines a sequence of characters that frame IP packets on a
serial line and nothing more. It provides no addressing, packet
type identification, error detection/correction or compression
mechanisms.
Advantages
1.It can allow different combinations of network configurations
such as host-host, host-router, router-router etc.
2.It can be easily used in microcontrollers because of small
overhead.
3.It is easy to implement being a basic packet protocol and due to
wide application of TCP/IP.
Disadvantages
1.It does not perform any authentication of data and IP addresses
cannot be dynamically assigned while using SLIP.
2.SLIP provides no type identification method. The type of
protocol sent cannot be detected. Hence, only one protocol can
run over a SLIP connection.
3.It has no error detection or correction mechanism in data
transmission.
4.A SLIP connection provides no mechanism for hosts to
communicate addressing information.
5.SLIP provides no compression features to improve packet
throughput. CSLIP was a variant used for same purpose but it
could not achieve wide application.
PPP-
Point - to - Point Protocol (PPP) is a communication
protocol of the data link layer that is used to transmit
multiprotocol data between two directly connected (point-
to-point) computers. It is a byte - oriented protocol that is
widely used in broadband communications having heavy
loads and high speeds. Since it is a data link layer
protocol, data is transmitted in frames. It is also known as
RFC 1661.
Services Provided by PPP
•Defining the frame format of the data to be transmitted.
•Defining the procedure of establishing link between two points
and exchange of data.
•Stating the method of encapsulation of network layer data in the
frame.
•Stating authentication rules of the communicating devices.
•Providing address for network communication.
•Providing connections over multiple links.
•Supporting a variety of network layer protocols by providing a
range os services.
Components of PPP
•Encapsulation Component − It encapsulates the datagram so that it can be
transmitted over the specified physical layer.
•Link Control Protocol (LCP) − It is responsible for establishing, configuring,
testing, maintaining and terminating links for transmission.
•Authentication Protocols (AP) − These protocols authenticate endpoints for
use of services.
• Password Authentication Protocol (PAP)
• Challenge Handshake Authentication Protocol (CHAP)
•Network Control Protocols (NCPs) − These protocols are used for negotiating
the parameters and facilities for the network layer.
• Internet Protocol Control Protocol (IPCP)
• OSI Network Layer Control Protocol (OSINLCP)
• Internetwork Packet Exchange Control Protocol (IPXCP)
• DECnet Phase IV Control Protocol (DNCP)
• NetBIOS Frames Control Protocol (NBFCP)
• IPv6 Control Protocol (IPV6CP)
PPP Frame
PPP is a byte - oriented protocol where each field of the frame is composed
of one or more bytes. The fields of a PPP frame are −
•Flag − 1 byte that marks the beginning and the end of the frame. The bit
pattern of the flag is 01111110.
•Address − 1 byte which is set to 11111111 in case of broadcast.
•Control − 1 byte set to a constant value of 11000000.
•Protocol − 1 or 2 bytes that define the type of data contained in the
payload field.
•Payload − This carries the data from the network layer. The maximum
length of the payload field is 1500 bytes. However, this may be negotiated
between the endpoints of communication.
•FCS − It is a 2 byte or 4 bytes frame check sequence for error detection.
The standard code used is CRC (cyclic redundancy code)
4.2 Internet Layer Protocol
The Internet layer is responsible for logical transmission of data
packets over the internet. It can be compared to the network layer
of the OSI model.

The main functions of the internet layer are −

•It transmits data packets to the link layer.
•It routes each of the data packets independently from the source
to the destination, using the optimal route.
•It reassembles the out-of-order packets when they reach the
destination.
•It handles the error in transmission of data packets and
fragmentation of data packets.
The protocols used in this layer are −
•Internet Protocol, IP − It is a connectionless and unreliable protocol
that provides a best effort delivery service. It transports data packets
called datagrams that travel over different routes across multiple
nodes.
•Address Resolution Protocol, ARP −This protocol maps the logical
address or the Internet address of a host to its physical address, as
printed in the network interface card.
•Reverse Address Resolution Protocol, RARP − This is to find the
Internet address of a host when its physical address is known.
•Internet Control Message Protocol, ICMP − It monitors sending the
queries as well as the error messages.
•Internet Group Message Protocol, IGMP −It allows the transmission
of a message to a group of recipients simultaneously.
The following diagram shows the network layer in the TCP/IP protocol suite −

The following diagram shows the network layer in the TCP/IP protocol suite −
IP
The Internet Protocol (IP) is a set of requirements for addressing
and routing data on the Internet. IP can be used with several
transport protocols, including TCP and UDP. It is a protocol
defined in the TCP/IP model used for sending the packets from
source to destination.
An internet protocol defines two things:
•Format of IP packet
•IP Addressing system
An IP header contains lots of information about the IP packet
which includes:
•Source IP address: The source is the one who is sending the
data.
•Destination IP address: The destination is a host that receives the
data from the sender.
•Header length
•Packet length
•TTL (Time to Live): The number of hops occurs before the packet
gets discarded.
•Transport protocol: The transport protocol used by the internet
protocol, either it can be TCP or UDP.
There is a total of 14 fields exist in the IP header, and one of them
is optional.
ARP
•ARP stands for Address Resolution Protocol.
•It is used to associate an IP address with the MAC
address.
•Each device on the network is recognized by the MAC
address imprinted on the NIC.
• If the host wants to know the physical address of another
host on its network, then it sends an ARP query packet that
includes the IP address and broadcast it over the network.
There are two types of ARP entries:
•Dynamic entry: It is an entry which is created
automatically when the sender broadcast its message to
the entire network. Dynamic entries are not permanent,
and they are removed periodically.
•Static entry: It is an entry where someone manually
enters the IP to MAC address association by using the
ARP command utility.
RARP
•RARP stands for Reverse Address Resolution Protocol.
•If the host wants to know its IP address, then it broadcast the
RARP query packet that contains its physical address to the entire
network. A RARP server on the network recognizes the RARP
packet and responds back with the host IP address.
•The protocol which is used to obtain the IP address from a server
is known as Reverse Address Resolution Protocol.
•The message format of the RARP protocol is similar to the ARP
protocol.
•Like ARP frame, RARP frame is sent from one machine to
another encapsulated in the data portion of a frame.
ICMP
•ICMP stands for Internet Control Message Protocol.
•The ICMP is a network layer protocol used by hosts and routers to send
the notifications of IP datagram problems back to the sender.
•ICMP uses echo test/reply to check whether the destination is reachable
and responding.
•ICMP handles both control and error messages, but its main function is to
report the error but not to correct them.
•An IP datagram contains the addresses of both source and destination, but
it does not know the address of the previous router through which it has
been passed. Due to this reason, ICMP can only send the messages to the
source, but not to the immediate routers.
•ICMP protocol communicates the error messages to the sender. ICMP
messages cause the errors to be returned back to the user processes.
•ICMP messages are transmitted within IP datagram.
The Format of an ICMP message
Network Layer Protocols
The first field specifies the type of the message.
The second field specifies the reason for a particular message type.
The checksum field covers the entire ICMP message.
4.3 Transport layer protocols
Transport layer protocols, namely, Transmission Control
Protocol (TCP) and User Datagram Protocol (UDP), identify
applications communicating with each other by means of port
numbers.
Features Of TCP protocol
•Stream data transfer: TCP protocol transfers the data in the form of contiguous
stream of bytes.
•Reliability: TCP assigns a sequence number to each byte transmitted and
expects a positive acknowledgement from the receiving TCP.
•Flow Control: When receiving TCP sends an acknowledgement back to the
sender indicating the number the bytes it can receive without overflowing its
internal buffer.
•Multiplexing: Multiplexing is a process of accepting the data from different
applications and forwarding to the different applications on different computers.
•Logical Connections: The combination of sockets, sequence numbers, and
window sizes, is called a logical connection. Each connection is identified by the
pair of sockets used by sending and receiving processes.
•Full Duplex: TCP provides Full Duplex service, i.e., the data flow in both the
directions at the same time. To achieve Full Duplex service, each TCP should
have sending and receiving buffers so that the segments can flow in both the
directions.
TCP Segment Format
•Source port address: It is used to define the address of the application
program in a source computer. It is a 16-bit field.
•Destination port address: It is used to define the address of the
application program in a destination computer. It is a 16-bit field.
•Sequence number: A stream of data is divided into two or more TCP
segments. The 32-bit sequence number field represents the position of the
data in an original data stream.
•Acknowledgement number: A 32-field acknowledgement number
acknowledge the data from other communicating devices.
•Header Length (HLEN): It specifies the size of the TCP header in 32-bit
words. The minimum size of the header is 5 words, and the maximum size
of the header is 15 words.
•Reserved: It is a six-bit field which is reserved for future use.
•Control bits: Each bit of a control field functions individually and
independently.
There are total six types of flags in control field:
•URG: The URG field indicates that the data in a segment is urgent.
•ACK: When ACK field is set, then it validates the acknowledgement
number.
•PSH: The PSH field is used to inform the sender that higher
throughput is needed so if possible, data must be pushed with higher
throughput.
•RST: The reset bit is used to reset the TCP connection when there is
any confusion occurs in the sequence numbers.
•SYN: The SYN field is used to synchronize the sequence numbers in
three types of segments: connection request, connection confirmation
( with the ACK bit set ), and confirmation acknowledgement.
•FIN: The FIN field is used to inform the receiving TCP module that the
sender has finished sending data.
UDP
•UDP stands for User Datagram Protocol.
•UDP is a simple protocol and it provides nonsequenced
transport functionality.
•UDP is a connectionless protocol.
•This type of protocol is used when reliability and security
are less important than speed and size.
•UDP is an end-to-end transport level protocol that adds
transport-level addresses, checksum error control, and
length information to the data from the upper layer.
•The packet produced by the UDP protocol is known as a
user datagram.
User Datagram Format
The user datagram has a 16-byte header which is shown below:
Source port address: It defines the address of the
application process that has delivered a message. The
source port address is of 16 bits address.
•Destination port address: It defines the address of the
application process that will receive the message. The
destination port address is of a 16-bit address.
•Total length: It defines the total length of the user
datagram in bytes. It is a 16-bit field.
•Checksum: The checksum is a 16-bit field which is used
in error detection.
Disadvantages of UDP protocol
•UDP provides basic functions needed for the end-to-end
delivery of a transmission.
•It does not provide any sequencing or reordering functions
and does not specify the damaged packet when reporting
an error.
•UDP can discover that an error has occurred, but it does
not specify which packet has been lost as it does not
contain an ID or sequencing number of a particular data
segment.
4.4 Application Layer protocols
FTP-
FTP (File Transfer Protocol) is a network protocol for transmitting
files between computers over Transmission Control
Protocol/Internet Protocol (TCP/IP) connections. Within the
TCP/IP suite, FTP is considered an application layer protocol.
•It provides the sharing of files.
•It is used to encourage the use of remote computers.
•It transfers the data more reliably and efficiently.
Advantages of FTP:
•Speed: One of the biggest advantages of FTP is speed. The FTP
is one of the fastest way to transfer the files from one computer to
another computer.
•Efficient: It is more efficient as we do not need to complete all the
operations to get the entire file.
•Security: To access the FTP server, we need to login with the
username and password. Therefore, we can say that FTP is more
secure.
•Back & forth movement: FTP allows us to transfer the files back
and forth. Suppose you are a manager of the company, you send
some information to all the employees, and they all send
information back on the same server.
Disadvantages of FTP:
•The standard requirement of the industry is that all the FTP
transmissions should be encrypted. However, not all the FTP
providers are equal and not all the providers offer encryption. So, we
will have to look out for the FTP providers that provides encryption.
•FTP serves two operations, i.e., to send and receive large files on a
network. However, the size limit of the file is 2GB that can be sent. It
also doesn't allow you to run simultaneous transfers to multiple
receivers.
•Passwords and file contents are sent in clear text that allows
unwanted eavesdropping. So, it is quite possible that attackers can
carry out the brute force attack by trying to guess the FTP password.
•It is not compatible with every system.
HTTP
•HTTP stands for HyperText Transfer Protocol.
•It is a protocol used to access the data on the World Wide Web
(www).
•The HTTP protocol can be used to transfer the data in the form of
plain text, hypertext, audio, video, and so on
•HTTP is similar to the FTP as it also transfers the files from one
host to another host. But, HTTP is simpler than FTP as HTTP uses
only one connection, i.e., no control connection to transfer the
files.
•HTTP is used to carry the data in the form of MIME-like format.
•HTTP is similar to SMTP as the data is transferred between client
and server.
Features of HTTP:
•Connectionless protocol: HTTP is a connectionless protocol.
HTTP client initiates a request and waits for a response from the
server.
•Media independent: HTTP protocol is a media independent as
data can be sent as long as both the client and server know how to
handle the data content.
•Stateless: HTTP is a stateless protocol as both the client and
server know each other only during the current request.
HTTP Transactions
Messages
HTTP messages are of two types: request and response. Both the
message types follow the same message format.
Request Message: The request Response Message: The response
message is sent by the client that message is sent by the server to the
consists of a request line, headers, client that consists of a status line,
headers, and sometimes a body.
and sometimes a body.
SMTP
Simple Mail Transfer Protocol
SMTP is an application layer protocol. The client who
wants to send the mail opens a TCP connection to the
SMTP server and then sends the mail across the
connection. The SMTP server is an always-on listening
mode. As soon as it listens for a TCP connection from any
client, the SMTP process initiates a connection through
port 25. After successfully establishing a TCP connection
the client process sends the mail instantly.
Communication between sender and the receiver :
The sender’s user agent prepares the message and sends it to the
MTA. The MTA’s responsibility is to transfer the mail across the
network to the receiver’s MTA. To send mails, a system must have
a client MTA, and to receive mails, a system must have a server
MTA.
Some SMTP Commands:
•HELO – Identifies the client to the server, fully qualified domain name, only
sent once per session
•MAIL – Initiate a message transfer, fully qualified domain of originator
•RCPT – Follows MAIL, identifies an addressee, typically the fully qualified
name of the addressee, and for multiple addressees use one RCPT for
each addressee
•DATA – send data line by line
Advantages of SMTP:
•If necessary, the users can have a dedicated server.
•It allows for bulk mailing.
•Low cost and wide coverage area.
•Offer choices for email tracking.
•reliable and prompt email delivery.
Disadvantages of SMTP:
•SMTP’s common port can be blocked by several firewalls.
•SMTP security is a bigger problem.
•Its simplicity restricts how useful it can be.
•Just 7 bit ASCII characters can be used.
•If a message is longer than a certain length, SMTP servers may reject the
entire message.
•Delivering your message will typically involve additional back-and-forth
processing between servers, which will delay sending and raise the likelihood
that it won’t be sent.
TELNET
TELNET stands for Teletype Network. It is a type of protocol that
enables one computer to connect to local computer. It is a used as
a standard TCP/IP protocol for virtual terminal service which is
given by ISO. Computer which starts connection known as
the local computer.
Commands of the telnet are identified by a prefix character,
Interpret As Command (IAC) which is having code 255. IAC is
followed by command and option codes. Basic format of the
command is as shown in the following figure :
Features
•The Telnet Protocol (TELNET) provides a standard
method for terminal devices and terminal-oriented
processes to interface.
•TELNET is commonly used by terminal emulation
programs that allow you to log into a remote host. ...
•TCP/IP implements TELNET in the tn, telnet, or tn3270
user commands.
DNS
An application layer protocol defines how the application
processes running on different systems, pass the messages to
each other.
•DNS stands for Domain Name System.
•DNS is a directory service that provides a mapping between the
name of a host on the network and its numerical address.
•DNS is required for the functioning of the internet.
•Each node in a tree has a domain name, and a full domain name
is a sequence of symbols specified by dots.
•DNS is a service that translates the domain name into IP
addresses.
DNS is a TCP/IP protocol used on different platforms. The domain name
space is divided into three different sections: generic domains, country
domains, and inverse domain.
Generic Domains
•It defines the registered hosts according to their generic
behavior.
•Each node in a tree defines the domain name, which is an index
to the DNS database.
•It uses three-character labels, and these labels describe the
organization type.
Country Domain
The format of country domain is same as a generic domain, but it
uses two-character country abbreviations (e.g., us for the United
States) in place of three character organizational abbreviations.

Inverse Domain
The inverse domain is used for mapping an address to a name.
When the server has received a request from the client, and the
server contains the files of only authorized clients. To determine
whether the client is on the authorized list or not, it sends a query
to the DNS server and ask for mapping an address to the name.
Bootstrap Protocol (BOOTP)
This is a networking protocol which is used by networking administration to give IP
addresses to each member of that network for participating with other networking
devices by the main server.
Important Features of Bootstrap Protocol-

• Bootstrap Protocol (BOOTP) is a basic protocol that automatically provides each

participant in a network connection with a unique IP address for identification and
authentication as soon as it connects to the network.
• BOOTP uses a unique IP address algorithm to provide each system on the network
with a completely different IP address in a fraction of a second.
• This shortens the connection time between the server and the client. It starts the
process of downloading and updating the source code even with very little information.
• BOOTP uses a combination of TFTP (Trivial File Transfer Protocol) and UDP (User
Datagram Protocol) to request and receive requests from various network-connected
participants and to handle their responses.
• In a BOOTP connection, the server and client just need an IP address and a gateway
address to establish a successful connection.
Uses of Bootstrap Protocol :
1.Bootstrap (BOOTP) is primarily required to check the system on a
network the first time you start your computer. Records the BIOS cycle
of each computer on the network to allow the computer’s motherboard
and network manager to efficiently organize the data transfer on the
computer as soon as it boots up.
2.BOOTP is mainly used in a diskless environment and requires no
media as all data is stored in the network cloud for efficient use.
3.BOOTP is the transfer of a data between a client and a server to
send and receive requests and corresponding responses by the
networking server.
4.BOOTP supports the use of motherboards and network managers,
so no external storage outside of the cloud network is required.
DHCP
Dynamic Host Configuration Protocol(DHCP)
DHCP is the short form of Dynamic Host Configuration Protocol.
• It works based on client server architecture. There are DHCP
servers and DHCP clients.
• DHCP clients send request to DHCP server when it opens the
web browser. Upon receiving the request, DHCP server replies
the information to the requested DHCP client.
• Function: It assigns IP addresses to requesting hosts or clients
dynamically on demand basis.
• It uses UDP port number 67 as destination server and port
number 68 for client.
advantages of DHCP:
➨DHCP is easy to implement and does automatic assignment of
IP addresses to requesting clients. Hence manual configuration
time of IP addresses can be reduced.
➨The implementation does not require any additional costs.
➨Duplicate or invalid assignment of IP addresses are prevented.
Hence there is no chance of conflicts in IP addresses.
➨It simplifies administration of the network.
➨It supports multiple scopes e.g. multicast scope, super scope
etc.
➨It has great benefit to mobile users as valid configuration
parameters are automatically obtained from the new network.
disadvantages of DHCP:
➨DHCP server can be single point of failure in networks having only
one configured DHCP server.
➨DHCP packets can not travel across router, Hence relay agent is
necessary to have DHCP server handle all leases on both network
segments.
➨Security: As DHCP server has no secure mechanism for
authentication of the client, it can gain unauthorized access to IP
addresses by presenting credentials such as client identifiers which
belong to other DHCP clients.
➨The machine name does not change when new IP address is
assigned.
➨Client is not able to access the network in the absence of the DHCP
server.