Network+ TechNotes: TCP/IP Suite
TCP/IP is today's most widely adapted standard internet technology and is the protocol in the Internet. It is a routable protocol that supports connections between heterogeneous network systems. In other words, it allows communication between UNIX, Windows, Netware, and Mac OS computers spread over multiple interconnected networks. TCP/IP is actually a suite composed of many different protocols, each with its own purpose. The two main protocols are in its name: the Transmission Control Protocol and the Internet Protocol. Both are outlined in this chapter, as well as several other protocols from the TCP/IP suite.
The Internet Protocol (IP) is a Network layer protocol that provides connectionless delivery of packets across internetworks. The primary functions of IP are to facilitate routing and implement Network layer addressing. IP employs TCP or UDP for the actually data transport, these two protocols are discussed later in these TechNotes.
IP addressing is assigning a 32-bit logical numeric address to a network device. Every IP address on the network must be unique. IP addresses are assigned manually (i.e. by an administrator) or automatically (i.e. dynamically by DHCP or APIPA). These addressing methods will be covered more extensively in the Network Services TechNotes. An IP address is represented in a dotted decimal format, for example: 18.104.22.168
As you can see, the address is divided in 4 parts, which are called octets . Each octet in an IP address represents 8 bits. The IP address mentioned above can also be displayed in dotted binary format: 10011111.01100101.00000110.00001000
Converting the decimal address to a binary format (and vice versa) is a fairly easy process. The highest decimal number you can represent with 8 bits is 255. This is the case when all bits in an octet are set to 1.
|| = 255
| 128 +
|| 64 +
|| 32 +
|| 16 +
|| 8 +
|| 4 +
|| 2 +
The following are examples of binary values and their decimal counterparts:
The currently available addressing space in IP version 4 is divided in 5 classes:
|| First Octet
| Class A
| Class B
| Class C
| Class D
| Class E
Private vs. Public addresses IANA reserved four address ranges to be used in private networks only. This prevents address conflict between addresses on private corporate or home networks and the Internet:
- 10.0.0.0 through 10.255.255.255 from the Class A range
- 172.16.0.0 through 172.31.255.255 from the Class B range
- 192.168.0.0 through 192.168.255.255 from the Class C range
- 169.254.0.1 through 169.254.255.254 (reserved for Automatic Private IP Addressing)
The range 127.0.0.0 to 127.255.255.255 is reserved for IP loopback addresses, which are mainly intended for testing purposes and for checking if the TCP/IP stack has correctly loaded.
To function properly in a TCP/IP internetwork, a network device needs an IP address, a subnet mask, and a default gateway. The latter two are discussed below.
In order for a protocol to be routable, its network address must use two parts: a host and a network portion. The host portion uniquely identifies the host address in the local network (subnet), and the network portion identifies the network in the internetwork. IP employs subnet masks to determine which part is the host portion and which is the network portion. For two network devices to communicate with each other without a router, they need to be in the same (sub-)network, hence use the same subnet mask. The following table lists the default subnet masks for the classes from which IP addresses can be used for static or dynamic IP address assignment.
|Default subnet masks:
For example, in a Class B IP address 172.16.12.234, with the default Class B 16 bits subnet mask 255.255.0.0, the network portion is 172.16 and the host part is 12.234. In binary language, this means that the portion of the subnet mask where the bits are 1 defines the network portion. A TCP/IP client performs this calculation to determine whether a remote host is located on the same local subnet or on a remote network. If the network portion of the remote host’s IP address differs from the client’s IP address network portion, it means they are located on different (sub-) networks, and the client will need to send traffic through a router (i.e. a default gateway, which is discussed in the next section).
Instead of using the default subnet masks, additional bits in the mask can be set to 1. This means ‘stealing’ bits from the host portion, which in turn means more bits to create different sub-networks, but each with less available host addresses. This process is known as subnetting. The main reason to divide a Class A, B, or C network into smaller subnets is to use the available address space more efficiently. For example, your company is assigned a Class B network, which allows for 65534 different host addresses. It would be a waste of addresses to use the entire range for a single network with 200 nodes. Instead, the class B address can be subnetted by using Class C subnet mask, or a classless subnet mask.
Classless means that the mask is not a Class A, B, or C mask, and the boundary between the network and the host portion of an address does not lie exactly between octets. For example, a Class C network 192.168.1.0 can be divided into two subnets by using the subnet mask 255.255.255.128. The first subnet would use the range 192.168.1.0 – 192.168.1.127 and the second subnet would use 192.168.1.128 – 192.168.1.255.
Calculating the correct subnet masks for specific scenarios is not something you will be tested on for the Network+ exam but it is important to understand what subnetting is.
The purpose of a default gateway is easily defined ("All data not meant for the local subnet is sent to this router"), but it is best explained by using an example of IP packets traveling along an internetwork. For example, in the network diagram below, the default gateway for Host B is the router interface 192.168.1.254 and for Host E the default gateway is the router’s other interface 192.168.5.230. If Host B wants to contact Host E, it will notice the network portion of the Host E’s IP address differs from its own address. This means it is not on the same IP (sub-)network and it needs to send packets to a router that can forward them to the destination network.
So again, if a default gateway is set and a computer wants to send a packet to a host on another (sub-)network it is sent to the default gateway.
All of the information above refers to IP version 4, which is currently the most used version. A new version, IPv6, is developed to allow for more and larger networks with more hosts. This is needed because we might run out of IPv4 addresses within a matter of years. IPv6 uses a 128-bit address format allowing a theoretical 128^2 unique addresses (=340282366920938463463374607431768211456 forgive me if I made a typo ;) ). An IPv6 address is written in a maximum of 8 groups of 16 bits each written as four hex digits separated by colons, for example: FEDC:BA12:ABCD:3210:FEDC:BA98:7654:1234
Although most newer operating systems and network devices support IPv6, it may take years before the world will start a massive migration from version 4 to 6. And it will take many years more of coexistence before IP version 4 is replaced entirely.
OTHER TCP/IP PROTOCOLS
Before we go over the main TCP/IP protocols, let us first go over an essential feature of TCP/IP: sockets . A socket is the combination of an IP address and a port number. Different applications and services use different port numbers allowing multiple applications to share the same connection. For example connect to an SMTP mail server on port 25 to send email, and at the same time connect to a web server on port 80 to browse website. These application and services uses TCP and/or UDP for the actual data transport.
The Transmission Control Protocol (TCP) is a Transport layer protocol that provides reliable, connection-oriented , full-duplex transport. Connection-oriented means that a connection is established before two communication partners on a network can actually exchange data. A common explanation of connection-oriented communication is a telephone call: you make the call, the 'destination' picks up the phone, acknowledges, and you start talking (sending data). TCP guarantees delivery by sending acknowledgements back to the source when messages are received. If individual messages are not acknowledged, the source will retransmit them.
The User Datagram Protocol (UDP) is a connectionless Transport layer protocol that provides best-effort delivery. Unlike TCP, there is no guarantee that UDP datagrams ever reach their intended destination. Therefore, UDP is said to be unreliable. It is like sending a postcard; you just send it out and hope it will reach its destination.
Before two stations in a network are able to communicate with each other, they must know each other’s physical (MAC) addresses. The Address Resolution Protocol(ARP) is used to discover a remote MAC address (layer 2) based on the IP address (layer 3). An ARP request is broadcasted on the local network and only the station with the IP address listed in the broadcast responds with an ARP reply containing its IP and MAC address. This requires the participating network devices to know their own MAC address and IP address. The station that requested the MAC address will store it in its local ARP cache.
The Reverse Address Resolution Protocol(RARP) performs the opposite translation, it discovers an IP address based on a MAC address. A RARP client doesn’t send broadcasts, but contacts a RARP server that contains a list with MAC address to IP address mappings. The list can be manually configured on a router and can be the dynamic ARP cache. RARP is typically used by new stations that do not know their own IP address. ARP and RARP are both Data Link layer protocols.
The Internet Control Message Protocol (ICMP) is a Network layer protocol used for exchanging control information and messages. One of the most common examples of an application that uses ICMP is the ping utility. Ping is a utility that allows you to determine whether a particular TCP/IP host is reachable. It sends out an echo request to an IP address and if the destination is alive and reachable it will respond with an echo reply . I f not there is no route available to the destination, the last router on the path sends a Destination Unreachable message back to the source station. Echo request and echo reply are two of a set of message types ICMP employs to provide and request feedback.
The Internet Group Management Protocol (IGMP) is a Network layer protocol that is used for registering and sharing multicast group membership information. Multicast traffic is directed to a group of IP clients identified by a single IP address. This can reduce the total amount of bandwidth required for streaming data, such as video, over large internetworks. Multicast clients can dynamically join and leave the group using the IGMP protocol at their local router, which in turn can use IGMP to notify other routers of its registered multicast groups. Multicast groups use addresses from the Class D IP range (22.214.171.124 to 126.96.36.199).
The File Transfer Protocol (FTP) is an Application layer protocol that provides connection-oriented file transfer between a client and a server. I was originally used to transfer files between UNIX systems, and is now the most popular file transfer protocol on the Internet. FTP use TCP port 21 for control and TCP port 20 for data transport.
The Secure File Transfer Protocol (S/FTP or SFTP) allows you to implement the same functionality as regular FTP, but much more secure. SFTP is essentially FTP over SSH (Secure Shell), hence provide the same level of security as SSH. This includes mutual authentication based on digital certificates, and establishing a tunnel between the client and the server through which data is transmitted in an encrypted form. Another mentionable advantage is that SFTP operates over the same port as SSH (port 22) and does not require port 20 and 21 to be open as with regular FTP.
Another alternative to FTP that is included in *nix systems is the Secure Copy Protocol (SCP). SCP is the secure counterpart of the Remote Copy Protocol (RCP), and provides secure file transfer using SSH. Like rcp, scp is also a command-line utility on Unix-like systems.
The Trivial File Transfer Protocol (TFTP) is an Application layer protocol that provides connectionless file transfer functions. TFTP is a simple and small protocol, which makes it suitable for transferring small amounts of data. It is primarily used for updating devices such as routers and switches. Another common use is transferring the data required to boot a diskless system over the network. TFTP uses UDP port 69.
The Simple Mail Transfer Protocol (SMTP) is an Application layer protocol used for sending email to and between mail servers. SMTP uses TCP port 25.
While SMTP is used to send email, both the Post Office Protocol and the IMAP are use used to retrieve e-mail. The main difference between the latter two Application layer protocols is that POP3 can be used to access the "Inbox" folder only, and the more complex IMAP4 can be used to access every server-based messaging folder (sent items, deleted items etc). Hence, IMAP4 eliminates the need for a local repository. POP3 clients connect to TCP port 110, IMAP4 clients connect to TCP port 143.
The HyperText Transfer Protocol (HTTP) is an Application layer protocol originally designed for transferring World Wide Web documents and is extended to transfer other type of files as well. Its most common use is transferring web pages between a web browser and a web server. HTTP uses TCP Port 80 by default.
HTTPS is used in exactly the same way as the HTTP protocol. The differences are that HTTPS uses a default port number, 443, and that HTTPS uses SSL (Secure Socket Layer) to send data in an encrypted form and to authenticate the server. For example, when you buy something online using a credit card, the URL should start with https:// instead of http://. At the bottom right of your browser, you should notice a small padlock. Both indicate that a secure HTTP connection over SSL has been established with a web server.
The Network News Transport Protocol (NNTP) is an Application layer protocol that allows news clients to connect to a Usenet news server that hosts newsgroups. Newsgroups are similar to online discussion forums but use a client such as Microsoft Outlook Express. NNTP uses TCP port 119.
Telnet is a terminal emulation protocol that allows remote access to a system. The most common use of the telnet protocol is the utility with the same name as the protocol: telnet. Telnet operates on the Application layer of the OSI model and uses TCP port 23.
Telnet is considered insecure mainly because it sends username and password information in clear text. Therefore, Telnet should be replaced with SSH (Secure SHell). SSH can be used to provide similar functionality as Telnet, but is much more secure. It employs encryption through certificates and authenticates the server to the client (vice versa is also possible). When possible, SSH version 2 should be used instead of version 1 because version 2 provides much better encryption. SSH operates on port 22.
The Network Time Protocol (NTP) is an Application layer protocol used to provide accurate time synchronization in LANs and WANs by synchronizing the time of a computer to a reference time source, such as an NTP server, a radio or satellite receiver. NTP is capable of synchronizing distributed clocks to the millisecond. NTP uses UDP port 123.
The Routing Information Protocol (RIP) is used for exchanging routing information between routers. Each router builds a routing table that contains entries of possible routes in the network and their attributes. When a link to a network goes down, the route to that network, and perhaps other upstream networks that are connected to it, become invalid. To inform routers in an internetwork about this change in the network, a routing protocol is used. RIP is typically used in smaller environments. An example of a more scalable routing protocol is Open Shortest Path First (OSPF).
The Lightweight Directory Access Protocol (LDAP) provides access to directory services such as centralized address books and Microsoft’s Active Directory. It allows clients to search a directory for information and objects such as contacts, certificates, and shared network resources. LDAP uses TCP and UDP port 389.
The Line Printer Remote (LPR) protocol allows clients to connect to and use print services of a server running the Line Printer Daemon (LPD) service. This server is typically a UNIX server, but LPR/LPD is available for other operating systems as well. Additionally, network printers attached directly to the TCP/IP network support the LPR protocol.
Having trouble identifying the well-known ports? Take our Identifying
Well-known ports quiz a couple of times and you won't
forget them again.
protocols related exam objectives for the Network+ exam.
2.4 Differentiate between the following network protocols in terms of routing, addressing schemes, interoperability and naming conventions:
- TCP / IP (Transmission Control Protocol / Internet Protocol)
2.5 Identify the components and structure of IP (Internet Protocol) addresses (IPv4, IPv6) and the required setting for connections across the Internet.
2.6 Identify classful IP (Internet Protocol) ranges and their subnet masks (For example: Class A, B and C).
2.7 Identify the purpose of subnetting.
2.8 Identify the differences between private and public network addressing schemes.
2.9 Identify and differentiate between the following IP (Internet Protocol) addressing methods:
- Self-assigned (APIPA (Automatic Private Internet Protocol Addressing))
2.10 Define the purpose, function and use of the following protocols used in the TCP / IP (Transmission Control Protocol / Internet Protocol) suite:
- TCP (Transmission Control Protocol)
- UDP (User Datagram Protocol)
- FTP (File Transfer Protocol)
- SFTP (Secure File Transfer Protocol)
- TFTP (Trivial File Transfer Protocol)
- SMTP (Simple Mail Transfer Protocol) HTTP (Hypertext Transfer Protocol)
- HTTPS (Hypertext Transfer Protocol Secure)
- POP3 / IMAP4 (Post Office Protocol version 3 / Internet Message Access Protocol version 4)
- SSH (Secure Shell)
- ICMP (Internet Control Message Protocol)
- ARP/RARP (Address Resolution Protocol/Reverse Address Resolution Protocol)
- NTP (Network Time Protocol)
- NNTP (Network News Transport Protocol)
- SCP (Secure Copy Protocol)
- LDAP (Lightweight Directory Access Protocol)
- IGMP (Internet Group Multicast Protocol)
- LPR (Line Printer Remote)
2.11 Define the function of TCP / UDP (Transmission Control Protocol / User Datagram Protocol) ports.
2.12 Identify the well-known ports associated with the following commonly used services and protocols:
- 20 FTP (File Transfer Protocol)
- 21 FTP (File Transfer Protocol)
- 22 SSH (Secure Shell)
- 23 Telnet
- 25 SMTP (Simple Mail Transfer Protocol)
- 53 DNS (Domain Name Service)
- 69 TFTP (Trivial File Transfer Protocol)
- 80 HTTP (Hypertext Transfer Protocol)
- 110 POP3 (Post Office Protocol version 3)
- 119 NNTP (Network News Transport Protocol)
- 123 NTP (Network Time Protocol)
- 143 IMAP4 (Internet Message Access Protocol version 4)
- 443 HTTPS (Hypertext Transfer Protocol Secure)
here for the complete list of exam objectives.
Discuss this TechNote here