Chapter 2, Introducing TCP/IP

|1|

Chapter 2, Lesson 1

TCP/IP Overview

1. TCP/IP History

A. Developed in the 1970s for use on an experimental packet switching network built for the U.S. Department of Defense

1. This network, originally called the ARPANET, grew into what we now know as the Internet, and it is still based on the TCP/IP protocols.

B. TCP/IP has also been associated with the UNIX systems since their inception.

C. The TCP/IP protocols were designed to be used with any computing platform.

1. The ARPANET/Internet was intended from the beginning to be a network that connects many types of computers, so the protocols that the network uses must be adaptable to all of them.

2. TCP/IP Standards

A. The TCP/IP protocols were created with flexibility in mind and have never been the product of a single company.

1. The Internet Engineering Task Force (IETF) publishes the TCP/IP standards in documents called Request for Comments (RFCs

2. All RFCs are in the public domain and are freely available on many Web and File Transfer Protocol (FTP) sites.

a. The TCP/IP standards have no copyright, trademark, or other publishing restrictions.

B. Platform independence was the chief guiding principle of the TCP/IP development effort.

|1| 3. TCP/IP Architecture

A. Splitting the networking functionality of a computer into a stack of separate protocols rather than creating a single large protocol provides several advantages:

1. Platform independence. Separate protocols make it easier to support a variety of computing platforms.

2. Quality of service. Having multiple protocols operating at the same layer makes it possible for applications to select the protocol that provides only the level of service required.

3. Simultaneous development. Because the stack is split into layers, the development of the various protocols can proceed simultaneously.

B. The TCP/IP networking model consists of only four layers, instead of the seven in the OSI reference model.

1. The TCP/IP model is defined in RFC 1122, “Requirements for Internet Hosts—Communication Layers.”

|2| 2. The layers of the TCP/IP model are roughly analogous to the OSI model.

3. Although TCP/IP itself can supply most of the protocol stack, it cannot supply all of it.

a. Each computer must have a hardware interface with the network that is designed to work together with both the computer and the TCP/IP protocols.

C. The four layers of the TCP/IP protocol

1. Link (sometimes called the network interface layer). Falls at the bottom of the TCP/IP stack and corresponds to the data-link layer in the OSI model

2. Internet. Equivalent to the network layer of the OSI reference model

3. Transport. Equates exactly to the transport layer in the OSI reference model

4. Application. Encompasses the session, presentation, and application layers of the OSI model

|3| 4. TCP/IP Protocols

A. Characteristics of TCP/IP link layer protocols

1. The TCP/IP link layer protocols are Serial Line Internet Protocol (SLIP) and Point-to-Point Protocol (PPP).

2. SLIP and PPP support many different network interface hardware implementations.

a. SLIP and PPP are both known as end-to-end protocols because they are used by two computers communicating over a dedicated connection, such as a telephone line.

3. In the case of a modem-equipped computer, TCP/IP provides the entire protocol stack except for the physical layer (and, at times, parts of the application layer).

B. Serial Line Internet Protocol (SLIP)

1. The simplest communication protocol

a. No actual standard defines SLIP, although the IETF has published RFC 1055, “A Nonstandard for Transmission of IP Datagrams over Serial Lines.”

2. The SLIP frame consists only of a 1-byte end delimiter with the hexadecimal value c0, which the computer transmits at the end of every packet.

a. Some SLIP implementations use two end delimiters per packet, one before and one after, to prevent the receiving computer from interpreting line noise as data.

3. SLIP provides the connected computers with basic link layer communication capabilities and very low control overhead (1 or 2 bytes per packet, compared with 18 for Ethernet).

a. As a result, SLIP has been all but abandoned in favor of PPP.

C. Point-to-Point Protocol (PPP)

PPP is the link layer protocol used by most wide area network (WAN) connections today, ranging from dial-up modem connections to leased lines and frame relay installations.

|4| 2. The PPP frame

a. Larger and more complicated than the SLIP frame, but still not as large as an Ethernet or Token Ring frame

b. Contains the following fields:

(1) Flag (1 byte). Contains an end delimiter (much like that of SLIP) that indicates that the transmission of a packet is about to begin

(2) Address (1 byte). Contains a value indicating that the packet is addressed to all recipients

(3) Control (1 byte). Contains a code indicating that the frame contains an unnumbered information packet

(4) Protocol (2 bytes). Identifies the protocol (usually operating at the internet layer) that generated the information in the Data field

(5) Data and Pad (up to 1500 bytes). Contains information generated by the protocol identified in the Protocol field, plus padding if necessary

(6) Frame Check Sequence (2 or 4 bytes). Contains a checksum value that the receiving system will use to detect transmission errors

(7) Flag (1 byte). Indicates that the transmission of the packet has been completed

3. Instead of adding bulk to the frame, PPP performs an elaborate connection establishment process before the computer transmits any application data.

a. During this process, the two computers exchange information about their capabilities and negotiate a set of configuration parameters common to both of them.

b. The connection establishment process uses several different ancillary protocols, including the following:

(1) Link Control Protocol (LCP)

(2) Authentication protocols such as the Challenge Handshake Authentication Protocol (CHAP) and the Password Authentication Protocol (PAP)

(3) Network control protocols, such as the IP Control Protocol (IPCP)

|5| 4. The PPP connection establishment process consists of seven distinct phases.

a. Link dead. The two computers begin in a state where there is no communication between them, until one of them initiates a physical layer connection.

b. Link establishment. After the hardware at both ends has established a physical layer connection, one computer generates a PPP frame containing an LCP Request message.

(1) The computers use LCP to negotiate the parameters they will use during the rest of the PPP session.

(2) Eventually, the two systems agree on a list of options they have in common.

c. Authentication. If the two computers have agreed to use a particular authentication protocol during the link establishment phase, they exchange PPP frames that perform a user authentication sequence.

(1) Most PPP connections use PAP or CHAP, but there are other authentication protocols as well.

d. Link quality monitoring. If the two computers have negotiated the use of a link quality monitoring protocol during the link establishment phase, they exchange messages for that protocol after the authentication process is complete.

|6| e. Network layer protocol configuration. The computers perform a separate exchange of messages by using the appropriate network control protocols for each network or internet layer protocol they agreed to use.

f. Link open. When the network control protocol negotiations are complete, the PPP connection is fully established, and the exchange of packets containing application data can begin.

g. Link termination. When the two computers have finished communicating, they sever the PPP connection by exchanging LCP termination messages, after which the systems return to the link dead state.

D. Internet Protocol (IP)

1. IP, operating at the internet layer, is ultimately responsible for the end-to-end communications between the source and destination systems.

a. IP is defined in RFC 791 and is the most important of the TCP/IP protocols.

2. IP encapsulates the information it receives from the transport layer into a unit called a datagram.

3. The four primary functions of IP:

a. Encapsulation

b. Addressing

c. Routing

d. Fragmentation

4. IP encapsulates transport layer information into datagrams that remain intact throughout the packet’s journey through the internetwork.

a. The IP encapsulation process involves attaching a 20-byte IP header to transport-layer data segments.

|7| 5. The IP header consists of the following fields:

a. Version (4 bits). Specifies the version of the IP protocol in use

(1) The value for the current implementation is 4, although IPv6 is currently in development.

b. IHL (Internet Header Length) (4 bits). Specifies the length of the IP header in 32-bit words

(1) When the header contains no optional fields, the value is 5.

c. TOS (Type of Service) (1 byte). Bits 1–3 and 8 in the TOS field are unused; bits 4–7 specify the service priority for the datagram.

d. Total Length (2 bytes). Specifies the length of the datagram, including all the header fields and the data

e. Identification (2 bytes). Contains a unique value for each datagram, which the destination system uses to associate and reassemble fragments

f. Flags (3 bits). Contains bits used during the datagram fragmentation process

g. Fragment Offset (13 bits). When a datagram has been fragmented, the Fragment Offset field specifies the location of the current fragment in the datagram.

h. TTL (Time to Live) (1 byte). Contains a value that is reduced by 1 each time the datagram is processed by a router on the way to its destination

(1) If the value reaches 0, the packet is discarded, whether or not it has reached the destination.

i. Protocol (1 byte). Identifies the protocol that generated the information in the Data field, using values found in RFC 1700 (“Assigned Numbers”) and the PROTOCOL file found on every TCP/IP system

j. Header Checksum (2 bytes). Contains a checksum value computed on the IP header fields only (not the data), which the destination system uses for error detection

k. Source IP Address (4 bytes). Contains the IP address of the system that originated the datagram

l. Destination IP Address (4 bytes). Contains the IP address of the system that ultimately will receive the datagram

m. Options (variable). Can contain any of 16 options defined in RFC 1700 (“Assigned Numbers”), each of which consists of an option type, option length, and option data subfield

n. Data (variable). Contains the payload of the datagram, usually consisting of information passed down from the transport layer protocols

|8| 6. IP addressing

a. The Source IP Address and Destination IP Address fields in every IP header identify the computer that created the datagram and its final recipient.

b. IP addresses are 32-bit values that identify both a particular network interface and the network to which that interface is connected.

|9| 7. IP routing

a. Routing is the process by which IP passes datagrams from system to system until they reach their final destination.

b. A router is a device that connects networks and maintains information about the other routers in its immediate vicinity.

|10| 8. Fragmentation

a. Fragmentation occurs during the routing of packets through an internetwork.

b. The size of the largest packet a network can handle is called its maximum transmission unit (MTU).

c. When a router receives a packet that is too large to be transmitted, the router splits the datagram into fragments and encapsulates each fragment in a separate packet.

d. Datagrams can be fragmented, and their fragments fragmented, as many times as necessary on the way to their destination.

e. The fragments are reassembled when they all reach the system identified by the Destination IP Address field in their IP headers.

|11| E. Address Resolution Protocol (ARP)

1. The source IP address and destination IP address values in the IP header of a particular packet might not represent the same computer as the hardware addresses used in Ethernet and Token Ring headers at the data-link layer.

a. This is because the addresses in the IP header always refer to the packet’s original sender and its final recipient.

2. ARP, defined in RFC 826, “An Ethernet Address Resolution Protocol,” operates on the cusp of the internet and link layers.

3. After IP determines the packet’s next intermediate destination, how does it discover the hardware address of that destination?

a. A computer with an IP address of a router or computer that it must resolve generates an ARP Request message containing that IP address and broadcasts it to the local network.

b. All other TCP/IP systems on the network receive the message and compare the enclosed IP address with their own.

c. The computer using the requested IP address then generates an ARP Reply message containing the hardware address of its network interface adapter and returns it to the sender as a unicast (that is, a transmission addressed to a single destination).

|12| F. Internet Control Message Protocol (ICMP)

1. ICMP, defined in RFC 792, is another internet layer TCP/IP protocol, but it does not carry application data as IP does.

2. ICMP has two functions: it carries request and reply data for diagnostic programs such as Ping, and it provides error reporting services for intermediate systems.

a. All TCP/IP devices are either intermediate systems or end systems.

(1) An end system is either the computer that generated a transmission or the ultimate receiver of it.

(2) An intermediate system is a router that processes a packet and forwards it on its way to the destination.

3. Because IP is an end-to-end protocol, it is designed so that only the destination system reads the contents of the datagram and processes the data.

a. If an error that occurs during transmission prevents the packet from reaching its destination, the destination system has no way of knowing about the problem or its cause.

4. There are three limitations to the generation of ICMP error messages, which are intended to prevent the inundation of a network with ICMP traffic.

a. TCP/IP computers do not generate ICMP error messages in response to other ICMP error messages.

b. If a fragmentation problem occurs, an ICMP error is generated only for the first fragment of a datagram, not for subsequent fragments.

c. TCP/IP computers do not generate ICMP error messages in response to broadcast, multicast, or loopback transmissions, or transmissions with 0.0.0.0 as the source IP address.

5. ICMP query messages enable computers running TCP/IP to perform diagnostic functions, such as testing connections to other systems and requesting and receiving router information.

G. Application layer protocols

1. The TCP/IP protocols operating at the application layer provide a variety of services to TCP/IP client and server applications.

Chapter 2, Lesson 2

IP Addressing and Subnetting

1. IP Address Structure

A. An IP address is a 32-bit binary value that is typically expressed as four 8-bit decimal numbers, separated by periods, as in 192.168.63.45. This is called dotted decimal notation.

1. Each of the four 8-bit values is called an octet, or sometimes a quad or a byte.

a. The TCP/IP standards usually use the term “octet.”

|13| 2. To convert a binary address into dotted decimal notation, split the 32 bits into four 8-bit groups and convert each group separately, as shown in Slide 13.

3. An 8-bit binary number can have 256 possible values, which are represented in decimal form as the numerals 0 to 255.

a. An IP address can never have a value greater than 255 for one of its octets.

B. An IP address identifies both a specific TCP/IP device (called a host) and the network on which the device is located.

1. This is possible because every IP address consists of two parts: a network identifier and a host identifier.

2. The network identifier always precedes the host identifier, but the dividing line between the two can be located anywhere in the 32-bit value.

C. The Internet is the largest TCP/IP network in existence, with millions of computers located on thousands of networks around the world.

1. Every computer visible from the Internet must have a unique IP address.

2. The Internet Assigned Numbers Authority (IANA) functions as a registrar for networks, assigning identifiers to networks all over the world.

3. The administrators of the individual networks are then responsible for assigning host identifiers to each computer on their networks.

D. Network identifiers

1. The network identifier indicates the TCP/IP hosts that are located on the same physical network.

2. If you are running an internetwork that consists of multiple networks connected by routers, a unique network ID is required for each network.

a. Example:

|14| (1) In Slide 14, networks 1 and 3 represent two local area networks (LANs) at different locations, each of which is connected to a router.

(2) Network 2 represents the WAN connecting the routers and combining the two LANs into an internetwork.

(3) Each TCP/IP device on all three networks must have an IP address with the appropriate network identifier for that network.

(4) Each router is connected to two networks and must have two IP addresses with different network identifiers.

E. Host identifiers

1. The host identifier is a value assigned to a specific network interface connected to a network.

2. Every host identifier assigned to a network interface on a given network must be unique.

2. Subnet Masks

A. Introduction

1. Most of the addressing systems used in computer networking use multiple identifiers for a single device.

a. In most of these cases, the identifiers are of fixed lengths.

b. However, IP addresses are different in that the network and host identifiers are not always the same length.

2. Depending on the configuration of your internetwork, you can use addresses that support a large number of networks with relatively few hosts per network or a few networks with a large number of hosts on each.

a. You do this by using addresses with differently sized identifiers.

3. The main problem caused by having identifiers of variable lengths is that there is no obvious way to determine where the network identifier in an IP address ends and where the host identifier begins.

a. To resolve this problem, TCP/IP clients always include a subnet mask with each address.

4. A subnet mask is a 32-bit binary value that uses 1s and 0s to designate the network and host identifiers.

a. A 1 indicates a network identifier bit and a 0 indicates a host identifier bit.

b. As with an IP address, the 32 bits are then converted into dotted decimal notation.

(1) For example, if the IP address 192.168.24.167 is paired with a subnet mask of 255.255.255.0, this means that the first three octets of the IP address (192.168.24) are the network identifier and the last octet (167) is the host identifier.

|15| (a) You know this because when you convert the address and mask to binary form, you see the values shown in Slide 15.

B. IP address classes

1. The IANA assigns network addresses in different classes, based on the number of hosts that the network has to support.

|16| 2. The three IP classes used by standard Internet computers are Class A, Class B, and Class C. The properties of each of these classes are shown in Slide 16.

|17| C. IP addressing rules

1. The network identifier cannot have a first-byte value of 127.

a. This value is reserved for loopback and diagnostic functions.

2. The network identifier and host identifier bits cannot all be 1s.

a. If all bits were set to 1, the address would be interpreted as a broadcast rather than an individual host.

3. The network identifier and host identifier bits cannot all be 0s.

a. If all bits were set to 0, the address would be interpreted to mean “this network only.”

4. The general formula for determining the number of network or host identifiers provided by a given number of bits is 2^x – 2, where x is the number of bits.

D. Private network addresses

1. IP addresses that are registered with the IANA are essential for computers that are to be visible from the Internet, such as Web and e‑mail servers.

2. In some situations, computers that access the Internet do not require registered addresses, such as when you use network address translation (NAT) or a proxy server to provide users with Internet connectivity.

3. The IANA has allocated specific ranges of IP addresses for use on private networks.

a. These addresses are not registered to any single user and, therefore, will not cause conflicts.

|18| b. Slide 18 lists the private network addresses for each of the address classes.

|1|

Note The ability of the students to calculate IP addresses and subnet masks based on supplied subnetting information is always tested in the certification exam. Be sure that the you understand these computations

3. Subnetting

A. If you can tell the class of an IP address from the value of its first byte, why do you need a subnet mask? Why do you need Class A addresses that support over 16 million hosts when there is no single network in the world anywhere near that large?

B. The answer to both of these questions lies in a process called subnetting, which allows you to split any existing network into a group of smaller networks.

1. Subnetting is a procedure in which you borrow a number of bits from the host identifier in an IP address and use them to create a subnet identifier, which is a secondary network identifier.

C. The simplest type of subnetting is when you take a Class A or Class B address and borrow an entire byte from the host identifier to form a subnet identifier.

1. For example, if you take a standard Class B network address such as 172.16.0.0, you would normally use the last two bytes for your host identifiers, with a subnet mask of 255.255.0.0.

a. To subnet this address, you can use the third byte for a subnet identifier and the fourth byte for your host identifiers, as follows (where N=network, S=subnet, and H=host):
NNNNNNNN NNNNNNNN SSSSSSSS HHHHHHHH

b. The subnet mask value then becomes 255.255.255.0 because the third byte is no longer part of the host identifier.

2. With the new subnet mask in place, you can then create up to 254 subnets by using various values for the third byte of the address, with up to 254 hosts in each subnet.

D. Calculating subnet masks

1. When you create subnets where the boundaries of the subnet identifier fall between bytes, the task of working out the correct IP addresses and subnet masks to use is simple.

2. When the boundaries do not fall between bytes, the task of calculating the addresses and mask is more complex.

|19| 3. For example, suppose you have a Class C network address, such as 192.168.24.0, and you want to create 10 subnets supporting 12 hosts each.

a. You can do this by borrowing 4 bits from the 8-bit host identifier to create a 4-bit subnet identifier, as follows:
NNNNNNNN NNNNNNNN NNNNNNNN SSSSHHHH.

b. Because 2⁴ – 2 = 14, the subnet identifier is large enough to support 10 subnets, and the 4 bits left as the host identifier permit up to 14 hosts per subnet.

c. To compute the subnet mask you should use with this arrangement, you add together the number of network and subnet identifier bits and mask them all, which results in the following binary value:
11111111 11111111 11111111 11110000.

d. The values of the first 3 bytes of the mask are 255.255.255, as always.

(1) The fourth byte now has a value of 11110000, which becomes 240 when converted to decimal form.

(2) Therefore, the subnet mask you should use with all your IP addresses on this network is 255.255.255.240.

4. Another method for converting the binary value of a subnet mask byte to a decimal is to use the formula 256 – 2^x, where x is the number of 0s in the byte.

E. Converting binaries to decimals

1. The easiest way to convert binary values to decimals is to use a calculator, such as the Windows Calculator in Scientific mode.

a. However, you cannot use a calculator when taking Exam 70-216, so you should know how to convert binary to decimal by hand.

2. To convert a binary number to a decimal, you assign a numerical value to each bit, starting from the right with 1 and proceeding to the left, doubling the value each time.

|20| a. The values for an 8-bit number are shown in Slide 20.

|21| 3. You then line up the values of your 8-bit binary number with the eight conversion values, as shown in Slide 21.

|22| 4. Finally, you add the conversion values for the 1 bits, as shown in Slide 22.

F. Calculating IP addresses using the binary method

1. To calculate the IP addresses for the network, you can work with the binary values.

2. In the example on Slide 23, the values for the first three bytes in these Class C network addresses are the same for all the hosts: 11000000 10101000 00011000 in binary, or 192.168.24 in decimal form.

3. To compute the value of the fourth byte, you start with the first possible subnet identifier value, which is 0001, and the first possible host identifier value, which is also 0001.

|23| 4. Then, you increment the host identifier values until you use all 4 bits, arriving at the 14 possible values for the first subnet shown in Slide 23.

|24| 5. You then convert each of these 8-bit values into decimal form to achieve the results shown in Slide 24.

6. You can then move on to the second subnet, and the third, and the fourth in the same way.

G. Calculating IP addresses using the subtraction method

1. When you understand the relationship between the subnet identifier values and the host identifier values, you can use an easier method to calculate the IP addresses.

a. When you determine the subnet mask you will use, you subtract the decimal value of the byte that contains both subnet and host identifier bits from 256 to find your first subnet.

b. Then you increment the result by itself repeatedly until you reach the subnet mask value.

H. Calculating IP addresses for a Class B network

1. The calculations for subnetting Class A and B addresses work the same way as those for the Class C address in the previous example.

2. For a Class B network address of 172.21.0.0, the default subnet mask is 255.255.0.0, which means that you have 16 network identifier bits and 16 host identifier bits.

3. To subnet this address, you determine how many subnets you need for your network and then calculate the number of subnet identifier bits you need, using the formula 2^x – 2.

a. If you need 30 subnets to build your network, you need 5 subnet identifier bits, because 2⁵ – 2 = 30.

(1) This means that you have 11 bits left over for the host identifier, so each subnet can have up to 2046 hosts (because 2¹¹ – 2 = 2046).

|25| b. By borrowing 5 bits from the host identifier for your subnet identifier, you are left with the binary subnet mask shown in Slide 25.

c. Converting this mask to decimal form, you compute the value of the third byte by adding the decimal values for each 1 bit as follows: 128+64+32+16+8=248.

(1) Therefore, the subnet mask for your entire network is 255.255.248.0.

d. To determine the IP addresses you will use for your computers, you perform the same calculation for the third-byte value that you performed for the fourth byte of the Class C address.

(1) First, you subtract 248 from 256, leaving 8. This is your first subnet.

(2) When you increment by 8, the second subnet is 16, the third is 24, and so on, up to 240, which is your thirtieth and final subnet.

(3) This means that the IP addresses for your first subnet range from 172.21.8.1 to 172.21.15.254.

(a) Once again, you omit 172.21.8.0 and 172.21.15.255 because these have host identifiers that are all 0s or all 1s.

(4) When assigning addresses to the hosts on your first subnet, you start with the 172.21.8.1 to 172.21.8.255 range, then move on to 172.21.9.0 to 172.21.9.255, and then continue all the way up to 172.21.15.0 to 172.21.15.254.

(5) Notice that you can use the 0 and 255 values for the fourth byte in these addresses, because some of the host identifier bits are part of the third byte and they do not contain all 0s or all 1s.

(6) All these 2046 addresses are for the hosts on the first subnet. The address ranges for the remaining 29 subnets on your network are listed in the textbook.

I. Subnetting questions in Exam 70-216

1. Users familiar with products by Cisco Systems are probably used to seeing IP address assignments written as a network address followed by a slash and the number of 1 bits in the subnet mask.

a. For example, 192.168.54.0/24 refers to a Class C address with 192.168.54 as the network identifier and a subnet mask of 255.255.255.0.

b. The 24 following the slash indicates the subnet mask value by specifying the number of 1 bits in the mask.

(1) In this instance the subnet mask would be
11111111 11111111 11111111 00000000 in binary, or 255.255.255.0 in decimal form.

2. Microsoft now uses Cisco notation in virtually all the subnetting questions on the exam.

a. In many cases, the questions on the exam ask you to select the appropriate subnet mask for a particular scenario, such as the mask needed to support a particular number of hosts or subnets, or both.

Chapter 2, Lesson 3

Understanding TCP and UDP

1. TCP

A. The Transmission Control Protocol (TCP) is a connection-oriented protocol that is defined in RFC 793.

|26| B. TCP provides application layer protocols with a wide variety of services, including the following:

1. Guaranteed delivery

2. Packet acknowledgment

3. Data segmentation

4. Flow control

5. Error detection

6. Application identification

C. Applications that use the TCP/IP combination generally do so because they have to transmit relatively large amounts of data, which must arrive at the destination with precision.

1. TCP refers to the data stream supplied by the application layer protocol as a sequence, and to each piece as a segment.

2. TCP provides services that enable the destination system to acknowledge the proper receipt of data segments, detect transmission errors, and signal the sender to retransmit segments that have been damaged or lost.

D. TCP encapsulation

1. As with other protocols in the TCP/IP stack, TCP encapsulates the outgoing data it receives from the application layer above by applying a header to it and passing the data unit down to the internet layer.

2. TCP is also responsible for splitting the sequence into segments of the appropriate size and packaging each one separately.

3. For incoming data, TCP receives internet layer datagrams from below, reads the header information, and passes the data inside them up to the appropriate application layer protocol.

|27| 4. The TCP header is large, at least 20 bytes long, and provides many functions. The functions of the header’s fields are as follows:

a. Source Port (2 bytes). Identifies the application layer process on the transmitting system that generated the information carried in the Data field

b. Destination Port (2 bytes). Identifies the application layer process on the receiving system to which the information in the Data field will be delivered

c. Sequence Number (4 bytes). Identifies the location of the data in this segment in relation to the entire sequence

d. Acknowledgment Number (4 bytes). Specifies the sequence number of the next segment that the destination system expects to receive

e. Data Offset (4 bits). Specifies the number of 4-byte words in the TCP header

f. Reserved (6 bits). This field is unused.

g. Control Bits (6 bits). Contains six flag bits (URG, ACK, PSH, RST, SYN, and FIN) that identify the functions of the message

h. Window (2 bytes). Provides flow control by specifying how many bytes the receiving computer can accept from the transmitting system

i. Checksum (2 bytes). Used by the receiving system to detect errors in the TCP header, data, and parts of the IP header

j. Urgent Pointer (2 bytes). When the urgent (URG) control bit is present, this field indicates which part of the data in the segment the destination system should treat as urgent.

k. Options (variable). Can contain information related to optional TCP connection configuration features

l. Data (variable). Can contain one segment of an information sequence generated by an application layer protocol

E. TCP connection establishment

1. TCP is called a connection-oriented protocol because the transmitting and receiving computers always establish a connection before they begin sending any application layer information.

|28| 2. TCP connection process

a. A TCP connection is actually two separate connections, with one running in each direction.

b. To establish each one of the connections, a computer transmits a TCP message with the SYN control bit activated.

c. The other computer then replies by sending a message with the ACK control bit activated.

d. To streamline the process into three steps instead of four, the client sends its SYN message and the server replies with a message containing both the ACK and SYN bits.

(1) The server acknowledges the client’s connection request and issues its own connection request using just one message.

e. The client then replies to the server with an ACK message, and both of the connections are then complete.

|29| 3. The connection establishment process is called a three-way handshake, because three separate messages are involved in the process.

4. The connection establishment process also provides the information that the computers will use later to acknowledge transmissions.

a. Each SYN message contains an initial sequence number (ISN) in the Sequence Number field, which the computer will use to number the messages it transmits.

b. The computers generate an ISN using an algorithm that makes it highly improbable for two connections between the same applications on the same computers to select the same number.

c. Each of the computers involved in a TCP connection maintains its own series of sequence numbers, and the exchange of ISNs informs each computer of the ISN that the other computer is using.

5. Another function of the three-way handshake is for the computers to inform each other of the maximum segment size (MSS) they support.

a. The MSS is a value that specifies the size of the segments that each computer will create.

F. Ports and sockets

1. As with the lower layer protocols, addressing is an important function of TCP.

a. TCP gets the data to the appropriate application on the destination computer by specifying port numbers in every TCP message.

2. A port number is a value assigned to a particular application or process running on a TCP/IP computer.

a. The Source Port field specifies the application that generated the message, and the Destination Port field contains the port number of the application on the receiving system.

b. TCP and UDP have separate lists of well-known port numbers.

c. The most commonly used applications have well-known port numbers, which are permanently assigned by the IANA and published in the “Assigned Numbers” RFC.

3. The combination of an IP address and a port number is called a socket.

a. Sockets are expressed using the IP address, followed by a colon and then the port number, as in 192.168.21.54:80.

4. In many cases, a client application selects a source port number at random and uses it in its initial connection establishment message to the server.

a. This is called an ephemeral port number.

|30| G. TCP packet acknowledgment

1. The TCP packet acknowledgment and error correction systems rely on the values of the Sequence Number and Acknowledgment Number fields in the TCP header.

2. During the three-way handshake, when the server replies to the client’s SYN message, the SYN/ACK message that the server generates contains its own ISN in the Sequence Number field and also a value in its Acknowledgment Number field.

a. This acknowledgment number value is the equivalent of the client’s ISN plus 1.

(1) The function of this field is to inform the other system of what value is expected in the next message’s Sequence Number field.

3. When the client sends its first data message to the server, that message will have the value 1000001 in its Sequence Number field, which is what the server expects.

a. Messages that function solely as acknowledgments do not increment the sequence number counter.

|31| 4. When the systems begin to send data, they increment their sequence number values by 1 for each byte of data they transmit.

5. The same message numbering process also occurs simultaneously in the other direction.

6. TCP uses a system called delayed acknowledgments, which means that the computers do not have to generate a separate acknowledgment message for every data message they receive.

7. A system transmitting data maintains a queue of the messages that it has already sent.

a. As the sender receives acknowledgments, it deletes the messages from the queue that are verified as having arrived correctly.

b. Messages that remain in the source system’s queue for a predetermined time are assumed to have been lost or discarded, and the system automatically retransmits them.

H. TCP error correction

1. Two things can go wrong during a TCP transaction: messages can arrive in a corrupted state, or they can fail to arrive at all.

a. When messages fail to arrive, the lack of acknowledgments from the destination system causes the sender to retransmit the missing messages.

2. When messages arrive at their destination, the receiving system checks them for accuracy by performing the same cyclical redundancy check (CRC) computation that the sender performed before transmitting the data and comparing the results to the value in the Checksum field.

a. If the values do not match, the system discards the message.

|32| 3. The checksum performed by TCP is unusual because it is calculated not only on the entire TCP header and the application data, but also on a pseudo-header.

a. The pseudo-header consists of the IP header’s Source IP Address, Destination IP Address, Protocol, and Length fields, plus 1 byte of padding, to bring the total number of bytes to an even 12 (three
4-byte words).

I. TCP flow control

1. Flow control is the process by which the destination system in a TCP connection provides information to the source system that enables that source system to regulate the speed at which it transmits data.

a. Each computer has a limited amount of buffer space in which to store incoming data.

(1) The data remains in the buffer until the system generates messages acknowledging that data.

(2) If the system transmitting the data sends too much information too quickly, the receiver’s buffers could fill up, forcing it to discard data.

2. The system receiving the data uses the Window field in its acknowledgment messages to inform the sender of how much buffer space it has available at that time.

a. The transmitting system uses the Window value along with the acknowledgment number value to determine what data in the sequence the system can transmit.

3. This type of flow control is called a sliding window technique.

|33| a. The offered window (shown in Slide 33) is the series of bytes that the receiving system has permitted the transmitting system to send.

b. As the receiving system acknowledges the incoming bytes, the left side of the window moves to the right, and as the system passes the acknowledged bytes up to the application layer process indicated by the destination port number, the right side of the window moves to the right.

c. Therefore, the window is said to be sliding along the incoming byte stream, from left to right.

|34| J. Terminating the connection

1. After the systems involved in a TCP connection have finished their exchange of data, they terminate the connection by using control messages much like those used in the three-way handshake that established the connection.

2. As with the establishment of the connection, which system initiates the termination sequence depends on the application generating the data.

a. In the case of the Web client/server transaction used as an example in this lesson, the server begins the termination process by setting the FIN flag in the Control Bits field of its last data message.

b. In other cases, the system initiating the termination process might use a separate message containing the FIN flag and no data.

3. The system receiving the FIN flag transmits an acknowledgment message and then generates its own message containing a FIN flag, to which the other system must respond with an ACK message.

2. UDP

A. The User Datagram Protocol (UDP) is defined in RFC 768, “User Datagram Protocol.”

B. Unlike TCP, UDP is a connectionless protocol that provides no packet acknowledgment, flow control, data segmentation, or guaranteed delivery.

1. As a result, UDP is far simpler than TCP and generates far less overhead.

a. The UDP header is much smaller than the TCP header—8 bytes, as opposed to 20 bytes or more.

b. UDP has no separate control messages, such as those used to establish and terminate connections.

C. UDP transactions typically consist of only two messages—a request and a reply—with the reply functioning as a tacit acknowledgment.

1. Some applications use UDP to transmit large amounts of data, such as streaming audio and video.

a. UDP is appropriate for such purposes because this type of data can survive the loss of an occasional packet, whereas a program or data file cannot.

|35| D. The functions of the UDP message fields

1. Source Port (2 bytes). Identifies the application layer process on the transmitting system that generated the information carried in the Data field

a. Performs the same functions as it does in the TCP header

2. Destination Port (2 bytes). Identifies the application layer process on the receiving system to which the information in the Data field will be delivered

a. Performs the same functions as it does in the TCP header

3. Length (2 bytes). Specifies the length of the UDP header and data in bytes

a. Specifies how much data is included in the UDP message

4. Checksum (2 bytes). Used by the receiving system to detect errors in the TCP header, data, and parts of the IP header

a. The checksum value is computed using the message header, data, and the IP pseudo-header, just as in TCP.

5. Data (variable). Contains the information generated by the application layer process specified in the Source Port field