Geeks With Blogs
Mark Pearl


After reading this chapter you should be able to

  • Identify and explain the functions of the core TCP/IP protocols
  • Explain how the TCP/IP protocols correlate to layers of the OSI model
  • Discuss addressing schemes for TCP/IP in IPv4 and IPv6
  • Describe the purpose and implementation of DNS and DHCP
  • Identify the well-known ports for key TCP/IP services
  • Describe common Application layer TCP/IP protocols

Characteristics of TCP/IP (Transmission Control Protocol / Internet Protocol)

  • TCP/IP is a suite of specialized protocols – including TCP, IP, UDP, ARP and many others called sub-protocols
  • TCP/IP originated with ARPANET in the late 1960’s
  • TCP/IP would not have become so popular if it were not routable (routable protocols are protocols that can span more than one LAN segment because they carry Network layer addressing information)
  • TCP/IP is very flexible, it can run on virtually any combination of network operating systems or network media – greater flexibility means more configuration

The TCP/IP Core Protocols

TCP (Transmission Control Protocol)

  • Operates in the Transport layer of the OSI model and provides reliable data delivery services
  • TCP is a connection-oriented sub-protocol, which means a connection must be established between the communication nodes before this protocol will transmit data
  • TCP ensures reliable data delivery through sequencing and checksums
  • TCP provides flow control to ensure that a node is not flooded with data


Fields described in TCP Segment

  • Source port – indicates the port number at the source node. A port number is the address on a host where an application makes itself available to incoming or outgoing data (i.e. port 80 for HTTP). Source port is 16 bits long.
  • Destination port – indicates the port number at the destination node (16 bits long)
  • Sequence number – identifies the data segment’s position in the stream of data segments already sent (32 bits long)
  • Acknowledgment number (ACK) –Confirms receipt of the data via a return message to the sender (32 bits long)
  • TCP header length (HLEN) – indicates the length of the TCP header (4 bits long)
  • Reserved – a 6-bit field reserved for later use
  • Flags – a collection of six 1-bit fields that signal special conditions through flags (URG, ACK, PSH, RST, SYN, FIN)
  • URG – Urgent pointer field contains information for the received
  • ACK – Acknowledgement field contains information for the received
  • PSH – Indicates that data should be sent to an application without buffering
  • RST – The sender is requesting that the connection be reset
  • SYN – the sender is requesting a synchronization of the sequence numbers between the two nodes
  • FIN – the segment is the last in a sequence and the connection should be closed
  • Sliding window size (Window) – indicates how many bytes the sender can issue to a receiver while acknowledgement for this segment is outstanding. This field performs flow control, preventing the receiver from being deluged with bytes (16 bits long)
  • Checksum – allows the receiving node to determine whether the TCP segment became corrupted during transmission (16 bits long)
  • Urgent pointer – indicates a location in the data field where urgent data resides (16 bits long)
  • Options – specifies special options such as the max segment size a network can handle (size varies between 0 & 32 bits)
  • Padding – contains filler information to ensure that the size of the TCP header is a multiple of 32 bits (it is often 0)
  • Data – contains data originally sent by the source node. The size of the Data field depends on how much data needs to be transmitted, the constraints of the TCP Segment size imposed by the network type, and the limitation that the segment must fit within an IP datagram

UDP (User Datagram Protocol)

  • Belongs to the Transport layer of the OSI model
  • UDP is a connectionless transport service (it offers no assurance that packets will be received in the correct sequence or that they will be received at all)
  • Provides no error checking or sequencing
  • Its lack of sophistication (checking) results in it being faster than TCP
  • Useful in situations in which a great volume of data must be transferred quickly
  • UDP is more efficient than TCP for carrying messages that fit within one data packet
  • UDP header contains only four fields, source port, destination port, length and checksum (use of the checksum field is optional)


IP (Internet Protocol)

  • Belongs to the Network layer of the OSI model
  • Provides information about how and where data should be delivered, including the data’s source and destination addresses
  • IP is the sub-protocol that enables TCP/IP to internetwork (traverse more than one LAN segment and more than one type of router)
  • A packet is also known as an IP datagram which acts as an envelope for data and contains information necessary for routers to transfer data between different LAN segments
  • IP is unreliable & a connectionless protocol, which means that it does not guarantee delivery of data, however higher-level protocols of the TCP/IP suite use IP to ensure that data packets are delivered to the right addresses
  • IP datagram does contain one reliability component – the header checksum – which verifies only the integrity of the routing information in the IP header


  • Version – identifies the version number of the protocol (4 bits long)
  • Internet header length (IHL) – identifies the number of 4-byte blocks in the IP header. This field is important because it indicates to the receiving node where data will begin (after the header ends)
  • Differential Services (DiffServe / Type of Service) – Informs routers what level of precedence they should apply when processing the incoming packet (8 bits long)
  • Total length – identifies the total length of the IP datagram, including the header and data, in bytes. An IP datagram including header and data cannot exceed 65,535 bytes. The total length field is 16 bits long
  • Identification – identifies the message to which a datagram belongs and enables the receiving node to reassemble fragmented messages. This field and the following two fields (Flags & Fragment offset) assist in reassembly of fragmented packets.
  • Flags (DF & MF) – Indicates whether a message is fragmented and, if it is fragmented, whether this datagram is the last in the fragment
  • Fragment offset – Identifies where the datagram fragment belongs in the incoming set of fragments (13 bits long)
  • Time to Live (TTL) – Indicates the maximum time that a datagram can remain on the network before it is discarded. On modern networks it represents the number of times a datagram has been forwarded by a router (router hops). The TTL for datagrams is variable and configurable, but is usually set at 32 or 64. Each time a datagram is passed through a router its TTL is reduced by one.
  • Protocol – Identifies the type of Transport layer protocol that will receive the datagram (e.g. TCP or UDP).
  • Header checksum – Allows the receiving node to calculate whether the IP header has been corrupted during transmission
  • Source IP address – Identifies the full IP address of the source node
  • Destination IP address – Indicates the full IP address of the destination node
  • Options – May contain optional routing and timing information
  • Padding – Contains filler bits to ensure that the header is a multiple of 32 bits.
  • Data – Includes the data originally sent by the source node, plus information added by TCP in the Transport layer

ICMP (Internet Control Message Protocol)

  • ICMP is a sub protocol in the TCP/IP suite
  • ICMP is a Network layer protocol that reports on the success or failure of data delivery
  • It can indicate when part of a network is congested, when data fails to reach its destination, and when data has been discarded because the allotted time for delivery has expired
  • ICMP announces these transmission failures to the sender but it cannot correct any errors it detects
  • ICMP’s announcements provide critical information for troubleshooting network problems

IGMP (Internet Group Management Protocol)

  • IGMP is a sub protocol in the TCP/IP suite
  • Operates at the network layer and manages multicasting
  • Is a transmission method that allows one node to send data to a defined group of nodes
  • Routers use IGMP to determine which nodes belong to a certain multicast group and to transmit data to all nodes in that group
  • Network nodes use IGMP to join or leave multicast groups at any time

ARP (Address Resolution Protocol)

  • APR is a network layer protocol that obtains the MAC address of a host, or node, and then create a database that maps the MAC address to the host’s IP address.
  • If one node needs to know the MAC address of another node, it broadcasts a message to the network using ARP that essentially says “Will computer with the IP address xyz please send me its MAC address)
  • A broadcast is a transmission that is simultaneously sent to all nodes on a particular network segment.
  • The node that has the IP address xyz then broadcasts a reply that contains the physical address of the destination host
  • To make ARP more efficient, computers save MAC-to-IP address mappings on a database known as the ARP table
  • An ARP table can contain two types of entries, dynamic and static
  • Dynamic ARP table entries are created when a client makes an ARP request that cannot be satisfied by data already in the ARP table
  • Static ARP table entries are those that someone has entered manually using the ARP utility

RARP (Reverse Address Resolution Protocol)

  • If a device doesn’t know its own IP address, it cannot use ARP (because without an IP address, a device cannot issue an ARP request or receive an ARP reply)
  • One solution is to broadcast a message with its MAC address and receive an IP address in reply – this is known as RARP
  • RARP was originally developed as a means for diskless workstations

IPv4 Addressing

Network recognize two types of addresses: logical (Network layer) and physical (MAC or hardware) addresses. Logical addresses can be manually or automatically assigned and must follow rules set by the protocol standards. In the TCP/IP protocol suite, IP is the core protocol responsible for logical addressing. For this reason, addresses on TCP/IP based networks are often called IP addresses.

  • Each IP address is a unique 32 bit number, divided into four octets, or sets of eight bits, that are separated by periods.
  • An IP address contains two types of information, network and host
  • From the first octet you can determine the network class (in traditional IP networks, 3 types of classes are used for LANs, Class A, Class B & Class C)
  • Class D & Class E addresses do exist, but are rarely used
  • Although eight bits have 256 possible combinations, only number 1 to 254 can be used to identify networks and hosts in an IP address. The number 0 is reserved to act as a placeholder when referring to an entire group of computers on a network (e.g. represents all devices whose first octet is 10).
  • The number 255 is reserved for broadcast transmissions (sending a message to the address sends a message to all devices connected to your network)
  • Network founders intended the use of network classes to provide easy organization and sufficient quantity of IP addresses on the Internet, however this has not necessarily been recognized

Binary and Dotted Decimal Notation

IP addresses are usually represented in dotted decimal notation which is a shorthand convention used to represent IP addresses and make them easy for people to read.

So is dotted decimal notation and can be represented as 10000011 (131) 01000001 (65) 00001010 (10) 00100100 (36)

Subnet Mask

  • In addition to an IP address, every device on a TCP/IP based network is identified by a subnet mask which is a special 32-bit number that, when combined with a device’s IP address, informs the rest of the network about the segment or network to which the device is attached.
  • Like IP’s, subnets masks are composed of four octets (32 bits) and can be expressed in either binary or dotted decimal notation.
  • Subnet masks are assigned the same way that IP addresses are assigned – either manually or automatically through a service such as a DHCP.

Assigning IP Addresses

BOOTP (Bootstrap Protocol)

  • BOOTP is an application layer protocol
  • In many ways it has been replaced by DHCP but is still used for diskless nodes
  • With BOOTP the network administrator sets up a table of every MAC address and the associated IP address, when a node boots, it makes a request to the BOOTP and is given the IP settings based on its MAC address
  • The main difference between RARP and BOOTP is that BOOTP can supply more than just the IP address, it includes the IP address of the server and the router
  • Also a difference between RARP and BOOTP is that BOOTP can traverse more than one network, where RARP is restricted to a single network segment

DHCP (Dynamic Host Configuration Protocol)

  • Is an automated means of assigning a unique IP address to every device on a network
  • Belongs to the Application layer of the OSI model.
  • Operates similar to BOOTP but unlike BOOTP, DHCP does not require the network administrative to maintain a table of IP and MAC addresses on the server
  • DHCP does require the network administrator in charge of IP address management to install and configure the DHCP service on a DHCP server

Reasons for implementing DHCP include the following…

  • To reduce the time and planning spent on IP address management
  • To reduce the potential for errors in assigning IP addresses
  • To enable users to move their workstations and printers without having to change their TCP/IP configuration
  • To make IP addressing transparent for mobile users

DHCP Leasing Process

  • With DHCP, a device leases or borrows an IP address while it is attached to the network
  • The length of time a lease remains for the IP address remains in effect depends on the DHCP server setup and client
  • A user can force a lease termination at the client, or a network administrator can force a lease termination at the server

Initiating a DHCP leasing process…

  • Configuring the DHCP service involves specifying a range of addresses that can be leased to any network device on a particular segment and a list of excluded addresses (if any)
  • After the DHCP server is running, the client and server take the following steps to negotiate the client’s first lease
  1. When the client workstation is powered on and its NIC detects a network connection, it sends out a DHCP discover packet in broadcast fashion via the UDP protocol to the DHCP/BOOTP server
  2. Every DHCP server on the same subnet as the client receives the broadcast request. Each DHCP server responds with an available IP address, while simultaneously withholding that address from other clients. The response message includes the available IP address, subnet mask, IP address of the DHCP server, and lease duration
  3. The client accepts the first IP address that it receives, responding with a broadcast message that essentially confirms to the DHCP server that it wants to accept the address. Because this message is broadcast, all other DHCP servers that might have responded to the client’s original query see this confirmation and return the IP addresses they had reserved for the client to their pool of available addresses
  4. When the selected DHCP server receives the confirmation, it replies to the client with an acknowledgement message. It also provides more information such as DNS, subnet mask, or gateway addresses that the client might have requested

Terminating a DHCP lease…

  • A DHCP lease may expire based on the period established for it in the server configuration, or it may be manually terminated at any time from either the client’s TCP/IP configuration or the server’s DHCP side.

Initiating and terminating a DHCP contract in Windows

  • Terminate from the client – in the command window type ipconfig /release
  • Initiating from the client – in the command window type ipconfig / renew
APIPA (Automatic Private IP Addressing)
  • AIPA provides a computer with an IP address automatically (usually used if the DHCP server cannot be found)
  • After APIPA assigns an address, a computer can then communicate across a LAN, but can only communicate with other nodes using addresses in the APIPA range
  • When the DHCP server comes back on, APIPA then releases and the node takes on the assigned IP address from the DHCP server
  • AIPA is best suited for small networks

Determining in windows if APIPA is enables

  • in the command window type ipconfig / all (if auto configuration enabled option is set to Yes, your computer is using APIPA)

IPv6 Addressing

IPv6 compared to IPv4

  • Offers more efficient header
  • Better security
  • Better prioritization provisions
  • Automatic IP address configuration
  • Main advantage is it offers more addresses
  • IPv4 has 32 bit, IPv6 has 16 bit fields for a total of 128 bits
  • The loopback address in IPv6 is 0:0:0:0:0:0:0:1 which using shorthand becomes ::1
  • IPv6 addresses can reflect the scope of a transmissions recipients – i.e. a single node, a group, or a special kind of group
  • One type of Ipv6 address is a unicast address or an address that represents a single interface on a device
  • A multicast address represent multiple interfaces (often multiple devices)
  • A anycast address represents any one interface from a group of interfaces

Sockets and Ports

  • Just as a device requires a unique address to send and receive information over the network, a process also requires a unique address. Every process on a machine is a assigned a port number. A process’s port number plus its host machine’s IP address equals the process’s socket.
  • The use of port numbers simplifies TCP/IP communications and ensures that data are transmitted to the correct application

Port numbers range from 0 to 65535 and are divided by IANA into three types:

  1. Well Known Ports – within the range of 0 to 1023 and are assigned to processes that only operating system or an administrator of the system can access
  2. Registered Ports – within the range of 1024 to 49151 and are accessible to network users and processes that do not have special administrative privileges
  3. Dynamic and or Private Ports – ranging from 49152 through 65535 and are open for use without restriction

Host Names and DNS

  • Every device on the Internet is technically known a a host.
  • Every host can take on a host name

Domain Names

  • Every host is a member of a domain, or a group of computers that belong to the same organization and has part of their IP addresses in common
  • A domain is identified by its domain name
  • Usually a domain name is associated with a company or other type of organization
  • Often when one refers to a machine’s host name, one in fact means its local host name plus its domain name (in other words its fully qualified host name)
  • A domain name is represented by a series of character strings, called labels, separated by dots
  • In the domain name, com is the top-level domain (TLD), google is the second-level domain, and www is the third-level domain
  • Domain names must be registered with an Internet naming authority that works on behalf of ICANN

Host and domain names are subject to some restrictions - they consist of any alphanumeric combination up to a maximum of 63 characters, and can include hyphens, underscores, or periods in the name, but no other special characters.

Host Files

  • This was the old way that a text files is used to associate internal host names with their IP addresses

DNS (Domain Name System)

  • DNS refers to both the Application layer service that accomplishes this association and also to the organized system of computers and databases that makes this association possible.
  • The DNS service does not rely on one file or even one server, but rather on many computers across the globe – these computers are related in a hierarchical manner, with 13 computers known as root servers, acting as the ultimate authorities.
  • Because DNS is distributed, it will not fail catastrophically if one or a handful of servers experience errors

To direct traffic efficiently, the DNS service is divided into three components…

  1. Resolvers
  2. Name Servers
  3. Namespace

Resolvers are any hosts on the Internet that need to look up domain name information. The resolver client is built into TCP/IP applications such as HTTP. If you point your Web browser to a http URL, your HTTP client software initiates the resolver service to find the IP address for the URL. If you have visited the site before, the information may exist in temporary memory and may be retrieved very quickly. Otherwise, the resolver service queries your machine’s designated name server to find the IP address for the URL.

Name servers, or DNS servers, are servers that contain databases of associated names and IP addresses and provide this information to resolvers on request. If one name server cannot resolve the domain name to its IP address, it passes the query to a higher-authority name server until eventually it reaches a high enough authority that can provide the details required.

Namespace refers to the database of Internet IP addresses and their associated names. Namespace is not a database that you can open and view like a normal database, rather this abstract concept describes how the name servers of the world share DNS information. Pieces of it are tangible and are stored on a name server in a resource record, which is a single record that describes one piece of information in the DNS database.

In windows a user can force a DNS record update by issuing the following command in a windows console – ipconfig / registerdns

DDNS (Dynamic DNS)

In DDNS, a service provider runs a program on the user’s computer that notifies the service provider when the user’s IP address changes. Upon notification, the service provider’s server launches a routine that automatically updates the DNS record for that user’s computer. The DNS record update becomes effective throughout the Internet in a matter of minutes

DDNS does not take the place of DNS, but is an additional service. It is an affordable solution for small websites that do not want to pay the fees associated with a static IP address.

Associating host and domain names with computers on a TCP/IP-based network is performed by the Application layer protocol DNS.

Zeroconf (Zero Configuration)

Zeroconf is a collection of protocols designed by the IETF to simplify the setup of nodes on a TCP/IP network. It assigns a node an IP address, resolves the nodes host name and IP address without requiring a DNS server, and discovers services available to the node (e.g. print services) without requiring a DNS server. Read up more on Zeroconf in the textbook.

Application Layer Protocols

  • Telnet is a terminal emulation protocols used to log on to remote hosts using the TCP/IP protocol suite.
  • Using Telnet, a TCP connection is established and keystrokes on the user’s machine act like keystrokes on the remotely connected machine
  • Telnet is often used to connect two dissimilar systems (e.g. Unix to Windows)
  • Telnet is notoriously insecure
  • A popular alternative to Telnet is SSH
FTP (File Transfer Protocol)
  • Used to send and receive files via TCP/IP
  • A host running the FTP server portion accepts commands from another host running the FTP client portion
  • FTP clients come with a set of simple commands that make up its user interface
TFTP (Trivial File Transfer Protocol)
  • Enables file transfers between computers, but is simpler than FTP
  • TFTP relies on UDP as Transport Layer which means it is connectionless and does not guarantee reliable delivery of data
  • TFTP does not require users to log on to the remote host with an ID and password in order to gain access to data
  • TFTP does not allow directory browsing
NTP (Network Time Protocol)
  • NTP is a simple Application layer protocol used to synchronize the clocks of computers on a network
  • NTP relies on UDP for Transport Layer services
  • NTP uses UDP because it needs an efficient and fast transport layer
NNTP (Network News Transfer Protocol)
  • NNTP facilitates the exchange of newsgroup messages between multiple servers and users
  • Newsgroups require news servers that act as a central collection and distribution point for newsgroup messages
  • News servers are organized hierarchically across the Internet, similar to the way DNS servers are organized
  • NNTP supports the process of reading newsgroup messages, posting new messages, and transferring news files between the news servers
PING (Packet Internet Groper)
  • PING is a utility that can verify the TCP/IP is installed, bound to the NIC, configured correctly, and communicating with the network
  • It is often used to determine simply if a host is up and responding
  • PING uses ICMP servers to send echo request and echo reply messages that determine the validity of an IP address
  • You can ping either an IP address or a host name
Posted on Monday, January 23, 2012 6:30 AM UNISA COS 2626 Networks | Back to top

Comments on this post: Computer Networks UNISA - Chap 4 – Introduction to TCP/IP

No comments posted yet.
Your comment:
 (will show your gravatar)

Copyright © MarkPearl | Powered by: