TCP/IP Protocol Stack Layers
The TCP/IP protocol stack is organized into four layers as shown in Figure 2-3. Each of the four layers of the TCP/IP model exists as an independent module and performs a well-defined function as described later in this section. Each layer communicates and works with the functions of the layers that are immediately above and below it. For example, looking at Figure 2-3 you see that the Transport layer sits between the Application and Internet layers. This means that the Transport layer will communicate and work with both the Application and Internet layers. The Transport layer cannot communicate directly with any other layer of the TCP/IP model.
Figure 3: TCP/IP Protocol Stack
TCP/IP Application Layer
The Application layer is the highest layer in the TCP/IP model. It is used by applications to access services across a TCP/IP network. Some of the applications that operate at this layer are a Web browser, file transfer program (FTP), and a remote login program. The Application layer passes data to the next layer in the stack, the Transport layer.TCP/IP Transport Layer
The Transport layer is located at layer 3 of the TCP/IP model. The main responsibility of the Transport layer is to provide communication from one application to another application. If several application programs are running on a computer then the Transport layer has to figure out how to control the data from each application so that it can be sent to the next lower layer correctly. The Transport layer adds the following additional information to each data packet: | The identity of the application sending the data |
| The identity of the application that should receive the data |
| A checksum |
TCP/IP Internet Layer
The Internet layer is located at layer two of the TCP/IP model. It is responsible for handling the communication from one computer to another computer. It accepts a request to send data from the Transport layer. It accepts the data, encapsulates it in a datagram, and then uses a routing algorithm to determine the best method for delivering it. After determining the best way to route the datagram, the Internet layer passes it to the Network Interface layer.TCP/IP Network Interface Layer
The Network Interface layer is the lowest level in the TCP/IP model. It accepts the datagram from the Internet layer and transmits it over the network. To accomplish this task the Network Interface layer must be fully aware of the network hardware that it is using. The Network Interface layer is also responsible for translating an Internet address into a hardware address.TCP/IP Protocol Stack Compared to OSI Layers
The TCP/IP model can be compared loosely to the OSI model as shown in Figure 2-4. The Application layer of the TCP/IP model performs the same functions as layers 5, 6, and 7 of the OSI model. The Transport layers in both models perform the same functions. The Internet layer of the TCP/IP model equates to the same functions as the Network layer of the OSI model. The Network Interface layer of the TCP/IP model compares to the functions of layers 1 and 2 of the OSI model.
Figure 4: TCP/IP Model Compared to OSI Model
TCP/IP Protocol Suite
Contained within the four layers of the TCP/IP model are several protocols that direct how computers connect and communicate using TCP/IP. Even though the protocol suite is called TCP/IP, many other protocols are available besides the TCP and IP protocols.Identify Protocols by Layers
Each protocol can be identified with a layer of the TCP/IP model. We will examine several of the protocols available at each layer.Application Layer
The Application layer supports both the NetBIOS interface and the Windows Sockets interface.NetBIOS
NetBIOS over TCP/IP allows NetBIOS client and server applications to be run over the Wide Area Network (WAN). Some of the applications that are NetBIOS-over -TCP compliant are the Windows NT browser service, netlogon service, messenger service, workstation service, and server service.Windows Sockets
Windows Sockets is a programming interface based on the "socket" interface that was originally developed at the University of California at Berkeley. Windows Sockets includes enhancements that take advantage of the message-driven characteristics of Windows. Windows NT 4.0 supports version 2.2.0, which was published in May 1996. Some of the common protocols that use Windows Sockets are telnet, ftp, and http.Transport Layer
The Transport layer consists of two protocols, the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP). Both TCP and UDP support ports. When a program sends or receives data on a TCP/IP network, it has to connect to a port. Ports are identified in the header of both the TCP and UDP protocols. The header contains two 16-bit numbers that identify the source port and the destination port. The Transport layer examines the port numbers in the header and delivers the data to the correct port.TCP
TCP is one of the protocols that the suite is named for. TCP provides a reliable, connection-based delivery service. Successful delivery of packets is guaranteed by the TCP protocol. It uses a checksum to ensure that data is sequenced correctly. If a TCP packet is lost or corrupted during transmission, TCP resends a good packet. The reliability of TCP is necessary for critical services, such as electronic mail. However, the reliability does not come cheaply as TCP headers have additional overhead added to them. The overhead is necessary to guarantee successful delivery of the data. Another factor to remember about TCP is that the protocol requires the recipient to acknowledge the successful receipt of data. Of course, all the acknowledgments, known as ACKs, generate additional traffic on the network, which causes a reduction in the amount of data that is passed for a given time frame.The TCP header consists of six words of 32 bits each. The seventh word is the actual data. Figure 2-5 shows the format of a TCP header.
Figure 5: Transmission Control Protocol Header
Table 2-1 describes each of the items that are contained in the TCP header.
Name
|
Bit Size
|
Purpose
|
Source Port
|
16
|
The source port number. |
Destination Port
|
16
|
The destination port number. |
Sequence Number
|
32
|
The sequence number of the first data octet in this segment unless the SYN control bit is set. If the SYN control bit is set, then the sequence number is the initial sequence number (ISN) and the first data octet is ISN+1. |
Acknowledgment Number
|
32
|
This portion of the header contains the value of the next sequence number that the sender of the segment is expecting to receive if the ACK control bit is set. Once a connection is established, this is always sent. |
Data Length
|
4
|
The number of 32-bit words in the TCP header. This indicates where the data begins. |
Reserved
|
6
|
Reserved for future use. It has to be zero. |
Flags
|
6
|
The bits from left to right.URG: Urgent Pointer field
significant ACK: Acknowledgment field significant PSH: Push function RST: Reset the connection SYN: Synchronize sequence numbers FIN: No more data from sender |
Window
|
16
|
The number of data octets beginning with the one indicated in the acknowledgment field, which the sender of this segment is willing to accept. |
Checksum
|
16
|
The checksum field is the 16-bit 1’s complement of the 1’s complement sum of all 16-bit words in the header and data. |
Urgent Pointer
|
16
|
This field communicates the current value of the urgent pointer as a positive offset from the sequence number in this segment. The urgent pointer points to the sequence number of the octet following the urgent data. This field is interpreted only in segments that have the URG control bit set. |
Options
|
variable
|
Options may occupy space at the end of the TCP header and are a multiple of 8 bits in length. All options are included in the checksum. |
Padding
|
variable
|
The TCP header padding is used to ensure that the TCP header ends and data begins on a 32-bit boundary. The padding is composed of zeros. |
UDP
UDP offers a connectionless datagram service that is an unreliable "best effort" delivery. The arrival of datagrams is not guaranteed by UDP nor does it promise that the delivered packets are in the correct sequence. Applications that don’t require an acknowledgment of receipt of data use the User Datagram Protocol.The UDP header consists of two words of 32 bits each. The third word is the actual data. Figure 2-6 shows the format of a UDP header.
Figure 6: User Datagram Protocol Header
Table 2-2 describes each of the items that are contained in the UDP header.
Name
|
Bit Size
|
Purpose
|
Source Port
|
16
|
The source port number. |
Destination Port
|
16
|
The destination port number. |
Length
|
16
|
The length in octets of this user datagram including the header and data. |
Checksum
|
16
|
The checksum field is the 16-bit 1's complement of the 1's complement sum of all 16-bit words in the header and data. The checksum is an option in the UDP header and not always used. |
Internet Layer
The Internet layer consists of two protocols, the Internet Protocol (IP) and the Internet Control Message Protocol (ICMP).IP
IP is the other protocol that the suite is named for. It is a vital link in the suite as all information that is sent using the TCP/IP protocol suite must use it. IP provides packet delivery for all other protocols within the suite. It is a connectionless delivery system that makes a "best-effort" attempt to deliver the packets to the correct destination. IP does not guarantee delivery nor does it promise that the IP packets will be received in the order they were sent. IP does use a checksum but it confirms only the integrity of the IP header. Confirmation of the integrity of data contained within an IP packet can be accomplished only through higher level protocols.The IP header consists of six words of 32 bits each. The seventh word is the actual data. Figure 2-7 shows the format of a IP header.
Figure 7: Internet Protocol Header
Table 2-3 describes each of the items that are contained in the IP header.
Name
|
Bit Size
|
Purpose
|
Version
|
4
|
The format of the Internet header. |
IHL
|
4
|
Internet header length is the length of the Internet header in 32-bit words. The minimum value for a correct header is 5. |
Type of Service
|
8
|
An indication of the abstract parameters of the quality of service desired. |
Total Length
|
16
|
The length of the datagram, measured in octets, including Internet header and data. |
Identification
|
16
|
An identifying value assigned by the sender to aid in assembling the fragments of a datagram. |
Flags
|
3
|
Various control flags.Bit 0: reserved, must be zero Bit 1: (DF) 0 = may fragment, 1 = don't fragment. Bit 2: (MF) 0 = last fragment, 1 = more fragments. |
Fragment Offset
|
13
|
Indicates where in the datagram this fragment belongs. The fragment offset is measured in units of 8 octets (64 bits). The first fragment has offset zero. |
Time to Live
|
8
|
Indicates the maximum time the datagram is allowed to remain in the Internet system. If this field contains the value zero, then the datagram has to be destroyed. |
Protocol
|
8
|
Indicates the next level protocol used in the data portion of the Internet datagram. |
Header Checksum
|
16
|
A checksum on the header only. Since some header fields change, such as the time-to-live field, this is recomputed and verified at each point that the Internet header is processed. |
Source Address
|
32
|
The source address. |
Destination Address
|
32
|
The destination address. |
Options
|
variable
|
The options may or may not appear in datagrams. A couple of
the available options are:Security: used to carry security, compartmentation, and
handling restriction codes compatible with DOD requirements. Record Route: used to trace the route an Internet datagram takes. |
Padding
|
variable
|
The Internet header padding is used to ensure that the Internet header ends on a 32-bit boundary. The padding is zero. |
ICMP
ICMP allows systems on an TCP/IP network to share status and error information. You can use the status information to detect network trouble. ICMP messages are encapsulated within IP datagrams, so they may be routed throughout an internetwork. Two of the most common usages of ICMP messages are ping and tracert.You can use ping to send ICMP Echo Requests to an IP address and wait for ICMP Echo Responses. Ping reports the time interval between sending the request and receiving the response. Using ping you can determine whether a particular IP system on your network is functioning correctly. There are many different options that can be used with the ping utility. These are covered in depth in Chapter 3.
Tracert traces the path taken to a particular host. It can be very useful when troubleshooting internetworks. Tracert sends ICMP echo requests to an IP address while it increments the time-to-live field in the IP header by a count of one after starting at one and then analyzing the ICMP errors that get returned. Each succeeding echo request should get one further into the network before the time-to-live field reaches 0 and an ICMP Time Exceeded error is returned by the router attempting to forward it.
Exercises 2-1 and 2-2 give you the opportunity to use both the PING and TRACERT utilities.
Exercise 2-1 Ping – to Test Communication with a Distant Computer
- Log on as Administrator to a system that has the TCP/IP Protocol installed and is connected to the Internet.
- Click the Start button and select Programs | Command Prompt.
- At the command prompt type PING 207.159.134.58. Was your PING successful?
- Try to PING some of these other IP addresses: 206.66.12.43, 165.121.81, 206.151.75.79, 199.1.11.15, 199.227.250.70. Did you PING them successfully?
- Log on as Administrator to a system that has the TCP/IP Protocol installed and is connected to the Internet.
- Click the Start button and select Programs | Command Prompt.
- At the command prompt type TRACERT 207.159.134.58. How many hops did it take to arrive at your destination?
- Try running TRACERT on some of these other IP addresses: 206.66.12.43, 165.121.81, 206.151.75.79, 199.1.11.15, 199.227.250.70.
Network Interface Layer
The Network Interface layer not only uses the Address Resolution Protocol (ARP) but it is also the location that the Network Driver Interface Specification (NDIS) 4.0 works from.ARP
ARP is used to provide IP address-to-physical address resolution for IP packets. To accomplish this feat, ARP sends out a broadcast message with an ARP request packet in it that contains the IP address of the system it is trying to find. All systems on the local network detect the broadcast message and the system that owns the IP address ARP is looking for replies by sending its physical address to the originating system in an ARP reply packet. The physical/IP address combo is then stored in the ARP cache of the originating system for future use.All systems maintain an ARP cache that includes their own IP address-to-physical address mapping. The ARP cache is always checked for an IP address-to-physical address mapping before initiating a broadcast.
You can see the contents of your ARP cache by using the ARP utility. There are many different options that can be used with the ARP utility. These are covered in depth in Chapter 3. Exercise 2-3 shows you how to check the contents of your ARP cache.
Exercise 2-3 ARP – To view What Is in the Address Table
- Log on as Administrator to a system that has the TCP/IP Protocol installed.
- Click the Start button and select Programs | Command Prompt.
- At the command prompt type ARP -a. The entries in your cache are displayed.
Figure 8: The ARP Cache for a System
NDIS 4.0
NDIS is a standard that allows multiple network adapters and multiple protocols to coexist on the same computer. By providing a standard interface, NDIS permits the high-level protocol components to be independent of the network interface card. All transport drivers call the NDIS interface to access network interface cards.Figure 2-9 shows a sampling of the protocols available on the four TCP/IP layers.
Figure 9: Protocols by TCP/IP Layers
Now that you know about the different protocols used by the TCP/IP layers, here is a quick reference for possible scenario questions, and the appropriate answer:
Begin Q & A
| "Marissa says that it take her "forever" to reach a host in another city…" | Use TRACERT to see the path her machine may be using to contact the other machine. You may be able to isolate a routing problem. |
| "Martha is having a problem with inconsistent data she is receiving from a network application…" | It is possible that the network application uses UDP instead of TCP. Since UDP provides unreliable "best effort" delivery, some data may be lost. You need to see if you can get her an equivalent network application that uses TCP to ensure that all data she needs arrives safely. |
| "James from the sales department tells you that he cannot communicate with a machine in the accounting department…" | You need to run the PING utility to see if the computer is operating correctly on the network. |
Network Data Flow
In the previous sections, we have seen the layers that make up the OSI and TCP/IP models and the purpose of each of those layers. Now it is time to see what happens as data begins to flow from one layer to the next.How A Message Flows Through the TCP/IP Protocol Layers
The sending process passes data to the Application layer, which attaches an application header as shown in Figure 2-10.
Figure 10: Data Passed to the Application Layer
The Application layer passes the packet to the Transport layer, which in turn adds its header to the packet as shown in Figure 2-11.
Figure 11: Application Data Passed to the Transport Layer
The Transport layer passes the packet to the Internet layer, which in turn adds its header to the packet as shown in Figure 2-12.
Figure 12: Transport Data Passed to Internet Layer
The Internet layer passes the packet to the Network Interface layer where it is actually transmitted to the receiving computer as shown in Figure 2-13.
Figure 13: Data Leaving the Network Interface Layer, Headed to the Receiving Computer
On the receiving computer, the different headers are stripped off, one by one, as the packet goes up the layers until it finally reaches the receiving process.
No comments:
Post a Comment