Document: Introduction to TCP/IP

By: Jim Clack

Written: August 2000
Revision: 7

TCP/IP and UDP/IP Basics

In years passed you may have often dealt with a potpourri of interfaces and protocols such as RS232,
RS485, SDLC, Frame-Relay, NetBEUI, IPX/SPX, and so on; each one more confusing than the other.
Nowadays a standard has evolved that simplifies this process. This standard, called Internet Protocol,
encompasses all the networking capabilities of those systems plus much more. It adds directory access,
global communications, and bridges between differing protocols, all with one consistent interface. Internet
Protocol is often referred to as TCP/IP, although TCP/IP is just one part of Internet Protocol, albeit a major
part. It is also referred to as Sockets, even though Internet Protocol can be implemented in lieu of Sockets
and vice versa because Sockets is the most common way for programmers to use Internet Protocol.
Despite their differences, the terms are often used interchangeably.
In this brief document, I will not attempt to make you an expert on TCP/IP, nor even try to show you how it
works. But I can make you familiar with the general capabilities of it, the terminology, and how to work
with it. I will present it the simplest manner that I can; but purists may notice that I have taken some
liberties by avoiding the mention of some exceptions and variations.

The Basics of Internet Protocol

Like other network interfaces, Internet Protocol (IP) allows one computer to communicate with another
computer over a local area network (LAN). It also supports communications between networks, as
implemented in the World Wide Web. In addition, it provides a directory lookup (DNS) so that your
computer only needs to know the name (URL) of another computer in order to find it, not its specific IP
address. And each computer can have several network connections and hundreds of programs all
communicating of that mish-mash of connections without confusion. The use of Sockets makes it easy for
the programmer as well, isolating the hardware from the software. The network connections may be
Ethernet, Token-Ring, SDLC, RS-232, phone lines, frame-relay, infrared or radio waves or even a
combination of these.
If this all sounds complicated, rest assured, it is. But the way its all wrapped up in a protocol stack makes
it much easier for the user and for the programmer. Have you heard that term: protocol stack? Its not
really a stack, but the collection of drivers and other programs that go between the hardware and the
application software. When we use the term sockets, we are really referring to the protocol stack that we
are using to allow our application program to communicate with the network hardware.
Here is a summary of the issues Ive introduced so far, along with the terms that identify them:
IP Address Internet Protocol Address The IP address is the number assigned to a network card in a
specific computer. When you are on the Web, your ISP (Internet Service Provider, such as AOL) assigns
your computer an address where it connects to them. The address is simply a number that identifies your
connection uniquely in the world, like a phone number does for your telephone.
URL Uniform Resource Locator This is a fancy term for the name of a computer. Of course it offers
plenty of flexibility and extensibility, but basically a URL is the name of a computer. A computer can have
multiple names or none at all. If you want other users to be able to find your computer by name rather
than address then youll need to have a URL. There are organizations that keep track of the names in use
so that you can order one thats unique and reserved for your use for a fee.
DNS Domain Name Service A DNS is a computer that does what directory assistance does for your
telephone. When you type www.yahoo.com into your computer, it firsts consults a DNS to find out the
IP address of that URL so that it can talk to it. If the DNS doesnt know the answer, it will contact other
DNS systems until it finds out. And the next time somebody asks for that URL, it will already know the
answer. A DNS is found by its IP address, sort of like when you dial 555-1212 or 411 to find out a phone
number.

Protocol Stack This is the software that connects the application program to the network. This is
comprised of several programs along with the drivers for the network cards in your computer. Included are
programs for doing DNS lookups, for reassembling received data that got out of sequence while traveling
over the network, keeping track of connections, and so on.

IP Addresses
An IP address is very much like a phone number. I can explain it much more clearly by comparing it to
how you use a phone at work, where you are part of a PBX a phone system where you can dial other
phone extensions directly. First, lets look at the structure of an IP address:
195.77.123.4
Those dots confuse matters, dont they? And what do the digits mean? The above IP address might be
your desk computer at work. Lets say your phone number at work is:
(801) 556-1234
Do you find the parenthesis and the hyphen confusing? Of course not. Theyre not really part of the phone
number theyre just there to make it more legible. Thats exactly why the dots are in the IP address.
They are not part of the IP address, but they are normally required when you type it in, just like the
punctuation in a phone number.
Instead of the ten digits of a phone number, each from 0 through 9, an IP address consists of four octets,
each ranging from 0 through 255. Other than that, these numbers are very much alike in function and form.
When your computer communicates with another computer, it needs to know whether that computer is on
the same LAN that it is on or on some other network elsewhere in the world. Lets say that you want to
connect to 197.77.123.8 which is on the same LAN and your computer can connect directly to it. But if
it needs to connect to 197.77.413.8 who knows where then it must get an outside line. How does this
compare to using a PBX?
When you call the phone number (801) 556-1238, which is the next office from yours, you dont need an
outside line. But if you need to call (801) 557-1238 you must first dial a 9 to get an outside line. Why?
Because you know that if the number differs from your phone number only in the last four digits that you
can dial it as an extension. Otherwise you need to dial a 9 first. Lets do this same example with an IP
address:
When you connect to the host computer at 197.77.123.8, in the next office, you dont need an outside line.
But if you connect to the host at 197.77.222.8 you must go through the gateway (router) first, which is at
197.77.123.1. Why? Because your computer knows that if the address differs from your address only in
the last octet (field of 0255) that it is on the same LAN. Otherwise it needs to go through the gateway.
Lets look at the similarities:
Phone
Network

You
(801) 556-1234
197.77.123.4

Next Door
(801) 556-1238
197.77.123.8

Next County
(801) 557-1238
197.77.413.8

Subnet Mask
(999) 999-0000
255.255.255.0

Gateway
9
197.77.123.1

Can you see how similar they are? The subnet mask indicates which parts of the number must be the same
in order to make a local connection. Otherwise, you need to get an outside line by going through the
gateway. A gateway or a router interconnects networks. (This is not the same thing as a hub, MAU, or
concentrator, which connect computers on the same network.)

By now youre probably asking, But how do I get it to access the gateway? In what way do make it
consult the DNS to look up a URL? How do I compare the IP address differences to the subnet mask?
Well shut up a minute and Ill tell you.
Fortunately, you dont need to do any of these things. In fact, even the programmer does not do these
things and neither does his/her application program. Sockets takes care of all of this! Easy, huh? It
really is. But first you have to give Sockets enough information that it can do all these things for you. In
other words, when you set up a computer for networking, you need to tell Sockets the following:

1.
2.
3.
4.

This computers IP address. (This is required even it is to have a name/URL as well.)

The subnet mask. (So that Sockets can tell whether a number is local or needs an outside connection.)
The DNS IP address. (Unless theres no need to look up by name/URL in [5] below.)
The gateway IP address. (Unless your computer will only communicate with others on the same
LAN.)

In addition, for any given connection you will need to specify the following information about the host (A
host is any computer with which you may communicate over the network.) to which you are connecting:

5. The IP address of the host to which you are connecting, or its name/URL.
6. The port number that you wish to connect to on that computer. (In most circumstances.)
What the heck is a port number? Ill discuss that next.

IP Port Numbers
The first thing to remember about an IP port number is that it has nothing to do with ports as you may be
accustomed. The term port number is confusing to many people that are familiar with serial or parallel
communications, where a port is a physical connection. An IP port is a number that identifies a logical
connection. What does that mean? Lets look at how it works.
When you are browsing the web, your computer may be requesting web pages and receiving the HTML
text at the same time as it is downloading the graphics to be placed on that page. In addition, your E-mail
system may be receiving a note from your boss at the same time. When a packet arrives at your computer
over the Internet, how does Sockets know whether that packet should go to the text on the page, the graphic
that is being downloaded, or the E-mail that is being received?
The answer is simple: Each communication session is assigned a pair of numbers, the port numbers,
which identify it uniquely between the sender and receiver. There are two port numbers in every message,
the senders and the receivers port number. When a connection is first made (a socket is opened) the ports
are assigned from a pool of unused numbers. Thus the port numbers are simply identification codes for a
specific conversation between computers.
Now you might be asking: If there are two port numbers, why do we only specify one? If port numbers
are automatically assigned, then why do I have to specify one?
The answer is straightforward. If you want to initiate a new conversation with a computer and you want to
talk to the E-mail application, but do not want to download files or send to the browser just the E-mail,
then you need a way to say so. Each application type has a well known port number assigned to it. For
example, when you click on an HTML document, your computer sends out a request to port number 80 on
the server. If you send E-mail it goes out on port 25. Then the other computer says Mercy, good buddy,
channel nine is mighty crowded; lets switch to channel 17. Just like channel nine in CB radio, that wellknown port number gets a lot of traffic, so the conversation immediately switches to an available port.

Lets look at this one step at a time:

7. You click on an HTML link, and your computer sends a request to the servers port 80 using its own

8.
9.

port 9321. Why 80? We always use 80 for HTTP (an extension to TCP that is used for HTML) its
the well-known port for that. Why 9321? Just because that was a port number that was not in use.
FYI: Techies refer to that not-so-well-known port as an ephemeral port number.
The server sends the page back to your computer on port 9321, using its port number 9566. Why
9321? Because that was the port on which your computer sent the request. Why 9566? Just because
that was a port that was not currently in use on the server.
As the communication continues, it will keep making use of 9321 and 9566.

Now can you guess when and why you might need to specify a port number? Unless you are using a
standardized protocol, such as FTP or HTTP, there is no well-known port number.

Where to Get IP Values

Now you know what the IP settings mean. But how are you going to know what values to place into them
when you configure a system? The answer: Ask. Youll only look stupid if you dont ask. For any network
there is a network administrator, a person that has the job of assigning IP addresses and the like. You need
to locate that person and ask him/her:

Can you give me an IP address for my computer?

What is the subnet mask for the network?
(Only needed if using a URL for the target host) What is the IP address of the DNS server?
(Only needed if the target host is outside of the local area network) What is the IP address of the
gateway?
What is the IP address or URL of the target host computer with which I must communicate?

Fine, but what about the port number? The network administrator will not be able to give you a port
number. The port number has nothing to do with the network configuration. The port number is a value
used by an application. A chat program uses one port number whereas an E-mail client uses another. The
people that develop the applications that are to connect to each other are the ones that determine the port
number.
Incidentally: The network administrator may say, You dont need to have an IP address or a gateway
configured because theyre provided by the DHCP server. This is because DHCP (Dynamic Host
Configuration Protocol) can be used to allow their server to configure your computer on the fly, setting its
IP address, subnet mask, default gateway, DNS server, and so forth. Older software may or may not
support DHCP, depending upon the platform and the version of the software that runs it. So you may still
have to manually configure the PC even if DHCP is available. DHCP is simply a protocol to allow you to
skip any manual configuration. When DHCP is enabled (and it usually is), when your computer comes up
it loks for a DHCP server and asks it to configure its IP address, subnet mask, gateway, etc.

IP Address Classes
Youve probably heard the term Class C IP address and wondered what it meant. As you know, in the
United States, telephone numbers have a three-digit area code. What if you lived in a country with smaller
villages that were quite scattered? You might want to use a more digits in the area code but fewer digits to
identify the specific subscriber. This is where address classes come into play. A tradeoff is made between
the number of digits available to determine the network number and the number of digits that remain for

determining the host computer. It all depends on the first few digits of the IP address.
Class A
Class B
Class C

Range of IP Addresses
0.0.0.0 through 127.255.255.255
128.0.0.0 through 191.255.255.255
192.0.0.0 through 223.255.255.255

Maximum Networks
128
4000
1,000,000

Max Hosts per Network

16,000,000
65,000
250

Dont confuse the address class with the subnet mask. They are two separate things. The subnet mask
must fall within an address class range, in the same way that telephone extensions cannot cross into
different area codes. Other than that, they are independent. You will probably not need to deal with IP
address classes, but it is good to know what the term means. (Just so the network administrator wont think
youre ignorant.)

Whats the Difference between TCP/IP and UDP/IP?

These are the two major communications protocols that are used in Internet Protocol. TCP (Transmission
Control Protocol) has guaranteed delivery, meaning that it will retry on failed attempts to send, and if the
receiver never gets the message that the sender will be informed of this. UDP (User Datagram Protocol) is
called an unreliable protocol. When a UDP message is sent, there is no feedback or retries if the receiver
fails to get it. This does not necessarily mean that UDP is inferior, because sometimes there is a need to
have passive communications. Furthermore, a guaranteed protocol might be built on top of UDP making
it into a guaranteed delivery but using a custom protocol more suited to specific needs.

MAC Addresses
A MAC address has nothing to do with Internet Protocol or TCP/IP, but when configuring a system for
networking you will often need to deal with MAC addresses. A MAC (Media Access Control) address is
generally the serial number that is assigned to a specific network interface card (NIC), set at the factory
where the card was manufactured. This identifies the card uniquely. Normally you do not need to deal
with MAC addresses because Sockets uses address resolution protocols (ARP and RARP) to assign IP
address to those cards. However, there are times that you may need to configure which specific IP address
is assigned to which specific card, or MAC address. From there on, Sockets will do the dirty work for you.
A typical Ethernet MAC address has the form of six bytes, each specified as a two digit hexadecimal
number, separated by colons. For example:
0D:CC:5A:00:09:E7
If there is a need to map IP addresses to specific network cards then you may need to know their MAC
addresses. The MAC address is often printed on the network card that you plug into the computer. If not,
when you reboot the computer, the drivers will usually display the MAC addresses of the cards they see
when they start up. There are also configuration programs provided with the network cards that can be
used to interrogate a card to find out its MAC address.

Sockets Utilities
Along with the protocol stack, Sockets usually comes with a set of utility programs that can be used to
configure and troubleshoot a connection. You may need to get admin privileges to use these utilities and
they may be found in a system directory, not publicly available on the computer.
The names vary somewhat from platform to platform, and the parameters are often different as well. If you
try the following commands on Windows they might display slightly different information than they would
under Linux or OS/2. Before using a utility, type its name alone, or with a -? or -h afterward to get
usage. On Unix systems you may type man (manual) followed by a space and the name of the utility to
see the documentation. On some systems you might use help for the same purpose.
On your home computer, make sure that you are connected to a network (even an Internet connection via
an ISP such as AOL will do) and experiment with these utilities.
route This utility can be used to view or change the routing table. This is the table that determines which
IP addresses are local to which network PC cards on that computer and which ones have to go through a
gateway, and if so, to which gateway. (Try typing route print on your computer.)
arp This program is used to view the mapping of IP addresses to MAC addresses as seen on the local area
network from that computer. (Usually arp a can be used to list those seen recently.)

ifconfig or ipconfig or winipcfg Use this program to view or change the IP address or subnet mask of the
computer. Often any changes you make will be permanent until the next time ifconfig is run. So before
you make any changes be sure to record the current settings.
netstat or ipstatus This is a multipurpose query tool to get various information about the status of
Sockets and the protocols within it.
ping You may use this program to send a blank message to another computer and to wait for it to respond.
This is useful for testing connections. (From your home computer, type: ping www.yahoo.com.)
tracert This is very much like ping but performs an iterative analysis and lists the gateways encountered
en-route. From your home computer, try doing a tracert to some portal or search engine. (very interesting)
nslookup This is the program that looks up a URL on a DNS. In other words, you can use this to
manually access computer directory assistance. (This utility is not available on some platforms, but you
can accomplish the same thing with command-line options on ping.)

Typical Configuration Files

Regardless of the operating system or platform, there are a few configuration files that are used to setup the
network. On your home PC, you can use the control panel settings to make changes. In any case though,
the network setup programs alter the following files in order to implement your changes:
protocol.ini This file maps the drivers to the NICs (Network Interface Cards) according to physical
addresses and slot numbers. It also selects the types of protocols that are to be supported in the protocol
stack. In other words, this file configures sockets for certain capabilities using specific network cards.
startup shell (config, startup, autoexec, default, etc.) These files configure the computers IP address,
URL, subnet mask, and any gateways. Generally these shell scripts do so by calling ifconfig, route, and
other sockets utilities. In Windows, these parameters are usually established by settings in the registry.
<application>.ini (or other application-specific configuration file) The configuration file used by each
application may differ, but the concepts are the same. Each network application on every computer has
similar settings that are stored in some configuration file. This contains the IP port numbers of the systems
to which the host must connect and other such application-specific settings..

Vernacular
When you see the following terms, dont be intimidated. These are common standards for hardware and
software, whose names are tossed around by network administrators and programmers to prove that they
know more than you. They may not know what the terms mean either. If you hear these terms, just say,
Yeah, the good thing about standards is that theres so many to choose from. Youll sound like a pro.
NDIS, ODI, DIX, IEEE 802, OSI, NetBIOS, SNA, SNAP, SLIP, PPP, ICMP, SNMP, IGMP, RFC 792,
etc
If you really want to become an expert, search for these things on the web. Theres lots of information
there and much of it is easier to understand than the best for Dummies book.

Summary
Ive covered a lot of ground in these few pages, and if you understand half of it then youre doing well.
Experiment, use the Sockets utilities from your home computer and get experience configuring network
connections. Then this document should make a lot more sense when you re-read it.

Pop Quiz
I added this quiz as an afterthought. I was going to put a glossary here, but I figured that a quiz could
serve the same purpose and also help you review the material just to see what youve retained.
1) What is an IP address?
a) The serial number of a network interface card.
b) A number that uniquely identifies a network connection.
c) Postal directions to Mr. and Mrs. Ips house.
2) What is a URL?
a) A value that maps a specific network interface card to a certain driver as configured in
protocol.ini.
b) A network host connection name that can be assigned to a specific IP address.
c) A measurement of the strength of a bogon flux field in the adminisphere.
3) What is a DNS?
a) An unreliable protocol, as opposed to TCP/IP a protocol with guaranteed delivery.
b) A server that can tell your PC which URL is assigned to what IP address like directory
assistance.
c) Dead Network Sump A bit-bucket to accept undeliverable messages.
4) What is a gateway?
a) The box that connects hosts together within a LAN like a hub, MAU, or concentrator.
b) A specialized computer system (a router) that connects one network to other networks.
c) The hermetically sealed entrance to a network clean room.
5) What is a subnet mask?
a) A range of values for the first octet that determines the number of addressable networks and hosts.
b) A value that describes how many digits/bits of an IP address identify it as a local connection.
c) A mesh of heavy cables used to keep submarines out of a restricted area.
6) What is a protocol stack?
a) The list in memory that keeps track of hosts and servers.
b) A name for all of the software that connects the network hardware to an application program.
c) A pile of neatly stacked pennies that gets taller in relation to the duration and monotony of a
meeting.
7) What is an IP port number?
a) A number that identifies the plug in which the network cable is connected.
b) One of a pair of numbers that identify the specific network application connection within a
computer.
c) The nearest circular window that is unlocked on a ship when you have had too much beer.
8) What is ping?
a) An unused network connection.
b) A utility program that can be used to test a network connection.
c) The noise made by a spit wad shot from the car behind you as it bounces off your cell phone.
9) Why is it important that you gain the respect of the network administrator?
a) Because, otherwise, he may call your boss and complain about you.
b) So that I may easily get his assistance or advice when configuring or maintaining my system.
c) My car is out of gas and I may need to ask him to give me a lift home afterward.
10) Where is John Waynes stomach?
a) In Michael Jacksons collection, right next to John Merricks remains.
b) In a jar of formaldehyde in the California State Medical Examiners pathology laboratory
storeroom.
c) Keeping company with Jimmy Hoffas brain.
The correct answer to all of the above questions is (b). If you answered them all correctly (without
cheating) then youve retained what you need to know to basically configure a network system and to talk
to a network administrator without embarrassing yourself. Well, almost everything. Get rid of that pocketprotector, too.