TCP/IP Foundation

FOUNDATIONAL ASPECTS OF TCP/IP

 Typical Home Broadband Network

192.168.1.2
Internet
192.168.1.2 45.12.12.12
WiFi
Gateway
192.168.1.3
WiFi Gateway hosts
a number of networking
functions and services
192.168.1.4

2
 Assumption
 Internet User
 Binary representation

 Windows/Linux Fluency

3
 Client-Server Interaction
Internet

User Client Host Google Server &host

1. Server (process) is running perpetually on a server host

2. User starts the client (process) on his host
3. User provides the server’s address to the client
4. User, through client receives some service
5. User terminates the client process
6. Server process continues to run
Note: A computer is hosting 100s of processes
 Client-Server Characteristics
 Both client and server are processes
 These processes communicate using TCP/IP protocol suite
 Communication involves exchange of messages between client and server
 Client always initiates the messaging sequence
List currently running services on your Windows machine
 Protocol & Message
 Protocol “de-ambiguates” messages that are exchanged between multiple Peers
 A protocol resolves the following types of ambiguities
 Syntactical
 Semantical
 Procedural
 Exceptions
 In each node there are s/w and h/w components that work together to enable
message exchange with other nodes.
 This s/w and h/w combination is network stack
 Role of Each Layer
Node C Application
 Physical layer – provides media (wire or

Library
Application Layer
wireless) connectivity between adjacent
nodes in the form of electrical/optical Transport

Kernel
Programming Interface
signals. Network
 Link layer – enables exchange of link layer

(API)
frames with adjacent nodes

Adapter
Link

 Network layer – enables packet exchange Physical

with any other node in the network Message Interface (Protocol)

7
 Roles of Each Layer
Node C Application
 Transport Layer – enables

Library
Application Layer

datagram/segment exchange between any

Transport
two processes

Kernel
Programming Interface
 Application Layer – enables Application Network

(API)
specific Request/Response exchange

Adapter
Link

 Application – Could be a client or a server Physical

Message Interface (Protocol)

8
 IP Address & Connectivity
 Each host/node is identified by at least one (IP) Address
 IP address of a Window’s host is found using ipconfig utility
 IP address is 4 byte in size, represented in dotted decimal form
 Both client and server hosts need (unique) IP Addresses to send and
receive messages
 Network connectivity between two nodes/hosts can be checked using ping
Note: IP address identifies a node – not a process!
 Special IP Addresses
 Subnet broadcast address: 255.255.255.255
 Multicast address range: 224.0.0.0 – 239.255.255.255
 Auto configuration address range - 169.254.0.0 -
169.254.255.255
 Loopback IP addresses – 127.X.X.X
Rest of the addresses are used for unicast
 Port Number
 More than one program(processes) is running on a host/node at any time
 IP address by itself is not sufficient for a client to send and receive messages – why?
 IP address simply identifies a node – not the process that we want to connect!
 We need some additional identification to denote a process in a node
Review the Window’s port configuration file

Non- Host 192.168.1.2

networked Client 1
processes (3450)

Web FTP Telnet

Server (80) Server ... Server
(21) (23)
 Frame and MAC Address
 Packet cannot go on medium (wire/wireless) between nodes.
 Packet always travels with in frames over medium.
 Packet is encapsulated in link layer frame, link layer frame in a Physical
layer frame
 Link Layer frame uses its own addressing called MAC address
 One pair of MAC addresses for each frame: Sender’s and Next hop’s
 Ethernet physical LAN segment is inherently broadcast, no need for
physical layer addressing
 Subnet with multiple LAN segments use controlled broadcast of physical
frames if it is necessary
 Finding your MAC Address
 ipconfig /all
 My MAC address is 00-1C-BF-01-C8-65
 MAC is 6 Bytes in size - represented in dashed (or colon) hexadecimal
form
 Typically, for every IP address there is a corresponding MAC address – In
general, there is a one-to-one to mapping between the two
 ff-ff-ff-ff-ff-ff is a special MAC address – it is a link layer broadcast
address
 MAC addresses with 01-00-5E in prefix are used for multicasting
 Addresses needed for Client-Server Message Exchange
1. Source (client) IP Address ✔
2. Destination (server) IP Address ✔
3. Source (client) Port Number ✔
4. Destination (server) Port Number ✔
5. Source (source) MAC address ✔
6. Next Hop (next hop) MAC address ???
Note: When the server IP is in the same subnet - the next hop MAC is server
MAC, otherwise MAC address of the next hop router
A Snapshot of TCP/IP Protocol Suite
BOOTP
FTP ...
DHCP Application Layer
SMTP SNMP PING

HTTP DNS ...

Application/library
Tools or Utilities
TCP UDP ICMP
Layers

... Transport

ARP IP Wireshark
Network
Ethernet
Data Link
Note: Application layer is different from application
15
 De-multiplexing and Multiplexing
TCP UDP
Applications Applications

Network
Port No TCP UDP

ICMP IGMP
…
IPX IP ARP/RARP Network layer

Ethernet

Incoming/Outgoing Frame
16
 Address Filtering
 When a message is received from media, a layer compares the destination
address in the message for a match, if there is a match, the message is sent to
the layer above, else it is either discarded or routed
1. Broadcast destination address is always a match
2. Unicast destination address is a match if the receiver’s unicast address is
same as destination address specified in the message
3. Destination Multicast address is a match if the receiving host is participating
in that multicast.

17
 Encapsulation and De-Encapsulation
REQ/RES Application Data

Application
Message Application Data
Header Application
Datagram/
segment
UDP Header Application Data+HDR UDP

packet IP Header UDP Header Application Data+HDR IP

frame Eth-Header IP Header UDP Header Application Data+HDR Eth-Trailer Ethernet

14 20 8 4
46-1500 Physical Layer
18
 Wireshark
 Install Wireshark
 Wireshark will also install WinpCap library
 Start Wireshark
 Wireshark Tutorial

19
Wireshark Tutorial
 Sniffing Frames with Wireshark

1. Capturing – Interface, Promiscuous mode

2. Filter – View Filter, Capture Filter
3. Saving to a file and Viewing from the Captured file
Panel 1 – Captured 4. Encapsulation
Frames 5. Field Value and Raw Representation

Byte Address
Colum

Panel 2 – Frame
ASCII Representation
Encapsulations

Panel 3 – Raw Frame

21
Layering with Wireshark
Wireshark
Added Data
Link Layer
Network Layer
Transport Layer
Application Layer
 Networking Hierarchy
Nodes, LAN segments, Subnets/Links, Networks, & Internet
All the nodes in a subnet/net share the

Same Address Prefix (Net ID)
Subnet 2
Net ID is = Net Mask & IP 192.168.2 Subnet is the only IP broadcast domain
address (bit wise AND)
GW
Subnet 1 Subnet 3
192.168.1 Subnet 5
192.168.5 192.168.3

Subnet 4 To Internet
192.168.4.

23
 Subnet/Link
 Hosts and Router ports within a subnet share the
192.168.1
same subnet ID 192.168.2

 Subnet ID is the IP address prefix that is common

to all the IP addresses in the subnet 192.168.3

 Subnet is a link layer broadcast domain

192.168.4
 Router acts as a gateway between subnets
 Router port terminates a subnet broadcast
 In IPv4 subnet and link are one and the same

24
 Building Subnet
 Subnets are built using Hubs, Bridges, and Switches
 Cisco Packet Tracer Demonstration

25
 Net Mask
 All the nodes of a subnet have the same IP address prefix
 This common prefix includes network Id and subnet Id – simply referred to as net
Id in this lecture
 The suffix part is referred to as host Id
 Netmask is another parameter (IP Address and Gateway are the other seen so far)
associated with a network interface
 Using Netmask one can extract/identify Net ID and Host Id from the given IP
address
 Find your Netmask and IP address, Identify your Net Id and Host Id
26
 Network Adapters & IP Configuration
 Using IPCONFIG utility
– list your network
adapters and their IP
Configuration
 For Every active adapter
you should see IP
address, Subnet mask,
and Default Gateway
Netmask identifies Net ID and Host ID in IP Address
 MAC Address & Gateways
1. Source (client) IP Address
2. Destination (server) IP Address Hop 1
192.168.1
192.168.2

3. Source (client) Port Number GW 1

192.168.3
4. Destination (server) Port Number Hop 2
5. Sending Node’s MAC address 192.168.4 GW 2
6. Next Hop (next hop) MAC address
Domain name  IP Address
Finding MAC Address of you Adapters
C:\> Ipconfig /all | more
 ARP Protocol and ARP Cache
 ARP stands for Address Resolution Protocol – Given an IP address, ARP is used to
find the corresponding MAC address
 Note: Given an IP address, ARP is used to find the corresponding MAC address,
provided that IP address is in the same link (subnet)
 ARP uses link layer broadcast to map an IP address to is related MAC
 Every node within the link process the broadcast frame and then de-multiplexes
the ARP message in the frame to its ARP layer
 Only the ARP layer with the target IP will respond with its MAC address
 Study your ARP cache behavior using arp utility and SNMP
30
 Trivial File Transfer Protocol (TFTP)
 Simple file transfer client-server application with CL
 Client can copy files from/to server

192.168.1.12 192.168.1.7

192.168.1
TFTP Server TFTP Client
Server Client
 Install Wireshark on you Laptop
 Wireshark is a sniffer tool
 It can capture frames that are going through one or more
of your network adapters*
 Wireshark is implemented using Winpcap (libpcap)
 Start Wireshark and capture frames passing through one
of your active adapters.
 Assumption 1: Client-Server on the Same Subnet
Server
Client Client Server
Node
Application Layer Node 192.168.1
Hop 1
Application Layer

192.168.2

Transport Transport
GW 1
192.168.3
Network
Hop 2 Network

192.168.4 GW 2
Link Link

User Action Generates Client Request

Physical Layer
 Response to Client from TFTP Server
 This flow is identical to the flow from client, but source and
destination addresses are reversed.
 Both client and server ARP caches have the required
entries as long as messages flow between client and server
 When there are no messages for a while (3 minutes), ARP
cache entries are removed
 Client and Server in different Subnet – with 1 Hop
Case 2: Client and Server are in different subnets!

192.168.1.3 192.168.1.1 3 192.168.2.1 192.168.2.4

1 2
Client Subnet (192.168.1) Gateway Subnet (192.168.2) Server
4

A Congestion! B

35
 Route Table of Gateway

Route Table at
Gateway

192.168.1.2 192.168.2.1

1 2 Subnet 2 192.168.2.2
192.168.1.3 Subnet 1 4
Gateway Server
Client 192.168.1 192.168.2

3
115.241.93.10
Internet

36
 Connection-Less (CL) Networking
 Simple – no setup or tear down procedures
 Best effort delivery Subnet Gate Subnet
Server
Client way 192.168.2
 Message sequencing is not guaranteed 192.168.1

 Resilient /Robust to routing node outages

 Suited for multicast and broadcast type
Gate
deliveries way Subnet
192.168.3
Gate
way

 For every packet, route table lookup in every

hop
 Route table lookup is for the best match and not
 Single outgoing queue with FIFO by default
the exact match
 Non-deterministic latency, excellent band-width
 No preferred treatment for signaling packets,
utilization
connection-oriented packets
37
 Learning Networking with Cisco’s Packet Tracer
1. Build a subnet with single LAN segment and demonstrate connectivity
2. Build a subnet with multiple LAN segments and demonstrate connectivity
3. Build a network with 2 subnets and demonstrate connectivity
4. Build a network with 2 hops and demonstrate connectivity

38
 IP Header
 Typically, we learn
the operation of a
protocol by
understanding the
protocol header

39
©Hari

User Datagram Protocol (RFC 768)

 Capture UDP datagram with Wireshark and compare the
UDP header against the diagram presented in this page
 Understand
Bits 0
UDP encapsulation
15 16
hierarchy 31

Source Port Number Destination Port Number

Length Check Sum

Capture a TFTP message with Wireshark; review all the headers in this message
©Hari
UDP Characteristics
 Connection-less (best effort) Client Server
 Message-oriented protocol Application Application
 One message at a time (simplex)
 No flow and congestion control UDP … UDP
 Error check but no error control
 Transport for Multicast and Real Time Network
Multimedia
UDP Messages
©Hari

UDP - Advantages
 UDP Transport exposes raw datagram (IP) service to
applications
 This is desirable for a number of applications where TCP

features are too expensive (latency) and/or redundant

 UDP is a good fit for IP Multicast
©Hari

TCP Characteristics
 Session-based transport layer
 Reliable and sequenced delivery
 Exchanges Byte Stream
 Full Duplex
 Supports Flow control and congestion control
 Limited to a single stream
 No built-in reliability
 Timer values may not suit all applications
©Hari

Flow Control and Congestion Control

 Flow control matches the transmission rate of the sender to that of receiving application
 Congestion Control on the other hand, matches the transmission rate of the sender to that of
network capacity
 Since the (network) capacity is an unknown value, sender uses slow start procedure to find and
match the transmission rate to that of network capacity
 If the network capacity is reduced due to congestion then the matching process (slow start) is
started all over again
 TCP Buffers & Message Exchange Overview
• Guaranteed &
Client Server
Sequenced delivery
• Resources: Transmission Application Application
buffer (TB) & Receive
buffer (RB), timer, & state TCP
… TCP
data RB TB RB TB
• Byte streams are
Network
transported in Segments
• Uses Cumulative, Byte Stream

Positive, delayed ACK

Note: These buffers are different from the buffers at the network
• Optional Selective ACK interfaces within the network including the sender and receiver nodes

©Hari